ID CVE-2014-0963
Summary The Reverse Proxy feature in IBM Global Security Kit (aka GSKit) in IBM Security Access Manager (ISAM) for Web 7.0 before 7.0.0-ISS-SAM-IF0006 and 8.0 before 8.0.0.3-ISS-WGA-IF0002 allows remote attackers to cause a denial of service (infinite loop) via crafted SSL messages.
References
Vulnerable Configurations
  • IBM Security Access Manager (ISAM) for Web software 7.0
    cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0
  • IBM Security Access Manager (ISAM) for Web appliance 7.0
    cpe:2.3:h:ibm:security_access_manager_for_web_appliance:7.0
  • IBM Security Access Manager (ISAM) for Web appliance 8.0
    cpe:2.3:h:ibm:security_access_manager_for_web_appliance:8.0
  • IBM Security Access Manager (ISAM) for Web software 8.0
    cpe:2.3:a:ibm:security_access_manager_for_web_software:8.0
CVSS
Base: 7.1 (as of 13-08-2015 - 11:11)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
nessus via4
  • NASL family Databases
    NASL id DB2_98FP5_MULTI_VULN.NASL
    description According to its version, the installation of IBM DB2 running on the remote host is version 9.8 prior or equal to Fix Pack 5. It is, therefore, affected by one or more of the following vulnerabilities : - An unspecified error exists in the GSKit component when initiating SSL/TLS connections due to improper handling of malformed X.509 certificate chains. A remote attacker can exploit this to cause a denial of service. (CVE-2013-6747) - Untrusted search path vulnerabilities exist in unspecified setuid and setgid programs that allow a local attacker to gain root privileges by using a trojan horse library. (CVE-2014-0907) - An unspecified error exists in the reverse proxy GSKit component that allows a remote attacker to exhaust CPU resources by using crafted SSL messages, resulting in a denial of service. (CVE-2014-0963) - An unspecified error exists during the handling of SELECT statements with XML/XSLT functions that allows a remote attacker to gain access to arbitrary files. (CVE-2014-8910) - A flaw exists in the LUW component when handling SQL statements with unspecified Scaler functions. A remote, authenticated attacker can exploit this to cause a denial of service. (CVE-2015-0157) - An unspecified flaw in the General Parallel File System (GPFS) allows a local attacker to gain root privileges. CVE-2015-0197) - A flaw exists in the General Parallel File System (GPFS), related to certain cipherList configurations, that allows a remote attacker, using specially crafted data, to bypass authentication and execute arbitrary programs with root privileges. (CVE-2015-0198) - A denial of service vulnerability exists in the General Parallel File System (GPFS) that allows a local attacker to corrupt the kernel memory by sending crafted ioctl character device calls to the mmfslinux kernel module. (CVE-2015-0199) - An information disclosure vulnerability exists in the automated maintenance feature. An attacker with elevated privileges, by manipulating a stored procedure, can exploit this issue to disclose arbitrary files owned by the DB2 fenced ID on UNIX/Linux or the administrator on Windows. (CVE-2015-1883) - A flaw exists in the Data Movement feature when handling specially crafted queries. An authenticated, remote attacker can exploit this to delete database rows from a table without having the appropriate privileges. (CVE-2015-1922) - A flaw exists when handling SQL statements having unspecified LUW Scaler functions. An authenticated, remote attacker can exploit this to run arbitrary code, under the privileges of the DB2 instance owner, or to cause a denial of service. (CVE-2015-1935)
    last seen 2019-01-16
    modified 2018-07-06
    plugin id 76115
    published 2014-06-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76115
    title IBM DB2 9.8 <= Fix Pack 5 Multiple Vulnerabilities
  • NASL family Databases
    NASL id DB2_97FP9A.NASL
    description According to its version, the installation of DB2 9.7 running on the remote host is prior to Fix Pack 9a. It is, therefore, affected by one or more of the following vulnerabilities : - An unspecified error exists related to handling malformed certificate chains that allows denial of service attacks. (CVE-2013-6747) - A build error exists related to libraries in insecure locations that allows a local user to carry out privilege escalation attacks. Note that this issue does not affect the application when running on Microsoft Windows operating systems. (CVE-2014-0907) - An unspecified error exists related to the TLS implementation that allows certain error cases to cause 100% CPU utilization. (CVE-2014-0963)
    last seen 2019-01-16
    modified 2018-07-06
    plugin id 76114
    published 2014-06-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76114
    title IBM DB2 9.7 < Fix Pack 9a Multiple Vulnerabilities
  • NASL family Misc.
    NASL id IBM_INFORMIX_SERVER_SWG21673008.NASL
    description The remote Informix server ships with a version of IBM's Global Security kit (GSKit) library that is affected by a denial of service vulnerability. A remote attacker can exploit this issue by sending a specially crafted SSL request to cause the host to become unresponsive.
    last seen 2019-01-16
    modified 2018-11-15
    plugin id 80477
    published 2015-01-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80477
    title Informix Server GSKit 7.x < 7.0.4.50 / 8.0.50.x < 8.0.50.20 SSL CPU Utilization DoS
  • NASL family Databases
    NASL id DB2_95FP9_MULTI_VULN.NASL
    description According to its version, the installation of IBM DB2 9.5 running on the remote host is prior or equal to Fix Pack 9 or 10. It is, therefore, reportedly affected by one or more of the following vulnerabilities : - An unspecified error exists related to handling malformed certificate chains that could allow denial of service attacks. (CVE-2013-6747) - A build error exists related to libraries in insecure locations that could allow a local user to carry out privilege escalation attacks. Note this issue does not affect the application when running on Microsoft Windows operating systems. (CVE-2014-0907) - An unspecified error exists related to the TLS implementation that could allow certain error cases to cause 100% CPU utilization. (CVE-2014-0963)
    last seen 2019-01-16
    modified 2018-07-06
    plugin id 76113
    published 2014-06-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76113
    title IBM DB2 9.5 <= Fix Pack 9 or 10 Multiple Vulnerabilities
  • NASL family Web Servers
    NASL id WEBSPHERE_7_0_0_33.NASL
    description IBM WebSphere Application Server 7.0 prior to Fix Pack 33 is running on the remote host. It is, therefore, affected by the following vulnerabilities : - A cross-site scripting flaw exists within the Administration Console, where user input is improperly validated. This could allow a remote attacker, with a specially crafted request, to execute arbitrary script code within the browser / server trust relationship. (CVE-2013-6323, PI04777 and PI04880) - A denial of service flaw exists within the Global Security Kit when handling SSLv2 resumption during the SSL/TLS handshake. This could allow a remote attacker to crash the program. (CVE-2013-6329, PI05309) - A buffer overflow flaw exists in the HTTP server with the mod_dav module when using add-ons. This could allow a remote attacker to cause a buffer overflow and a denial of service. (CVE-2013-6438, PI09345) - A cross-site scripting flaw exists within OAuth where user input is not properly validated. This could allow a remote attacker, with a specially crafted request, to execute arbitrary script code within the browser / server trust relationship. (CVE-2013-6738, PI05661) - A denial of service flaw exists within the Global Security Kit when handling X.509 certificate chain during the initiation of an SSL/TLS connection. A remote attacker, using a malformed certificate chain, could cause the client or server to crash by hanging the Global Security Kit. (CVE-2013-6747, PI09443) - A denial of service flaw exists within the Apache Commons FileUpload when parsing a content-type header for a multipart request. A remote attacker, using a specially crafted request, could crash the program. (CVE-2014-0050, PI12648, PI12926 and PI13162) - A denial of service flaw exists in the 'mod_log_config' when logging a cookie with an unassigned value. A remote attacker, using a specially crafted request, can cause the program to crash. (CVE-2014-0098, PI13028) - A remote code execution flaw exists with Apache Struts. The failure to restrict setting of Class loader attributes could allow a remote attacker to execute arbitrary script code. (CVE-2014-0114, PI17190) - An information disclosure flaw exists in the 'sun.security.rsa.RSAPadding' with 'PKCS#1' unpadding. This many allow a remote attacker to gain timing information intended to be protected by encryption. (CVE-2014-0453) - A flaw exists within 'com.sun.jndi.dns.DnsClient' related to the randomization of query IDs. This could allow a remote attacker to conduct spoofing attacks. (CVE-2014-0460) - A denial of service flaw exists in a web server plugin on servers configured to retry failed POST request. This could allow a remote attacker to crash the application. (CVE-2014-0859, PI08892) - A flaw exists with the 'IBMJCE' and 'IBMSecureRandom' cryptographic providers by generating numbers in a predictable manner. This could allow a remote attacker to easily guess the output of the random number generator. (CVE-2014-0878) - An information disclosure flaw exists within Proxy and ODR servers. This could allow a remote attacker, using a specially crafted request, to gain access to potentially sensitive information. (CVE-2014-0891, PI09786) - A denial of service flaw exists within the IBM Security Access Manager for Web with the Reverse Proxy component. This could allow a remote attacker, using specially crafted TLS traffic, to cause the application on the system to become unresponsive. (CVE-2014-0963, PI17025) - An information disclosure flaw exists when handling SOAP responses. This could allow a remote attacker to potentially gain access to sensitive information. (CVE-2014-0965, PI11434) - An information disclosure flaw exists. A remote attacker, using a specially crafted URL, could gain access to potentially sensitive information. (CVE-2014-3022, PI09594)
    last seen 2019-01-16
    modified 2018-08-06
    plugin id 76967
    published 2014-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76967
    title IBM WebSphere Application Server 7.0 < Fix Pack 33 Multiple Vulnerabilities
  • NASL family Databases
    NASL id DB2_101FP3A.NASL
    description According to its version, the installation of IBM DB2 10.1 running on the remote host is prior to Fix Pack 3a. It is, therefore, affected by one or more of the following vulnerabilities : - The included version of GSKit contains an error related to CBC-mode and timing that could allow an attacker to recover plaintext from encrypted communications. (CVE-2013-0169) - An unspecified error exists related to handling malformed certificate chains that could allow denial of service attacks. (CVE-2013-6747) - A build error exists related to libraries in insecure locations that could allow a local user to carry out privilege escalation attacks. Note this issue does not affect the application when running on Microsoft Windows operating systems. (CVE-2014-0907) - An unspecified error exists related to the TLS implementation that could allow certain error cases to cause 100% CPU utilization. (CVE-2014-0963)
    last seen 2019-01-16
    modified 2018-11-15
    plugin id 76110
    published 2014-06-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76110
    title IBM DB2 10.1 < Fix Pack 3a Multiple Vulnerabilities
  • NASL family Windows
    NASL id TIVOLI_DIRECTORY_SVR_SWG21672724.NASL
    description The remote host is running a version of IBM Security Directory Server (formerly IBM Tivoli Directory Server) and a version of IBM Global Security Kit (GSKit) that is affected by a denial of service vulnerability due to a flaw in the GSKit library. An attacker can exploit this issue via a specially-crafted SSL to use excessive CPU resources resulting in the host to become unresponsive.
    last seen 2019-01-16
    modified 2018-08-01
    plugin id 80482
    published 2015-01-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80482
    title IBM Security Directory Server < 6.1.0.61 / 6.2.0.36 / 6.3.0.30 / 6.3.1.2 with GSKit < 7.0.4.50 / 8.0.50.20 SSL CPU Utilization DoS
  • NASL family Web Servers
    NASL id WEBSPHERE_8_0_0_9.NASL
    description IBM WebSphere Application Server 8.0 prior to Fix Pack 9 is running on the remote host. It is, therefore, affected by the following vulnerabilities : - A cross-site scripting flaw exists within the Administration Console, where user input is improperly validated. This could allow a remote attacker, with a specially crafted request, to execute arbitrary script code within the browser / server trust relationship. (CVE-2013-6323, PI04777 and PI04880) - A denial of service flaw exists within the Global Security Kit when handling SSLv2 resumption during the SSL/TLS handshake. This could allow a remote attacker to crash the program. (CVE-2013-6329, PI05309) - A buffer overflow flaw exists in the HTTP server with the mod_dav module when using add-ons. This could allow a remote attacker to cause a buffer overflow and a denial of service. (CVE-2013-6438, PI09345) - A cross-site scripting flaw exists within OAuth where user input is not properly validated. This could allow a remote attacker, with a specially crafted request, to execute arbitrary script code within the browser / server trust relationship. (CVE-2013-6738, PI05661) - A denial of service flaw exists within the Global Security Kit when handling X.509 certificate chain during the initiation of a SSL/TLS connection. A remote attacker, using a malformed certificate chain, could cause the client or server to crash by hanging the Global Security Kit. (CVE-2013-6747, PI09443) - A denial of service flaw exists within the Apache Commons FileUpload when parsing a content-type header for a multipart request. A remote attacker, using a specially crafted request, could crash the program. (CVE-2014-0050, PI12648, PI12926 and PI13162) - A flaw exists in the Elliptic Curve Digital Signature Algorithm implementation which could allow a malicious process to recover ECDSA nonces. (CVE-2014-0076, PI19700) - A denial of service flaw exists in the 'mod_log_config' when logging a cookie with an unassigned value. A remote attacker, using a specially crafted request, can cause the program to crash. (CVE-2014-0098, PI13028) - An information disclosure flaw exists in the 'sun.security.rsa.RSAPadding' with 'PKCS#1' unpadding. This many allow a remote attacker to gain timing information intended to be protected by encryption. (CVE-2014-0453) - A flaw exists with 'com.sun.jndi.dns.DnsClient' related to the randomization of query IDs. This could allow a remote attacker to conduct spoofing attacks. (CVE-2014-0460) - A flaw exists in the Full and Liberty profiles. A remote attacker, using a specially crafted request, could gain access to arbitrary files. (CVE-2014-0823, PI05324) - An information disclosure flaw exists within the Administrative Console. This could allow a network attacker, using a specially crafted request, to gain privileged access. (CVE-2014-0857, PI07808) - A denial of service flaw exists in a web server plugin on servers configured to retry failed POST request. This could allow a remote attacker to crash the application. (CVE-2014-0859, PI08892) - An information disclosure flaw exists within Proxy and ODR servers. This could allow a remote attacker, using a specially crafted request, to gain access to potentially sensitive information. (CVE-2014-0891, PI09786) - A denial of service flaw exists within the IBM Security Access Manager for Web with the Reverse Proxy component. This could allow a remote attacker, using specially crafted TLS traffic, to cause the application on the system to become unresponsive. (CVE-2014-0963, PI17025) - An information disclosure flaw exists when handling SOAP responses. This could allow a remote attacker to potentially gain access to sensitive information. (CVE-2014-0965, PI11434) - An information disclosure flaw exists. A remote attacker, using a specially crafted URL, could gain access to potentially sensitive information. (CVE-2014-3022, PI09594)
    last seen 2019-01-16
    modified 2018-08-06
    plugin id 76995
    published 2014-08-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76995
    title IBM WebSphere Application Server 8.0 < Fix Pack 9 Multiple Vulnerabilities
  • NASL family Databases
    NASL id DB2_105FP3A.NASL
    description According to its version, the installation of IBM DB2 10.5 running on the remote host is prior to Fix Pack 3a. It is, therefore, affected by one or more of the following vulnerabilities : - An unspecified error exists related to handling malformed certificate chains that could allow denial of service attacks. (CVE-2013-6747) - A build error exists related to libraries in insecure locations that could allow a local user to carry out privilege escalation attacks. Note this issue does not affect the application when running on Microsoft Windows operating systems. (CVE-2014-0907) - An unspecified error exists related to the TLS implementation that could allow certain error cases to cause 100% CPU utilization. (CVE-2014-0963)
    last seen 2019-01-16
    modified 2018-11-15
    plugin id 76111
    published 2014-06-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76111
    title IBM DB2 10.5 < Fix Pack 3a Multiple Vulnerabilities
  • NASL family Databases
    NASL id DB2_91_TLS_SSL_DOS.NASL
    description According to its version, the installation of IBM DB2 running on the remote host is version 9.1. It is, therefore, affected by one or more of the following vulnerabilities : - An unspecified error exists related to handling malformed certificate chains that could allow denial of service attacks. (CVE-2013-6747) - An unspecified error exists related to the TLS implementation that could allow certain error cases to cause 100% CPU utilization. (CVE-2014-0963)
    last seen 2019-01-16
    modified 2018-07-06
    plugin id 76112
    published 2014-06-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76112
    title IBM DB2 9.1 TLS/SSL Multiple DoS Vulnerabilities
  • NASL family Web Servers
    NASL id WEBSPHERE_8_5_5_3.NASL
    description The remote host appears to be running IBM WebSphere Application Server 8.5 prior to Fix Pack 8.5.5.3. It is, therefore, affected by the following vulnerabilities : - A flaw exists in the Elliptic Curve Digital Signature Algorithm implementation which could allow a malicious process to recover ECDSA nonces. (CVE-2014-0076, PI19700) - A denial of service flaw exists in the 'mod_log_config' when logging a cookie with an unassigned value. A remote attacker, using a specially crafted request, can cause the program to crash. (CVE-2014-0098, PI13028) - A denial of service flaw exists within the IBM Security Access Manager for Web with the Reverse Proxy component. This could allow a remote attacker, using specially crafted TLS traffic, to cause the application on the system to become unresponsive. (CVE-2014-0963, PI17025) - An information disclosure flaw exists when handling SOAP responses. This could allow a remote attacker to potentially gain access to sensitive information. (CVE-2014-0965, PI11434) - An information disclosure flaw exists. A remote attacker, using a specially crafted URL, could gain access to potentially sensitive information. (CVE-2014-3022, PI09594) - A flaw exists within the 'addFileRegistryAccount' Virtual Member Manager SPI Admin Task, which creates improper accounts. This could allow a remote attacker to bypass security checks. (CVE-2014-3070, PI16765) - An unspecified information disclosure flaw exists. This could allow a remote attacker access to gain sensitive information. (CVE-2014-3083, PI17768) - An information disclosure flaw exists within the 'share/classes/sun/security/rsa/RSACore.java' class related to 'RSA blinding' caused during operations using private keys and measuring timing differences. This could allow a remote attacker to gain information about used keys. (CVE-2014-4244) - A flaw exists within the 'validateDHPublicKey' function in the 'share/classes/sun/security/util/KeyUtil.java' class which is triggered during the validation of Diffie-Hellman public key parameters. This could allow a remote attacker to recover a key. (CVE-2014-4263) - A flaw exists within the Load Balancer for IPv4 Dispatcher component. This could allow a remote attacker to crash the Load Balancer. (CVE-2014-4764, PI21189) - A flaw exists within the Liberty Repository when installing features. This could allow an authenticated remote attacker to install and execute arbitrary code. (CVE-2014-4767, PI21284)
    last seen 2019-01-16
    modified 2018-08-06
    plugin id 77438
    published 2014-08-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77438
    title IBM WebSphere Application Server 8.5 < Fix Pack 8.5.5.3 Multiple Vulnerabilities
  • NASL family Misc.
    NASL id TIVOLI_ACCESS_MANAGER_EBIZ_6_1_1_10.NASL
    description According to its self-reported version, the install of the IBM Tivoli Access Manager for e-Business is affected by multiple vulnerabilities : - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that allows nonce disclosure via the 'FLUSH+RELOAD' cache side-channel attack. (CVE-2014-0076) - A denial of service vulnerability exists that allows an attacker, using a specially crafted SSL request, to cause the host to become unresponsive. Note that this issue only affects the WebSEAL component and a workaround is available. (CVE-2014-0963)
    last seen 2019-01-16
    modified 2018-11-15
    plugin id 80479
    published 2015-01-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80479
    title IBM Tivoli Access Manager for e-Business < 6.0.0.33 / 6.1.0.14 / 6.1.1.10 SSL Multiple Vulnerabilities
  • NASL family General
    NASL id IBM_GSKIT_8_0_50_20_LINUX.NASL
    description The remote Linux host has a version of IBM Global Security Kit prior to 7.0.4.50 / 8.0.14.43 / 8.0.50.20. It is, therefore, affected by the following vulnerabilities : - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the 'FLUSH+RELOAD' cache side-channel attack. (CVE-2014-0076) - A denial of service vulnerability exists which an attacker can exploit by sending a specially crafted SSL request to cause the host to become unresponsive. (CVE-2014-0963)
    last seen 2019-01-16
    modified 2018-07-12
    plugin id 74288
    published 2014-06-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74288
    title IBM Global Security Kit 7 < 7.0.4.50 / 8.0.14.x < 8.0.14.43 / 8.0.50.x < 8.0.50.20 Multiple Vulnerabilities (Linux)
  • NASL family Windows
    NASL id IBM_GSKIT_8_0_50_20.NASL
    description The remote Windows host has a version of IBM Global Security Kit prior to 7.0.4.50 / 8.0.14.43 / 8.0.50.20. It is, therefore, affected by the following vulnerabilities : - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the 'FLUSH+RELOAD' cache side-channel attack. (CVE-2014-0076) - A denial of service vulnerability exists which an attacker can exploit by sending a specially crafted SSL request to cause the host to become unresponsive. (CVE-2014-0963)
    last seen 2019-01-16
    modified 2018-07-12
    plugin id 74287
    published 2014-06-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74287
    title IBM Global Security Kit 7 < 7.0.4.50 / 8.0.14.x < 8.0.14.43 / 8.0.50.x < 8.0.50.20 Multiple Vulnerabilities
  • NASL family Windows
    NASL id IBM_DOMINO_9_0_1_FP2.NASL
    description The version of IBM Domino (formerly Lotus Domino) installed on the remote host is 9.0.x prior to 9.0.1 Fix Pack 2 (FP2). It is, therefore, affected by the following vulnerabilities : - An unspecified error exists related to the TLS implementation and the IBM HTTP server that could allow certain error cases to cause 100% CPU utilization. Note this issue only affects Microsoft Windows hosts. (CVE-2014-0963) - Fixes in the Oracle Java CPU for April 2014 are included in the fixed IBM Java release, which is included in the fixed IBM Domino release. (CVE-2013-6629, CVE-2013-6954, CVE-2014-0429, CVE-2014-0446, CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2409, CVE-2014-2412, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428) - A man-in-the-middle (MitM) information disclosure vulnerability, known as POODLE, exists due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A MitM attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. (CVE-2014-3566)
    last seen 2019-01-16
    modified 2018-07-12
    plugin id 77811
    published 2014-09-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77811
    title IBM Domino 9.0.x < 9.0.1 Fix Pack 2 Multiple Vulnerabilities (credentialed check) (POODLE)
  • NASL family Misc.
    NASL id DOMINO_9_0_1_FP2.NASL
    description According to its version, the IBM Domino (formerly IBM Lotus Domino) application on the remote host is 9.x prior to 9.0.1 Fix Pack 2 (FP2). It is, therefore, affected by the following vulnerabilities : - An unspecified error exists related to the TLS implementation and the IBM HTTP server that could allow certain error cases to cause 100% CPU utilization. Note that this issue only affects Microsoft Windows hosts. (CVE-2014-0963) - Fixes in the Oracle Java CPU for April 2014 are included in the fixed IBM Java release, which is included in the fixed IBM Domino release. (CVE-2013-6629, CVE-2013-6954, CVE-2014-0429, CVE-2014-0446, CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2409, CVE-2014-2412, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428)
    last seen 2019-01-16
    modified 2018-07-10
    plugin id 77810
    published 2014-09-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77810
    title IBM Domino 9.x < 9.0.1 Fix Pack 2 Multiple Vulnerabilities (uncredentialed check)
  • NASL family Windows
    NASL id IBM_NOTES_9_0_1_FP2.NASL
    description The remote host has a version of IBM Notes (formerly Lotus Notes) 9.0.x prior to 9.0.1 Fix Pack 2 (FP2) installed. It is, therefore, affected by the following vulnerabilities : - An unspecified error exists related to the TLS implementation and the IBM HTTP server that could allow certain error cases to cause 100% CPU utilization. Note this issue only affects Microsoft Windows hosts. (CVE-2014-0963) - Fixes in the Oracle Java CPU for April 2014 are included in the fixed IBM Java release, which is included in the fixed IBM Domino release. (CVE-2013-6629, CVE-2013-6954, CVE-2014-0429, CVE-2014-0446, CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2409, CVE-2014-2412, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428)
    last seen 2019-01-16
    modified 2018-07-12
    plugin id 77812
    published 2014-09-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77812
    title IBM Notes 9.0.x < 9.0.1 Fix Pack 2 Multiple Vulnerabilities
refmap via4
aixapar IV59660
bid 67238
confirm
sectrack 1030707
secunia
  • 58845
  • 59245
  • 59249
xf ibm-gskit-cve20140963-dos(92844)
Last major update 06-01-2017 - 21:59
Published 08-05-2014 - 06:55
Last modified 28-08-2017 - 21:34
Back to Top