All the vulnerabilites related to FUJITSU - Interstage Application Framework Suite
jvndb-2007-000297
Vulnerability from jvndb
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000297.html", "dc:date": "2008-07-11T13:47+09:00", "dcterms:issued": "2008-05-21T00:00+09:00", "dcterms:modified": "2008-07-11T13:47+09:00", "description": "Apache Tomcat from the Apache Software Foundation contains a cross-site scripting vulnerability in the Accept-Language header handling.\r\n\r\nApache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies.\r\n\r\nApache Tomcat contains a cross-site scripting vulnerability. It occurs when the value of the Accept-Language header sent from a client is non-standard.\r\n\r\nThe vendor has confirmed that this vulnerability occurs when an outdated version of Flash is used.", "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000297.html", "sec:cpe": [ { "#text": "cpe:/a:apache:tomcat", "@product": "Apache Tomcat", "@vendor": "Apache Software Foundation", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_application_framework_suite", "@product": "Interstage Application Framework Suite", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_application_server", "@product": "Interstage Application Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_apworks", "@product": "Interstage Apworks", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_business_application_server", "@product": "Interstage Business Application Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_job_workload_server", "@product": "Interstage Job Workload Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_web_server", "@product": "Interstage Web Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_application_server", "@product": "Cosminexus Application Server", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_developer", "@product": "Cosminexus Developer", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_application_server", "@product": "uCosminexus Application Server", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_developer", "@product": "uCosminexus Developer", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_service", "@product": "uCosminexus Service", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:nec:webotx_application_server", "@product": "WebOTX Application Server", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/o:apple:mac_os_x_server", "@product": "Apple Mac OS X Server", "@vendor": "Apple Inc.", "@version": "2.2" }, { "#text": "cpe:/o:hp:hp-ux", "@product": "HP-UX", "@vendor": "Hewlett-Packard Development Company,L.P", "@version": "2.2" }, { "#text": "cpe:/o:misc:miraclelinux_asianux_server", "@product": "Asianux Server", "@vendor": "Cybertrust Japan Co., Ltd.", "@version": "2.2" }, { "#text": "cpe:/o:sun:solaris", "@product": "Sun Solaris", "@vendor": "Sun Microsystems, Inc.", "@version": "2.2" } ], "sec:cvss": { "@score": "4.3", "@severity": "Medium", "@type": "Base", "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "@version": "2.0" }, "sec:identifier": "JVNDB-2007-000297", "sec:references": [ { "#text": "http://jvn.jp/en/jp/JVN16535199/index.html", "@id": "JVN#16535199", "@source": "JVN" }, { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1358", "@id": "CVE-2007-1358", "@source": "CVE" }, { "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1358", "@id": "CVE-2007-1358", "@source": "NVD" }, { "#text": "http://secunia.com/advisories/25721", "@id": "SA25721", "@source": "SECUNIA" }, { "#text": "http://www.securityfocus.com/bid/24524", "@id": "24524", "@source": "BID" }, { "#text": "http://www.securitytracker.com/id?1018269", "@id": "1018269", "@source": "SECTRACK" }, { "#text": "http://www.frsirt.com/english/advisories/2007/1729", "@id": "FrSIRT/ADV-2007-1729", "@source": "FRSIRT" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-79", "@title": "Cross-site Scripting(CWE-79)" } ], "title": "Apache Tomcat Accept-Language Header Cross-Site Scripting Vulnerability" }
jvndb-2008-001613
Vulnerability from jvndb
▼ | Type | URL |
---|---|---|
JVNDB_Ja | http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001613.html | |
Configuration(CWE-16) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-001613.html", "dc:date": "2008-09-09T16:21+09:00", "dcterms:issued": "2008-09-09T16:21+09:00", "dcterms:modified": "2008-09-09T16:21+09:00", "description": "Under certain conditions, the Single Sign-On function in the Fujitsu Interstage Application Server fails to properly update access control information.", "link": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-001613.html", "sec:cpe": [ { "#text": "cpe:/a:fujitsu:interstage_application_framework_suite", "@product": "Interstage Application Framework Suite", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_application_server", "@product": "Interstage Application Server", "@vendor": "FUJITSU", "@version": "2.2" } ], "sec:cvss": { "@score": "4.0", "@severity": "Medium", "@type": "Base", "@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "@version": "2.0" }, "sec:identifier": "JVNDB-2008-001613", "sec:references": [ { "#text": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001613.html", "@id": "JVNDB-2008-001613", "@source": "JVNDB_Ja" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-16", "@title": "Configuration(CWE-16)" } ], "title": "Fujitsu Interstage Application Server Access Control Update Problem" }
jvndb-2009-000036
Vulnerability from jvndb
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000036.html", "dc:date": "2012-09-28T13:35+09:00", "dcterms:issued": "2009-06-18T17:53+09:00", "dcterms:modified": "2012-09-28T13:35+09:00", "description": "Apache Tomcat from The Apache Software Foundation contains an information disclosure vulnerability.\r\n\r\nApache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies.\r\nApache Tomcat contains a vulnerability which may allow information disclosure or access to the contents contained in the WEB-INF directory.\r\n\r\nAccording to the developer, unsupported Apache Tomcat 3.x, 4.0.x, and 5.0.x may also be affected.\r\nFor more information, refer to the developer\u0027s website.\r\n\r\nMinehiko Iida and Yuichiro Suzuki of Development Dept. II Application Management Middleware Div. FUJITSU LIMITED reported this vulnerability to IPA. JPCERT/CC coordinated with The Apache Software Foundation and the vendors under Information Security Early Warning Partnership.", "link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000036.html", "sec:cpe": [ { "#text": "cpe:/a:apache:tomcat", "@product": "Apache Tomcat", "@vendor": "Apache Software Foundation", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_application_framework_suite", "@product": "Interstage Application Framework Suite", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_application_server", "@product": "Interstage Application Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_apworks", "@product": "Interstage Apworks", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_business_application_server", "@product": "Interstage Business Application Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_job_workload_server", "@product": "Interstage Job Workload Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_studio", "@product": "Interstage Studio", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_web_server", "@product": "Interstage Web Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:hp:tomcat-based_servlet_engine", "@product": "HP-UX Tomcat-based Servlet Engine", "@vendor": "Hewlett-Packard Development Company,L.P", "@version": "2.2" }, { "#text": "cpe:/a:nec:infoframe_documentskipper", "@product": "InfoFrame DocumentSkipper", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/a:nec:mcone", "@product": "MCOne", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/a:nec:websam_securemaster", "@product": "WebSAM SECUREMASTER", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/a:vmware:esx", "@product": "VMware ESX", "@vendor": "VMware", "@version": "2.2" }, { "#text": "cpe:/a:vmware:server", "@product": "VMware Server", "@vendor": "VMware", "@version": "2.2" }, { "#text": "cpe:/a:vmware:vcenter", "@product": "VMware vCenter", "@vendor": "VMware", "@version": "2.2" }, { "#text": "cpe:/a:vmware:virtualcenter", "@product": "VMware VirtualCenter", "@vendor": "VMware", "@version": "2.2" }, { "#text": "cpe:/o:apple:mac_os_x_server", "@product": "Apple Mac OS X Server", "@vendor": "Apple Inc.", "@version": "2.2" }, { "#text": "cpe:/o:hp:hp-ux", "@product": "HP-UX", "@vendor": "Hewlett-Packard Development Company,L.P", "@version": "2.2" }, { "#text": "cpe:/o:misc:miraclelinux_asianux_server", "@product": "Asianux Server", "@vendor": "Cybertrust Japan Co., Ltd.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:enterprise_linux", "@product": "Red Hat Enterprise Linux", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:enterprise_linux_desktop", "@product": "Red Hat Enterprise Linux Desktop", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:enterprise_linux_eus", "@product": "Red Hat Enterprise Linux EUS", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:rhel_desktop_workstation", "@product": "RHEL Desktop Workstation", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:sun:opensolaris", "@product": "OpenSolaris", "@vendor": "Sun Microsystems, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:sun:solaris", "@product": "Sun Solaris", "@vendor": "Sun Microsystems, Inc.", "@version": "2.2" } ], "sec:cvss": { "@score": "4.3", "@severity": "Medium", "@type": "Base", "@vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "@version": "2.0" }, "sec:identifier": "JVNDB-2009-000036", "sec:references": [ { "#text": "http://jvn.jp/en/jp/JVN63832775/index.html", "@id": "JVN#63832775", "@source": "JVN" }, { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5515", "@id": "CVE-2008-5515", "@source": "CVE" }, { "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5515", "@id": "CVE-2008-5515", "@source": "NVD" }, { "#text": "http://www.securityfocus.com/bid/35263", "@id": "35263", "@source": "BID" }, { "#text": "http://www.vupen.com/english/advisories/2009/1520", "@id": "VUPEN/ADV-2009-1520", "@source": "VUPEN" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-200", "@title": "Information Exposure(CWE-200)" } ], "title": "Apache Tomcat information disclosure vulnerability" }
jvndb-2010-002529
Vulnerability from jvndb
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-002529.html", "dc:date": "2010-12-24T16:25+09:00", "dcterms:issued": "2010-12-24T16:25+09:00", "dcterms:modified": "2010-12-24T16:25+09:00", "description": "Interstage Application Server has an access control security bypass vulnerability which could allow an attacker to access and execute a request from the IP address that should be denied.", "link": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-002529.html", "sec:cpe": [ { "#text": "cpe:/a:fujitsu:interstage_application_framework_suite", "@product": "Interstage Application Framework Suite", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_application_server", "@product": "Interstage Application Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_apworks", "@product": "Interstage Apworks", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_business_application_server", "@product": "Interstage Business Application Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_job_workload_server", "@product": "Interstage Job Workload Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_web_server", "@product": "Interstage Web Server", "@vendor": "FUJITSU", "@version": "2.2" } ], "sec:cvss": { "@score": "6.8", "@severity": "Medium", "@type": "Base", "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "@version": "2.0" }, "sec:identifier": "JVNDB-2010-002529", "sec:references": { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-noinfo", "@title": "No Mapping(CWE-noinfo)" }, "title": "Access Control Security Bypass Vulnerability in Interstage Application Server" }
jvndb-2007-001022
Vulnerability from jvndb
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-001022.html", "dc:date": "2009-11-16T11:52+09:00", "dcterms:issued": "2008-05-21T00:00+09:00", "dcterms:modified": "2009-11-16T11:52+09:00", "description": "The mod_autoindex.c module in Apache HTTP Server is vulnerable to a cross-site scripting attack. When the charset on a server-generated page is undefined, the vulnerability allows attackers to inject arbitrary scripts or HTML via the P parameter using the UTF-7 charset.", "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-001022.html", "sec:cpe": [ { "#text": "cpe:/a:apache:http_server", "@product": "Apache HTTP Server", "@vendor": "Apache Software Foundation", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_application_framework_suite", "@product": "Interstage Application Framework Suite", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_application_server", "@product": "Interstage Application Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_apworks", "@product": "Interstage Apworks", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_business_application_server", "@product": "Interstage Business Application Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_job_workload_server", "@product": "Interstage Job Workload Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_studio", "@product": "Interstage Studio", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_web_server", "@product": "Interstage Web Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:systemwalker_resource_coordinator", "@product": "Systemwalker Resource Coordinator", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:hitachi_web_server", "@product": "Hitachi Web Server", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_application_server", "@product": "uCosminexus Application Server", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_service", "@product": "uCosminexus Service", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/o:apple:mac_os_x_server", "@product": "Apple Mac OS X Server", "@vendor": "Apple Inc.", "@version": "2.2" }, { "#text": "cpe:/o:hp:hp-ux", "@product": "HP-UX", "@vendor": "Hewlett-Packard Development Company,L.P", "@version": "2.2" }, { "#text": "cpe:/o:misc:miraclelinux_asianux_server", "@product": "Asianux Server", "@vendor": "Cybertrust Japan Co., Ltd.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:enterprise_linux", "@product": "Red Hat Enterprise Linux", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:enterprise_linux_desktop", "@product": "Red Hat Enterprise Linux Desktop", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:linux_advanced_workstation", "@product": "Red Hat Linux Advanced Workstation", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:rhel_desktop_workstation", "@product": "RHEL Desktop Workstation", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_appliance_server", "@product": "Turbolinux Appliance Server", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_fuji", "@product": "Turbolinux FUJI", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_multimedia", "@product": "Turbolinux Multimedia", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_personal", "@product": "Turbolinux Personal", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_server", "@product": "Turbolinux Server", "@vendor": "Turbolinux, Inc.", "@version": "2.2" } ], "sec:cvss": { "@score": "4.3", "@severity": "Medium", "@type": "Base", "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "@version": "2.0" }, "sec:identifier": "JVNDB-2007-001022", "sec:references": [ { "#text": "http://jvn.jp/en/tr/TRTA08-150A/index.html", "@id": "TRTA08-150A", "@source": "JVNTR" }, { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4465", "@id": "CVE-2007-4465", "@source": "CVE" }, { "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4465", "@id": "CVE-2007-4465", "@source": "NVD" }, { "#text": "http://www.us-cert.gov/cas/alerts/SA08-150A.html", "@id": "SA08-150A", "@source": "CERT-SA" }, { "#text": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html", "@id": "TA08-150A", "@source": "CERT-TA" }, { "#text": "http://www.securityfocus.com/bid/25653", "@id": "25653", "@source": "BID" }, { "#text": "http://xforce.iss.net/xforce/xfdb/36586", "@id": "36586", "@source": "XF" }, { "#text": "http://www.securitytracker.com/id?1019194", "@id": "1019194", "@source": "SECTRACK" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-79", "@title": "Cross-site Scripting(CWE-79)" } ], "title": "Apache UTF-7 Encoding Cross-Site Scripting Vulnerability" }
jvndb-2010-001534
Vulnerability from jvndb
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-001534.html", "dc:date": "2010-06-22T11:24+09:00", "dcterms:issued": "2010-06-22T11:24+09:00", "dcterms:modified": "2010-06-22T11:24+09:00", "description": "The portal function of Interstage Portalworks and Interstage Interaction Manager is vulnerable to cross-site scripting.", "link": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-001534.html", "sec:cpe": [ { "#text": "cpe:/a:fujitsu:interstage_application_framework_suite", "@product": "Interstage Application Framework Suite", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_application_server", "@product": "Interstage Application Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_business_application_server", "@product": "Interstage Business Application Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_form_coordinator_workflow", "@product": "Interstage Form Coordinator Workflow", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_interaction_manager", "@product": "Interstage Interaction Manager", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_portalworks", "@product": "Interstage Portalworks", "@vendor": "FUJITSU", "@version": "2.2" } ], "sec:cvss": { "@score": "5.0", "@severity": "Medium", "@type": "Base", "@vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "@version": "2.0" }, "sec:identifier": "JVNDB-2010-001534", "sec:references": { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-79", "@title": "Cross-site Scripting(CWE-79)" }, "title": "Cross-Site Scripting Vulnerability in Interstage Portalworks and Interstage Interaction Manager Portal Function" }
jvndb-2008-001576
Vulnerability from jvndb
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-001576.html", "dc:date": "2012-02-15T18:13+09:00", "dcterms:issued": "2008-09-03T12:34+09:00", "dcterms:modified": "2012-02-15T18:13+09:00", "description": "The Interstage Management Console used in Fujitsu Interstage Application Server has a vulnerability which allows remote attackers to read or delete arbitrary files.", "link": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-001576.html", "sec:cpe": [ { "#text": "cpe:/a:fujitsu:interstage_application_framework_suite", "@product": "Interstage Application Framework Suite", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_application_server", "@product": "Interstage Application Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_apworks", "@product": "Interstage Apworks", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_business_application_server", "@product": "Interstage Business Application Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_job_workload_server", "@product": "Interstage Job Workload Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_studio", "@product": "Interstage Studio", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_web_server", "@product": "Interstage Web Server", "@vendor": "FUJITSU", "@version": "2.2" } ], "sec:cvss": { "@score": "6.4", "@severity": "Medium", "@type": "Base", "@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "@version": "2.0" }, "sec:identifier": "JVNDB-2008-001576", "sec:references": [ { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2674", "@id": "CVE-2008-2674", "@source": "CVE" }, { "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2674", "@id": "CVE-2008-2674", "@source": "NVD" }, { "#text": "http://secunia.com/advisories/30589", "@id": "SA30589", "@source": "SECUNIA" }, { "#text": "http://www.securityfocus.com/bid/27966", "@id": "27966", "@source": "BID" }, { "#text": "http://www.frsirt.com/english/advisories/2008/1771", "@id": "FrSIRT/ADV-2008-1771", "@source": "FRSIRT" }, { "#text": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001576.html", "@id": "JVNDB-2008-001576", "@source": "JVNDB_Ja" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-noinfo", "@title": "No Mapping(CWE-noinfo)" } ], "title": "Fujitsu Interstage Application Server Interstage Management Console Arbitrary File Read/Delete Vulnerability" }
jvndb-2010-000018
Vulnerability from jvndb
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000018.html", "dc:date": "2010-05-17T16:42+09:00", "dcterms:issued": "2010-05-17T16:42+09:00", "dcterms:modified": "2010-05-17T16:42+09:00", "description": "The Servlet service provided by the Interstage Application Server from Fujitsu Limited, contains a vulnerability where certain requests are not processed properly.\r\n\r\nThe Servlet service provided by the Interstage Application Server from Fujitsu Limited, contains a vulnerability where certain requests may be handled improperly depending on the settings at the load balancing device.", "link": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000018.html", "sec:cpe": [ { "#text": "cpe:/a:fujitsu:interstage_application_framework_suite", "@product": "Interstage Application Framework Suite", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_application_server", "@product": "Interstage Application Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_business_application_manager", "@product": "Interstage Business Application Manager", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_list_manager", "@product": "Interstage List Manager", "@vendor": "FUJITSU", "@version": "2.2" } ], "sec:cvss": { "@score": "6.4", "@severity": "Medium", "@type": "Base", "@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "@version": "2.0" }, "sec:identifier": "JVNDB-2010-000018", "sec:references": [ { "#text": "http://jvn.jp/en/jp/JVN90248889/index.html", "@id": "JVN#90248889", "@source": "JVN" }, { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1942", "@id": "CVE-2010-1942", "@source": "CVE" }, { "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1942", "@id": "CVE-2010-1942", "@source": "NVD" }, { "#text": "http://secunia.com/advisories/39803", "@id": "SA39803", "@source": "SECUNIA" }, { "#text": "http://www.securityfocus.com/bid/40189", "@id": "40189", "@source": "BID" }, { "#text": "http://www.vupen.com/english/advisories/2010/1165", "@id": "VUPEN/ADV-2010-1165", "@source": "VUPEN" }, { "#text": "http://osvdb.org/64703", "@id": "64703", "@source": "OSVDB" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-noinfo", "@title": "No Mapping(CWE-noinfo)" } ], "title": "Interstage Application Server vulnerable in request processing" }
jvndb-2010-002467
Vulnerability from jvndb
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-002467.html", "dc:date": "2010-12-14T15:18+09:00", "dcterms:issued": "2010-12-14T15:18+09:00", "dcterms:modified": "2010-12-14T15:18+09:00", "description": "Interstage Application Server has an information disclosure vulnerability when used in a J2EE environment.", "link": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-002467.html", "sec:cpe": [ { "#text": "cpe:/a:fujitsu:interstage_application_framework_suite", "@product": "Interstage Application Framework Suite", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_application_server", "@product": "Interstage Application Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_apworks", "@product": "Interstage Apworks", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_business_application_server", "@product": "Interstage Business Application Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_job_workload_server", "@product": "Interstage Job Workload Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_studio", "@product": "Interstage Studio", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_web_server", "@product": "Interstage Web Server", "@vendor": "FUJITSU", "@version": "2.2" } ], "sec:cvss": { "@score": "7.8", "@severity": "High", "@type": "Base", "@vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "@version": "2.0" }, "sec:identifier": "JVNDB-2010-002467", "sec:references": { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-200", "@title": "Information Exposure(CWE-200)" }, "title": "Interstage Application Server Information Disclosure Vulnerability" }
jvndb-2009-002358
Vulnerability from jvndb
▼ | Type | URL |
---|---|---|
Buffer Errors(CWE-119) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html | |
Improper Authentication(CWE-287) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html | |
Resource Management Errors(CWE-399) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-002358.html", "dc:date": "2009-12-28T11:19+09:00", "dcterms:issued": "2009-12-28T11:19+09:00", "dcterms:modified": "2009-12-28T11:19+09:00", "description": "Fujitsu Interstage and Systemwalker related products have the vulnerabilities listed below:\r\n- A buffer overflow vulnerability that can occur when the SSL server verifies the client\u0027s certificate.\r\n- A vulnerability that makes it possible to make an SSL connection using a server or client certificate issued by the old CA certificate after the CA certificate is renewed, regardless of the settings of the certificate environment variables.\r\n- A vulnerability where the depletion of resources, such as file descriptors, can occur on the SSL server.", "link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-002358.html", "sec:cpe": [ { "#text": "cpe:/a:fujitsu:infodirectory", "@product": "InfoDirectory", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:infoprovider_pro", "@product": "InfoProvider Pro", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:infoproxy", "@product": "InfoProxy", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:infoproxy_for_middleware", "@product": "InfoProxy for Middleware", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage", "@product": "Interstage", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_apcoordinator", "@product": "Interstage Apcoordinator", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_application_framework_suite", "@product": "Interstage Application Framework Suite", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_application_server", "@product": "Interstage Application Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_apworks", "@product": "Interstage Apworks", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_business_application_manager", "@product": "Interstage Business Application Manager", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_form_coordinator_syomei_option", "@product": "Interstage Form Coordinator syomei option", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_security_director", "@product": "Interstage Security Director", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_traffic_director", "@product": "Interstage Traffic Director", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:linkexpress", "@product": "Linkexpress", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:safeauthor", "@product": "Safeauthor", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:safegate", "@product": "Safegate", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:safegate_client", "@product": "safegate Client", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:safegate_syutyu_kanri", "@product": "Safegate syutyu kanri", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:symfoware_universal_data_interchanger", "@product": "SymfoWARE Universal Data Interchanger", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:systemwalker_centricmgr-a", "@product": "Systemwalker CentricMGR-A", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:systemwalker_centric_manager", "@product": "Systemwalker Centric Manager", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:systemwalker_desktop_inspection", "@product": "Systemwalker Desktop Inspection", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:systemwalker_desktop_patrol", "@product": "Systemwalker Desktop Patrol", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:systemwalker_formcoordinator_syomei_option", "@product": "Systemwalker Formcoordinator syomei option", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:systemwalker_infodirectory", "@product": "SystemWalker/InfoDirectory", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:systemwalker_it_budgetmgr", "@product": "SystemWalker IT BudgetMGR", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:systemwalker_it_budget_manager", "@product": "Systemwalker IT Budget Manager", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:systemwalker_software_delivery", "@product": "Systemwalker Software Delivery", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:trademaster", "@product": "TRADEMASTER", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:trmaster", "@product": "TRMASTER", "@vendor": "FUJITSU", "@version": "2.2" } ], "sec:cvss": { "@score": "5.0", "@severity": "Medium", "@type": "Base", "@vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "@version": "2.0" }, "sec:identifier": "JVNDB-2009-002358", "sec:references": [ { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-119", "@title": "Buffer Errors(CWE-119)" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-287", "@title": "Improper Authentication(CWE-287)" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-399", "@title": "Resource Management Errors(CWE-399)" } ], "title": "Fujitsu Interstage and Systemwalker SSL Vulnerabilities" }
jvndb-2005-000804
Vulnerability from jvndb
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000804.html", "dc:date": "2008-07-07T18:04+09:00", "dcterms:issued": "2008-05-21T00:00+09:00", "dcterms:modified": "2008-07-07T18:04+09:00", "description": "Apache Tomcat, an implementation of the Java Servlet and JavaServer Pages technologies, contains a vulnerability in processing specific requests.\r\n\r\nTo avoid this vulnerability, use the connectors other than AJP 1.3 Connector when connecting Apache Tomcat to a web server. Apache Tomcat supports Coyote JK Connector and Coyote HTTP/1.1 Connector.", "link": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000804.html", "sec:cpe": [ { "#text": "cpe:/a:apache:tomcat", "@product": "Apache Tomcat", "@vendor": "Apache Software Foundation", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:campusmate_portal", "@product": "Campusmate/Portal", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:internet_navigware_server", "@product": "Internet Navigware Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_application_framework_suite", "@product": "Interstage Application Framework Suite", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_application_server", "@product": "Interstage Application Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_business_application_server", "@product": "Interstage Business Application Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_job_workload_server", "@product": "Interstage Job Workload Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_list_manager", "@product": "Interstage List Manager", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_application_server", "@product": "Cosminexus Application Server", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_developer", "@product": "Cosminexus Developer", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_primary_server", "@product": "Cosminexus Primary Server", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:embedded_cosminexus_server", "@product": "Embedded Cosminexus Server", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:nec:webotx_application_server", "@product": "WebOTX Application Server", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/a:nec:websam_systemmanager", "@product": "WebSAM SystemManager", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/h:nec:spectral_wave_manager", "@product": "Spectral Wave Manager Series", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/o:apple:mac_os_x", "@product": "Apple Mac OS X", "@vendor": "Apple Inc.", "@version": "2.2" }, { "#text": "cpe:/o:apple:mac_os_x_server", "@product": "Apple Mac OS X Server", "@vendor": "Apple Inc.", "@version": "2.2" }, { "#text": "cpe:/o:misc:miraclelinux_asianux_server", "@product": "Asianux Server", "@vendor": "Cybertrust Japan Co., Ltd.", "@version": "2.2" }, { "#text": "cpe:/o:sun:solaris", "@product": "Sun Solaris", "@vendor": "Sun Microsystems, Inc.", "@version": "2.2" } ], "sec:cvss": { "@score": "2.6", "@severity": "Low", "@type": "Base", "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "@version": "2.0" }, "sec:identifier": "JVNDB-2005-000804", "sec:references": [ { "#text": "http://jvn.jp/en/jp/JVN79314822/index.html", "@id": "JVN#79314822", "@source": "JVN" }, { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3164", "@id": "CVE-2005-3164", "@source": "CVE" }, { "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-3164", "@id": "CVE-2005-3164", "@source": "NVD" }, { "#text": "http://secunia.com/advisories/17019", "@id": "SA17019", "@source": "SECUNIA" }, { "#text": "http://www.securityfocus.com/bid/15003", "@id": "15003", "@source": "BID" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-200", "@title": "Information Exposure(CWE-200)" } ], "title": "Tomcat vulnerable in request processing" }
jvndb-2007-000218
Vulnerability from jvndb
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000218.html", "dc:date": "2008-05-21T00:00+09:00", "dcterms:issued": "2008-05-21T00:00+09:00", "dcterms:modified": "2008-05-21T00:00+09:00", "description": "The Servlet Service for Interstage Business Application and the Servlet Service for Interstage Management Console (may be referred to as \"Servlet Service for Interstage Operation Management\" in certain versions) included in the Interstage product series from Fujitsu contain a cross-site scripting vulnerability.\r\n\r\nAs of March 19, 2007, Fujitsu has announced workarounds for this issue. For more information, refer to the vendor\u0027s website.", "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000218.html", "sec:cpe": [ { "#text": "cpe:/a:fujitsu:interstage_application_framework_suite", "@product": "Interstage Application Framework Suite", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_application_server", "@product": "Interstage Application Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_apworks", "@product": "Interstage Apworks", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_business_application_server", "@product": "Interstage Business Application Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_job_workload_server", "@product": "Interstage Job Workload Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_security_director", "@product": "Interstage Security Director", "@vendor": "FUJITSU", "@version": "2.2" } ], "sec:cvss": { "@score": "4.3", "@severity": "Medium", "@type": "Base", "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "@version": "2.0" }, "sec:identifier": "JVNDB-2007-000218", "sec:references": [ { "#text": "http://jvn.jp/en/jp/JVN83832818/index.html", "@id": "JVN#83832818", "@source": "JVN" }, { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1504", "@id": "CVE-2007-1504", "@source": "CVE" }, { "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1504", "@id": "CVE-2007-1504", "@source": "NVD" }, { "#text": "http://secunia.com/advisories/24508/", "@id": "SA24508", "@source": "SECUNIA" }, { "#text": "http://xforce.iss.net/xforce/xfdb/33099", "@id": "33099", "@source": "XF" }, { "#text": "http://www.frsirt.com/english/advisories/2007/0996", "@id": "FrSIRT/ADV-2007-0996", "@source": "FRSIRT" } ], "title": "Interstage Application Server cross-site scripting vulnerability" }
jvndb-2007-000819
Vulnerability from jvndb
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000819.html", "dc:date": "2013-07-18T18:58+09:00", "dcterms:issued": "2008-05-21T00:00+09:00", "dcterms:modified": "2013-07-18T18:58+09:00", "description": "mod_imap and mod_imagemap modules of the Apache HTTP Server are vulnerable to cross-site scripting.\r\n\r\nThe Apache HTTP Server is open source web server software. The Apache HTTP Server modules mod_imap and mod_imagemap provide server-side imagemap processing capability.\r\nThe Apache HTTP Server modules mod_imap and mod_imagemap are vulnerable to cross-site scripting.", "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000819.html", "sec:cpe": [ { "#text": "cpe:/a:apache:http_server", "@product": "Apache HTTP Server", "@vendor": "Apache Software Foundation", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_application_framework_suite", "@product": "Interstage Application Framework Suite", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_application_server", "@product": "Interstage Application Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_apworks", "@product": "Interstage Apworks", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_business_application_server", "@product": "Interstage Business Application Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_job_workload_server", "@product": "Interstage Job Workload Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_studio", "@product": "Interstage Studio", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_web_server", "@product": "Interstage Web Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:systemwalker_resource_coordinator", "@product": "Systemwalker Resource Coordinator", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_application_server", "@product": "Cosminexus Application Server", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_developer", "@product": "Cosminexus Developer", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_server", "@product": "Cosminexus Server", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:hitachi_web_server", "@product": "Hitachi Web Server", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_application_server", "@product": "uCosminexus Application Server", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_developer", "@product": "uCosminexus Developer", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_service", "@product": "uCosminexus Service", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:ibm:http_server", "@product": "IBM HTTP Server", "@vendor": "IBM Corporation", "@version": "2.2" }, { "#text": "cpe:/a:oracle:http_server", "@product": "Oracle HTTP Server", "@vendor": "Oracle Corporation", "@version": "2.2" }, { "#text": "cpe:/a:redhat:rhel_application_stack", "@product": "Red Hat Application Stack", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/h:nec:wanbooster", "@product": "WanBooster", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/o:apple:mac_os_x", "@product": "Apple Mac OS X", "@vendor": "Apple Inc.", "@version": "2.2" }, { "#text": "cpe:/o:apple:mac_os_x_server", "@product": "Apple Mac OS X Server", "@vendor": "Apple Inc.", "@version": "2.2" }, { "#text": "cpe:/o:hp:hp-ux", "@product": "HP-UX", "@vendor": "Hewlett-Packard Development Company,L.P", "@version": "2.2" }, { "#text": "cpe:/o:misc:miraclelinux_asianux_server", "@product": "Asianux Server", "@vendor": "Cybertrust Japan Co., Ltd.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:enterprise_linux", "@product": "Red Hat Enterprise Linux", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:enterprise_linux_desktop", "@product": "Red Hat Enterprise Linux Desktop", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:linux_advanced_workstation", "@product": "Red Hat Linux Advanced Workstation", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:rhel_desktop_workstation", "@product": "RHEL Desktop Workstation", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:sun:solaris", "@product": "Sun Solaris", "@vendor": "Sun Microsystems, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_appliance_server", "@product": "Turbolinux Appliance Server", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_fuji", "@product": "Turbolinux FUJI", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_multimedia", "@product": "Turbolinux Multimedia", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_personal", "@product": "Turbolinux Personal", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_server", "@product": "Turbolinux Server", "@vendor": "Turbolinux, Inc.", "@version": "2.2" } ], "sec:cvss": { "@score": "4.3", "@severity": "Medium", "@type": "Base", "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "@version": "2.0" }, "sec:identifier": "JVNDB-2007-000819", "sec:references": [ { "#text": "http://jvn.jp/en/jp/JVN80057925/index.html", "@id": "JVN#80057925", "@source": "JVN" }, { "#text": "https://jvn.jp/en/tr/TRTA08-079A/index.html", "@id": "TRTA08-079A", "@source": "JVNTR" }, { "#text": "https://jvn.jp/en/tr/TRTA08-150A/index.html", "@id": "TRTA08-150A", "@source": "JVNTR" }, { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000", "@id": "CVE-2007-5000", "@source": "CVE" }, { "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5000", "@id": "CVE-2007-5000", "@source": "NVD" }, { "#text": "http://secunia.com/advisories/28046", "@id": "SA28046", "@source": "SECUNIA" }, { "#text": "http://secunia.com/advisories/28073", "@id": "SA28073", "@source": "SECUNIA" }, { "#text": "http://www.frsirt.com/english/advisories/2007/4201", "@id": "FrSIRT/ADV-2007-4201", "@source": "FRSIRT" }, { "#text": "http://www.frsirt.com/english/advisories/2007/4202", "@id": "FrSIRT/ADV-2007-4202", "@source": "FRSIRT" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-79", "@title": "Cross-site Scripting(CWE-79)" } ], "title": "Cross-site scripting vulnerability in Apache HTTP Server \"mod_imap\" and \"mod_imagemap\"" }
jvndb-2008-000069
Vulnerability from jvndb
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000069.html", "dc:date": "2009-07-08T11:38+09:00", "dcterms:issued": "2008-10-10T15:44+09:00", "dcterms:modified": "2009-07-08T11:38+09:00", "description": "Apache Tomcat from The Apache Software Foundation contains a vulnerability which may allow a user from a non-premitted IP address to gain access.\r\n\r\nApache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies.\r\nApache Tomcat contains a vulnerability which may allow a user from a non-permitted IP address to gain access to a protected context. \r\n\r\nThis vulnerability was addressed and solved in ASF Bugzilla - Bug 25835. However there was no description regarding this vulnerability in ASF Bugzilla - Bug 25835. Therefore, The Apache Tomcat Development Team has decided to publish an advisory regarding this issue. \r\n\r\nKenichi Tsukamoto of Development Dept. II Application Management Middleware Div. FUJITSU LIMITED reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with The Apache Software Foundation and the vendors under Information Security Early Warning Partnership.", "link": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000069.html", "sec:cpe": [ { "#text": "cpe:/a:apache:tomcat", "@product": "Apache Tomcat", "@vendor": "Apache Software Foundation", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_application_framework_suite", "@product": "Interstage Application Framework Suite", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_application_server", "@product": "Interstage Application Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_apworks", "@product": "Interstage Apworks", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_business_application_server", "@product": "Interstage Business Application Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_job_workload_server", "@product": "Interstage Job Workload Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_studio", "@product": "Interstage Studio", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_web_server", "@product": "Interstage Web Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:nec:webotx_application_server", "@product": "WebOTX Application Server", "@vendor": "NEC Corporation", "@version": "2.2" } ], "sec:cvss": { "@score": "2.6", "@severity": "Low", "@type": "Base", "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "@version": "2.0" }, "sec:identifier": "JVNDB-2008-000069", "sec:references": [ { "#text": "http://jvn.jp/en/jp/JVN30732239/index.html", "@id": "JVN#30732239", "@source": "JVN" }, { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3271", "@id": "CVE-2008-3271", "@source": "CVE" }, { "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3271", "@id": "CVE-2008-3271", "@source": "NVD" }, { "#text": "http://secunia.com/advisories/32234", "@id": "SA32234", "@source": "SECUNIA" }, { "#text": "http://secunia.com/advisories/32213/", "@id": "SA32213", "@source": "SECUNIA" }, { "#text": "http://www.securityfocus.com/bid/31698", "@id": "31698", "@source": "BID" }, { "#text": "http://www.frsirt.com/english/advisories/2008/2793", "@id": "FrSIRT/ADV-2008-2793", "@source": "FRSIRT" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-264", "@title": "Permissions(CWE-264)" } ], "title": "Apache Tomcat allows access from a non-permitted IP address" }
jvndb-2014-000045
Vulnerability from jvndb
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000045.html", "dc:date": "2015-05-08T18:01+09:00", "dcterms:issued": "2014-04-25T15:37+09:00", "dcterms:modified": "2015-05-08T18:01+09:00", "description": "Apache Struts provided by the Apache Software Foundation is a software framework for creating Java web applications. Apache Struts contains a vulnerability where the ClassLoader may be manipulated.\r\n\r\nNTT-CERT reported this vulnerability to IPA.\r\n JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.", "link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000045.html", "sec:cpe": [ { "#text": "cpe:/a:apache:struts", "@product": "Apache Struts", "@vendor": "Apache Software Foundation", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:cloud_infrastructure_management_software", "@product": "Cloud Infrastructure Management Software", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:integrated_system_ha_database_ready", "@product": "FUJITSU Integrated System HA Database Ready", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage", "@product": "Interstage", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_application_development_cycle_manager", "@product": "Interstage Application Development Cycle Manager", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_application_framework_suite", "@product": "Interstage Application Framework Suite", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_application_server", "@product": "Interstage Application Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_apworks", "@product": "Interstage Apworks", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_business_application_server", "@product": "Interstage Business Application Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_interaction_manager", "@product": "Interstage Interaction Manager", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_job_workload_server", "@product": "Interstage Job Workload Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_service_integrator", "@product": "Interstage Service Integrator", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_studio", "@product": "Interstage Studio", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:serverview", "@product": "ServerView", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:symfoware", "@product": "Symfoware", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:systemwalker_service_catalog_manager", "@product": "Systemwalker Service Catalog Manager", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:systemwalker_service_quality_coordinator", "@product": "Systemwalker Service Quality Coordinator", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:systemwalker_software_configuration_manager", "@product": "Systemwalker Software Configuration Manager", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:triole", "@product": "TRIOLE", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/o:misc:miraclelinux_asianux_server", "@product": "Asianux Server", "@vendor": "Cybertrust Japan Co., Ltd.", "@version": "2.2" } ], "sec:cvss": { "@score": "7.5", "@severity": "High", "@type": "Base", "@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "@version": "2.0" }, "sec:identifier": "JVNDB-2014-000045", "sec:references": [ { "#text": "http://jvn.jp/en/jp/JVN19294237/index.html", "@id": "JVN#19294237", "@source": "JVN" }, { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0094", "@id": "CVE-2014-0094", "@source": "CVE" }, { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0112", "@id": "CVE-2014-0112", "@source": "CVE" }, { "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0094", "@id": "CVE-2014-0094", "@source": "NVD" }, { "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0112", "@id": "CVE-2014-0112", "@source": "NVD" }, { "#text": "http://www.ipa.go.jp/security/ciadr/vul/20140417-struts.html", "@id": "[Updated] Security Alert for Vulnerability in the \"Apache Struts2\" (CVE-2014-0094)(S2-020)", "@source": "IPA SECURITY ALERTS" }, { "#text": "http://www.kb.cert.org/vuls/id/719225", "@id": "VU#719225", "@source": "CERT-VN" }, { "#text": "http://www.konakart.com/downloads/ver-7-3-0-0-whats-new/", "@id": "Ver 7.3.0.0 - What\u2019s New?", "@source": "Related document" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-DesignError", "@title": "No Mapping(CWE-DesignError)" } ], "title": "Apache Struts vulnerable to ClassLoader manipulation" }
var-200507-0034
Vulnerability from variot
Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling.". A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system. Multiple vendors' products are prone to HTTP-request-smuggling issues. Attackers can piggyback an HTTP request inside of another HTTP request. By leveraging failures to implement the HTTP/1.1 RFC properly, attackers can launch cache-poisoning, cross-site scripting, session-hijacking, and other attacks. Title: CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities
CA Advisory Reference: CA20090123-01
CA Advisory Date: 2009-01-23
Reported By: n/a
Impact: Refer to the CVE identifiers for details.
Summary: Multiple security risks exist in Apache Tomcat as included with CA Cohesion Application Configuration Manager. CA has issued an update to address the vulnerabilities. Refer to the References section for the full list of resolved issues by CVE identifier.
Mitigating Factors: None
Severity: CA has given these vulnerabilities a Medium risk rating.
Affected Products: CA Cohesion Application Configuration Manager 4.5
Non-Affected Products CA Cohesion Application Configuration Manager 4.5 SP1
Affected Platforms: Windows
Status and Recommendation: CA has issued the following update to address the vulnerabilities.
CA Cohesion Application Configuration Manager 4.5:
RO04648 https://support.ca.com/irj/portal/anonymous/redirArticles?reqPage=search &searchID=RO04648
How to determine if you are affected:
- Using Windows Explorer, locate the file "RELEASE-NOTES".
- By default, the file is located in the "C:\Program Files\CA\Cohesion\Server\server\" directory.
- Open the file with a text editor.
- If the version is less than 5.5.25, the installation is vulnerable.
Workaround: None
References (URLs may wrap): CA Support: http://support.ca.com/ CA20090123-01: Security Notice for Cohesion Tomcat https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=1975 40 Solution Document Reference APARs: RO04648 CA Security Response Blog posting: CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx Reported By: n/a CVE References: CVE-2005-2090 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2090 CVE-2005-3510 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3510 CVE-2006-3835 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3835 CVE-2006-7195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7195 CVE-2006-7196 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7196 CVE-2007-0450 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450 CVE-2007-1355 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1355 CVE-2007-1358 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1358 CVE-2007-1858 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1858 CVE-2007-2449 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2449 CVE-2007-2450 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2450 CVE-2007-3382 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3382 CVE-2007-3385 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385 CVE-2007-3386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3386 CVE-2008-0128 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0128 *Note: the issue was not completely fixed by Tomcat maintainers. OSVDB References: Pending http://osvdb.org/
Changelog for this advisory: v1.0 - Initial Release v1.1 - Updated Impact, Summary, Affected Products
Customers who require additional information should contact CA Technical Support at http://support.ca.com.
For technical questions or comments related to this advisory, please send email to vuln AT ca DOT com.
If you discover a vulnerability in CA products, please report your findings to the CA Product Vulnerability Response Team. https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=1777 82
Regards, Ken Williams, Director ; 0xE2941985 CA Product Vulnerability Response Team
CA, 1 CA Plaza, Islandia, NY 11749
Contact http://www.ca.com/us/contact/ Legal Notice http://www.ca.com/us/legal/ Privacy Policy http://www.ca.com/us/privacy/ Copyright (c) 2009 CA. All rights reserved.
Bist Du interessiert an einem neuen Job in IT-Sicherheit?
Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/
TITLE: Nucleus XML-RPC PHP Code Execution Vulnerability
SECUNIA ADVISORY ID: SA15895
VERIFY ADVISORY: http://secunia.com/advisories/15895/
CRITICAL: Highly critical
IMPACT: System access
WHERE:
From remote
SOFTWARE: Nucleus 3.x http://secunia.com/product/3699/
DESCRIPTION: A vulnerability has been reported in Nucleus, which can be exploited by malicious people to compromise a vulnerable system.
For more information: SA15852
SOLUTION: Update to version 3.21. http://sourceforge.net/project/showfiles.php?group_id=66479
OTHER REFERENCES: SA15852: http://secunia.com/advisories/15852/
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01178795 Version: 1
HPSBUX02262 SSRT071447 rev. 1 - HP-UX running Apache, Remote Arbitrary Code Execution, Cross Site Scripting (XSS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2007-10-02 Last Updated: 2007-10-02
Potential Security Impact: Remote arbitrary code execution, cross site scripting (XSS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Apache running on HP-UX. The vulnerabilities could be exploited remotely via Cross Site Scripting (XSS) to execute arbitrary code.
References: CVE-2005-2090, CVE-2006-5752, CVE-2007-0450, CVE-2007-0774, CVE-2007-1355, CVE-2007-1358, CVE-2007-1860, CVE-2007-1863, CVE-2007-1887, CVE-2007-1900, CVE-2007-2449, CVE-2007-2450, CVE-2007-2756, CVE-2007-2872, CVE-2007-3382, CVE-2007-3385, CVE-2007-3386.
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running Apache
BACKGROUND To determine if a system has an affected version, search the output of "swlist -a revision -l fileset" for an affected fileset. Then determine if the recommended patch or update is installed.
AFFECTED VERSIONS
For IPv4: HP-UX B.11.11 ============= hpuxwsAPACHE action: install revision A.2.0.59.00 or subsequent restart Apache URL: https://www.hp.com/go/softwaredepot/
For IPv6: HP-UX B.11.11 HP-UX B.11.23 HP-UX B.11.31 ============= hpuxwsAPACHE,revision=B.1.0.00.01 hpuxwsAPACHE,revision=B.1.0.07.01 hpuxwsAPACHE,revision=B.1.0.08.01 hpuxwsAPACHE,revision=B.1.0.09.01 hpuxwsAPACHE,revision=B.1.0.10.01 hpuxwsAPACHE,revision=B.2.0.48.00 hpuxwsAPACHE,revision=B.2.0.49.00 hpuxwsAPACHE,revision=B.2.0.50.00 hpuxwsAPACHE,revision=B.2.0.51.00 hpuxwsAPACHE,revision=B.2.0.52.00 hpuxwsAPACHE,revision=B.2.0.53.00 hpuxwsAPACHE,revision=B.2.0.54.00 hpuxwsAPACHE,revision=B.2.0.55.00 hpuxwsAPACHE,revision=B.2.0.56.00 hpuxwsAPACHE,revision=B.2.0.58.00 hpuxwsAPACHE,revision=B.2.0.58.01
action: install revision B.2.0.59.00 or subsequent restart Apache URL: https://www.hp.com/go/softwaredepot/
END AFFECTED VERSIONS
RESOLUTION HP has made the following available to resolve the vulnerability. HP-UX Apache-based Web Server v.2.18 powered by Apache Tomcat Webmin or subsequent. The update is available on https://www.hp.com/go/softwaredepot/ Note: HP-UX Apache-based Web Server v.2.18 powered by Apache Tomcat Webmin contains HP-UX Apache-based Web Server v.2.0.59.00.
MANUAL ACTIONS: Yes - Update Install HP-UX Apache-based Web Server v.2.18 powered by Apache Tomcat Webmin or subsequent.
PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all HP-issued Security Bulletins and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
HISTORY Revision: 1 (rev.1) - 02 October 2007 Initial release
Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
- The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
\xa9Copyright 2007 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: PGP 8.1
iQA/AwUBRwVCruAfOvwtKn1ZEQK1YgCfavU7x1Hs59uLdP26lpZFwMxKofIAn3gJ HHoe3AY1sc6hrW3Xk+B1hcbr =+E1W -----END PGP SIGNATURE----- . Summary:
Updated Tomcat and Java JRE packages for VirtualCenter 2.0.2, ESX Server 3.0.2, and ESX 3.0.1. Relevant releases:
VirtualCenter Management Server 2 ESX Server 3.0.2 without patch ESX-1002434 ESX Server 3.0.1 without patch ESX-1003176
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2005-2090, CVE-2006-7195, and CVE-2007-0450 to these issues.
JRE Security Update This release of VirtualCenter Server updates the JRE package from 1.5.0_7 to 1.5.0_12, which addresses a security issue that existed in the earlier release of JRE.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-3004 to this issue.
Security best practices provided by VMware recommend that the
service console be isolated from the VM network. Please see
http://www.vmware.com/resources/techresources/726 for more
information on VMware security best practices. Solution:
Please review the Patch notes for your product and version and verify the md5sum of your downloaded file.
VMware VirtualCenter 2.0.2 Update 2 Release Notes http://www.vmware.com/support/vi3/doc/releasenotes_vc202u2.html
VirtualCenter CD image md5sum d7d98a5d7f8afff32cee848f860d3ba7
VirtualCenter as Zip md5sum 3b42ec350121659e10352ca2d76e212b
ESX Server 3.0.2 http://kb.vmware.com/kb/1002434 md5sum: 2f52251f6ace3d50934344ef313539d5
ESX Server 3.0.1 http://kb.vmware.com/kb/1003176 md5sum: 5674ca0dcfac90726014cc316444996e
- Contact:
E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
- security-announce@lists.vmware.com
- bugtraq@securityfocus.com
- full-disclosure@lists.grok.org.uk
E-mail: security@vmware.com
Security web site http://www.vmware.com/security
VMware security response policy http://www.vmware.com/support/policies/security_response.html
General support life cycle policy http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html
Copyright 2008 VMware Inc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
CVE-2013-4286 Incomplete fix for CVE-2005-2090 (Information disclosure)
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected: - - Apache Tomcat 8.0.0-RC1 - - Apache Tomcat 7.0.0 to 7.0.42 - - Apache Tomcat 6.0.0 to 6.0.37
Description: The fix for CVE-2005-2090 was not complete. It did not cover the following cases: - - content-length header with chunked encoding over any HTTP connector - - multiple content-length headers over any AJP connector
Requests with multiple content-length headers or with a content-length header when chunked encoding is being used should be rejected as invalid. When multiple components (firewalls, caches, proxies and Tomcat) process a sequence of requests where one or more requests contain either multiple content-length headers or a content-length header when chunked encoding is being used and several components do not reject the request and make different decisions as to which content-length header to use an attacker can poison a web-cache, perform an XSS attack and obtain sensitive information from requests other then their own. Tomcat now rejects requests with multiple content-length headers or with a content-length header when chunked encoding is being used.
Mitigation: Users of affected versions should apply one of the following mitigations - - Upgrade to Apache Tomcat 8.0.0-RC3 or later (8.0.0-RC2 contains the fix but was not released) - - Upgrade to Apache Tomcat 7.0.47 or later (7.0.43 to 7.0.46 contain the fix but were not released) - - Upgrade to Apache Tomcat 6.0.39 or later (6.0.38 contains the fix but was not released)
Credit: This issue was identified by the Apache Tomcat security team while investigating an invalid report related to CVE-2005-2090
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200507-0034", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "tomcat", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "5.0.19" }, { "model": "tomcat", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "4.1.24" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "drupal", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "gentoo linux", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "mandriva", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "pear xml rpc", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "phpxmlrpc", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "postnuke", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "red hat", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "serendipity", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "trustix secure linux", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "ubuntu linux", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "wordpress", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "xoops", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "phpmyfaq", "version": null }, { "model": "tomcat", "scope": "lte", "trust": 0.8, "vendor": "apache", "version": "4.0.6" }, { "model": "tomcat", "scope": "lte", "trust": 0.8, "vendor": "apache", "version": "4.1.34" }, { "model": "tomcat", "scope": "lte", "trust": 0.8, "vendor": "apache", "version": "5.0.30" }, { "model": "tomcat", "scope": "lte", "trust": 0.8, "vendor": "apache", "version": "5.5.22" }, { "model": "tomcat", "scope": "lte", "trust": 0.8, "vendor": "apache", "version": "6.0.10" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "2.0" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "2.1" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "10 (sparc)" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "10 (x86)" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "9 (sparc)" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "9 (x86)" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.11" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.23" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.31" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (server)" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5.0 (client)" }, { "model": "rhel desktop workstation", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (client)" }, { "model": "webotx application server", "scope": "lt", "trust": 0.8, "vendor": "nec", "version": "v7.11" }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "enterprise version 6" }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard version 6" }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 5" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "light version 6" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional version 6" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard version 6" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 5" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "enterprise" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "light" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard" }, { "model": "ucosminexus service", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "architect" }, { "model": "ucosminexus service", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "platform" }, { "model": "interstage application framework suite", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage apworks", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage business application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage job workload server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage studio", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage web server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "coyote http connector", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "1.1" }, { "model": "coyote http connector", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "1.0" }, { "model": "virtualcenter management server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2" }, { "model": "esx server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "3.0.2" }, { "model": "esx server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "3.0.1" }, { "model": "linux enterprise server sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "9" }, { "model": "linux enterprise server", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "9" }, { "model": "linux enterprise server", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "8" }, { "model": "linux enterprise server sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "linux enterprise server", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "linux enterprise sdk 10.sp1", "scope": null, "trust": 0.3, "vendor": "suse", "version": null }, { "model": "linux enterprise sdk sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "linux enterprise sdk", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "linux enterprise desktop sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "linux enterprise desktop", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "linux enterprise sp1 debuginfo", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10.3" }, { "model": "linux professional x86 64", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10.2" }, { "model": "linux personal x86 64", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10.2" }, { "model": "solaris 9 x86", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "solaris 9 sparc", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "solaris 10 x86", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "solaris 10 sparc", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "one web server sp4", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "6.1" }, { "model": "one web server sp2", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "6.1" }, { "model": "one web server sp1", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "6.1" }, { "model": "one web server", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "6.1" }, { "model": "unitedlinux", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "1.0" }, { "model": "suse linux standard server", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "8.0" }, { "model": "suse linux school server for i386", "scope": null, "trust": 0.3, "vendor": "s u s e", "version": null }, { "model": "suse linux retail solution", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "8.0" }, { "model": "suse linux openexchange server", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "4.0" }, { "model": "suse linux open-xchange", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "4.1" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.2" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.1" }, { "model": "open-enterprise-server", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "9.0" }, { "model": "open-enterprise-server", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "1" }, { "model": "open-enterprise-server", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "0" }, { "model": "office server", "scope": null, "trust": 0.3, "vendor": "s u s e", "version": null }, { "model": "novell linux pos", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "9" }, { "model": "novell linux desktop sdk", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "9.0" }, { "model": "novell linux desktop", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "9.0" }, { "model": "novell linux desktop", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "1.0" }, { "model": "linux professional oss", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.0" }, { "model": "linux professional", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.0" }, { "model": "linux professional", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.2" }, { "model": "linux professional", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.1" }, { "model": "linux personal oss", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.0" }, { "model": "linux personal", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.2" }, { "model": "linux personal", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.1" }, { "model": "linux openexchange server", "scope": null, "trust": 0.3, "vendor": "s u s e", "version": null }, { "model": "linux office server", "scope": null, "trust": 0.3, "vendor": "s u s e", "version": null }, { "model": "linux desktop", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "1.0" }, { "model": "linux desktop", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.1x86-64" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.1x86" }, { "model": "linux ppc", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.0x86-64" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.0x86" }, { "model": "linux ppc", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.0" }, { "model": "network satellite (for rhel", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4)4.2" }, { "model": "enterprise linux virtualization server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "enterprise linux optional productivity application server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "enterprise linux hardware certification", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "enterprise linux desktop workstation client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "enterprise linux desktop multi os client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "certificate server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7.3" }, { "model": "hat red hat network satellite server", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5.0" }, { "model": "hat red hat network satellite server", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "4.2" }, { "model": "hat red hat network satellite server", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "4.1" }, { "model": "hat red hat network satellite server", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "4.0" }, { "model": "hat network satellite (for rhel", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "3)4.2" }, { "model": "hat enterprise linux supplementary server", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "hat enterprise linux desktop supplementary client", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "hat enterprise linux desktop client", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "hat enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "oracle9i application server web cache", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.0.2.3" }, { "model": "oracle9i application server web cache", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.0.2.2" }, { "model": "oracle9i application server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.0.2" }, { "model": "zenworks linux management", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "7.3" }, { "model": "iis", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "6.0" }, { "model": "iis", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "5.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1.3" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1.2" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1.1" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.0.5" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.0.4" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.0.3" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.0.2" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2.9" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2.8" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2.7" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2.6" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2.5" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2.4" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2.3" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2.2" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2.10" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2.1" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.1" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "delegate", "scope": "eq", "trust": 0.3, "vendor": "delegate", "version": "8.11.1" }, { "model": "delegate", "scope": "eq", "trust": 0.3, "vendor": "delegate", "version": "8.11" }, { "model": "delegate", "scope": "eq", "trust": 0.3, "vendor": "delegate", "version": "8.10.6" }, { "model": "delegate", "scope": "eq", "trust": 0.3, "vendor": "delegate", "version": "8.10.5" }, { "model": "delegate", "scope": "eq", "trust": 0.3, "vendor": "delegate", "version": "8.10.4" }, { "model": "delegate", "scope": "eq", "trust": 0.3, "vendor": "delegate", "version": "8.10.3" }, { "model": "delegate", "scope": "eq", "trust": 0.3, "vendor": "delegate", "version": "8.10.2" }, { "model": "delegate", "scope": "eq", "trust": 0.3, "vendor": "delegate", "version": "8.10.1" }, { "model": "delegate", "scope": "eq", "trust": 0.3, "vendor": "delegate", "version": "8.10" }, { "model": "delegate", "scope": "eq", "trust": 0.3, "vendor": "delegate", "version": "8.9.6" }, { "model": "delegate", "scope": "eq", "trust": 0.3, "vendor": "delegate", "version": "8.9.5" }, { "model": "delegate", "scope": "eq", "trust": 0.3, "vendor": "delegate", "version": "8.9.4" }, { "model": "delegate", "scope": "eq", "trust": 0.3, "vendor": "delegate", "version": "8.9.3" }, { "model": "delegate", "scope": "eq", "trust": 0.3, "vendor": "delegate", "version": "8.9.2" }, { "model": "delegate", "scope": "eq", "trust": 0.3, "vendor": "delegate", "version": "8.9.1" }, { "model": "delegate", "scope": "eq", "trust": 0.3, "vendor": "delegate", "version": "8.9" }, { "model": "associates unicenter service desk", "scope": "eq", "trust": 0.3, "vendor": "computer", "version": "11.2" }, { "model": "associates cohesion application configuration manager", "scope": "eq", "trust": 0.3, "vendor": "computer", "version": "4.5" }, { "model": "associates cmdb", "scope": "eq", "trust": 0.3, "vendor": "computer", "version": "11.1" }, { "model": "systems weblogic server sp", "scope": "eq", "trust": 0.3, "vendor": "bea", "version": "8.11" }, { "model": "systems weblogic express sp", "scope": "eq", "trust": 0.3, "vendor": "bea", "version": "8.11" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.10" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.9" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.8" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.7" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.6" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.5" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.10" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.9" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.7" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4" }, { "model": "software foundation tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0.30" }, { "model": "software foundation tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0.19" }, { "model": "software foundation tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0" }, { "model": "software foundation tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "4.1.24" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.53" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.52" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.51" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.50" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.49" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.48" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.47" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.46" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.45" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.29" }, { "model": "associates cohesion application configuration manager sp1", "scope": "ne", "trust": 0.3, "vendor": "computer", "version": "4.5" } ], "sources": [ { "db": "CERT/CC", "id": "VU#442845" }, { "db": "BID", "id": "13873" }, { "db": "JVNDB", "id": "JVNDB-2005-000866" }, { "db": "CNNVD", "id": "CNNVD-200507-004" }, { "db": "NVD", "id": "CVE-2005-2090" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:apache:tomcat", "vulnerable": true }, { "cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server", "vulnerable": true }, { "cpe22Uri": "cpe:/o:sun:solaris", "vulnerable": true }, { "cpe22Uri": "cpe:/o:hp:hp-ux", "vulnerable": true }, { "cpe22Uri": "cpe:/o:redhat:enterprise_linux", "vulnerable": true }, { "cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop", "vulnerable": true }, { "cpe22Uri": "cpe:/o:redhat:rhel_desktop_workstation", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:webotx_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_developer", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_service", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_framework_suite", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_apworks", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_job_workload_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_studio", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_web_server", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2005-000866" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apple", "sources": [ { "db": "CNNVD", "id": "CNNVD-200507-004" } ], "trust": 0.6 }, "cve": "CVE-2005-2090", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "CVE-2005-2090", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2005-2090", "trust": 1.0, "value": "MEDIUM" }, { "author": "CARNEGIE MELLON", "id": "VU#442845", "trust": 0.8, "value": "20.75" }, { "author": "NVD", "id": "CVE-2005-2090", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-200507-004", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CERT/CC", "id": "VU#442845" }, { "db": "JVNDB", "id": "JVNDB-2005-000866" }, { "db": "CNNVD", "id": "CNNVD-200507-004" }, { "db": "NVD", "id": "CVE-2005-2090" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a \"Transfer-Encoding: chunked\" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka \"HTTP Request Smuggling.\". A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system. Multiple vendors\u0027 products are prone to HTTP-request-smuggling issues. Attackers can piggyback an HTTP request inside of another HTTP request. By leveraging failures to implement the HTTP/1.1 RFC properly, attackers can launch cache-poisoning, cross-site scripting, session-hijacking, and other attacks. Title: CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities\n\n\nCA Advisory Reference: CA20090123-01\n\n\nCA Advisory Date: 2009-01-23\n\n\nReported By: n/a\n\n\nImpact: Refer to the CVE identifiers for details. \n\n\nSummary: Multiple security risks exist in Apache Tomcat as \nincluded with CA Cohesion Application Configuration Manager. CA \nhas issued an update to address the vulnerabilities. Refer to the \nReferences section for the full list of resolved issues by CVE \nidentifier. \n\n\nMitigating Factors: None\n\n\nSeverity: CA has given these vulnerabilities a Medium risk rating. \n\n\nAffected Products:\nCA Cohesion Application Configuration Manager 4.5\n\n\nNon-Affected Products\nCA Cohesion Application Configuration Manager 4.5 SP1\n\n\nAffected Platforms:\nWindows\n\n\nStatus and Recommendation:\nCA has issued the following update to address the vulnerabilities. \n\nCA Cohesion Application Configuration Manager 4.5:\n\nRO04648\nhttps://support.ca.com/irj/portal/anonymous/redirArticles?reqPage=search\n\u0026searchID=RO04648\n\n\nHow to determine if you are affected:\n\n1. Using Windows Explorer, locate the file \"RELEASE-NOTES\". \n2. By default, the file is located in the \n \"C:\\Program Files\\CA\\Cohesion\\Server\\server\\\" directory. \n3. Open the file with a text editor. \n4. If the version is less than 5.5.25, the installation is \n vulnerable. \n\n\nWorkaround: None\n\n\nReferences (URLs may wrap):\nCA Support:\nhttp://support.ca.com/\nCA20090123-01: Security Notice for Cohesion Tomcat\nhttps://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=1975\n40\nSolution Document Reference APARs:\nRO04648\nCA Security Response Blog posting:\nCA20090123-01: Cohesion Tomcat Multiple Vulnerabilities\ncommunity.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx\nReported By: \nn/a\nCVE References:\nCVE-2005-2090\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2090\nCVE-2005-3510\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3510\nCVE-2006-3835\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3835\nCVE-2006-7195\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7195\nCVE-2006-7196\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7196\nCVE-2007-0450\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450\nCVE-2007-1355\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1355\nCVE-2007-1358\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1358\nCVE-2007-1858\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1858\nCVE-2007-2449\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2449\nCVE-2007-2450\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2450\nCVE-2007-3382\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3382\nCVE-2007-3385 *\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385\nCVE-2007-3386\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3386\nCVE-2008-0128\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0128\n*Note: the issue was not completely fixed by Tomcat maintainers. \nOSVDB References: Pending\nhttp://osvdb.org/\n\n\nChangelog for this advisory:\nv1.0 - Initial Release\nv1.1 - Updated Impact, Summary, Affected Products\n\n\nCustomers who require additional information should contact CA\nTechnical Support at http://support.ca.com. \n\nFor technical questions or comments related to this advisory, \nplease send email to vuln AT ca DOT com. \n\nIf you discover a vulnerability in CA products, please report your \nfindings to the CA Product Vulnerability Response Team. \nhttps://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=1777\n82\n\n\nRegards,\nKen Williams, Director ; 0xE2941985\nCA Product Vulnerability Response Team\n\n\nCA, 1 CA Plaza, Islandia, NY 11749\n\t\nContact http://www.ca.com/us/contact/\nLegal Notice http://www.ca.com/us/legal/\nPrivacy Policy http://www.ca.com/us/privacy/\nCopyright (c) 2009 CA. All rights reserved. \n\n----------------------------------------------------------------------\n\nBist Du interessiert an einem neuen Job in IT-Sicherheit?\n\n\nSecunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-\nSicherheit:\nhttp://secunia.com/secunia_vacancies/\n\n----------------------------------------------------------------------\n\nTITLE:\nNucleus XML-RPC PHP Code Execution Vulnerability\n\nSECUNIA ADVISORY ID:\nSA15895\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/15895/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nNucleus 3.x\nhttp://secunia.com/product/3699/\n\nDESCRIPTION:\nA vulnerability has been reported in Nucleus, which can be exploited\nby malicious people to compromise a vulnerable system. \n\nFor more information:\nSA15852\n\nSOLUTION:\nUpdate to version 3.21. \nhttp://sourceforge.net/project/showfiles.php?group_id=66479\n\nOTHER REFERENCES:\nSA15852:\nhttp://secunia.com/advisories/15852/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c01178795\nVersion: 1\n\nHPSBUX02262 SSRT071447 rev. 1 - HP-UX running Apache, Remote Arbitrary Code Execution, Cross Site Scripting (XSS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2007-10-02\nLast Updated: 2007-10-02\n\nPotential Security Impact: Remote arbitrary code execution, cross site scripting (XSS)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with Apache running on HP-UX. The vulnerabilities could be exploited remotely via Cross Site Scripting (XSS) to execute arbitrary code. \n\nReferences: CVE-2005-2090, CVE-2006-5752, CVE-2007-0450, CVE-2007-0774, CVE-2007-1355, CVE-2007-1358, CVE-2007-1860, CVE-2007-1863, CVE-2007-1887, CVE-2007-1900, CVE-2007-2449, CVE-2007-2450, CVE-2007-2756, CVE-2007-2872, CVE-2007-3382, CVE-2007-3385, CVE-2007-3386. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, B.11.31 running Apache\n\nBACKGROUND\nTo determine if a system has an affected version, search the output of \"swlist -a revision -l fileset\" for an affected fileset. Then determine if the recommended patch or update is installed. \n\nAFFECTED VERSIONS \n\nFor IPv4: \nHP-UX B.11.11 \n============= \nhpuxwsAPACHE \naction: install revision A.2.0.59.00 or subsequent \nrestart Apache \nURL: https://www.hp.com/go/softwaredepot/ \n\nFor IPv6: \nHP-UX B.11.11 \nHP-UX B.11.23 \nHP-UX B.11.31 \n============= \nhpuxwsAPACHE,revision=B.1.0.00.01 \nhpuxwsAPACHE,revision=B.1.0.07.01 \nhpuxwsAPACHE,revision=B.1.0.08.01 \nhpuxwsAPACHE,revision=B.1.0.09.01 \nhpuxwsAPACHE,revision=B.1.0.10.01 \nhpuxwsAPACHE,revision=B.2.0.48.00 \nhpuxwsAPACHE,revision=B.2.0.49.00 \nhpuxwsAPACHE,revision=B.2.0.50.00 \nhpuxwsAPACHE,revision=B.2.0.51.00 \nhpuxwsAPACHE,revision=B.2.0.52.00 \nhpuxwsAPACHE,revision=B.2.0.53.00 \nhpuxwsAPACHE,revision=B.2.0.54.00 \nhpuxwsAPACHE,revision=B.2.0.55.00 \nhpuxwsAPACHE,revision=B.2.0.56.00 \nhpuxwsAPACHE,revision=B.2.0.58.00 \nhpuxwsAPACHE,revision=B.2.0.58.01 \n\naction: install revision B.2.0.59.00 or subsequent \nrestart Apache \nURL: https://www.hp.com/go/softwaredepot/ \n\nEND AFFECTED VERSIONS \n\n\nRESOLUTION\nHP has made the following available to resolve the vulnerability. \nHP-UX Apache-based Web Server v.2.18 powered by Apache Tomcat Webmin or subsequent. \nThe update is available on https://www.hp.com/go/softwaredepot/ \nNote: HP-UX Apache-based Web Server v.2.18 powered by Apache Tomcat Webmin contains HP-UX Apache-based Web Server v.2.0.59.00. \n\nMANUAL ACTIONS: Yes - Update \nInstall HP-UX Apache-based Web Server v.2.18 powered by Apache Tomcat Webmin or subsequent. \n\nPRODUCT SPECIFIC INFORMATION \nHP-UX Software Assistant: \nHP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all HP-issued Security Bulletins and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. \nFor more information see: https://www.hp.com/go/swa \n\nHISTORY \nRevision: 1 (rev.1) - 02 October 2007 Initial release \n\nThird Party Security Patches: \nThird party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com \nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n To: security-alert@hp.com \n Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email: \nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC \nOn the web page: ITRC security bulletins and patch sign-up \nUnder Step1: your ITRC security bulletins and patches \n - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems \n - verify your operating system selections are checked and save. \n\n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php \nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do \n\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: \n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 8.1\n\niQA/AwUBRwVCruAfOvwtKn1ZEQK1YgCfavU7x1Hs59uLdP26lpZFwMxKofIAn3gJ\nHHoe3AY1sc6hrW3Xk+B1hcbr\n=+E1W\n-----END PGP SIGNATURE-----\n. Summary:\n\n Updated Tomcat and Java JRE packages for VirtualCenter 2.0.2, ESX\n Server 3.0.2, and ESX 3.0.1. Relevant releases:\n\n VirtualCenter Management Server 2\n ESX Server 3.0.2 without patch ESX-1002434\n ESX Server 3.0.1 without patch ESX-1003176\n\n3. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the names CVE-2005-2090, CVE-2006-7195, and CVE-2007-0450 to\n these issues. \n\n JRE Security Update\n This release of VirtualCenter Server updates the JRE package from\n 1.5.0_7 to 1.5.0_12, which addresses a security issue that existed in\n the earlier release of JRE. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the name CVE-2007-3004 to this issue. \n\n Security best practices provided by VMware recommend that the\n service console be isolated from the VM network. Please see\n http://www.vmware.com/resources/techresources/726 for more\n information on VMware security best practices. Solution:\n\nPlease review the Patch notes for your product and version and verify\nthe md5sum of your downloaded file. \n\n VMware VirtualCenter 2.0.2 Update 2 Release Notes\n http://www.vmware.com/support/vi3/doc/releasenotes_vc202u2.html\n\n VirtualCenter CD image\n md5sum d7d98a5d7f8afff32cee848f860d3ba7\n\n VirtualCenter as Zip\n md5sum 3b42ec350121659e10352ca2d76e212b\n\n ESX Server 3.0.2\n http://kb.vmware.com/kb/1002434\n md5sum: 2f52251f6ace3d50934344ef313539d5\n\n ESX Server 3.0.1\n http://kb.vmware.com/kb/1003176\n md5sum: 5674ca0dcfac90726014cc316444996e\n\n5. Contact:\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n * security-announce@lists.vmware.com\n * bugtraq@securityfocus.com\n * full-disclosure@lists.grok.org.uk\n\nE-mail: security@vmware.com\n\nSecurity web site\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2008 VMware Inc. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nCVE-2013-4286 Incomplete fix for CVE-2005-2090 (Information disclosure)\n\nSeverity: Important\n\nVendor: The Apache Software Foundation\n\nVersions Affected:\n- - Apache Tomcat 8.0.0-RC1\n- - Apache Tomcat 7.0.0 to 7.0.42\n- - Apache Tomcat 6.0.0 to 6.0.37\n\nDescription:\nThe fix for CVE-2005-2090 was not complete. It did not cover the\nfollowing cases:\n- - content-length header with chunked encoding over any HTTP connector\n- - multiple content-length headers over any AJP connector\n\nRequests with multiple content-length headers or with a content-length\nheader when chunked encoding is being used should be rejected as\ninvalid. When multiple components (firewalls, caches, proxies and\nTomcat) process a sequence of requests where one or more requests\ncontain either multiple content-length headers or a content-length\nheader when chunked encoding is being used and several components do not\nreject the request and make different decisions as to which\ncontent-length header to use an attacker can poison a web-cache, perform\nan XSS attack and obtain sensitive information from requests other then\ntheir own. Tomcat now rejects requests with multiple content-length\nheaders or with a content-length header when chunked encoding is being\nused. \n\nMitigation:\nUsers of affected versions should apply one of the following mitigations\n- - Upgrade to Apache Tomcat 8.0.0-RC3 or later\n (8.0.0-RC2 contains the fix but was not released)\n- - Upgrade to Apache Tomcat 7.0.47 or later\n (7.0.43 to 7.0.46 contain the fix but were not released)\n- - Upgrade to Apache Tomcat 6.0.39 or later\n (6.0.38 contains the fix but was not released)\n\nCredit:\nThis issue was identified by the Apache Tomcat security team while\ninvestigating an invalid report related to CVE-2005-2090", "sources": [ { "db": "NVD", "id": "CVE-2005-2090" }, { "db": "CERT/CC", "id": "VU#442845" }, { "db": "JVNDB", "id": "JVNDB-2005-000866" }, { "db": "BID", "id": "13873" }, { "db": "PACKETSTORM", "id": "74289" }, { "db": "PACKETSTORM", "id": "38388" }, { "db": "PACKETSTORM", "id": "59939" }, { "db": "PACKETSTORM", "id": "62402" }, { "db": "PACKETSTORM", "id": "125394" } ], "trust": 3.06 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2005-2090", "trust": 3.1 }, { "db": "BID", "id": "13873", "trust": 2.7 }, { "db": "SECTRACK", "id": "1014365", "trust": 2.4 }, { "db": "SECUNIA", "id": "30908", "trust": 1.6 }, { "db": "SECUNIA", "id": "26660", "trust": 1.6 }, { "db": "SECUNIA", "id": "30899", "trust": 1.6 }, { "db": "SECUNIA", "id": "29242", "trust": 1.6 }, { "db": "SECUNIA", "id": "28365", "trust": 1.6 }, { "db": "SECUNIA", "id": "26235", "trust": 1.6 }, { "db": "SECUNIA", "id": "33668", "trust": 1.6 }, { "db": "SECUNIA", "id": "27037", "trust": 1.6 }, { "db": "VUPEN", "id": "ADV-2007-2732", "trust": 1.6 }, { "db": "VUPEN", "id": "ADV-2009-0233", "trust": 1.6 }, { "db": "VUPEN", "id": "ADV-2008-0065", "trust": 1.6 }, { "db": "VUPEN", "id": "ADV-2007-3087", "trust": 1.6 }, { "db": "VUPEN", "id": "ADV-2007-3386", "trust": 1.6 }, { "db": "VUPEN", "id": "ADV-2008-1979", "trust": 1.6 }, { "db": "BID", "id": "25159", "trust": 1.6 }, { "db": "SECUNIA", "id": "15895", "trust": 0.9 }, { "db": "SECUNIA", "id": "15810", "trust": 0.8 }, { "db": "SECUNIA", "id": "15922", "trust": 0.8 }, { "db": "SECUNIA", "id": "15852", "trust": 0.8 }, { "db": "SECUNIA", "id": "15855", "trust": 0.8 }, { "db": "SECUNIA", "id": "15861", "trust": 0.8 }, { "db": "SECUNIA", "id": "15862", "trust": 0.8 }, { "db": "SECUNIA", "id": "15872", "trust": 0.8 }, { "db": "SECUNIA", "id": "15883", "trust": 0.8 }, { "db": "SECUNIA", "id": "15884", "trust": 0.8 }, { "db": "BID", "id": "14088", "trust": 0.8 }, { "db": "SECTRACK", "id": "1014327", "trust": 0.8 }, { "db": "CERT/CC", "id": "VU#442845", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2005-000866", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-200507-004", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "74289", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "38388", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "59939", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "62402", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "125394", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#442845" }, { "db": "BID", "id": "13873" }, { "db": "JVNDB", "id": "JVNDB-2005-000866" }, { "db": "PACKETSTORM", "id": "74289" }, { "db": "PACKETSTORM", "id": "38388" }, { "db": "PACKETSTORM", "id": "59939" }, { "db": "PACKETSTORM", "id": "62402" }, { "db": "PACKETSTORM", "id": "125394" }, { "db": "CNNVD", "id": "CNNVD-200507-004" }, { "db": "NVD", "id": "CVE-2005-2090" } ] }, "id": "VAR-200507-0034", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 1.0 }, "last_update_date": "2024-11-28T21:36:17.621000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Fixed in Apache Tomcat 4.1.36", "trust": 0.8, "url": "http://tomcat.apache.org/security-4.html" }, { "title": "Fixed in Apache Tomcat 5.5.24, 5.0.SVN", "trust": 0.8, "url": "http://tomcat.apache.org/security-5.html" }, { "title": "Fixed in Apache Tomcat 6.0.11 ", "trust": 0.8, "url": "http://tomcat.apache.org/security-6.html" }, { "title": "HS08-003", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS08-003/index.html" }, { "title": "HPSBUX02262", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01178795" }, { "title": "HPSBUX02262", "trust": 0.8, "url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/HP-UX/HPSBUX02262.html" }, { "title": "tomcat4 (V2.x)", "trust": 0.8, "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=1168" }, { "title": "NV09-003", "trust": 0.8, "url": "http://www.nec.co.jp/security-info/secinfo/nv09-003.html" }, { "title": "RHSA-2007:0327", "trust": 0.8, "url": "https://rhn.redhat.com/errata/RHSA-2007-0327.html" }, { "title": "239312", "trust": 0.8, "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-239312-1" }, { "title": "interstage_as_200703", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_200703.html" }, { "title": "HS08-003", "trust": 0.8, "url": "http://www.hitachi-support.com/security/vuls/HS08-003/index.html" }, { "title": "RHSA-2007:0327", "trust": 0.8, "url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2007-0327J.html" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2005-000866" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-Other", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2005-2090" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "http://www.securityfocus.com/bid/13873" }, { "trust": 1.9, "url": "http://support.avaya.com/elmodocs2/security/asa-2007-206.htm" }, { "trust": 1.9, "url": "http://www.watchfire.com/resources/http-request-smuggling.pdf" }, { "trust": 1.7, "url": "http://tomcat.apache.org/security-6.html" }, { "trust": 1.6, "url": "http://seclists.org/lists/bugtraq/2005/jun/0025.html" }, { "trust": 1.6, "url": "http://www.vupen.com/english/advisories/2009/0233" }, { "trust": 1.6, "url": "http://docs.info.apple.com/article.html?artnum=306172" }, { "trust": 1.6, "url": "http://www.securiteam.com/securityreviews/5gp0220g0u.html" }, { "trust": 1.6, "url": "http://tomcat.apache.org/security-5.html" }, { "trust": 1.6, "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded" }, { "trust": 1.6, "url": "http://www.vupen.com/english/advisories/2008/1979/references" }, { "trust": 1.6, "url": "http://lists.vmware.com/pipermail/security-announce/2008/000003.html" }, { "trust": 1.6, "url": "http://secunia.com/advisories/33668" }, { "trust": 1.6, "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx" }, { "trust": 1.6, "url": "http://secunia.com/advisories/27037" }, { "trust": 1.6, "url": "http://www.redhat.com/support/errata/rhsa-2007-0360.html" }, { "trust": 1.6, "url": "http://www.vupen.com/english/advisories/2008/0065" }, { "trust": 1.6, "url": "http://secunia.com/advisories/30899" }, { "trust": 1.6, "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1" }, { "trust": 1.6, "url": "http://secunia.com/advisories/26660" }, { "trust": 1.6, "url": "http://secunia.com/advisories/28365" }, { "trust": 1.6, "url": "http://lists.apple.com/archives/security-announce//2007/jul/msg00004.html" }, { "trust": 1.6, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10499" }, { "trust": 1.6, "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html" }, { "trust": 1.6, "url": "http://secunia.com/advisories/30908" }, { "trust": 1.6, "url": "http://www.redhat.com/support/errata/rhsa-2008-0261.html" }, { "trust": 1.6, "url": "http://securitytracker.com/id?1014365" }, { "trust": 1.6, "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200703e.html" }, { "trust": 1.6, "url": "http://www.vupen.com/english/advisories/2007/3386" }, { "trust": 1.6, "url": "http://www.securityfocus.com/archive/1/485938/100/0/threaded" }, { "trust": 1.6, "url": "http://www.redhat.com/support/errata/rhsa-2007-0327.html" }, { "trust": 1.6, "url": "http://www.vupen.com/english/advisories/2007/3087" }, { "trust": 1.6, "url": "http://tomcat.apache.org/security-4.html" }, { "trust": 1.6, "url": "http://www.vupen.com/english/advisories/2007/2732" }, { "trust": 1.6, "url": "http://secunia.com/advisories/26235" }, { "trust": 1.6, "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid=197540" }, { "trust": 1.6, "url": "http://www.securityfocus.com/bid/25159" }, { "trust": 1.6, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01178795" }, { "trust": 1.6, "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded" }, { "trust": 1.6, "url": "http://secunia.com/advisories/29242" }, { "trust": 1.0, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-2090" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3cdev.tomcat.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3cdev.tomcat.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3cdev.tomcat.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3cdev.tomcat.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3cdev.tomcat.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3cdev.tomcat.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3cdev.tomcat.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3cdev.tomcat.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3cdev.tomcat.apache.org%3e" }, { "trust": 0.9, "url": "http://secunia.com/advisories/15895/" }, { "trust": 0.9, "url": "http://secunia.com/advisories/15852/" }, { "trust": 0.8, "url": "http://www.hardened-php.net/advisory-022005.php" }, { "trust": 0.8, "url": "http://secunia.com/advisories/15861/" }, { "trust": 0.8, "url": "http://secunia.com/advisories/15862/" }, { "trust": 0.8, "url": "http://secunia.com/advisories/15884/" }, { "trust": 0.8, "url": "http://secunia.com/advisories/15883/" }, { "trust": 0.8, "url": "http://news.postnuke.com/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=2699" }, { "trust": 0.8, "url": "http://secunia.com/advisories/15855/" }, { "trust": 0.8, "url": "http://secunia.com/advisories/15810/" }, { "trust": 0.8, "url": "http://secunia.com/advisories/15872/" }, { "trust": 0.8, "url": "http://secunia.com/advisories/15922/" }, { "trust": 0.8, "url": "http://securitytracker.com/alerts/2005/jun/1014327.html" }, { "trust": 0.8, "url": "http://www.gulftech.org/?node=research\u0026article_id=00088-07022005" }, { "trust": 0.8, "url": "http://www.gulftech.org/?node=research\u0026article_id=00087-07012005" }, { "trust": 0.8, "url": "http://www.securityfocus.com/bid/14088" }, { "trust": 0.8, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2005-2090" }, { "trust": 0.8, "url": "http://securitytracker.com/alerts/2005/jul/1014365.html" }, { "trust": 0.6, "url": "http://www.novell.com/support/viewcontent.do?externalid=7006398" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3cdev.tomcat.apache.org%3e" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3cdev.tomcat.apache.org%3e" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3cdev.tomcat.apache.org%3e" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3cdev.tomcat.apache.org%3e" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3cdev.tomcat.apache.org%3e" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3cdev.tomcat.apache.org%3e" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2090" }, { "trust": 0.3, "url": "http://www.ietf.org/rfc/rfc2616.txt" }, { "trust": 0.3, "url": "http://download.novell.com/download?buildid=n5vszfht1vs" }, { "trust": 0.3, "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23/ca20090123-01-cohesion-tomcat-multiple-vulnerabilities.aspx" }, { "trust": 0.3, "url": "http://rhn.redhat.com/errata/rhsa-2007-0327.html" }, { "trust": 0.3, "url": "http://rhn.redhat.com/errata/rhsa-2007-1069.html" }, { "trust": 0.3, "url": "http://rhn.redhat.com/errata/rhsa-2008-0524.html" }, { "trust": 0.3, "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-239312-1" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0450" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-2449" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-1358" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0450" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-3386" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-2450" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-3382" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-3385" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-7195" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-1355" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2006-7195" }, { "trust": 0.1, "url": "http://www.ca.com/us/contact/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-7196" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2450" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0128" }, { "trust": 0.1, "url": "http://support.ca.com/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3510" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1858" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3510" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0128" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1358" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3835" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1355" }, { "trust": 0.1, "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid=1777" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3835" }, { "trust": 0.1, "url": "http://support.ca.com." }, { "trust": 0.1, "url": "http://www.ca.com/us/privacy/" }, { "trust": 0.1, "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid=1975" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-1858" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3385" }, { "trust": 0.1, "url": "http://osvdb.org/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3386" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3382" }, { "trust": 0.1, "url": "https://support.ca.com/irj/portal/anonymous/redirarticles?reqpage=search" }, { "trust": 0.1, "url": "http://www.ca.com/us/legal/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2006-7196" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2449" }, { "trust": 0.1, "url": "http://secunia.com/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/product/3699/" }, { "trust": 0.1, "url": "http://sourceforge.net/project/showfiles.php?group_id=66479" }, { "trust": 0.1, "url": "http://secunia.com/secunia_vacancies/" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/about_secunia_advisories/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-1860" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-1863" }, { "trust": 0.1, "url": "https://www.hp.com/go/softwaredepot/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-1900" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0774" }, { "trust": 0.1, "url": "http://h30046.www3.hp.com/subsignin.php" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-2872" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-2756" }, { "trust": 0.1, "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do" }, { "trust": 0.1, "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc" }, { "trust": 0.1, "url": "https://www.hp.com/go/swa" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-1887" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2006-5752" }, { "trust": 0.1, "url": "http://www.vmware.com/support/policies/eos.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3004" }, { "trust": 0.1, "url": "http://www.vmware.com/security" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/1003176" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/1002434" }, { "trust": 0.1, "url": "http://www.vmware.com/support/policies/security_response.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-3004" }, { "trust": 0.1, "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce" }, { "trust": 0.1, "url": "http://www.vmware.com/resources/techresources/726" }, { "trust": 0.1, "url": "http://www.vmware.com/support/vi3/doc/releasenotes_vc202u2.html" }, { "trust": 0.1, "url": "http://www.vmware.com/support/policies/eos_vi.html" }, { "trust": 0.1, "url": "http://www.enigmail.net/" }, { "trust": 0.1, "url": "http://tomcat.apache.org/security-8.html" }, { "trust": 0.1, "url": "http://tomcat.apache.org/security-7.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4286" } ], "sources": [ { "db": "CERT/CC", "id": "VU#442845" }, { "db": "BID", "id": "13873" }, { "db": "JVNDB", "id": "JVNDB-2005-000866" }, { "db": "PACKETSTORM", "id": "74289" }, { "db": "PACKETSTORM", "id": "38388" }, { "db": "PACKETSTORM", "id": "59939" }, { "db": "PACKETSTORM", "id": "62402" }, { "db": "PACKETSTORM", "id": "125394" }, { "db": "CNNVD", "id": "CNNVD-200507-004" }, { "db": "NVD", "id": "CVE-2005-2090" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#442845" }, { "db": "BID", "id": "13873" }, { "db": "JVNDB", "id": "JVNDB-2005-000866" }, { "db": "PACKETSTORM", "id": "74289" }, { "db": "PACKETSTORM", "id": "38388" }, { "db": "PACKETSTORM", "id": "59939" }, { "db": "PACKETSTORM", "id": "62402" }, { "db": "PACKETSTORM", "id": "125394" }, { "db": "CNNVD", "id": "CNNVD-200507-004" }, { "db": "NVD", "id": "CVE-2005-2090" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2005-07-06T00:00:00", "db": "CERT/CC", "id": "VU#442845" }, { "date": "2005-06-06T00:00:00", "db": "BID", "id": "13873" }, { "date": "2007-04-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2005-000866" }, { "date": "2009-01-27T23:27:39", "db": "PACKETSTORM", "id": "74289" }, { "date": "2005-07-01T23:31:00", "db": "PACKETSTORM", "id": "38388" }, { "date": "2007-10-10T05:27:27", "db": "PACKETSTORM", "id": "59939" }, { "date": "2008-01-08T16:58:51", "db": "PACKETSTORM", "id": "62402" }, { "date": "2014-02-25T18:33:33", "db": "PACKETSTORM", "id": "125394" }, { "date": "2005-07-05T00:00:00", "db": "CNNVD", "id": "CNNVD-200507-004" }, { "date": "2005-07-05T04:00:00", "db": "NVD", "id": "CVE-2005-2090" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2007-03-09T00:00:00", "db": "CERT/CC", "id": "VU#442845" }, { "date": "2015-03-19T08:16:00", "db": "BID", "id": "13873" }, { "date": "2009-06-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2005-000866" }, { "date": "2019-04-16T00:00:00", "db": "CNNVD", "id": "CNNVD-200507-004" }, { "date": "2024-11-20T23:58:46.657000", "db": "NVD", "id": "CVE-2005-2090" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-200507-004" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Multiple PHP XML-RPC implementations vulnerable to code injection", "sources": [ { "db": "CERT/CC", "id": "VU#442845" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-200507-004" } ], "trust": 0.6 } }
var-201403-0506
Vulnerability from variot
The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote attackers to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method. ** Delete ** This case JVNDB-2014-000045 It was removed because it was found to be duplicated. JVNDB-2014-000045 Please refer to. Apache Struts is prone to a security-bypass vulnerability because it fails to adequately handle user-supplied input. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. Apache Struts versions 2.0.0 through 2.3.16 are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
VMware Security Advisory
Advisory ID: VMSA-2014-0007 Synopsis: VMware product updates address security vulnerabilities in Apache Struts library Issue date: 2014-06-24 Updated on: 2014-06-24 (Initial Advisory) CVE number: CVE-2014-0050, CVE-2014-0094, CVE-2014-0112
-
Summary
VMware product updates address security vulnerabilities in Apache Struts library
-
Relevant releases
VMware vCenter Operations Management Suite prior to 5.8.2
-
Problem Description
a. The Apache Struts library is updated to version 2.3.16.2 to address multiple security issues.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2014-0050, CVE-2014-0094, and
CVE-2014-0112 to these issues.
CVE-2014-0112 may lead to remote code execution. This issue was
found to be only partially addressed in CVE-2014-0094.
CVE-2014-0050 may lead to a denial of service condition.
vCenter Operations Management Suite (vCOps) is affected by both
CVE-2014-0112 and CVE-2014-0050. Exploitation of CVE-2014-0112
may lead to remote code execution without authentication.
vCenter Orchestrator (vCO) is affected by CVE-2014-0050 and not
by CVE-2014-0112.
Workaround
A workaround for CVE-2014-0112 is documented in VMware Knowledge Base
article 2081470.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======= ======= =================
vCOPS 5.8.x any vCOPS 5.8.2
vCOPS 5.7.x any patch pending *
vCO 5.5 any patch pending
vCO 5.1 any patch pending
vCO 4.2 any patch pending
*Customers are advised to apply the workaround or update to vCOps
5.8.2.
- Solution
Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
vCenter Operations Management Suite 5.8.2
Downloads and Documentation: https://www.vmware.com/go/download-vcops
- References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0094 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0112
http://kb.vmware.com/kb/2081470
- Change log
2014-06-24 VMSA-2014-0007 Initial security advisory in conjunction with the release of vCenter Operations Management Suite 5.8.2 on 2014-06-24.
- Contact
E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
security-announce at lists.vmware.com
bugtraq at securityfocus.com
fulldisclosure at seclists.org
E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055
VMware Security Advisories http://www.vmware.com/security/advisories
VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html
VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html
Twitter https://twitter.com/VMwareSRC
Copyright 2014 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE----- Version: Encryption Desktop 10.3.2 (Build 15337) Charset: utf-8
wj8DBQFTqi0BDEcm8Vbi9kMRAnCKAJ9otVO7DlXuMnSEGh2TLBzS5hniKgCeMnAM CZ5+DYZAydCjMwVgtKqoo7Y= =Vwu5 -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201403-0506", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "struts", "scope": "lt", "trust": 1.8, "vendor": "apache", "version": "2.3.16.1" }, { "model": "struts", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "2.0.0" }, { "model": "integrated system ha database ready", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "business analytics modeling server" }, { "model": "interstage", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "business process manager analytics" }, { "model": "interstage", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "extreme transaction processing server" }, { "model": "interstage", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "mobile manager" }, { "model": "interstage application development cycle manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage application framework suite", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage apworks", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage business application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage job workload server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage service integrator", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage studio", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "serverview", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "resource orchestrator" }, { "model": "symfoware", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "analytics server" }, { "model": "symfoware", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "server" }, { "model": "systemwalker service catalog manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker service quality coordinator", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker software configuration manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "triole", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "cloud middle set b set" }, { "model": "cloud infrastructure management software", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "struts", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.3.12" }, { "model": "struts", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.3.1" }, { "model": "struts", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.3.14.2" }, { "model": "struts", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.0.11.1" }, { "model": "struts", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.3.15.1" }, { "model": "struts", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.3.14" }, { "model": "struts", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.3.15.3" }, { "model": "struts", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.3.14.3" }, { "model": "struts", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.3.15" }, { "model": "struts", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.0.11.2" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.11" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.3.0.0" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.3.1.2" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.11" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.7" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.8" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.2" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.4" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.3" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.6" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.5" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.14" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.3.1" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.9" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.3.1.0" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.8" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.1" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.3.1.1" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.1" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.3" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.8.1" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.4" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.2" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.5" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.12" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.6" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.13" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.10" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.11.2" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.3.0.5" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.11.1" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.3" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2" } ], "sources": [ { "db": "BID", "id": "65999" }, { "db": "JVNDB", "id": "JVNDB-2014-001603" }, { "db": "CNNVD", "id": "CNNVD-201403-191" }, { "db": "NVD", "id": "CVE-2014-0094" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:apache:struts", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:integrated_system_ha_database_ready", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_development_cycle_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_framework_suite", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_apworks", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_job_workload_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_service_integrator", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_studio", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:serverview", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:symfoware", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_service_catalog_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_service_quality_coordinator", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_software_configuration_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:triole", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:cloud_infrastructure_management_software", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-001603" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Mark Thomas and Przemyslaw Celej", "sources": [ { "db": "BID", "id": "65999" } ], "trust": 0.3 }, "cve": "CVE-2014-0094", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2014-0094", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.1, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2014-0094", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201403-191", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2014-0094", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-0094" }, { "db": "CNNVD", "id": "CNNVD-201403-191" }, { "db": "NVD", "id": "CVE-2014-0094" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote attackers to \"manipulate\" the ClassLoader via the class parameter, which is passed to the getClass method. ** Delete ** This case JVNDB-2014-000045 It was removed because it was found to be duplicated. JVNDB-2014-000045 Please refer to. Apache Struts is prone to a security-bypass vulnerability because it fails to adequately handle user-supplied input. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. \nApache Struts versions 2.0.0 through 2.3.16 are vulnerable. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- ------------------------------------------------------------------------\n VMware Security Advisory\n\nAdvisory ID: VMSA-2014-0007\nSynopsis: VMware product updates address security vulnerabilities in \n Apache Struts library \nIssue date: 2014-06-24\nUpdated on: 2014-06-24 (Initial Advisory)\nCVE number: CVE-2014-0050, CVE-2014-0094, CVE-2014-0112\n- ------------------------------------------------------------------------\n\n1. Summary\n\n VMware product updates address security vulnerabilities in Apache \n Struts library\n\n2. Relevant releases\n\n VMware vCenter Operations Management Suite prior to 5.8.2\n\n3. Problem Description\n\n a. The Apache Struts library is updated to version 2.3.16.2 to \n address multiple security issues. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2014-0050, CVE-2014-0094, and\n CVE-2014-0112 to these issues. \n\n CVE-2014-0112 may lead to remote code execution. This issue was \n found to be only partially addressed in CVE-2014-0094. \n\n CVE-2014-0050 may lead to a denial of service condition. \n\n vCenter Operations Management Suite (vCOps) is affected by both \n CVE-2014-0112 and CVE-2014-0050. Exploitation of CVE-2014-0112\n may lead to remote code execution without authentication. \n\n vCenter Orchestrator (vCO) is affected by CVE-2014-0050 and not \n by CVE-2014-0112. \n\n Workaround\n\n A workaround for CVE-2014-0112 is documented in VMware Knowledge Base\n article 2081470. \n\n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is \n available. \n\n VMware Product\tRunning\tReplace with/\n Product Version\ton\tApply Patch\n ============= =======\t=======\t=================\n vCOPS\t 5.8.x \tany \tvCOPS 5.8.2\n vCOPS 5.7.x any patch pending *\n\n vCO 5.5 any patch pending\n vCO 5.1 any patch pending\n vCO 4.2 any patch pending\n\n *Customers are advised to apply the workaround or update to vCOps\n5.8.2. \n\n4. Solution\n\n Please review the patch/release notes for your product and version \n and verify the checksum of your downloaded file. \n\n vCenter Operations Management Suite 5.8.2\n -----------------------------------------\n Downloads and Documentation:\n https://www.vmware.com/go/download-vcops\n \n5. References\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0094\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0112\n\n http://kb.vmware.com/kb/2081470\n\n- ------------------------------------------------------------------------\n\n6. Change log\n\n 2014-06-24 VMSA-2014-0007\n Initial security advisory in conjunction with the release of vCenter\n Operations Management Suite 5.8.2 on 2014-06-24. \n\n- ------------------------------------------------------------------------\n\n7. Contact\n\n E-mail list for product security notifications and announcements:\n http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\n This Security Advisory is posted to the following lists:\n\n security-announce at lists.vmware.com\n bugtraq at securityfocus.com\n fulldisclosure at seclists.org\n\n E-mail: security at vmware.com\n PGP key at: http://kb.vmware.com/kb/1055\n\n VMware Security Advisories\n http://www.vmware.com/security/advisories\n\n VMware Security Response Policy\n https://www.vmware.com/support/policies/security_response.html\n\n VMware Lifecycle Support Phases\n https://www.vmware.com/support/policies/lifecycle.html\n \n Twitter\n https://twitter.com/VMwareSRC\n\n Copyright 2014 VMware Inc. All rights reserved. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: Encryption Desktop 10.3.2 (Build 15337)\nCharset: utf-8\n\nwj8DBQFTqi0BDEcm8Vbi9kMRAnCKAJ9otVO7DlXuMnSEGh2TLBzS5hniKgCeMnAM\nCZ5+DYZAydCjMwVgtKqoo7Y=\n=Vwu5\n-----END PGP SIGNATURE-----\n", "sources": [ { "db": "NVD", "id": "CVE-2014-0094" }, { "db": "JVNDB", "id": "JVNDB-2014-001603" }, { "db": "BID", "id": "65999" }, { "db": "VULMON", "id": "CVE-2014-0094" }, { "db": "PACKETSTORM", "id": "127215" } ], "trust": 2.07 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=41690", "trust": 0.2, "type": "exploit" } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-0094" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2014-0094", "trust": 2.9 }, { "db": "SECTRACK", "id": "1029876", "trust": 2.4 }, { "db": "BID", "id": "65999", "trust": 1.9 }, { "db": "PACKETSTORM", "id": "127215", "trust": 1.7 }, { "db": "JVN", "id": "JVN19294237", "trust": 1.6 }, { "db": "SECUNIA", "id": "56440", "trust": 1.6 }, { "db": "SECUNIA", "id": "59178", "trust": 1.6 }, { "db": "JVNDB", "id": "JVNDB-2014-000045", "trust": 1.6 }, { "db": "JVNDB", "id": "JVNDB-2014-001603", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201403-191", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2014-0094", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-0094" }, { "db": "BID", "id": "65999" }, { "db": "JVNDB", "id": "JVNDB-2014-001603" }, { "db": "PACKETSTORM", "id": "127215" }, { "db": "CNNVD", "id": "CNNVD-201403-191" }, { "db": "NVD", "id": "CVE-2014-0094" } ] }, "id": "VAR-201403-0506", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.1875 }, "last_update_date": "2024-11-23T20:28:33.827000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "S2-021", "trust": 0.8, "url": "http://struts.apache.org/release/2.3.x/docs/s2-021.html" }, { "title": "S2-020", "trust": 0.8, "url": "http://struts.apache.org/release/2.3.x/docs/s2-020.html" }, { "title": "CVE-2014-0094 \u4ed6 \u306b\u95a2\u3059\u308b\u5f71\u97ff", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/vulnerabilities/cve2014-0094-0114.html" }, { "title": "Interstage BPMA\u4ed6 CVE-2014-0094", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_bpma201401.html" }, { "title": "Interstage Application Development Cycle Manager(ADM): struts\u306e\u8106\u5f31\u6027(CVE-2014-0094) (2014\u5e745\u670827\u65e5)", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_aplidevcyclemgr_201401.html" }, { "title": "Symfoware Server\uff08Open\u30a4\u30f3\u30bf\u30d5\u30a7\u30fc\u30b9\uff09: Struts\u306e\u8106\u5f31\u6027(CVE-2014-0094, CVE-2014-0112, CVE-2014-0113, CVE-2014-0116) (2014\u5e746\u67082\u65e5)", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/symfoware_201402.html" }, { "title": "struts-2.3.16.1-all", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=48603" }, { "title": "Debian CVElist Bug Report Logs: libstruts1.2-java: CVE-2014-0114", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=96f4091aa31a0ece729fdcb110066df5" }, { "title": "Red Hat: CVE-2014-0094", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2014-0094" }, { "title": "VMware Security Advisories: VMware product updates address security vulnerabilities in Apache Struts library", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=3f8f92a767d3e2773247be2d5077cbee" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - April 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4b527561ba1a5de7a529c8a93679f585" }, { "title": "CVE-2014-0094-test-program-for-struts1", "trust": 0.1, "url": "https://github.com/HasegawaTadamitsu/CVE-2014-0094-test-program-for-struts1 " } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-0094" }, { "db": "JVNDB", "id": "JVNDB-2014-001603" }, { "db": "CNNVD", "id": "CNNVD-201403-191" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2014-0094" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "http://www.securitytracker.com/id/1029876" }, { "trust": 1.6, "url": "http://jvn.jp/en/jp/jvn19294237/index.html" }, { "trust": 1.6, "url": "http://www.securityfocus.com/archive/1/532549/100/0/threaded" }, { "trust": 1.6, "url": "http://jvndb.jvn.jp/jvndb/jvndb-2014-000045" }, { "trust": 1.6, "url": "http://www.vmware.com/security/advisories/vmsa-2014-0007.html" }, { "trust": 1.6, "url": "http://www.securityfocus.com/archive/1/531362/100/0/threaded" }, { "trust": 1.6, "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59178" }, { "trust": 1.6, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676706" }, { "trust": 1.6, "url": "http://secunia.com/advisories/56440" }, { "trust": 1.6, "url": "http://www.securityfocus.com/bid/65999" }, { "trust": 1.6, "url": "http://packetstormsecurity.com/files/127215/vmware-security-advisory-2014-0007.html" }, { "trust": 1.6, "url": "http://www.konakart.com/downloads/ver-7-3-0-0-whats-new" }, { "trust": 1.6, "url": "http://struts.apache.org/release/2.3.x/docs/s2-020.html" }, { "trust": 1.6, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" }, { "trust": 0.9, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0094" }, { "trust": 0.8, "url": "http://www.ipa.go.jp/security/ciadr/vul/20140417-struts.html" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0094" }, { "trust": 0.3, "url": "http://struts.apache.org/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0050" }, { "trust": 0.1, "url": "https://twitter.com/vmwaresrc" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0112" }, { "trust": 0.1, "url": "https://www.vmware.com/support/policies/lifecycle.html" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/2081470" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0112" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/1055" }, { "trust": 0.1, "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce" }, { "trust": 0.1, "url": "https://www.vmware.com/support/policies/security_response.html" }, { "trust": 0.1, "url": "http://www.vmware.com/security/advisories" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0050" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0094" }, { "trust": 0.1, "url": "https://www.vmware.com/go/download-vcops" } ], "sources": [ { "db": "BID", "id": "65999" }, { "db": "JVNDB", "id": "JVNDB-2014-001603" }, { "db": "PACKETSTORM", "id": "127215" }, { "db": "CNNVD", "id": "CNNVD-201403-191" }, { "db": "NVD", "id": "CVE-2014-0094" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2014-0094" }, { "db": "BID", "id": "65999" }, { "db": "JVNDB", "id": "JVNDB-2014-001603" }, { "db": "PACKETSTORM", "id": "127215" }, { "db": "CNNVD", "id": "CNNVD-201403-191" }, { "db": "NVD", "id": "CVE-2014-0094" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-03-11T00:00:00", "db": "VULMON", "id": "CVE-2014-0094" }, { "date": "2014-03-06T00:00:00", "db": "BID", "id": "65999" }, { "date": "2014-03-12T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-001603" }, { "date": "2014-06-25T21:34:12", "db": "PACKETSTORM", "id": "127215" }, { "date": "2014-03-12T00:00:00", "db": "CNNVD", "id": "CNNVD-201403-191" }, { "date": "2014-03-11T13:00:37.107000", "db": "NVD", "id": "CVE-2014-0094" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-08-12T00:00:00", "db": "VULMON", "id": "CVE-2014-0094" }, { "date": "2015-07-15T00:14:00", "db": "BID", "id": "65999" }, { "date": "2014-06-03T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-001603" }, { "date": "2019-08-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201403-191" }, { "date": "2024-11-21T02:01:20.827000", "db": "NVD", "id": "CVE-2014-0094" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201403-191" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "** Delete ** Apache Struts of ParametersInterceptor In ClassLoader Vulnerability manipulated", "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-001603" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-201403-191" } ], "trust": 0.6 } }
var-200703-0528
Vulnerability from variot
Cross-site scripting (XSS) vulnerability in the Servlet Service in Fujitsu Interstage Application Server (IJServer) 8.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving web.xml and HTTP 404 and 500 status codes. The Servlet Service for Interstage Business Application and the Servlet Service for Interstage Management Console (may be referred to as "Servlet Service for Interstage Operation Management" in certain versions) included in the Interstage product series from Fujitsu contain a cross-site scripting vulnerability. As of March 19, 2007, Fujitsu has announced workarounds for this issue. For more information, refer to the vendor's website.An arbitrary script may be executed on the user's web browser. iNTERSTAGE Application Server Standard Edition is prone to a cross-site scripting vulnerability.
SOLUTION: The vendor recommends setting error pages for both HTTP status codes 404 and 500 (see vendor advisory for details).
The vendor is reportedly working on patches.
PROVIDED AND/OR DISCOVERED BY: Daiki Fukumori, Secure Sky Technology.
ORIGINAL ADVISORY: Fujitsu: http://www.fujitsu.com/global/support/software/security/products-f/interstage-200701e.html http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_200701.html http://software.fujitsu.com/jp/security/vulnerabilities/jvn-83832818.html
OTHER REFERENCES: JVN: http://jvn.jp/jp/JVN%2383832818/index.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200703-0528", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "interstage application server", "scope": "eq", "trust": 1.6, "vendor": "fujitsu", "version": "7.0.1" }, { "model": "interstage application server", "scope": "eq", "trust": 1.6, "vendor": "fujitsu", "version": "8.0.2" }, { "model": "interstage application server", "scope": "eq", "trust": 1.6, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage apworks", "scope": "eq", "trust": 1.6, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server", "scope": "eq", "trust": 1.6, "vendor": "fujitsu", "version": "8.0.0" }, { "model": "interstage application server", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "5.0" }, { "model": "interstage application server", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "3.0" }, { "model": "interstage application server", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "5.0.1" }, { "model": "interstage application server", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "4.0" }, { "model": "interstage application framework suite", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage apworks", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage business application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage job workload server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage security director", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage apworks enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server standard edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage application server standard edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "interstage application server standard edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "4.0" }, { "model": "interstage application server standard edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "3.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.2" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0.1" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "4.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "3.0" }, { "model": "interstage application server standard j", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.2" }, { "model": "interstage application server standard j", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.0" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0.1" }, { "model": "interstage application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0.1" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage application server web j", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "interstage application server web j", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "4.0" } ], "sources": [ { "db": "BID", "id": "81875" }, { "db": "JVNDB", "id": "JVNDB-2007-000218" }, { "db": "CNNVD", "id": "CNNVD-200703-433" }, { "db": "NVD", "id": "CVE-2007-1504" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_framework_suite", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_apworks", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_job_workload_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_security_director", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2007-000218" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apple", "sources": [ { "db": "CNNVD", "id": "CNNVD-200703-433" } ], "trust": 0.6 }, "cve": "CVE-2007-1504", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "CVE-2007-1504", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.0, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "IPA", "availabilityImpact": "None", "baseScore": 4.3, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2007-000218", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2007-1504", "trust": 1.0, "value": "MEDIUM" }, { "author": "IPA", "id": "JVNDB-2007-000218", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-200703-433", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2007-000218" }, { "db": "CNNVD", "id": "CNNVD-200703-433" }, { "db": "NVD", "id": "CVE-2007-1504" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Cross-site scripting (XSS) vulnerability in the Servlet Service in Fujitsu Interstage Application Server (IJServer) 8.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving web.xml and HTTP 404 and 500 status codes. The Servlet Service for Interstage Business Application and the Servlet Service for Interstage Management Console (may be referred to as \"Servlet Service for Interstage Operation Management\" in certain versions) included in the Interstage product series from Fujitsu contain a cross-site scripting vulnerability. As of March 19, 2007, Fujitsu has announced workarounds for this issue. For more information, refer to the vendor\u0027s website.An arbitrary script may be executed on the user\u0027s web browser. iNTERSTAGE Application Server Standard Edition is prone to a cross-site scripting vulnerability. \n\nSOLUTION:\nThe vendor recommends setting error pages for both HTTP status codes\n404 and 500 (see vendor advisory for details). \n\nThe vendor is reportedly working on patches. \n\nPROVIDED AND/OR DISCOVERED BY:\nDaiki Fukumori, Secure Sky Technology. \n\nORIGINAL ADVISORY:\nFujitsu:\nhttp://www.fujitsu.com/global/support/software/security/products-f/interstage-200701e.html\nhttp://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_200701.html\nhttp://software.fujitsu.com/jp/security/vulnerabilities/jvn-83832818.html\n\nOTHER REFERENCES:\nJVN:\nhttp://jvn.jp/jp/JVN%2383832818/index.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2007-1504" }, { "db": "JVNDB", "id": "JVNDB-2007-000218" }, { "db": "BID", "id": "81875" }, { "db": "PACKETSTORM", "id": "55139" } ], "trust": 1.98 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2007-1504", "trust": 2.7 }, { "db": "SECUNIA", "id": "24508", "trust": 2.5 }, { "db": "BID", "id": "23020", "trust": 1.9 }, { "db": "XF", "id": "33099", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2007-0996", "trust": 1.6 }, { "db": "OSVDB", "id": "34276", "trust": 1.6 }, { "db": "JVN", "id": "JVN83832818", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2007-000218", "trust": 0.8 }, { "db": "JVN", "id": "JVN#83832818", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-200703-433", "trust": 0.6 }, { "db": "BID", "id": "81875", "trust": 0.3 }, { "db": "PACKETSTORM", "id": "55139", "trust": 0.1 } ], "sources": [ { "db": "BID", "id": "81875" }, { "db": "JVNDB", "id": "JVNDB-2007-000218" }, { "db": "PACKETSTORM", "id": "55139" }, { "db": "CNNVD", "id": "CNNVD-200703-433" }, { "db": "NVD", "id": "CVE-2007-1504" } ] }, "id": "VAR-200703-0528", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.165530305 }, "last_update_date": "2024-11-23T21:01:39.612000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Cross-site scripting (XSS) vulnerabilities in Interstage Application Server", "trust": 0.8, "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200701e.html" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2007-000218" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-Other", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2007-1504" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200701e.html" }, { "trust": 2.0, "url": "http://software.fujitsu.com/jp/security/vulnerabilities/jvn-83832818.html" }, { "trust": 2.0, "url": "http://jvn.jp/jp/jvn%2383832818/index.html" }, { "trust": 1.9, "url": "http://www.securityfocus.com/bid/23020" }, { "trust": 1.7, "url": "http://xforce.iss.net/xforce/xfdb/33099" }, { "trust": 1.6, "url": "http://secunia.com/advisories/24508" }, { "trust": 1.6, "url": "http://osvdb.org/34276" }, { "trust": 1.4, "url": "http://www.frsirt.com/english/advisories/2007/0996" }, { "trust": 1.0, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33099" }, { "trust": 1.0, "url": "http://www.vupen.com/english/advisories/2007/0996" }, { "trust": 0.9, "url": "http://secunia.com/advisories/24508/" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1504" }, { "trust": 0.8, "url": "http://jvn.jp/en/jp/jvn83832818/index.html" }, { "trust": 0.8, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-1504" }, { "trust": 0.1, "url": "http://secunia.com/product/13689/" }, { "trust": 0.1, "url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/" }, { "trust": 0.1, "url": "http://secunia.com/product/13693/" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/product/13692/" }, { "trust": 0.1, "url": "http://secunia.com/product/13696/" }, { "trust": 0.1, "url": "http://secunia.com/product/13695/" }, { "trust": 0.1, "url": "http://secunia.com/product/13687/" }, { "trust": 0.1, "url": "http://secunia.com/about_secunia_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/product/13688/" }, { "trust": 0.1, "url": "http://secunia.com/secunia_vacancies/" }, { "trust": 0.1, "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_200701.html" }, { "trust": 0.1, "url": "http://secunia.com/product/13685/" }, { "trust": 0.1, "url": "http://secunia.com/product/13686/" }, { "trust": 0.1, "url": "http://secunia.com/product/13694/" }, { "trust": 0.1, "url": "http://secunia.com/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/disassembling_og_reversing/" }, { "trust": 0.1, "url": "http://secunia.com/product/13690/" } ], "sources": [ { "db": "BID", "id": "81875" }, { "db": "JVNDB", "id": "JVNDB-2007-000218" }, { "db": "PACKETSTORM", "id": "55139" }, { "db": "CNNVD", "id": "CNNVD-200703-433" }, { "db": "NVD", "id": "CVE-2007-1504" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "BID", "id": "81875" }, { "db": "JVNDB", "id": "JVNDB-2007-000218" }, { "db": "PACKETSTORM", "id": "55139" }, { "db": "CNNVD", "id": "CNNVD-200703-433" }, { "db": "NVD", "id": "CVE-2007-1504" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2007-03-19T00:00:00", "db": "BID", "id": "81875" }, { "date": "2008-05-21T00:00:00", "db": "JVNDB", "id": "JVNDB-2007-000218" }, { "date": "2007-03-20T02:46:32", "db": "PACKETSTORM", "id": "55139" }, { "date": "2006-06-01T00:00:00", "db": "CNNVD", "id": "CNNVD-200703-433" }, { "date": "2007-03-19T22:19:00", "db": "NVD", "id": "CVE-2007-1504" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2007-03-19T00:00:00", "db": "BID", "id": "81875" }, { "date": "2008-05-21T00:00:00", "db": "JVNDB", "id": "JVNDB-2007-000218" }, { "date": "2007-03-21T00:00:00", "db": "CNNVD", "id": "CNNVD-200703-433" }, { "date": "2024-11-21T00:28:28.630000", "db": "NVD", "id": "CVE-2007-1504" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-200703-433" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Interstage Application Server cross-site scripting vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2007-000218" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "xss", "sources": [ { "db": "PACKETSTORM", "id": "55139" }, { "db": "CNNVD", "id": "CNNVD-200703-433" } ], "trust": 0.7 } }
var-200801-0561
Vulnerability from variot
Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Reportedly, attackers can also use this issue to redirect users' browsers to arbitrary locations, which may aid in phishing attacks. The issue affects versions prior to Apache 2.2.7-dev, 2.0.62-dev, and 1.3.40-dev. =========================================================== Ubuntu Security Notice USN-575-1 February 04, 2008 apache2 vulnerabilities CVE-2006-3918, CVE-2007-3847, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388, CVE-2007-6421, CVE-2007-6422, CVE-2008-0005 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 6.06 LTS: apache2-mpm-perchild 2.0.55-4ubuntu2.3 apache2-mpm-prefork 2.0.55-4ubuntu2.3 apache2-mpm-worker 2.0.55-4ubuntu2.3
Ubuntu 6.10: apache2-mpm-perchild 2.0.55-4ubuntu4.2 apache2-mpm-prefork 2.0.55-4ubuntu4.2 apache2-mpm-worker 2.0.55-4ubuntu4.2
Ubuntu 7.04: apache2-mpm-event 2.2.3-3.2ubuntu2.1 apache2-mpm-perchild 2.2.3-3.2ubuntu2.1 apache2-mpm-prefork 2.2.3-3.2ubuntu2.1 apache2-mpm-worker 2.2.3-3.2ubuntu2.1
Ubuntu 7.10: apache2-mpm-event 2.2.4-3ubuntu0.1 apache2-mpm-perchild 2.2.4-3ubuntu0.1 apache2-mpm-prefork 2.2.4-3ubuntu0.1 apache2-mpm-worker 2.2.4-3ubuntu0.1
In general, a standard system upgrade is sufficient to effect the necessary changes.
Details follow:
It was discovered that Apache did not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. This was only vulnerable in Ubuntu 6.06. A remote attacker could send Apache crafted date headers and cause a denial of service via application crash. By default, mod_proxy is disabled in Ubuntu. (CVE-2007-3847)
It was discovered that mod_autoindex did not force a character set, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. (CVE-2007-4465)
It was discovered that mod_imap/mod_imagemap did not force a character set, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. By default, mod_imap/mod_imagemap is disabled in Ubuntu. (CVE-2007-5000)
It was discovered that mod_status when status pages were available, allowed for cross-site scripting attacks. By default, mod_status is disabled in Ubuntu. By default, mod_proxy_balancer is disabled in Ubuntu. This was only vulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-6421)
It was discovered that mod_proxy_balancer could be made to dereference a NULL pointer. A remote attacker could send a crafted request and cause a denial of service via application crash. By default, mod_proxy_balancer is disabled in Ubuntu. This was only vulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-6422)
It was discovered that mod_proxy_ftp did not force a character set, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. By default, mod_proxy_ftp is disabled in Ubuntu. (CVE-2008-0005)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3.diff.gz
Size/MD5: 121305 10359a467847b63f8d6603081450fece
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3.dsc
Size/MD5: 1148 923d0e3dcb5afba32a130aed96ac7214
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz
Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.3_all.deb
Size/MD5: 2124588 2befe634f0a889cc2241772f2a7d7164
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 832842 032c077cfeb6ffbc3989c54c27cb729a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 228206 771457a0b555eef325be270e1c22c0c2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 223236 77988570570b779ebf92fcc3dc7dc198
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 227904 945d30797a27c7ac28a96d9c1793b80d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 171402 3b7567107864cf36953e7911a4851738
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 172186 85a591ea061cbc727fc261b046781502
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 94240 b80027348754c493312269f7410b38fe
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 36228 2821ca9410c9cd287e756f05b0f6930c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 285664 76f4879738a0a788414316581ac2010b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 144250 3cd8327429958569a306257da57e8be0
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 786052 7bdddb451607eeb2abb9706641675397
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 202862 a88456a5949fe1da4ad3f6c969d3a886
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 198746 aa72459cae4f5765ccd1b58d275961bc
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 202338 13bbe75f89aeedb6dec9be929528df48
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 171408 34209e19f6ef01cb08aa75c1b3045495
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 172176 4521336ea6f4d87391ee96d70b79f887
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 92182 d8a3310073c017cdc7d3ffd1046a50cf
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 36220 0ae71bd4efdd0fb325864f46ba4f16e7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 261736 476e8d909e279fac698baf9cf0d62300
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 132160 3efb3c11dd844fbc429eff5818dcdae2
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 859014 a8c42d748bfd616f6a6f1bbbf2224205
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 220254 84f7c2678fbab6b303361d32f1a741a8
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 215932 bee4a6e00371117203647fd3a311658a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 219800 aaf4968deba24912e4981f35a367a086
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 171410 a15c13c0a2ec49e805f9ae83e5db4ae7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 172198 4e411b4b16daab9a0ddc9ea3651f448d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 103940 dca02b7f5bc6848fa1dc8aa530f04910
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 36222 619ee3ea1064d11a02de092690bfb1e1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 281280 9325dbc26f57d76254ceca78bee4cff2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 141398 668d7fb9dd196e82601ca6d43a326813
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 803242 120feec10c0dcc370894e2a3bdcd399b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 210668 062841f2fd30c07ff1f5b101a7c1e196
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 206266 35b3b9d4b34844b01576ca7963b5edda
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 209954 4f99e4d02fc93222cb541edb09358b79
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 171404 bd728a86c1a8984d60caeee35da0c451
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 172184 1794886b8aca59cf28cbe28d853f42ae
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 93282 1ae6def788c74750d79055784c0d8006
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 36230 5f1d8e4d19324674a1f5748601431758
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 267832 96c149638daeb993250b18c9f4285abf
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 130082 7a62f71e679a233ca118cb9813ffd3e3
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2.diff.gz
Size/MD5: 121671 775c3b2d53630ddfb4386cbfdb954861
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2.dsc
Size/MD5: 1148 a5dd357e0bef2dc308656c6c0af5ca1c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz
Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu4.2_all.deb
Size/MD5: 2124902 baf4147b4e4d939a08f20c8ac987abf7
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 836086 e04fced4fc1efd4a192a4016f679bc38
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 227790 27c558402837f9d4c85315dcdde2f4e1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 222698 a33ef1566dcd4793b0aa633435e8ee44
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 227296 4b3c5e771574d858dd655a9e0a7a5d8c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 171640 bd8fbcd40f5431e6688156ba4b17e960
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 172412 0520836bca78eb64bc97d4a8cc481487
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 94518 8b35759996e50046eca8154ebc63fc1f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 36530 1b08b4418ff0f7ba90940433116cf6d8
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 286876 1426b92819b56ff892483acedfdea4c6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 145340 109c93408c5197be50960cce80c23b7c
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 806640 81e91910683454a4b2444e0ce8e929bc
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 209996 27440ecbe836673f63ae1773e238eb65
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 206098 e77a4b69c1c456f4ca6c03d9105d8552
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 209552 8a23207211e54b138d5a87c15c097908
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 171636 07616e459905bad152a8669c8f670436
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 172408 69300678b2f8b908f90a91de325c7ee2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 93558 d47cdad1593a7332507c7d0388effbf4
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 36532 47800e58ec26a1389005b8120ad3ca3e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 266728 65cd78808f959d9e73a4d5e348bf3e20
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 137934 1493ea26165b34a841da777ed801ca7a
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 865216 a635390e5772dd30dac70f7aba5e620d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 222022 e37ef7d710800e568d838242d3129725
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 217630 53127602a5df28a5d66fdd11e396c346
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 221782 d3e43cef5b90a7e3aa405a5d167ddfb6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 171632 d9f1c242ffeab1b90850a6ffc78f0148
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 172404 51b40f3e6a486ce372844ad24b83ecf5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 104970 0f281f65023f52f0bea2dc54136b6c57
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 36530 c8c4a7e645fe938da23737602589d08c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 284866 ba3e1b09a14d8e5485561118f6eeefb7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 144554 66d17552fd2385cfdf44c5d55ea583c9
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 811380 c2578ed2a96363e7c5fb268933487ccb
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 212602 aab797ade503fec11a36dbf640e1ef08
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 208354 0a571678c269d1da06787dac56567f1c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 212052 90754ccdcd95e652413426376078d223
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 171634 00fbac613f13f1d1e20470ce42703018
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 172414 65e31d4a009a9663212f8cfcfa492c53
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 94100 95bd6b71a6bc1fceeccbc51d2b913bd2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 36532 b4a7ccf0ba37c70b78a950bacbc4a650
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 268776 5b157a4dd55f533a610bc6c111e9d414
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 131000 dda2d34f2e90e0468b02e261ae2c6afe
Updated packages for Ubuntu 7.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1.diff.gz
Size/MD5: 115896 cbb8201fa61844fe02dcc7c2e1e35cf5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1.dsc
Size/MD5: 1128 77143d282e5fc16d3f1dc327b7a4fd87
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3.orig.tar.gz
Size/MD5: 6342475 f72ffb176e2dc7b322be16508c09f63c
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.3-3.2ubuntu2.1_all.deb
Size/MD5: 2199570 be1a62334680ed00d5f5a4c74113d524
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.3-3.2ubuntu2.1_all.deb
Size/MD5: 272460 eb0d9dce34ef9dd4b940fb98c38e529c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.3-3.2ubuntu2.1_all.deb
Size/MD5: 6672646 b3d11c9f4451f75e4ff17e663999a579
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1_all.deb
Size/MD5: 39090 d2db3ef69d13b4ed76493e189174c304
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_amd64.deb
Size/MD5: 450016 f2726571f028c6f228a73faa1b620f63
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_amd64.deb
Size/MD5: 445732 2f791f5e207e2ed047c4ed36572cea6d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_amd64.deb
Size/MD5: 449602 a67b291ea2270e9c46f8eaecef65f7c6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_amd64.deb
Size/MD5: 403950 bc7a8419daa6c451decbb5640241df32
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_amd64.deb
Size/MD5: 404518 099bb7f53ae885bd7e8157c781c5b50b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_amd64.deb
Size/MD5: 341726 0aed173b3eb2db83ddd6ddb49bab7c4e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_amd64.deb
Size/MD5: 971426 30db1106dfea5106da54d2287c02a380
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_i386.deb
Size/MD5: 433320 03d3aa003bf777f1f1ae9d8f814caac1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_i386.deb
Size/MD5: 429248 e49f5accb8764204a2a759ea8b2dea55
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_i386.deb
Size/MD5: 432706 a3c32680004d3e0b460513d426006bb0
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_i386.deb
Size/MD5: 403964 63c77d5009e715094d21c273b57c04d0
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_i386.deb
Size/MD5: 404530 f4b9eb26fa058eaec8f75ae956cbc852
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_i386.deb
Size/MD5: 340810 e5d63edb8c0f2baccf9a2b072d1c3d74
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_i386.deb
Size/MD5: 929546 828b8224e2540d7bc4e462d5b2b1f8af
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_powerpc.deb
Size/MD5: 451914 b1057076382cb22727fa0bcd202c57dd
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_powerpc.deb
Size/MD5: 447340 44e26684bd3a09f2ed6969d2c540f5ae
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_powerpc.deb
Size/MD5: 451324 2c029a48b2242e1fdf137a6cec3af09d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_powerpc.deb
Size/MD5: 403974 65a11cfaee921517445cf74ed04df701
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_powerpc.deb
Size/MD5: 404538 d27226fdeac7d193651a2cb2bd4b61e8
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_powerpc.deb
Size/MD5: 360936 058bbb5e05afc0ca08805ca71a713a42
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_powerpc.deb
Size/MD5: 1073822 0f9dda867e9131cc5418dd40ec579d38
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_sparc.deb
Size/MD5: 434804 ff6361811108a9be8b45dd255b84c376
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_sparc.deb
Size/MD5: 430968 367e708f82317b657439fc9e70dfb3eb
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_sparc.deb
Size/MD5: 434308 2073137bb138dc52bbace666714f4e14
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_sparc.deb
Size/MD5: 403952 f0ed9c92b917d1749825e64be61d8822
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_sparc.deb
Size/MD5: 404520 fa7ce800de2eb5719c479a7506798b88
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_sparc.deb
Size/MD5: 343774 880faca3543426734431c29de77c3048
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_sparc.deb
Size/MD5: 938534 3e9075d30b9cedd73a936a14b8b84374
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1.diff.gz
Size/MD5: 121669 dd7399c1dacd25d2153af25d3e9c3ea5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1.dsc
Size/MD5: 1241 9b9bd27a1cfe3fc33d63b0b13d345e98
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4.orig.tar.gz
Size/MD5: 6365535 3add41e0b924d4bb53c2dee55a38c09e
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.4-3ubuntu0.1_all.deb
Size/MD5: 2211118 6da81663b251e862bb665d9627271b9f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.4-3ubuntu0.1_all.deb
Size/MD5: 278032 4f8270cff0a532bd059741b366047da9
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.4-3ubuntu0.1_all.deb
Size/MD5: 6700348 b133a1244f39b3f64fdd47cdd4a64480
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1_all.deb
Size/MD5: 42192 3f0351337b9c5d21ceea4b92a3911040
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_amd64.deb
Size/MD5: 456628 d85a3cbc0eef82e845a8327180136469
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_amd64.deb
Size/MD5: 452408 8dd9341af4b538e6c9f8f70faf5fd2f2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_amd64.deb
Size/MD5: 456134 f6bcb10663b0c13cdf68c6d0e83c6342
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_amd64.deb
Size/MD5: 410020 036c44117688999e0eaa7a6cfc1b5a11
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_amd64.deb
Size/MD5: 410604 cbb1e906a74fb2a34f41a3243ffa8010
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_amd64.deb
Size/MD5: 347444 63413a914cb4546704032ab8f7f16a80
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_amd64.deb
Size/MD5: 989366 b0c2d84f421fcb331efcec2a7b0711d1
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_i386.deb
Size/MD5: 439730 46888aaf742cdcc30bcf7983d31c0158
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_i386.deb
Size/MD5: 435354 f3557e1a87154424e9144cf672110e93
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_i386.deb
Size/MD5: 439062 3469e523d93cfc20b71271b1f24daea1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_i386.deb
Size/MD5: 410026 fafeb6f9433f595e1a634505f78d2bd1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_i386.deb
Size/MD5: 410606 29b01db3883e5d12a5992c22cadfbe7a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_i386.deb
Size/MD5: 346490 6581362eebd73d91d1f74ebd9941c890
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_i386.deb
Size/MD5: 944816 a1f598ad168bf49f12f8b0cf08ab7908
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_powerpc.deb
Size/MD5: 458126 f08b8b1f2673fdfcbd849bc913006408
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_powerpc.deb
Size/MD5: 453546 f52c55b92d5b1c42cb4cfcfee774b1bd
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_powerpc.deb
Size/MD5: 457466 f7b948be666100a7f5631cbafe2255dd
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_powerpc.deb
Size/MD5: 410024 3bba352e3a2d8730a23d04fdcea5abd9
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_powerpc.deb
Size/MD5: 410606 b95af66f260d1291e92986790b7d2f0f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_powerpc.deb
Size/MD5: 366550 c2f8906ce78396a240e37c08aa2cc197
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_powerpc.deb
Size/MD5: 1091688 f214016a736f7743a28dfd03e09753e2
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_sparc.deb
Size/MD5: 440954 f1a98acdf576d3e7c9576501f7886d30
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_sparc.deb
Size/MD5: 437166 36b4878e0e9593b5d28c743eb093784a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_sparc.deb
Size/MD5: 440446 46d56f1a8d1b10cc937c8252648a583e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_sparc.deb
Size/MD5: 410028 0c28e9654530a4ecf363d998b78e1fd5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_sparc.deb
Size/MD5: 410608 8e22b403b2315b190263f8ba2c8f98dd
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_sparc.deb
Size/MD5: 349678 fe7ce515de30be0ef1ddf865cae5dd49
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_sparc.deb
Size/MD5: 956316 009e48ea5e94d39830b3e9ba21aa55c8
. The HP Business Availability Center v8.02 kit is available on the HP Software Support Online portal at: http://support.openview.hp.com/support.jsp . Summary
Updated VMware Hosted products address security issues in libpng and the Apace HTTP Server.
- Relevant releases
VMware Workstation 6.5.2 and earlier, VMware Player 2.5.2 and earlier, VMware ACE 2.5.2 and earlier
- Problem Description
a. Third Party Library libpng Updated to 1.2.35
Several flaws were discovered in the way third party library libpng
handled uninitialized pointers. An attacker could create a PNG image
file in such a way, that when loaded by an application linked to
libpng, it could cause the application to crash or execute arbitrary
code at the privilege level of the user that runs the application.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2009-0040 to this issue.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
Workstation 6.5.x any 6.5.3 build 185404 or later
Player 2.5.x any 2.5.3 build 185404 or later
ACE 2.5.x any 2.5.3 build 185404 or later
Server 2.x any patch pending
Server 1.x any patch pending
Fusion 2.x Mac OS/X not affected
Fusion 1.x Mac OS/X not affected
ESXi 4.0 ESXi not affected
ESXi 3.5 ESXi not affected
ESX 4.0 ESX not affected
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
ESX 3.0.2 ESX not affected
ESX 2.5.5 ESX not affected *
* The libpng update for the Service Console of ESX 2.5.5 is
documented in VMSA-2009-0007.
b. Apache HTTP Server updated to 2.0.63
The new version of ACE updates the Apache HTTP Server on Windows
hosts to version 2.0.63 which addresses multiple security issues
that existed in the previous versions of this server.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2007-3847, CVE-2007-1863, CVE-2006-5752,
CVE-2007-3304, CVE-2007-6388, CVE-2007-5000, CVE-2008-0005 to the
issues that have been addressed by this update.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
Workstation 6.5.x any not affected
Player 2.5.x any not affected
ACE 2.5.x Windows 2.5.3 build 185404 or later
ACE 2.5.x Linux update Apache on host system *
Server 2.x any not affected
Server 1.x any not affected
Fusion 2.x Mac OS/X not affected
Fusion 1.x Mac OS/X not affected
ESXi 4.0 ESXi not affected
ESXi 3.5 ESXi not affected
ESX 4.0 ESX not affected
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
ESX 3.0.2 ESX not affected
ESX 2.5.5 ESX not affected
* The Apache HTTP Server is not part of an ACE install on a Linux
host. Update the Apache HTTP Server on the host system to version
2.0.63 in order to remediate the vulnerabilities listed above.
- Solution
Please review the patch/release notes for your product and version and verify the md5sum and/or the sha1sum of your downloaded file.
VMware Workstation 6.5.3
http://www.vmware.com/download/ws/ Release notes: http://www.vmware.com/support/ws65/doc/releasenotes_ws653.html
For Windows
Workstation for Windows 32-bit and 64-bit Windows 32-bit and 64-bit .exe md5sum: 7565d16b7d7e0173b90c3b76ca4656bc sha1sum: 9f687afd8b0f39cde40aeceb3213a91be487aad1
For Linux
Workstation for Linux 32-bit Linux 32-bit .rpm md5sum: 4d55c491bd008ded0ea19f373d1d1fd4 sha1sum: 1f43131c960e76a530390d3b6984c78dfc2da23e
Workstation for Linux 32-bit Linux 32-bit .bundle md5sum: d4a721c1918c0e8a87c6fa4bad49ad35 sha1sum: c0c6f9b56e70bd3ffdb5467ee176110e283a69e5
Workstation for Linux 64-bit Linux 64-bit .rpm md5sum: 72adfdb03de4959f044fcb983412ae7c sha1sum: ba16163c8d9b5aa572526b34a7b63dc6e68f9bbb
Workstation for Linux 64-bit Linux 64-bit .bundle md5sum: 83e1f0c94d6974286256c4d3b559e854 sha1sum: 8763f250a3ac5fc4698bd26319b93fecb498d542
VMware Player 2.5.3
http://www.vmware.com/download/player/ Release notes: http://www.vmware.com/support/player25/doc/releasenotes_player253.html
Player for Windows binary
http://download3.vmware.com/software/vmplayer/VMware-player-2.5.3-185404.exe md5sum: fe28f193374c9457752ee16cd6cad4e7 sha1sum: 13bd3ff93c04fa272544d3ef6de5ae746708af04
Player for Linux (.rpm)
http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.i386.rpm md5sum: c99cd65f19fdfc7651bcb7f328b73bc2 sha1sum: a33231b26e2358a72d16e1b4e2656a5873fe637e
Player for Linux (.bundle)
http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.i386.bundle md5sum: 210f4cb5615bd3b2171bc054b9b2bac5 sha1sum: 2f6497890b17b37480165bab9f430e8645edae9b
Player for Linux - 64-bit (.rpm)
http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.x86_64.rpm md5sum: f91576ef90b322d83225117ae9335968 sha1sum: f492fa9cf26ee2818f164aac04cde1680c25d974
Player for Linux - 64-bit (.bundle)
http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.x86_64.bundle md5sum: 595d44d7945c129b1aeb679d2f001b05 sha1sum: acd69fcb0c6bc49fd4af748c65c7fb730ab1e8c4
VMware ACE 2.5.3
http://www.vmware.com/download/ace/ Release notes: http://www.vmware.com/support/ace25/doc/releasenotes_ace253.html
ACE Management Server Virtual Appliance AMS Virtual Appliance .zip md5sum: 44cc7b86353047f02cf6ea0653e38418 sha1sum: 9f44b15e6681a6e58dd20784f829c68091a62cd1
VMware ACE for Windows 32-bit and 64-bit Windows 32-bit and 64-bit .exe md5sum: 0779da73408c5e649e0fd1c62d23820f sha1sum: 2b2e4963adc89f3b642874685f490222523b63ef
ACE Management Server for Windows Windows .exe md5sum: 0779da73408c5e649e0fd1c62d23820f sha1sum: 2b2e4963adc89f3b642874685f490222523b63ef
ACE Management Server for SUSE Enterprise Linux 9 SLES 9 .rpm md5sum: a4fc92d7197f0d569361cdf4b8cca642 sha1sum: af8a135cca398cacaa82c8c3c325011c6cd3ed75
ACE Management Server for Red Hat Enterprise Linux 4 RHEL 4 .rpm md5sum: 841005151338c8b954f08d035815fd58 sha1sum: 67e48624dba20e6be9e41ec9a5aba407dd8cc01e
- References
CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0040 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005
- Change log
2009-08-20 VMSA-2009-0010 Initial security advisory after release of Workstation 6.5.3, Player 2.5.3, and ACE 2.5.3 on 2009-08-20.
- Contact
E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
- security-announce at lists.vmware.com
- bugtraq at securityfocus.com
- full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055
VMware Security Center http://www.vmware.com/security
VMware security response policy http://www.vmware.com/support/policies/security_response.html
General support life cycle policy http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html
Copyright 2009 VMware Inc. All rights reserved.
The updated packages have been patched to correct these issues.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6421 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6422 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005
Updated Packages:
Mandriva Linux 2007.0: 912f61ea5210fbb94d71eef7bb634903 2007.0/i586/apache-base-2.2.3-1.3mdv2007.0.i586.rpm cb04a945da63abf56db5b444a3360916 2007.0/i586/apache-devel-2.2.3-1.3mdv2007.0.i586.rpm f4c419b30cd6f6520d9c995b9edf7098 2007.0/i586/apache-htcacheclean-2.2.3-1.3mdv2007.0.i586.rpm 1a40e9af24dce5bec34c4264ae1bdce2 2007.0/i586/apache-mod_authn_dbd-2.2.3-1.3mdv2007.0.i586.rpm 333f116f1036dcc4a95612179f7a34bd 2007.0/i586/apache-mod_cache-2.2.3-1.3mdv2007.0.i586.rpm 717feaa8449934514872fde1dfb26ff8 2007.0/i586/apache-mod_dav-2.2.3-1.3mdv2007.0.i586.rpm 15d3661edb2fa693fcc16e890f2b25a1 2007.0/i586/apache-mod_dbd-2.2.3-1.3mdv2007.0.i586.rpm 90bdaeaea54a973f5e813a495d82b14b 2007.0/i586/apache-mod_deflate-2.2.3-1.3mdv2007.0.i586.rpm 52a5ee95962b1153467443fb608eb3d8 2007.0/i586/apache-mod_disk_cache-2.2.3-1.3mdv2007.0.i586.rpm 8a0a950bfe0ce68ca498761e120d05da 2007.0/i586/apache-mod_file_cache-2.2.3-1.3mdv2007.0.i586.rpm 4f6b84375fd94d4467a3e3088de26a80 2007.0/i586/apache-mod_ldap-2.2.3-1.3mdv2007.0.i586.rpm fa98d84669215b56d3f64450af0d0f5d 2007.0/i586/apache-mod_mem_cache-2.2.3-1.3mdv2007.0.i586.rpm 665f988fa0cc99b4b55b01565a2d3075 2007.0/i586/apache-mod_proxy-2.2.3-1.3mdv2007.0.i586.rpm a22e15e33709ec0fff4c453643094031 2007.0/i586/apache-mod_proxy_ajp-2.2.3-1.3mdv2007.0.i586.rpm cca659746b2601dc61f8382c64d40206 2007.0/i586/apache-mod_ssl-2.2.3-1.3mdv2007.0.i586.rpm 208d8db690290b848c266593324c2a75 2007.0/i586/apache-mod_userdir-2.2.3-1.3mdv2007.0.i586.rpm 92a1be6ec8e7a0b274666ea7b2c8c47f 2007.0/i586/apache-modules-2.2.3-1.3mdv2007.0.i586.rpm 71670f17ade1c090567f4850c796bdef 2007.0/i586/apache-mpm-prefork-2.2.3-1.3mdv2007.0.i586.rpm dd78ed04d011e11e8872c606d4edfa93 2007.0/i586/apache-mpm-worker-2.2.3-1.3mdv2007.0.i586.rpm eb5785a9e04f14ac7788d43d18c39fcc 2007.0/i586/apache-source-2.2.3-1.3mdv2007.0.i586.rpm f066c405e8993de4fa506d8c05d37b9e 2007.0/SRPMS/apache-2.2.3-1.3mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64: b25f0ae69e8be8c807afb36a5b58e4a7 2007.0/x86_64/apache-base-2.2.3-1.3mdv2007.0.x86_64.rpm ec93723ef9b7a5e62dc6704461e2b034 2007.0/x86_64/apache-devel-2.2.3-1.3mdv2007.0.x86_64.rpm 200fac36fbd67d6cd1857272aa5147e7 2007.0/x86_64/apache-htcacheclean-2.2.3-1.3mdv2007.0.x86_64.rpm ac7ec3a712d56ce1a076f29439c042d4 2007.0/x86_64/apache-mod_authn_dbd-2.2.3-1.3mdv2007.0.x86_64.rpm 126f880a37723b316f13f01c612883c5 2007.0/x86_64/apache-mod_cache-2.2.3-1.3mdv2007.0.x86_64.rpm 69460daf3173b6c9f0d9f84c3597d81a 2007.0/x86_64/apache-mod_dav-2.2.3-1.3mdv2007.0.x86_64.rpm 52cf72324ae29121fe2e2c955808791f 2007.0/x86_64/apache-mod_dbd-2.2.3-1.3mdv2007.0.x86_64.rpm 17517cc4f69dec1f4ba1c08b242526e4 2007.0/x86_64/apache-mod_deflate-2.2.3-1.3mdv2007.0.x86_64.rpm a5a27827a3f488b9f31a231aad43eae7 2007.0/x86_64/apache-mod_disk_cache-2.2.3-1.3mdv2007.0.x86_64.rpm f413791db00e648dc0fae00336340bf0 2007.0/x86_64/apache-mod_file_cache-2.2.3-1.3mdv2007.0.x86_64.rpm 9d74a9b5ff153557cf361ca1726fd9b1 2007.0/x86_64/apache-mod_ldap-2.2.3-1.3mdv2007.0.x86_64.rpm b8fde6545785d79344d5a85b7bd88903 2007.0/x86_64/apache-mod_mem_cache-2.2.3-1.3mdv2007.0.x86_64.rpm da3a732c1e41e62207085aefcd0fb99c 2007.0/x86_64/apache-mod_proxy-2.2.3-1.3mdv2007.0.x86_64.rpm df716921b9736859a712dea86b22c3f5 2007.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.3mdv2007.0.x86_64.rpm c69fd37756dbe81df897396e6c6413de 2007.0/x86_64/apache-mod_ssl-2.2.3-1.3mdv2007.0.x86_64.rpm a24b51c168be4a5d57a1d1b5a1401f83 2007.0/x86_64/apache-mod_userdir-2.2.3-1.3mdv2007.0.x86_64.rpm e481d9ceb7ffa6a6299417a6f7874c07 2007.0/x86_64/apache-modules-2.2.3-1.3mdv2007.0.x86_64.rpm 0917c7d2edab62a4c62e4dd6136dec93 2007.0/x86_64/apache-mpm-prefork-2.2.3-1.3mdv2007.0.x86_64.rpm a98b13300b903a0219dc9de626ea1bbe 2007.0/x86_64/apache-mpm-worker-2.2.3-1.3mdv2007.0.x86_64.rpm e83551cd2c8365788b767f90c204a13d 2007.0/x86_64/apache-source-2.2.3-1.3mdv2007.0.x86_64.rpm f066c405e8993de4fa506d8c05d37b9e 2007.0/SRPMS/apache-2.2.3-1.3mdv2007.0.src.rpm
Mandriva Linux 2007.1: cb95db6136cbe28610e3e9baab45abeb 2007.1/i586/apache-base-2.2.4-6.4mdv2007.1.i586.rpm 6f9a4f9e658d51acdb9b8230a3ff8d10 2007.1/i586/apache-devel-2.2.4-6.4mdv2007.1.i586.rpm 71499b6f32722a7af4b664849eac6320 2007.1/i586/apache-htcacheclean-2.2.4-6.4mdv2007.1.i586.rpm 4c747fdb75063c7bb9bd50c0dbc59a5b 2007.1/i586/apache-mod_authn_dbd-2.2.4-6.4mdv2007.1.i586.rpm a3cae606ac80d807f84177c60e8455c8 2007.1/i586/apache-mod_cache-2.2.4-6.4mdv2007.1.i586.rpm 0f518e3f63d47d1c5a8193d95030f52d 2007.1/i586/apache-mod_dav-2.2.4-6.4mdv2007.1.i586.rpm 3ad5c633a0dcc187aad028f48dfb5b92 2007.1/i586/apache-mod_dbd-2.2.4-6.4mdv2007.1.i586.rpm 5fa41f5ac0caecb71c639f78222d8cee 2007.1/i586/apache-mod_deflate-2.2.4-6.4mdv2007.1.i586.rpm 1b4b5d31d1596eaa30987921d0ab07be 2007.1/i586/apache-mod_disk_cache-2.2.4-6.4mdv2007.1.i586.rpm 597eb4248325c05c1fafae90378425d6 2007.1/i586/apache-mod_file_cache-2.2.4-6.4mdv2007.1.i586.rpm f868cb2c42e06ae77fe349c7d31e0958 2007.1/i586/apache-mod_ldap-2.2.4-6.4mdv2007.1.i586.rpm a8696226c9930799d1fbad199c5e7084 2007.1/i586/apache-mod_mem_cache-2.2.4-6.4mdv2007.1.i586.rpm 2b62f69a3f58f1c572cbd8e961c11043 2007.1/i586/apache-mod_proxy-2.2.4-6.4mdv2007.1.i586.rpm bea2a28dc594b5fb8ef0591a7bb91714 2007.1/i586/apache-mod_proxy_ajp-2.2.4-6.4mdv2007.1.i586.rpm 9719faa4845deef9dc95f4ceeefce0e6 2007.1/i586/apache-mod_ssl-2.2.4-6.4mdv2007.1.i586.rpm 938e503476cac7f68b57322494e8f471 2007.1/i586/apache-mod_userdir-2.2.4-6.4mdv2007.1.i586.rpm cd01ff99ebacfe90c317d253d7ac11c4 2007.1/i586/apache-modules-2.2.4-6.4mdv2007.1.i586.rpm 5d830472142486b008e84851f5befdf9 2007.1/i586/apache-mpm-event-2.2.4-6.4mdv2007.1.i586.rpm 48ec7cbe8edbd745cc8446f2d274d8b7 2007.1/i586/apache-mpm-itk-2.2.4-6.4mdv2007.1.i586.rpm ada3666e18e2c49eb4849afbdad60f75 2007.1/i586/apache-mpm-prefork-2.2.4-6.4mdv2007.1.i586.rpm 7830123c1e76e8d02ca0a140c2b5f6c6 2007.1/i586/apache-mpm-worker-2.2.4-6.4mdv2007.1.i586.rpm 6498cc5113689f513cbdcfae0a2a3ad4 2007.1/i586/apache-source-2.2.4-6.4mdv2007.1.i586.rpm a716565584726e4d2d94ca4796c1d403 2007.1/SRPMS/apache-2.2.4-6.4mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64: 839816f464191d3aff0882eac70cea40 2007.1/x86_64/apache-base-2.2.4-6.4mdv2007.1.x86_64.rpm ac4910f34cbf168df34cd123604b044b 2007.1/x86_64/apache-devel-2.2.4-6.4mdv2007.1.x86_64.rpm a4b4f9d518ed8621348527938f6a8230 2007.1/x86_64/apache-htcacheclean-2.2.4-6.4mdv2007.1.x86_64.rpm d554aa06a52bd72e20f035beedd50dcf 2007.1/x86_64/apache-mod_authn_dbd-2.2.4-6.4mdv2007.1.x86_64.rpm 68659f413d0b1102c220b1b4824489b6 2007.1/x86_64/apache-mod_cache-2.2.4-6.4mdv2007.1.x86_64.rpm d92ec9a9deb7d188e644075a18951ae6 2007.1/x86_64/apache-mod_dav-2.2.4-6.4mdv2007.1.x86_64.rpm 07b06f6de52f0f107106cead6f47de2c 2007.1/x86_64/apache-mod_dbd-2.2.4-6.4mdv2007.1.x86_64.rpm 6bf077871aa95d08c934eacac7f1291e 2007.1/x86_64/apache-mod_deflate-2.2.4-6.4mdv2007.1.x86_64.rpm b16f793759b09e75b7e162a5d858d835 2007.1/x86_64/apache-mod_disk_cache-2.2.4-6.4mdv2007.1.x86_64.rpm 635452cc08657fa5da5b65dc40bf2c1b 2007.1/x86_64/apache-mod_file_cache-2.2.4-6.4mdv2007.1.x86_64.rpm 7a238972b773975493d8931d573233ec 2007.1/x86_64/apache-mod_ldap-2.2.4-6.4mdv2007.1.x86_64.rpm 46704ca76800a5b967a4dd6e8efef986 2007.1/x86_64/apache-mod_mem_cache-2.2.4-6.4mdv2007.1.x86_64.rpm 3c23cff577f9697b719c90918ef91b44 2007.1/x86_64/apache-mod_proxy-2.2.4-6.4mdv2007.1.x86_64.rpm c4ea096a86cdab894cb59bb868b849f0 2007.1/x86_64/apache-mod_proxy_ajp-2.2.4-6.4mdv2007.1.x86_64.rpm 01f40dde7c3c93606c82681af472815f 2007.1/x86_64/apache-mod_ssl-2.2.4-6.4mdv2007.1.x86_64.rpm 9ade922fc7d52d73a47ca5f3cb2c7525 2007.1/x86_64/apache-mod_userdir-2.2.4-6.4mdv2007.1.x86_64.rpm 5e7e44ef5703f1e4fe5a952e5a3f5239 2007.1/x86_64/apache-modules-2.2.4-6.4mdv2007.1.x86_64.rpm e1b06e559e600461e19f9ab0f21d94be 2007.1/x86_64/apache-mpm-event-2.2.4-6.4mdv2007.1.x86_64.rpm 9903bcc1c12a86a9c2f9483d0ef9685e 2007.1/x86_64/apache-mpm-itk-2.2.4-6.4mdv2007.1.x86_64.rpm ce244cc42b6c411d2e3264c6ac6e1a76 2007.1/x86_64/apache-mpm-prefork-2.2.4-6.4mdv2007.1.x86_64.rpm 5989a935f4a0e20ac2844982e81cda83 2007.1/x86_64/apache-mpm-worker-2.2.4-6.4mdv2007.1.x86_64.rpm 339fccde52210eca1bf7e3cf05b9ce0e 2007.1/x86_64/apache-source-2.2.4-6.4mdv2007.1.x86_64.rpm a716565584726e4d2d94ca4796c1d403 2007.1/SRPMS/apache-2.2.4-6.4mdv2007.1.src.rpm
Mandriva Linux 2008.0: cb013d3f4f40e2dfe6a90e0a2a7cdd74 2008.0/i586/apache-base-2.2.6-8.1mdv2008.0.i586.rpm f2e8d6e8191794fac34ddc7fc0f38588 2008.0/i586/apache-devel-2.2.6-8.1mdv2008.0.i586.rpm 8456184db4de115db70e603dbe252456 2008.0/i586/apache-htcacheclean-2.2.6-8.1mdv2008.0.i586.rpm 9e8861daffdf9d6b0ab431b1c3c1fac9 2008.0/i586/apache-mod_authn_dbd-2.2.6-8.1mdv2008.0.i586.rpm de1f407b2eb4d84140686375d3497006 2008.0/i586/apache-mod_cache-2.2.6-8.1mdv2008.0.i586.rpm eaf010272f97a507f37a6145bb9de809 2008.0/i586/apache-mod_dav-2.2.6-8.1mdv2008.0.i586.rpm 4d1073009151607b47ffcedc96cdb834 2008.0/i586/apache-mod_dbd-2.2.6-8.1mdv2008.0.i586.rpm cfc6f2958ef8d117d1070e422078cdfa 2008.0/i586/apache-mod_deflate-2.2.6-8.1mdv2008.0.i586.rpm 3c423e687c0afc1b224e6535e16ec279 2008.0/i586/apache-mod_disk_cache-2.2.6-8.1mdv2008.0.i586.rpm ef790e64feeaf1a9ee5c58fd7e3b359d 2008.0/i586/apache-mod_file_cache-2.2.6-8.1mdv2008.0.i586.rpm 8f86f4c499dfa14fb2daf4f8b578e150 2008.0/i586/apache-mod_ldap-2.2.6-8.1mdv2008.0.i586.rpm 21b1fc690f38b779ee79bed31c5fa3a2 2008.0/i586/apache-mod_mem_cache-2.2.6-8.1mdv2008.0.i586.rpm 0ec954d20d7a080cc9a19c2146480897 2008.0/i586/apache-mod_proxy-2.2.6-8.1mdv2008.0.i586.rpm 50a87c9099f0c094c9fbb763e334fae9 2008.0/i586/apache-mod_proxy_ajp-2.2.6-8.1mdv2008.0.i586.rpm 9d4e1c4a6614e70b77cd2e03e3baeaea 2008.0/i586/apache-mod_ssl-2.2.6-8.1mdv2008.0.i586.rpm 29346499f10a850f8011191b0d242709 2008.0/i586/apache-mod_userdir-2.2.6-8.1mdv2008.0.i586.rpm 21c5bc6f2861cc532c8b5dae3f3e1ee2 2008.0/i586/apache-modules-2.2.6-8.1mdv2008.0.i586.rpm 944b6d2f395f4d26deeef93f9ce55c5b 2008.0/i586/apache-mpm-event-2.2.6-8.1mdv2008.0.i586.rpm 0fc46d4eae684b21a9a98a6c876960b3 2008.0/i586/apache-mpm-itk-2.2.6-8.1mdv2008.0.i586.rpm ab00a26cd43e9045e66da620e9678412 2008.0/i586/apache-mpm-prefork-2.2.6-8.1mdv2008.0.i586.rpm 785499e86b70da53c76a7d3321da1b30 2008.0/i586/apache-mpm-worker-2.2.6-8.1mdv2008.0.i586.rpm c1ccaf747ebe4bd71f875f70c969d4e7 2008.0/i586/apache-source-2.2.6-8.1mdv2008.0.i586.rpm 2d535ab37b9a247e827054766219f7e6 2008.0/SRPMS/apache-2.2.6-8.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64: 56b868f5c7a86b68666af13fe2a5c925 2008.0/x86_64/apache-base-2.2.6-8.1mdv2008.0.x86_64.rpm 16ca885969a1bd9d7f6d4a00a7c33095 2008.0/x86_64/apache-devel-2.2.6-8.1mdv2008.0.x86_64.rpm 76bcdbe509c56ec471ff767f5f7f925f 2008.0/x86_64/apache-htcacheclean-2.2.6-8.1mdv2008.0.x86_64.rpm 36fc978398d6b8f406f0913ecac5576e 2008.0/x86_64/apache-mod_authn_dbd-2.2.6-8.1mdv2008.0.x86_64.rpm d6644c5729325e3a0f7bda5ffe12523c 2008.0/x86_64/apache-mod_cache-2.2.6-8.1mdv2008.0.x86_64.rpm 98e86f62995310727dc7b7343776c948 2008.0/x86_64/apache-mod_dav-2.2.6-8.1mdv2008.0.x86_64.rpm 7aa7da7cb9fc4f29071535620de42023 2008.0/x86_64/apache-mod_dbd-2.2.6-8.1mdv2008.0.x86_64.rpm 8cb681d914e9619adf261dca86154538 2008.0/x86_64/apache-mod_deflate-2.2.6-8.1mdv2008.0.x86_64.rpm 1ebc35b8050495230d6809f97dd89731 2008.0/x86_64/apache-mod_disk_cache-2.2.6-8.1mdv2008.0.x86_64.rpm 7db7d64521dc4253edc59645e79a5e57 2008.0/x86_64/apache-mod_file_cache-2.2.6-8.1mdv2008.0.x86_64.rpm 5624b75d6d1eb311e6332c6a7e10e42f 2008.0/x86_64/apache-mod_ldap-2.2.6-8.1mdv2008.0.x86_64.rpm e7049015c893a5a75d0c4bbc68e18615 2008.0/x86_64/apache-mod_mem_cache-2.2.6-8.1mdv2008.0.x86_64.rpm 910e8bcb28e00501ebd39aa9c30e3cad 2008.0/x86_64/apache-mod_proxy-2.2.6-8.1mdv2008.0.x86_64.rpm 2451f7726434398f715bac328422faa8 2008.0/x86_64/apache-mod_proxy_ajp-2.2.6-8.1mdv2008.0.x86_64.rpm c6a102776378eecfbe64f87d2a4f261b 2008.0/x86_64/apache-mod_ssl-2.2.6-8.1mdv2008.0.x86_64.rpm 27a79220cf963ba1dfe6f17d6e66d3f5 2008.0/x86_64/apache-mod_userdir-2.2.6-8.1mdv2008.0.x86_64.rpm e87a2f8d0e8cf23fe0cc3a7a44195f68 2008.0/x86_64/apache-modules-2.2.6-8.1mdv2008.0.x86_64.rpm 6224d03ea5169e71fd588ddff0b95f16 2008.0/x86_64/apache-mpm-event-2.2.6-8.1mdv2008.0.x86_64.rpm e61bcd69bd997a5cddacc2f58dd1f1b9 2008.0/x86_64/apache-mpm-itk-2.2.6-8.1mdv2008.0.x86_64.rpm 304a7257ba0104bb799c3ab6a09cb977 2008.0/x86_64/apache-mpm-prefork-2.2.6-8.1mdv2008.0.x86_64.rpm d19f57238828efc73f24ff69c1dca341 2008.0/x86_64/apache-mpm-worker-2.2.6-8.1mdv2008.0.x86_64.rpm e72351edf865715beac70996ca1ea09b 2008.0/x86_64/apache-source-2.2.6-8.1mdv2008.0.x86_64.rpm 2d535ab37b9a247e827054766219f7e6 2008.0/SRPMS/apache-2.2.6-8.1mdv2008.0.src.rpm
Corporate 4.0: 0c36f90139943f6564058fb6c9a0028c corporate/4.0/i586/apache-base-2.2.3-1.3.20060mlcs4.i586.rpm 2c23db7c0c820a6d05cf9e89e10d437b corporate/4.0/i586/apache-devel-2.2.3-1.3.20060mlcs4.i586.rpm 6729c4c238ea40547ca8ad4ad34fac39 corporate/4.0/i586/apache-htcacheclean-2.2.3-1.3.20060mlcs4.i586.rpm 8c6b35f7192abf90e6af6a07c27099d0 corporate/4.0/i586/apache-mod_authn_dbd-2.2.3-1.3.20060mlcs4.i586.rpm 6f3ae30580187b440261747c0f975ec6 corporate/4.0/i586/apache-mod_cache-2.2.3-1.3.20060mlcs4.i586.rpm 56dd118e6e37165e6638baab4e58d08e corporate/4.0/i586/apache-mod_dav-2.2.3-1.3.20060mlcs4.i586.rpm 6e3512489622cf59e0f32458d943f65b corporate/4.0/i586/apache-mod_dbd-2.2.3-1.3.20060mlcs4.i586.rpm 7946432730bdac3ec21ca376f8f8ca12 corporate/4.0/i586/apache-mod_deflate-2.2.3-1.3.20060mlcs4.i586.rpm eeac05dfe0a57512de566f6a2e1e105e corporate/4.0/i586/apache-mod_disk_cache-2.2.3-1.3.20060mlcs4.i586.rpm b50af44b3084fcff0bc6cff1ac50023f corporate/4.0/i586/apache-mod_file_cache-2.2.3-1.3.20060mlcs4.i586.rpm a92816a879182cbca50ebace4bb5f193 corporate/4.0/i586/apache-mod_ldap-2.2.3-1.3.20060mlcs4.i586.rpm 2ca6a18de738a817cb346f1eb31bf76a corporate/4.0/i586/apache-mod_mem_cache-2.2.3-1.3.20060mlcs4.i586.rpm b984ff19a2458f844f62be84635060d1 corporate/4.0/i586/apache-mod_proxy-2.2.3-1.3.20060mlcs4.i586.rpm b816b9c09345b92da5a0216f5e9db932 corporate/4.0/i586/apache-mod_proxy_ajp-2.2.3-1.3.20060mlcs4.i586.rpm 240fb4ea33d91846fc083def26b19465 corporate/4.0/i586/apache-mod_ssl-2.2.3-1.3.20060mlcs4.i586.rpm afcda5d86a48edba71a81a8fda0d0f75 corporate/4.0/i586/apache-mod_userdir-2.2.3-1.3.20060mlcs4.i586.rpm 76705f36eb869b9a1520df0c09a7d1e9 corporate/4.0/i586/apache-modules-2.2.3-1.3.20060mlcs4.i586.rpm eb5bc900fa99aab700c29af7978ca44f corporate/4.0/i586/apache-mpm-prefork-2.2.3-1.3.20060mlcs4.i586.rpm 57a7cb6d3fc97eca6c46685f606a3618 corporate/4.0/i586/apache-mpm-worker-2.2.3-1.3.20060mlcs4.i586.rpm 804752d26fd2db2088cbc73ee9aee8f5 corporate/4.0/i586/apache-source-2.2.3-1.3.20060mlcs4.i586.rpm ece351bfa879df71f200f00d143779b9 corporate/4.0/SRPMS/apache-2.2.3-1.3.20060mlcs4.src.rpm
Corporate 4.0/X86_64: 74d411bb422230857a8971a9ce428c0e corporate/4.0/x86_64/apache-base-2.2.3-1.3.20060mlcs4.x86_64.rpm 5ede29fb5e502fdc96dbb4722b69bb26 corporate/4.0/x86_64/apache-devel-2.2.3-1.3.20060mlcs4.x86_64.rpm dcecf6dece1ec0c083f924b8e545b864 corporate/4.0/x86_64/apache-htcacheclean-2.2.3-1.3.20060mlcs4.x86_64.rpm b7bf0d94f575d6e1e42296b69e5d056b corporate/4.0/x86_64/apache-mod_authn_dbd-2.2.3-1.3.20060mlcs4.x86_64.rpm 6718af7bd108e06d8e6be0046473ce69 corporate/4.0/x86_64/apache-mod_cache-2.2.3-1.3.20060mlcs4.x86_64.rpm fce075627de036b3d71a93ceafa6105e corporate/4.0/x86_64/apache-mod_dav-2.2.3-1.3.20060mlcs4.x86_64.rpm 973a484aed44fd0281c34a0227131400 corporate/4.0/x86_64/apache-mod_dbd-2.2.3-1.3.20060mlcs4.x86_64.rpm 359ad6bfc294b82d14788ea3f2fb5b1f corporate/4.0/x86_64/apache-mod_deflate-2.2.3-1.3.20060mlcs4.x86_64.rpm ce014700683860f81922680ab29d335b corporate/4.0/x86_64/apache-mod_disk_cache-2.2.3-1.3.20060mlcs4.x86_64.rpm b918e9b9eeb06303a8b3f26f63666f74 corporate/4.0/x86_64/apache-mod_file_cache-2.2.3-1.3.20060mlcs4.x86_64.rpm 969c3cf38987f91d576de441e5781b5d corporate/4.0/x86_64/apache-mod_ldap-2.2.3-1.3.20060mlcs4.x86_64.rpm e3c4128b336c45e9470e57a1439cead9 corporate/4.0/x86_64/apache-mod_mem_cache-2.2.3-1.3.20060mlcs4.x86_64.rpm e6c07bd0bed38660852db97807e0b3dd corporate/4.0/x86_64/apache-mod_proxy-2.2.3-1.3.20060mlcs4.x86_64.rpm d6b2621b48abe4c74ecd5e24e7c3c9f9 corporate/4.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.3.20060mlcs4.x86_64.rpm 166b443903e18e77afee950f368ae763 corporate/4.0/x86_64/apache-mod_ssl-2.2.3-1.3.20060mlcs4.x86_64.rpm bcbd01a168655d57ad7dcbf424b4d91a corporate/4.0/x86_64/apache-mod_userdir-2.2.3-1.3.20060mlcs4.x86_64.rpm 3723d163f681e478e677c75a286f352e corporate/4.0/x86_64/apache-modules-2.2.3-1.3.20060mlcs4.x86_64.rpm f17cbd7d765045b30dd43f62efb7cfd3 corporate/4.0/x86_64/apache-mpm-prefork-2.2.3-1.3.20060mlcs4.x86_64.rpm 6e704ce4a8ab0b5817273af16b997ea2 corporate/4.0/x86_64/apache-mpm-worker-2.2.3-1.3.20060mlcs4.x86_64.rpm f35f2e3795dba910451ac03ec63f8898 corporate/4.0/x86_64/apache-source-2.2.3-1.3.20060mlcs4.x86_64.rpm ece351bfa879df71f200f00d143779b9 corporate/4.0/SRPMS/apache-2.2.3-1.3.20060mlcs4.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . The vulnerabilities could be remotely exploited to create a Denial of Service (DoS), unauthorized access, unauthorized disclosure of information, or unauthorized modifications. HP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier.
Kit Name Location
HP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01607570 Version: 1
HPSBMA02388 SSRT080059 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Cross Site Scripting (XSS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2008-11-19 Last Updated: 2008-11-19
Potential Security Impact: Remote cross site scripting (XSS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). The vulnerabilities could be exploited remotely to allow cross site scripting (XSS).
References: CVE-2007-6388, CVE-2007-5000
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP OpenView Network Node Manager (OV NNM) v7.01, v7.51, v7.53 running on HP-UX, Linux, and Solaris
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2007-6388 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2007-5000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 =============================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002.
RESOLUTION
HP has made patches available to resolve the vulnerabilities.
The patches are available from http://itrc.hp.com
OV NNM v7.53
Operating_System - HP-UX (IA) Resolved in Patch - PHSS_38148 or subsequent
Operating_System - HP-UX (PA) Resolved in Patch - PHSS_38147 or subsequent
Operating_System - Linux RedHatAS2.1 Resolved in Patch - LXOV_00085 or subsequent
Operating_System - Linux RedHat4AS-x86_64 Resolved in Patch - LXOV_00086 or subsequent
Operating_System - Solaris Resolved in Patch - PSOV_03514 or subsequent
OV NNM v7.51
Upgrade to NNM v7.53 and install the patches listed above.
OV NNM v7.01
Operating_System - HP-UX (PA) Resolved in Patch - PHSS_38761 or subsequent
Operating_System - Solaris Resolved in Patch - PSOV_03516 or subsequent
MANUAL ACTIONS: Yes - NonUpdate Apply the appropriate file as described in the Resolution.
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS (for HP-UX)
For HP-UX OV NNM 7.53 HP-UX B.11.31 HP-UX B.11.23 (IA) ============= OVNNMgr.OVNNM-RUN action: install PHSS_38148 or subsequent URL: http://itrc.hp.com
HP-UX B.11.23 (PA) HP-UX B.11.11 ============= OVNNMgr.OVNNM-RUN action: install PHSS_38147 or subsequent URL: http://itrc.hp.com
For HP-UX OV NNM 7.51 HP-UX B.11.31 HP-UX B.11.23 HP-UX B.11.11 ============= OVNNMgr.OVNNM-RUN action: upgrade NNM v7.51 to NNM v7.53 and apply the appropriate patches
For HP-UX OV NNM 7.01 HP-UX B.11.00 HP-UX B.11.11 ============= OVNNMgr.OVNNM-RUN action: install PHSS_38761 or subsequent URL: http://itrc.hp.com
END AFFECTED VERSIONS (for HP-UX)
HISTORY Version:1 (rev.1) - 19 November 2008 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
- The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
\xa9Copyright 2008 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: PGP 8.1
iQA/AwUBSSQhVOAfOvwtKn1ZEQIlVQCg4n4fABzC24c9qQ5gz68oPLMVKI0AoMbs A2UIaH3YB7z+o42Tm7Eg7ahn =lskD -----END PGP SIGNATURE----- . The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards. The November 2005 Netcraft Web Server Survey found that more than 70% of the web sites on the Internet are using Apache, thus making it more widely used than all other web servers combined. A HTML page is presented that gives the current server statistics in an easily readable form. If required this page can be made to automatically refresh (given a compatible browser). Another page gives a simple machine-readable list of the current server state."
- --- 1. Apache Refresh Header - Open Redirector (XSS) Vulnerability ---
During the fact that Apache mod_status do not filter char ";" we can inject new URL. This fact give attacker open redirector and can lead to phishing attack. Also attacker can create more advanced method to trigger XSS on victim's browser. Exploit ---
SecurityReason is not going to release a exploit to the general public. Exploit was provided and tested for Apache Team . References ---
A Refreshing Look at Redirection : http://www.securityfocus.com/archive/1/450418 by Amit Klein
- --- 5. Greets ---
For: Maksymilian Arciemowicz ( cXIb8O3 ), Infospec, pi3, p_e_a, mpp
- --- 6. HP-UX B.11.11, B.11.23, B.11.31 running Apache v2.0.59.00.2 or earlier
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200801-0561", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "http server", "scope": "lte", "trust": 1.8, "vendor": "apache", "version": "1.3.39" }, { "model": "http server", "scope": "lte", "trust": 1.8, "vendor": "apache", "version": "2.0.61" }, { "model": "http server", "scope": "lte", "trust": 1.8, "vendor": "apache", "version": "2.2.6" }, { "model": "http server", "scope": "eq", "trust": 1.1, "vendor": "oracle", "version": "10.1.3.5.0" }, { "model": "http server", "scope": "eq", "trust": 1.1, "vendor": "ibm", "version": "1.3.28.1" }, { "model": "http server", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "2.0.35" }, { "model": "http server", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "1.3.2" }, { "model": "http server", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "2.2.0" }, { "model": "http server", "scope": "lt", "trust": 0.8, "vendor": "ibm", "version": "2.0.47.1" }, { "model": "http server", "scope": "lt", "trust": 0.8, "vendor": "ibm", "version": "6.0.2.27" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.4.11" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.5.2" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.4.11" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.5.2" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "2.0" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "2.1" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "3 (x86)" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "3 (x86-64)" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "3.0" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "3.0 (x86-64)" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "4.0" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "4.0 (x86-64)" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "10 (sparc)" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "10 (x86)" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "8 (sparc)" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "8 (x86)" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "9 (sparc)" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "9 (x86)" }, { "model": "turbolinux appliance server", "scope": "eq", "trust": 0.8, "vendor": "turbo linux", "version": "1.0 (hosting)" }, { "model": "turbolinux appliance server", "scope": "eq", "trust": 0.8, "vendor": "turbo linux", "version": "1.0 (workgroup)" }, { "model": "turbolinux appliance server", "scope": "eq", "trust": 0.8, "vendor": "turbo linux", "version": "2.0" }, { "model": "turbolinux fuji", "scope": null, "trust": 0.8, "vendor": "turbo linux", "version": null }, { "model": "turbolinux multimedia", "scope": null, "trust": 0.8, "vendor": "turbo linux", "version": null }, { "model": "turbolinux personal", "scope": null, "trust": 0.8, "vendor": "turbo linux", "version": null }, { "model": "turbolinux server", "scope": "eq", "trust": 0.8, "vendor": "turbo linux", "version": "10" }, { "model": "turbolinux server", "scope": "eq", "trust": 0.8, "vendor": "turbo linux", "version": "10 (x64)" }, { "model": "turbolinux server", "scope": "eq", "trust": 0.8, "vendor": "turbo linux", "version": "11" }, { "model": "turbolinux server", "scope": "eq", "trust": 0.8, "vendor": "turbo linux", "version": "11 (x64)" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.11" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.23" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.31" }, { "model": "application stack", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "v1 for enterprise linux as (v.4)" }, { "model": "application stack", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "v1 for enterprise linux es (v.4)" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "2.1 (as)" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "2.1 (es)" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "2.1 (ws)" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "3 (as)" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "3 (es)" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "3 (ws)" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4 (as)" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4 (es)" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4 (ws)" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (server)" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "3.0" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4.0" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5.0 (client)" }, { "model": "linux advanced workstation", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "2.1" }, { "model": "rhel desktop workstation", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (client)" }, { "model": "cosminexus application server enterprise", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 6" }, { "model": "cosminexus application server standard", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 6" }, { "model": "cosminexus application server version 5", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer light version 6", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer professional version 6", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer standard version 6", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer version 5", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus server - enterprise edition", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus server - standard edition", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus server - standard edition version 4", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus server - web edition", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus server - web edition version 4", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "web server", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional" }, { "model": "ucosminexus developer light", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer standard", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus service architect", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus service platform", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "interstage application framework suite", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage apworks", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage business application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage job workload server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage studio", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage web server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker resource coordinator", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.2.4" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.0.60" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.2.3" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.2.2" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.0.59" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.2.6" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.2" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.2.5" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.0.61" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.2.1" }, { "model": "interstage job workload server", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.1" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2007.0" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.49" }, { "model": "2.2.5-dev", "scope": null, "trust": 0.3, "vendor": "apache", "version": null }, { "model": "interstage studio enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "certificate server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7.3" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "openvms secure web server", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "2.2" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.3" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.35" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0.1" }, { "model": "multi network firewall", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "2.0" }, { "model": "hp-ux b.11.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "enterprise linux ws", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2.1" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage apworks modelers-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "server", "scope": "eq", "trust": 0.3, "vendor": "turbolinux", "version": "11x64" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "12.0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.50" }, { "model": "workstation", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "6.5.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.10" }, { "model": "2.2.7-dev", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": null }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0.1" }, { "model": "interstage application server plus developer", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "10.0" }, { "model": "-dev", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.56" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.6" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "rpath", "version": "1" }, { "model": "corporate server x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "4.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "9.0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.5" }, { "model": "network satellite (for rhel", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4)4.2" }, { "model": "linux lts powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.06" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.34" }, { "model": "interstage studio standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.28" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10.1x86" }, { "model": "server", "scope": "eq", "trust": 0.3, "vendor": "turbolinux", "version": "11" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.39" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.10" }, { "model": "workstation", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "6.5.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.5" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1" }, { "model": "-dev", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.7" }, { "model": "ccs", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1.2" }, { "model": "personal", "scope": null, "trust": 0.3, "vendor": "turbolinux", "version": null }, { "model": "enterprise linux es", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "enterprise linux es", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "3" }, { "model": "networks self-service peri application", "scope": "eq", "trust": 0.3, "vendor": "nortel", "version": "0" }, { "model": "linux enterprise sdk 10.sp1", "scope": null, "trust": 0.3, "vendor": "suse", "version": null }, { "model": "appliance server hosting edition", "scope": "eq", "trust": 0.3, "vendor": "turbolinux", "version": "1.0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.51" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "7.04" }, { "model": "networks self-service wvads", "scope": "eq", "trust": 0.3, "vendor": "nortel", "version": "0" }, { "model": "interstage studio enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "ccs", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1.1" }, { "model": "-dev", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.35" }, { "model": "communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2007.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.1" }, { "model": "advanced workstation for the itanium processor", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.4" }, { "model": "ccs", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.2" }, { "model": "player", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.5.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.6" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.35" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.22" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "novell linux desktop sdk", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "9.0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.9" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "7.04" }, { "model": "enterprise linux desktop client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0.1" }, { "model": "red hat network satellite server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.11" }, { "model": "2.2.6-dev", "scope": null, "trust": 0.3, "vendor": "apache", "version": null }, { "model": "1.3.40-dev", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": null }, { "model": "enterprise linux ws ia64", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.8" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.53" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.9" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.3" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.06" }, { "model": "interstage application server plus developer", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0.1" }, { "model": "messaging storage server mm3.0", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.43" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2008.0" }, { "model": "interstage apworks modelers-j edition 6.0a", "scope": null, "trust": 0.3, "vendor": "fujitsu", "version": null }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.47" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.10" }, { "model": "openview network node manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.51" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.2" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.55" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.10" }, { "model": "solaris 8 sparc", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.20" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.06" }, { "model": "appliance server", "scope": "eq", "trust": 0.3, "vendor": "turbolinux", "version": "2.0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.26" }, { "model": "interstage business application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.0" }, { "model": "player", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.5.2" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.25" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.37" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2007.1" }, { "model": "openview network node manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.53" }, { "model": "interstage application server standard edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.14" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.10" }, { "model": "linux ppc", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10.1" }, { "model": "hardware management console for pseries r1.3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "linux -current", "scope": null, "trust": 0.3, "vendor": "slackware", "version": null }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.7" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.33" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.11" }, { "model": "network proxy (for rhel", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4)4.2" }, { "model": "enterprise linux es", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2.1" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.1" }, { "model": "linux enterprise server sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "8.1" }, { "model": "desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4.0" }, { "model": "networks self-service speech server", "scope": "eq", "trust": 0.3, "vendor": "nortel", "version": "0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.2" }, { "model": "fuji", "scope": "eq", "trust": 0.3, "vendor": "turbolinux", "version": "0" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2007.0" }, { "model": "websphere application server", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6.1.17" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "12.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.3" }, { "model": "corporate server x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "3.0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.36" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "7.10" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "9.1" }, { "model": "hardware management console for iseries r1.3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "interstage apworks modelers-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "application stack for enterprise linux as", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "v14" }, { "model": "linux lts sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.06" }, { "model": "network satellite (for rhel", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "3)4.2" }, { "model": "corporate server", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "4.0" }, { "model": "appliance server workgroup edition", "scope": "eq", "trust": 0.3, "vendor": "turbolinux", "version": "1.0" }, { "model": "openview network node manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.01" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "10.1" }, { "model": "advanced workstation for the itanium processor ia64", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2.1" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "solaris 8 x86", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "10.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.10" }, { "model": "solaris 10 sparc", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.48" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.45" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.12" }, { "model": "communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.0" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "7.10" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1.1" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.47.1" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.38" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "appliance platform linux service", "scope": "eq", "trust": 0.3, "vendor": "rpath", "version": "1" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.47" }, { "model": "interstage application server web-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "2.0.61-dev", "scope": null, "trust": 0.3, "vendor": "apache", "version": null }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.46" }, { "model": "2.0.62-dev", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": null }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.5" }, { "model": "networks self-service peri workstation", "scope": "eq", "trust": 0.3, "vendor": "nortel", "version": "0" }, { "model": "interstage application server plus developer", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "ace", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.5.2" }, { "model": "communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1" }, { "model": "server", "scope": "eq", "trust": 0.3, "vendor": "turbolinux", "version": "10.0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.44" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.24" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "apache", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": "2.0.63" }, { "model": "enterprise linux as ia64", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2.1" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.40" }, { "model": "communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.4" }, { "model": "application stack for enterprise linux es", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "v14" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.6" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.23" }, { "model": "network proxy (for rhel", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4)5.0" }, { "model": "novell linux pos", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "9" }, { "model": "business availability center", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.01" }, { "model": "openvms secure web server", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1-1" }, { "model": "message networking mn", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.39" }, { "model": "open-enterprise-server", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "0" }, { "model": "linux enterprise server", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "9" }, { "model": "enterprise linux as", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "enterprise linux as", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "3" }, { "model": "fedora", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.8" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.4" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.19" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1.3" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.18" }, { "model": "ace", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.5.1" }, { "model": "openvms secure web server", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.2" }, { "model": "ccs", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.27" }, { "model": "novell linux desktop", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "9.0" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "7.10" }, { "model": "interstage application server enterprise edition a", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.2" }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.9" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2" }, { "model": "enterprise linux ws", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "enterprise linux ws", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "3" }, { "model": "network proxy (for rhel", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "3)4.2" }, { "model": "solaris 10 x86", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "3.0" }, { "model": "networks self-service web centric ccxml", "scope": "eq", "trust": 0.3, "vendor": "nortel", "version": null }, { "model": "networks self service voicexml", "scope": "eq", "trust": 0.3, "vendor": "nortel", "version": "0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.58" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.54" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "7.10" }, { "model": "enterprise linux desktop workstation client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.42" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "openvms secure web server", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.1-1" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.3" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.37" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2008.0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.52" }, { "model": "intuity audix lx", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "solaris 9 x86", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0.1" }, { "model": "interstage application server standard-j edition a", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "corporate server", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "3.0" }, { "model": "solaris 9 sparc", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.36" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10.1x86-64" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.32" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "7.04" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.1" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.41" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1.4" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.29" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.6" }, { "model": "2.0.60-dev", "scope": null, "trust": 0.3, "vendor": "apache", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.7" }, { "model": "server", "scope": "eq", "trust": 0.3, "vendor": "turbolinux", "version": "10.0.0x64" }, { "model": "networks self-service media processing server", "scope": "eq", "trust": 0.3, "vendor": "nortel", "version": "0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.17" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.3" }, { "model": "enterprise linux es ia64", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2.1" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "interstage studio standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "apache", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": "1.3.41" }, { "model": "enterprise linux as", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.11" }, { "model": "multimedia", "scope": null, "trust": 0.3, "vendor": "turbolinux", "version": null }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.31" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.59" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "7.04" } ], "sources": [ { "db": "BID", "id": "27237" }, { "db": "JVNDB", "id": "JVNDB-2008-001001" }, { "db": "CNNVD", "id": "CNNVD-200801-095" }, { "db": "NVD", "id": "CVE-2007-6388" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:apache:http_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:ibm:http_server", "vulnerable": true }, { "cpe22Uri": "cpe:/o:apple:mac_os_x", "vulnerable": true }, { "cpe22Uri": "cpe:/o:apple:mac_os_x_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:oracle:http_server", "vulnerable": true }, { "cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server", "vulnerable": true }, { "cpe22Uri": "cpe:/o:sun:solaris", "vulnerable": true }, { "cpe22Uri": "cpe:/o:turbolinux:turbolinux_appliance_server", "vulnerable": true }, { "cpe22Uri": "cpe:/o:turbolinux:turbolinux_fuji", "vulnerable": true }, { "cpe22Uri": "cpe:/o:turbolinux:turbolinux_multimedia", "vulnerable": true }, { "cpe22Uri": "cpe:/o:turbolinux:turbolinux_personal", "vulnerable": true }, { "cpe22Uri": "cpe:/o:turbolinux:turbolinux_server", "vulnerable": true }, { "cpe22Uri": "cpe:/o:hp:hp-ux", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:rhel_application_stack", "vulnerable": true }, { "cpe22Uri": "cpe:/o:redhat:enterprise_linux", "vulnerable": true }, { "cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop", "vulnerable": true }, { "cpe22Uri": "cpe:/o:redhat:linux_advanced_workstation", "vulnerable": true }, { "cpe22Uri": "cpe:/o:redhat:rhel_desktop_workstation", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server_enterprise", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server_standard", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server_version_5", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_developer_light_version_6", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_developer_professional_version_6", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_developer_standard_version_6", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_developer_version_5", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_server_-_enterprise_edition", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_server_-_standard_edition", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_server_-_standard_edition_version_4", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_server_-_web_edition", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_server_-_web_edition_version_4", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:hitachi_web_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server_enterprise", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server_standard", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer_light", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer_standard", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_service_architect", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_service_platform", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_framework_suite", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_apworks", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_job_workload_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_studio", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_web_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_resource_coordinator", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2008-001001" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "sp3x is credited with the discovery of this vulnerability.", "sources": [ { "db": "BID", "id": "27237" }, { "db": "CNNVD", "id": "CNNVD-200801-095" } ], "trust": 0.9 }, "cve": "CVE-2007-6388", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "CVE-2007-6388", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2007-6388", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2007-6388", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-200801-095", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2007-6388", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2007-6388" }, { "db": "JVNDB", "id": "JVNDB-2008-001001" }, { "db": "CNNVD", "id": "CNNVD-200801-095" }, { "db": "NVD", "id": "CVE-2007-6388" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Reportedly, attackers can also use this issue to redirect users\u0027 browsers to arbitrary locations, which may aid in phishing attacks. \nThe issue affects versions prior to Apache 2.2.7-dev, 2.0.62-dev, and 1.3.40-dev. =========================================================== \nUbuntu Security Notice USN-575-1 February 04, 2008\napache2 vulnerabilities\nCVE-2006-3918, CVE-2007-3847, CVE-2007-4465, CVE-2007-5000,\nCVE-2007-6388, CVE-2007-6421, CVE-2007-6422, CVE-2008-0005\n===========================================================\n\nA security issue affects the following Ubuntu releases:\n\nUbuntu 6.06 LTS\nUbuntu 6.10\nUbuntu 7.04\nUbuntu 7.10\n\nThis advisory also applies to the corresponding versions of\nKubuntu, Edubuntu, and Xubuntu. \n\nThe problem can be corrected by upgrading your system to the\nfollowing package versions:\n\nUbuntu 6.06 LTS:\n apache2-mpm-perchild 2.0.55-4ubuntu2.3\n apache2-mpm-prefork 2.0.55-4ubuntu2.3\n apache2-mpm-worker 2.0.55-4ubuntu2.3\n\nUbuntu 6.10:\n apache2-mpm-perchild 2.0.55-4ubuntu4.2\n apache2-mpm-prefork 2.0.55-4ubuntu4.2\n apache2-mpm-worker 2.0.55-4ubuntu4.2\n\nUbuntu 7.04:\n apache2-mpm-event 2.2.3-3.2ubuntu2.1\n apache2-mpm-perchild 2.2.3-3.2ubuntu2.1\n apache2-mpm-prefork 2.2.3-3.2ubuntu2.1\n apache2-mpm-worker 2.2.3-3.2ubuntu2.1\n\nUbuntu 7.10:\n apache2-mpm-event 2.2.4-3ubuntu0.1\n apache2-mpm-perchild 2.2.4-3ubuntu0.1\n apache2-mpm-prefork 2.2.4-3ubuntu0.1\n apache2-mpm-worker 2.2.4-3ubuntu0.1\n\nIn general, a standard system upgrade is sufficient to effect the\nnecessary changes. \n\nDetails follow:\n\nIt was discovered that Apache did not sanitize the Expect header from\nan HTTP request when it is reflected back in an error message, which\ncould result in browsers becoming vulnerable to cross-site scripting\nattacks when processing the output. With cross-site scripting\nvulnerabilities, if a user were tricked into viewing server output\nduring a crafted server request, a remote attacker could exploit this\nto modify the contents, or steal confidential data (such as passwords),\nwithin the same domain. This was only vulnerable in Ubuntu 6.06. A remote\nattacker could send Apache crafted date headers and cause a denial of\nservice via application crash. By default, mod_proxy is disabled in\nUbuntu. (CVE-2007-3847)\n\nIt was discovered that mod_autoindex did not force a character set,\nwhich could result in browsers becoming vulnerable to cross-site\nscripting attacks when processing the output. (CVE-2007-4465)\n\nIt was discovered that mod_imap/mod_imagemap did not force a\ncharacter set, which could result in browsers becoming vulnerable\nto cross-site scripting attacks when processing the output. By\ndefault, mod_imap/mod_imagemap is disabled in Ubuntu. (CVE-2007-5000)\n\nIt was discovered that mod_status when status pages were available,\nallowed for cross-site scripting attacks. By default, mod_status is\ndisabled in Ubuntu. By default,\nmod_proxy_balancer is disabled in Ubuntu. This was only vulnerable\nin Ubuntu 7.04 and 7.10. (CVE-2007-6421)\n\nIt was discovered that mod_proxy_balancer could be made to\ndereference a NULL pointer. A remote attacker could send a crafted\nrequest and cause a denial of service via application crash. By\ndefault, mod_proxy_balancer is disabled in Ubuntu. This was only\nvulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-6422)\n\nIt was discovered that mod_proxy_ftp did not force a character set,\nwhich could result in browsers becoming vulnerable to cross-site\nscripting attacks when processing the output. By default,\nmod_proxy_ftp is disabled in Ubuntu. (CVE-2008-0005)\n\n\nUpdated packages for Ubuntu 6.06 LTS:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3.diff.gz\n Size/MD5: 121305 10359a467847b63f8d6603081450fece\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3.dsc\n Size/MD5: 1148 923d0e3dcb5afba32a130aed96ac7214\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz\n Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.3_all.deb\n Size/MD5: 2124588 2befe634f0a889cc2241772f2a7d7164\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 832842 032c077cfeb6ffbc3989c54c27cb729a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 228206 771457a0b555eef325be270e1c22c0c2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 223236 77988570570b779ebf92fcc3dc7dc198\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 227904 945d30797a27c7ac28a96d9c1793b80d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 171402 3b7567107864cf36953e7911a4851738\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 172186 85a591ea061cbc727fc261b046781502\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 94240 b80027348754c493312269f7410b38fe\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 36228 2821ca9410c9cd287e756f05b0f6930c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 285664 76f4879738a0a788414316581ac2010b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 144250 3cd8327429958569a306257da57e8be0\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 786052 7bdddb451607eeb2abb9706641675397\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 202862 a88456a5949fe1da4ad3f6c969d3a886\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 198746 aa72459cae4f5765ccd1b58d275961bc\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 202338 13bbe75f89aeedb6dec9be929528df48\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 171408 34209e19f6ef01cb08aa75c1b3045495\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 172176 4521336ea6f4d87391ee96d70b79f887\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 92182 d8a3310073c017cdc7d3ffd1046a50cf\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 36220 0ae71bd4efdd0fb325864f46ba4f16e7\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 261736 476e8d909e279fac698baf9cf0d62300\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 132160 3efb3c11dd844fbc429eff5818dcdae2\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 859014 a8c42d748bfd616f6a6f1bbbf2224205\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 220254 84f7c2678fbab6b303361d32f1a741a8\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 215932 bee4a6e00371117203647fd3a311658a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 219800 aaf4968deba24912e4981f35a367a086\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 171410 a15c13c0a2ec49e805f9ae83e5db4ae7\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 172198 4e411b4b16daab9a0ddc9ea3651f448d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 103940 dca02b7f5bc6848fa1dc8aa530f04910\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 36222 619ee3ea1064d11a02de092690bfb1e1\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 281280 9325dbc26f57d76254ceca78bee4cff2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 141398 668d7fb9dd196e82601ca6d43a326813\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 803242 120feec10c0dcc370894e2a3bdcd399b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 210668 062841f2fd30c07ff1f5b101a7c1e196\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 206266 35b3b9d4b34844b01576ca7963b5edda\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 209954 4f99e4d02fc93222cb541edb09358b79\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 171404 bd728a86c1a8984d60caeee35da0c451\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 172184 1794886b8aca59cf28cbe28d853f42ae\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 93282 1ae6def788c74750d79055784c0d8006\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 36230 5f1d8e4d19324674a1f5748601431758\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 267832 96c149638daeb993250b18c9f4285abf\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 130082 7a62f71e679a233ca118cb9813ffd3e3\n\nUpdated packages for Ubuntu 6.10:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2.diff.gz\n Size/MD5: 121671 775c3b2d53630ddfb4386cbfdb954861\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2.dsc\n Size/MD5: 1148 a5dd357e0bef2dc308656c6c0af5ca1c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz\n Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu4.2_all.deb\n Size/MD5: 2124902 baf4147b4e4d939a08f20c8ac987abf7\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 836086 e04fced4fc1efd4a192a4016f679bc38\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 227790 27c558402837f9d4c85315dcdde2f4e1\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 222698 a33ef1566dcd4793b0aa633435e8ee44\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 227296 4b3c5e771574d858dd655a9e0a7a5d8c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 171640 bd8fbcd40f5431e6688156ba4b17e960\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 172412 0520836bca78eb64bc97d4a8cc481487\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 94518 8b35759996e50046eca8154ebc63fc1f\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 36530 1b08b4418ff0f7ba90940433116cf6d8\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 286876 1426b92819b56ff892483acedfdea4c6\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 145340 109c93408c5197be50960cce80c23b7c\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 806640 81e91910683454a4b2444e0ce8e929bc\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 209996 27440ecbe836673f63ae1773e238eb65\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 206098 e77a4b69c1c456f4ca6c03d9105d8552\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 209552 8a23207211e54b138d5a87c15c097908\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 171636 07616e459905bad152a8669c8f670436\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 172408 69300678b2f8b908f90a91de325c7ee2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 93558 d47cdad1593a7332507c7d0388effbf4\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 36532 47800e58ec26a1389005b8120ad3ca3e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 266728 65cd78808f959d9e73a4d5e348bf3e20\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 137934 1493ea26165b34a841da777ed801ca7a\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 865216 a635390e5772dd30dac70f7aba5e620d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 222022 e37ef7d710800e568d838242d3129725\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 217630 53127602a5df28a5d66fdd11e396c346\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 221782 d3e43cef5b90a7e3aa405a5d167ddfb6\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 171632 d9f1c242ffeab1b90850a6ffc78f0148\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 172404 51b40f3e6a486ce372844ad24b83ecf5\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 104970 0f281f65023f52f0bea2dc54136b6c57\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 36530 c8c4a7e645fe938da23737602589d08c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 284866 ba3e1b09a14d8e5485561118f6eeefb7\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 144554 66d17552fd2385cfdf44c5d55ea583c9\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 811380 c2578ed2a96363e7c5fb268933487ccb\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 212602 aab797ade503fec11a36dbf640e1ef08\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 208354 0a571678c269d1da06787dac56567f1c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 212052 90754ccdcd95e652413426376078d223\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 171634 00fbac613f13f1d1e20470ce42703018\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 172414 65e31d4a009a9663212f8cfcfa492c53\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 94100 95bd6b71a6bc1fceeccbc51d2b913bd2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 36532 b4a7ccf0ba37c70b78a950bacbc4a650\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 268776 5b157a4dd55f533a610bc6c111e9d414\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 131000 dda2d34f2e90e0468b02e261ae2c6afe\n\nUpdated packages for Ubuntu 7.04:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1.diff.gz\n Size/MD5: 115896 cbb8201fa61844fe02dcc7c2e1e35cf5\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1.dsc\n Size/MD5: 1128 77143d282e5fc16d3f1dc327b7a4fd87\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3.orig.tar.gz\n Size/MD5: 6342475 f72ffb176e2dc7b322be16508c09f63c\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.3-3.2ubuntu2.1_all.deb\n Size/MD5: 2199570 be1a62334680ed00d5f5a4c74113d524\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.3-3.2ubuntu2.1_all.deb\n Size/MD5: 272460 eb0d9dce34ef9dd4b940fb98c38e529c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.3-3.2ubuntu2.1_all.deb\n Size/MD5: 6672646 b3d11c9f4451f75e4ff17e663999a579\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1_all.deb\n Size/MD5: 39090 d2db3ef69d13b4ed76493e189174c304\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_amd64.deb\n Size/MD5: 450016 f2726571f028c6f228a73faa1b620f63\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_amd64.deb\n Size/MD5: 445732 2f791f5e207e2ed047c4ed36572cea6d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_amd64.deb\n Size/MD5: 449602 a67b291ea2270e9c46f8eaecef65f7c6\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_amd64.deb\n Size/MD5: 403950 bc7a8419daa6c451decbb5640241df32\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_amd64.deb\n Size/MD5: 404518 099bb7f53ae885bd7e8157c781c5b50b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_amd64.deb\n Size/MD5: 341726 0aed173b3eb2db83ddd6ddb49bab7c4e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_amd64.deb\n Size/MD5: 971426 30db1106dfea5106da54d2287c02a380\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_i386.deb\n Size/MD5: 433320 03d3aa003bf777f1f1ae9d8f814caac1\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_i386.deb\n Size/MD5: 429248 e49f5accb8764204a2a759ea8b2dea55\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_i386.deb\n Size/MD5: 432706 a3c32680004d3e0b460513d426006bb0\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_i386.deb\n Size/MD5: 403964 63c77d5009e715094d21c273b57c04d0\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_i386.deb\n Size/MD5: 404530 f4b9eb26fa058eaec8f75ae956cbc852\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_i386.deb\n Size/MD5: 340810 e5d63edb8c0f2baccf9a2b072d1c3d74\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_i386.deb\n Size/MD5: 929546 828b8224e2540d7bc4e462d5b2b1f8af\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_powerpc.deb\n Size/MD5: 451914 b1057076382cb22727fa0bcd202c57dd\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_powerpc.deb\n Size/MD5: 447340 44e26684bd3a09f2ed6969d2c540f5ae\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_powerpc.deb\n Size/MD5: 451324 2c029a48b2242e1fdf137a6cec3af09d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_powerpc.deb\n Size/MD5: 403974 65a11cfaee921517445cf74ed04df701\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_powerpc.deb\n Size/MD5: 404538 d27226fdeac7d193651a2cb2bd4b61e8\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_powerpc.deb\n Size/MD5: 360936 058bbb5e05afc0ca08805ca71a713a42\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_powerpc.deb\n Size/MD5: 1073822 0f9dda867e9131cc5418dd40ec579d38\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_sparc.deb\n Size/MD5: 434804 ff6361811108a9be8b45dd255b84c376\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_sparc.deb\n Size/MD5: 430968 367e708f82317b657439fc9e70dfb3eb\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_sparc.deb\n Size/MD5: 434308 2073137bb138dc52bbace666714f4e14\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_sparc.deb\n Size/MD5: 403952 f0ed9c92b917d1749825e64be61d8822\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_sparc.deb\n Size/MD5: 404520 fa7ce800de2eb5719c479a7506798b88\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_sparc.deb\n Size/MD5: 343774 880faca3543426734431c29de77c3048\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_sparc.deb\n Size/MD5: 938534 3e9075d30b9cedd73a936a14b8b84374\n\nUpdated packages for Ubuntu 7.10:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1.diff.gz\n Size/MD5: 121669 dd7399c1dacd25d2153af25d3e9c3ea5\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1.dsc\n Size/MD5: 1241 9b9bd27a1cfe3fc33d63b0b13d345e98\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4.orig.tar.gz\n Size/MD5: 6365535 3add41e0b924d4bb53c2dee55a38c09e\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.4-3ubuntu0.1_all.deb\n Size/MD5: 2211118 6da81663b251e862bb665d9627271b9f\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.4-3ubuntu0.1_all.deb\n Size/MD5: 278032 4f8270cff0a532bd059741b366047da9\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.4-3ubuntu0.1_all.deb\n Size/MD5: 6700348 b133a1244f39b3f64fdd47cdd4a64480\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1_all.deb\n Size/MD5: 42192 3f0351337b9c5d21ceea4b92a3911040\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_amd64.deb\n Size/MD5: 456628 d85a3cbc0eef82e845a8327180136469\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_amd64.deb\n Size/MD5: 452408 8dd9341af4b538e6c9f8f70faf5fd2f2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_amd64.deb\n Size/MD5: 456134 f6bcb10663b0c13cdf68c6d0e83c6342\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_amd64.deb\n Size/MD5: 410020 036c44117688999e0eaa7a6cfc1b5a11\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_amd64.deb\n Size/MD5: 410604 cbb1e906a74fb2a34f41a3243ffa8010\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_amd64.deb\n Size/MD5: 347444 63413a914cb4546704032ab8f7f16a80\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_amd64.deb\n Size/MD5: 989366 b0c2d84f421fcb331efcec2a7b0711d1\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_i386.deb\n Size/MD5: 439730 46888aaf742cdcc30bcf7983d31c0158\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_i386.deb\n Size/MD5: 435354 f3557e1a87154424e9144cf672110e93\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_i386.deb\n Size/MD5: 439062 3469e523d93cfc20b71271b1f24daea1\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_i386.deb\n Size/MD5: 410026 fafeb6f9433f595e1a634505f78d2bd1\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_i386.deb\n Size/MD5: 410606 29b01db3883e5d12a5992c22cadfbe7a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_i386.deb\n Size/MD5: 346490 6581362eebd73d91d1f74ebd9941c890\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_i386.deb\n Size/MD5: 944816 a1f598ad168bf49f12f8b0cf08ab7908\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_powerpc.deb\n Size/MD5: 458126 f08b8b1f2673fdfcbd849bc913006408\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_powerpc.deb\n Size/MD5: 453546 f52c55b92d5b1c42cb4cfcfee774b1bd\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_powerpc.deb\n Size/MD5: 457466 f7b948be666100a7f5631cbafe2255dd\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_powerpc.deb\n Size/MD5: 410024 3bba352e3a2d8730a23d04fdcea5abd9\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_powerpc.deb\n Size/MD5: 410606 b95af66f260d1291e92986790b7d2f0f\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_powerpc.deb\n Size/MD5: 366550 c2f8906ce78396a240e37c08aa2cc197\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_powerpc.deb\n Size/MD5: 1091688 f214016a736f7743a28dfd03e09753e2\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_sparc.deb\n Size/MD5: 440954 f1a98acdf576d3e7c9576501f7886d30\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_sparc.deb\n Size/MD5: 437166 36b4878e0e9593b5d28c743eb093784a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_sparc.deb\n Size/MD5: 440446 46d56f1a8d1b10cc937c8252648a583e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_sparc.deb\n Size/MD5: 410028 0c28e9654530a4ecf363d998b78e1fd5\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_sparc.deb\n Size/MD5: 410608 8e22b403b2315b190263f8ba2c8f98dd\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_sparc.deb\n Size/MD5: 349678 fe7ce515de30be0ef1ddf865cae5dd49\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_sparc.deb\n Size/MD5: 956316 009e48ea5e94d39830b3e9ba21aa55c8\n\n. The HP Business Availability Center v8.02 kit is available on the HP Software Support Online portal at: http://support.openview.hp.com/support.jsp . Summary\n\n Updated VMware Hosted products address security issues in libpng and\n the Apace HTTP Server. \n\n2. Relevant releases\n\n VMware Workstation 6.5.2 and earlier,\n VMware Player 2.5.2 and earlier,\n VMware ACE 2.5.2 and earlier\n\n3. Problem Description\n\n a. Third Party Library libpng Updated to 1.2.35\n\n Several flaws were discovered in the way third party library libpng\n handled uninitialized pointers. An attacker could create a PNG image\n file in such a way, that when loaded by an application linked to\n libpng, it could cause the application to crash or execute arbitrary\n code at the privilege level of the user that runs the application. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2009-0040 to this issue. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n VirtualCenter any Windows not affected\n\n Workstation 6.5.x any 6.5.3 build 185404 or later\n\n Player 2.5.x any 2.5.3 build 185404 or later\n\n ACE 2.5.x any 2.5.3 build 185404 or later\n\n Server 2.x any patch pending\n Server 1.x any patch pending\n\n Fusion 2.x Mac OS/X not affected\n Fusion 1.x Mac OS/X not affected\n\n ESXi 4.0 ESXi not affected\n ESXi 3.5 ESXi not affected\n\n ESX 4.0 ESX not affected\n ESX 3.5 ESX not affected\n ESX 3.0.3 ESX not affected\n ESX 3.0.2 ESX not affected\n ESX 2.5.5 ESX not affected *\n\n * The libpng update for the Service Console of ESX 2.5.5 is\n documented in VMSA-2009-0007. \n\n b. Apache HTTP Server updated to 2.0.63\n\n The new version of ACE updates the Apache HTTP Server on Windows\n hosts to version 2.0.63 which addresses multiple security issues\n that existed in the previous versions of this server. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2007-3847, CVE-2007-1863, CVE-2006-5752,\n CVE-2007-3304, CVE-2007-6388, CVE-2007-5000, CVE-2008-0005 to the\n issues that have been addressed by this update. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n VirtualCenter any Windows not affected\n\n Workstation 6.5.x any not affected\n\n Player 2.5.x any not affected\n\n ACE 2.5.x Windows 2.5.3 build 185404 or later\n ACE 2.5.x Linux update Apache on host system *\n\n Server 2.x any not affected\n Server 1.x any not affected\n\n Fusion 2.x Mac OS/X not affected\n Fusion 1.x Mac OS/X not affected\n\n ESXi 4.0 ESXi not affected\n ESXi 3.5 ESXi not affected\n\n ESX 4.0 ESX not affected\n ESX 3.5 ESX not affected\n ESX 3.0.3 ESX not affected\n ESX 3.0.2 ESX not affected\n ESX 2.5.5 ESX not affected\n\n * The Apache HTTP Server is not part of an ACE install on a Linux\n host. Update the Apache HTTP Server on the host system to version\n 2.0.63 in order to remediate the vulnerabilities listed above. \n\n4. Solution\n\n Please review the patch/release notes for your product and version\n and verify the md5sum and/or the sha1sum of your downloaded file. \n\n VMware Workstation 6.5.3\n ------------------------\n http://www.vmware.com/download/ws/\n Release notes:\n http://www.vmware.com/support/ws65/doc/releasenotes_ws653.html\n\n For Windows\n\n Workstation for Windows 32-bit and 64-bit\n Windows 32-bit and 64-bit .exe\n md5sum: 7565d16b7d7e0173b90c3b76ca4656bc\n sha1sum: 9f687afd8b0f39cde40aeceb3213a91be487aad1\n\n For Linux\n\n Workstation for Linux 32-bit\n Linux 32-bit .rpm\n md5sum: 4d55c491bd008ded0ea19f373d1d1fd4\n sha1sum: 1f43131c960e76a530390d3b6984c78dfc2da23e\n\n Workstation for Linux 32-bit\n Linux 32-bit .bundle\n md5sum: d4a721c1918c0e8a87c6fa4bad49ad35\n sha1sum: c0c6f9b56e70bd3ffdb5467ee176110e283a69e5\n\n Workstation for Linux 64-bit\n Linux 64-bit .rpm\n md5sum: 72adfdb03de4959f044fcb983412ae7c\n sha1sum: ba16163c8d9b5aa572526b34a7b63dc6e68f9bbb\n\n Workstation for Linux 64-bit\n Linux 64-bit .bundle\n md5sum: 83e1f0c94d6974286256c4d3b559e854\n sha1sum: 8763f250a3ac5fc4698bd26319b93fecb498d542\n\n\n VMware Player 2.5.3\n -------------------\n http://www.vmware.com/download/player/\n Release notes:\n http://www.vmware.com/support/player25/doc/releasenotes_player253.html\n\n Player for Windows binary\n\nhttp://download3.vmware.com/software/vmplayer/VMware-player-2.5.3-185404.exe\n md5sum: fe28f193374c9457752ee16cd6cad4e7\n sha1sum: 13bd3ff93c04fa272544d3ef6de5ae746708af04\n\n Player for Linux (.rpm)\n\nhttp://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.i386.rpm\n md5sum: c99cd65f19fdfc7651bcb7f328b73bc2\n sha1sum: a33231b26e2358a72d16e1b4e2656a5873fe637e\n\n Player for Linux (.bundle)\n\nhttp://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.i386.bundle\n md5sum: 210f4cb5615bd3b2171bc054b9b2bac5\n sha1sum: 2f6497890b17b37480165bab9f430e8645edae9b\n\n Player for Linux - 64-bit (.rpm)\n\nhttp://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.x86_64.rpm\n md5sum: f91576ef90b322d83225117ae9335968\n sha1sum: f492fa9cf26ee2818f164aac04cde1680c25d974\n\n Player for Linux - 64-bit (.bundle)\n\nhttp://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.x86_64.bundle\n md5sum: 595d44d7945c129b1aeb679d2f001b05\n sha1sum: acd69fcb0c6bc49fd4af748c65c7fb730ab1e8c4\n\n\n VMware ACE 2.5.3\n ----------------\n http://www.vmware.com/download/ace/\n Release notes:\n http://www.vmware.com/support/ace25/doc/releasenotes_ace253.html\n\n ACE Management Server Virtual Appliance\n AMS Virtual Appliance .zip\n md5sum: 44cc7b86353047f02cf6ea0653e38418\n sha1sum: 9f44b15e6681a6e58dd20784f829c68091a62cd1\n\n VMware ACE for Windows 32-bit and 64-bit\n Windows 32-bit and 64-bit .exe\n md5sum: 0779da73408c5e649e0fd1c62d23820f\n sha1sum: 2b2e4963adc89f3b642874685f490222523b63ef\n\n ACE Management Server for Windows\n Windows .exe\n md5sum: 0779da73408c5e649e0fd1c62d23820f\n sha1sum: 2b2e4963adc89f3b642874685f490222523b63ef\n\n ACE Management Server for SUSE Enterprise Linux 9\n SLES 9 .rpm\n md5sum: a4fc92d7197f0d569361cdf4b8cca642\n sha1sum: af8a135cca398cacaa82c8c3c325011c6cd3ed75\n\n ACE Management Server for Red Hat Enterprise Linux 4\n RHEL 4 .rpm\n md5sum: 841005151338c8b954f08d035815fd58\n sha1sum: 67e48624dba20e6be9e41ec9a5aba407dd8cc01e\n\n\n5. References\n\n CVE numbers\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0040\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005\n\n- ------------------------------------------------------------------------\n6. Change log\n\n2009-08-20 VMSA-2009-0010\nInitial security advisory after release of Workstation 6.5.3,\nPlayer 2.5.3, and ACE 2.5.3 on 2009-08-20. \n\n\n- ------------------------------------------------------------------------\n7. Contact\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n * security-announce at lists.vmware.com\n * bugtraq at securityfocus.com\n * full-disclosure at lists.grok.org.uk\n\nE-mail: security at vmware.com\nPGP key at: http://kb.vmware.com/kb/1055\n\nVMware Security Center\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2009 VMware Inc. All rights reserved. \n \n The updated packages have been patched to correct these issues. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6421\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6422\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2007.0:\n 912f61ea5210fbb94d71eef7bb634903 2007.0/i586/apache-base-2.2.3-1.3mdv2007.0.i586.rpm\n cb04a945da63abf56db5b444a3360916 2007.0/i586/apache-devel-2.2.3-1.3mdv2007.0.i586.rpm\n f4c419b30cd6f6520d9c995b9edf7098 2007.0/i586/apache-htcacheclean-2.2.3-1.3mdv2007.0.i586.rpm\n 1a40e9af24dce5bec34c4264ae1bdce2 2007.0/i586/apache-mod_authn_dbd-2.2.3-1.3mdv2007.0.i586.rpm\n 333f116f1036dcc4a95612179f7a34bd 2007.0/i586/apache-mod_cache-2.2.3-1.3mdv2007.0.i586.rpm\n 717feaa8449934514872fde1dfb26ff8 2007.0/i586/apache-mod_dav-2.2.3-1.3mdv2007.0.i586.rpm\n 15d3661edb2fa693fcc16e890f2b25a1 2007.0/i586/apache-mod_dbd-2.2.3-1.3mdv2007.0.i586.rpm\n 90bdaeaea54a973f5e813a495d82b14b 2007.0/i586/apache-mod_deflate-2.2.3-1.3mdv2007.0.i586.rpm\n 52a5ee95962b1153467443fb608eb3d8 2007.0/i586/apache-mod_disk_cache-2.2.3-1.3mdv2007.0.i586.rpm\n 8a0a950bfe0ce68ca498761e120d05da 2007.0/i586/apache-mod_file_cache-2.2.3-1.3mdv2007.0.i586.rpm\n 4f6b84375fd94d4467a3e3088de26a80 2007.0/i586/apache-mod_ldap-2.2.3-1.3mdv2007.0.i586.rpm\n fa98d84669215b56d3f64450af0d0f5d 2007.0/i586/apache-mod_mem_cache-2.2.3-1.3mdv2007.0.i586.rpm\n 665f988fa0cc99b4b55b01565a2d3075 2007.0/i586/apache-mod_proxy-2.2.3-1.3mdv2007.0.i586.rpm\n a22e15e33709ec0fff4c453643094031 2007.0/i586/apache-mod_proxy_ajp-2.2.3-1.3mdv2007.0.i586.rpm\n cca659746b2601dc61f8382c64d40206 2007.0/i586/apache-mod_ssl-2.2.3-1.3mdv2007.0.i586.rpm\n 208d8db690290b848c266593324c2a75 2007.0/i586/apache-mod_userdir-2.2.3-1.3mdv2007.0.i586.rpm\n 92a1be6ec8e7a0b274666ea7b2c8c47f 2007.0/i586/apache-modules-2.2.3-1.3mdv2007.0.i586.rpm\n 71670f17ade1c090567f4850c796bdef 2007.0/i586/apache-mpm-prefork-2.2.3-1.3mdv2007.0.i586.rpm\n dd78ed04d011e11e8872c606d4edfa93 2007.0/i586/apache-mpm-worker-2.2.3-1.3mdv2007.0.i586.rpm\n eb5785a9e04f14ac7788d43d18c39fcc 2007.0/i586/apache-source-2.2.3-1.3mdv2007.0.i586.rpm \n f066c405e8993de4fa506d8c05d37b9e 2007.0/SRPMS/apache-2.2.3-1.3mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n b25f0ae69e8be8c807afb36a5b58e4a7 2007.0/x86_64/apache-base-2.2.3-1.3mdv2007.0.x86_64.rpm\n ec93723ef9b7a5e62dc6704461e2b034 2007.0/x86_64/apache-devel-2.2.3-1.3mdv2007.0.x86_64.rpm\n 200fac36fbd67d6cd1857272aa5147e7 2007.0/x86_64/apache-htcacheclean-2.2.3-1.3mdv2007.0.x86_64.rpm\n ac7ec3a712d56ce1a076f29439c042d4 2007.0/x86_64/apache-mod_authn_dbd-2.2.3-1.3mdv2007.0.x86_64.rpm\n 126f880a37723b316f13f01c612883c5 2007.0/x86_64/apache-mod_cache-2.2.3-1.3mdv2007.0.x86_64.rpm\n 69460daf3173b6c9f0d9f84c3597d81a 2007.0/x86_64/apache-mod_dav-2.2.3-1.3mdv2007.0.x86_64.rpm\n 52cf72324ae29121fe2e2c955808791f 2007.0/x86_64/apache-mod_dbd-2.2.3-1.3mdv2007.0.x86_64.rpm\n 17517cc4f69dec1f4ba1c08b242526e4 2007.0/x86_64/apache-mod_deflate-2.2.3-1.3mdv2007.0.x86_64.rpm\n a5a27827a3f488b9f31a231aad43eae7 2007.0/x86_64/apache-mod_disk_cache-2.2.3-1.3mdv2007.0.x86_64.rpm\n f413791db00e648dc0fae00336340bf0 2007.0/x86_64/apache-mod_file_cache-2.2.3-1.3mdv2007.0.x86_64.rpm\n 9d74a9b5ff153557cf361ca1726fd9b1 2007.0/x86_64/apache-mod_ldap-2.2.3-1.3mdv2007.0.x86_64.rpm\n b8fde6545785d79344d5a85b7bd88903 2007.0/x86_64/apache-mod_mem_cache-2.2.3-1.3mdv2007.0.x86_64.rpm\n da3a732c1e41e62207085aefcd0fb99c 2007.0/x86_64/apache-mod_proxy-2.2.3-1.3mdv2007.0.x86_64.rpm\n df716921b9736859a712dea86b22c3f5 2007.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.3mdv2007.0.x86_64.rpm\n c69fd37756dbe81df897396e6c6413de 2007.0/x86_64/apache-mod_ssl-2.2.3-1.3mdv2007.0.x86_64.rpm\n a24b51c168be4a5d57a1d1b5a1401f83 2007.0/x86_64/apache-mod_userdir-2.2.3-1.3mdv2007.0.x86_64.rpm\n e481d9ceb7ffa6a6299417a6f7874c07 2007.0/x86_64/apache-modules-2.2.3-1.3mdv2007.0.x86_64.rpm\n 0917c7d2edab62a4c62e4dd6136dec93 2007.0/x86_64/apache-mpm-prefork-2.2.3-1.3mdv2007.0.x86_64.rpm\n a98b13300b903a0219dc9de626ea1bbe 2007.0/x86_64/apache-mpm-worker-2.2.3-1.3mdv2007.0.x86_64.rpm\n e83551cd2c8365788b767f90c204a13d 2007.0/x86_64/apache-source-2.2.3-1.3mdv2007.0.x86_64.rpm \n f066c405e8993de4fa506d8c05d37b9e 2007.0/SRPMS/apache-2.2.3-1.3mdv2007.0.src.rpm\n\n Mandriva Linux 2007.1:\n cb95db6136cbe28610e3e9baab45abeb 2007.1/i586/apache-base-2.2.4-6.4mdv2007.1.i586.rpm\n 6f9a4f9e658d51acdb9b8230a3ff8d10 2007.1/i586/apache-devel-2.2.4-6.4mdv2007.1.i586.rpm\n 71499b6f32722a7af4b664849eac6320 2007.1/i586/apache-htcacheclean-2.2.4-6.4mdv2007.1.i586.rpm\n 4c747fdb75063c7bb9bd50c0dbc59a5b 2007.1/i586/apache-mod_authn_dbd-2.2.4-6.4mdv2007.1.i586.rpm\n a3cae606ac80d807f84177c60e8455c8 2007.1/i586/apache-mod_cache-2.2.4-6.4mdv2007.1.i586.rpm\n 0f518e3f63d47d1c5a8193d95030f52d 2007.1/i586/apache-mod_dav-2.2.4-6.4mdv2007.1.i586.rpm\n 3ad5c633a0dcc187aad028f48dfb5b92 2007.1/i586/apache-mod_dbd-2.2.4-6.4mdv2007.1.i586.rpm\n 5fa41f5ac0caecb71c639f78222d8cee 2007.1/i586/apache-mod_deflate-2.2.4-6.4mdv2007.1.i586.rpm\n 1b4b5d31d1596eaa30987921d0ab07be 2007.1/i586/apache-mod_disk_cache-2.2.4-6.4mdv2007.1.i586.rpm\n 597eb4248325c05c1fafae90378425d6 2007.1/i586/apache-mod_file_cache-2.2.4-6.4mdv2007.1.i586.rpm\n f868cb2c42e06ae77fe349c7d31e0958 2007.1/i586/apache-mod_ldap-2.2.4-6.4mdv2007.1.i586.rpm\n a8696226c9930799d1fbad199c5e7084 2007.1/i586/apache-mod_mem_cache-2.2.4-6.4mdv2007.1.i586.rpm\n 2b62f69a3f58f1c572cbd8e961c11043 2007.1/i586/apache-mod_proxy-2.2.4-6.4mdv2007.1.i586.rpm\n bea2a28dc594b5fb8ef0591a7bb91714 2007.1/i586/apache-mod_proxy_ajp-2.2.4-6.4mdv2007.1.i586.rpm\n 9719faa4845deef9dc95f4ceeefce0e6 2007.1/i586/apache-mod_ssl-2.2.4-6.4mdv2007.1.i586.rpm\n 938e503476cac7f68b57322494e8f471 2007.1/i586/apache-mod_userdir-2.2.4-6.4mdv2007.1.i586.rpm\n cd01ff99ebacfe90c317d253d7ac11c4 2007.1/i586/apache-modules-2.2.4-6.4mdv2007.1.i586.rpm\n 5d830472142486b008e84851f5befdf9 2007.1/i586/apache-mpm-event-2.2.4-6.4mdv2007.1.i586.rpm\n 48ec7cbe8edbd745cc8446f2d274d8b7 2007.1/i586/apache-mpm-itk-2.2.4-6.4mdv2007.1.i586.rpm\n ada3666e18e2c49eb4849afbdad60f75 2007.1/i586/apache-mpm-prefork-2.2.4-6.4mdv2007.1.i586.rpm\n 7830123c1e76e8d02ca0a140c2b5f6c6 2007.1/i586/apache-mpm-worker-2.2.4-6.4mdv2007.1.i586.rpm\n 6498cc5113689f513cbdcfae0a2a3ad4 2007.1/i586/apache-source-2.2.4-6.4mdv2007.1.i586.rpm \n a716565584726e4d2d94ca4796c1d403 2007.1/SRPMS/apache-2.2.4-6.4mdv2007.1.src.rpm\n\n Mandriva Linux 2007.1/X86_64:\n 839816f464191d3aff0882eac70cea40 2007.1/x86_64/apache-base-2.2.4-6.4mdv2007.1.x86_64.rpm\n ac4910f34cbf168df34cd123604b044b 2007.1/x86_64/apache-devel-2.2.4-6.4mdv2007.1.x86_64.rpm\n a4b4f9d518ed8621348527938f6a8230 2007.1/x86_64/apache-htcacheclean-2.2.4-6.4mdv2007.1.x86_64.rpm\n d554aa06a52bd72e20f035beedd50dcf 2007.1/x86_64/apache-mod_authn_dbd-2.2.4-6.4mdv2007.1.x86_64.rpm\n 68659f413d0b1102c220b1b4824489b6 2007.1/x86_64/apache-mod_cache-2.2.4-6.4mdv2007.1.x86_64.rpm\n d92ec9a9deb7d188e644075a18951ae6 2007.1/x86_64/apache-mod_dav-2.2.4-6.4mdv2007.1.x86_64.rpm\n 07b06f6de52f0f107106cead6f47de2c 2007.1/x86_64/apache-mod_dbd-2.2.4-6.4mdv2007.1.x86_64.rpm\n 6bf077871aa95d08c934eacac7f1291e 2007.1/x86_64/apache-mod_deflate-2.2.4-6.4mdv2007.1.x86_64.rpm\n b16f793759b09e75b7e162a5d858d835 2007.1/x86_64/apache-mod_disk_cache-2.2.4-6.4mdv2007.1.x86_64.rpm\n 635452cc08657fa5da5b65dc40bf2c1b 2007.1/x86_64/apache-mod_file_cache-2.2.4-6.4mdv2007.1.x86_64.rpm\n 7a238972b773975493d8931d573233ec 2007.1/x86_64/apache-mod_ldap-2.2.4-6.4mdv2007.1.x86_64.rpm\n 46704ca76800a5b967a4dd6e8efef986 2007.1/x86_64/apache-mod_mem_cache-2.2.4-6.4mdv2007.1.x86_64.rpm\n 3c23cff577f9697b719c90918ef91b44 2007.1/x86_64/apache-mod_proxy-2.2.4-6.4mdv2007.1.x86_64.rpm\n c4ea096a86cdab894cb59bb868b849f0 2007.1/x86_64/apache-mod_proxy_ajp-2.2.4-6.4mdv2007.1.x86_64.rpm\n 01f40dde7c3c93606c82681af472815f 2007.1/x86_64/apache-mod_ssl-2.2.4-6.4mdv2007.1.x86_64.rpm\n 9ade922fc7d52d73a47ca5f3cb2c7525 2007.1/x86_64/apache-mod_userdir-2.2.4-6.4mdv2007.1.x86_64.rpm\n 5e7e44ef5703f1e4fe5a952e5a3f5239 2007.1/x86_64/apache-modules-2.2.4-6.4mdv2007.1.x86_64.rpm\n e1b06e559e600461e19f9ab0f21d94be 2007.1/x86_64/apache-mpm-event-2.2.4-6.4mdv2007.1.x86_64.rpm\n 9903bcc1c12a86a9c2f9483d0ef9685e 2007.1/x86_64/apache-mpm-itk-2.2.4-6.4mdv2007.1.x86_64.rpm\n ce244cc42b6c411d2e3264c6ac6e1a76 2007.1/x86_64/apache-mpm-prefork-2.2.4-6.4mdv2007.1.x86_64.rpm\n 5989a935f4a0e20ac2844982e81cda83 2007.1/x86_64/apache-mpm-worker-2.2.4-6.4mdv2007.1.x86_64.rpm\n 339fccde52210eca1bf7e3cf05b9ce0e 2007.1/x86_64/apache-source-2.2.4-6.4mdv2007.1.x86_64.rpm \n a716565584726e4d2d94ca4796c1d403 2007.1/SRPMS/apache-2.2.4-6.4mdv2007.1.src.rpm\n\n Mandriva Linux 2008.0:\n cb013d3f4f40e2dfe6a90e0a2a7cdd74 2008.0/i586/apache-base-2.2.6-8.1mdv2008.0.i586.rpm\n f2e8d6e8191794fac34ddc7fc0f38588 2008.0/i586/apache-devel-2.2.6-8.1mdv2008.0.i586.rpm\n 8456184db4de115db70e603dbe252456 2008.0/i586/apache-htcacheclean-2.2.6-8.1mdv2008.0.i586.rpm\n 9e8861daffdf9d6b0ab431b1c3c1fac9 2008.0/i586/apache-mod_authn_dbd-2.2.6-8.1mdv2008.0.i586.rpm\n de1f407b2eb4d84140686375d3497006 2008.0/i586/apache-mod_cache-2.2.6-8.1mdv2008.0.i586.rpm\n eaf010272f97a507f37a6145bb9de809 2008.0/i586/apache-mod_dav-2.2.6-8.1mdv2008.0.i586.rpm\n 4d1073009151607b47ffcedc96cdb834 2008.0/i586/apache-mod_dbd-2.2.6-8.1mdv2008.0.i586.rpm\n cfc6f2958ef8d117d1070e422078cdfa 2008.0/i586/apache-mod_deflate-2.2.6-8.1mdv2008.0.i586.rpm\n 3c423e687c0afc1b224e6535e16ec279 2008.0/i586/apache-mod_disk_cache-2.2.6-8.1mdv2008.0.i586.rpm\n ef790e64feeaf1a9ee5c58fd7e3b359d 2008.0/i586/apache-mod_file_cache-2.2.6-8.1mdv2008.0.i586.rpm\n 8f86f4c499dfa14fb2daf4f8b578e150 2008.0/i586/apache-mod_ldap-2.2.6-8.1mdv2008.0.i586.rpm\n 21b1fc690f38b779ee79bed31c5fa3a2 2008.0/i586/apache-mod_mem_cache-2.2.6-8.1mdv2008.0.i586.rpm\n 0ec954d20d7a080cc9a19c2146480897 2008.0/i586/apache-mod_proxy-2.2.6-8.1mdv2008.0.i586.rpm\n 50a87c9099f0c094c9fbb763e334fae9 2008.0/i586/apache-mod_proxy_ajp-2.2.6-8.1mdv2008.0.i586.rpm\n 9d4e1c4a6614e70b77cd2e03e3baeaea 2008.0/i586/apache-mod_ssl-2.2.6-8.1mdv2008.0.i586.rpm\n 29346499f10a850f8011191b0d242709 2008.0/i586/apache-mod_userdir-2.2.6-8.1mdv2008.0.i586.rpm\n 21c5bc6f2861cc532c8b5dae3f3e1ee2 2008.0/i586/apache-modules-2.2.6-8.1mdv2008.0.i586.rpm\n 944b6d2f395f4d26deeef93f9ce55c5b 2008.0/i586/apache-mpm-event-2.2.6-8.1mdv2008.0.i586.rpm\n 0fc46d4eae684b21a9a98a6c876960b3 2008.0/i586/apache-mpm-itk-2.2.6-8.1mdv2008.0.i586.rpm\n ab00a26cd43e9045e66da620e9678412 2008.0/i586/apache-mpm-prefork-2.2.6-8.1mdv2008.0.i586.rpm\n 785499e86b70da53c76a7d3321da1b30 2008.0/i586/apache-mpm-worker-2.2.6-8.1mdv2008.0.i586.rpm\n c1ccaf747ebe4bd71f875f70c969d4e7 2008.0/i586/apache-source-2.2.6-8.1mdv2008.0.i586.rpm \n 2d535ab37b9a247e827054766219f7e6 2008.0/SRPMS/apache-2.2.6-8.1mdv2008.0.src.rpm\n\n Mandriva Linux 2008.0/X86_64:\n 56b868f5c7a86b68666af13fe2a5c925 2008.0/x86_64/apache-base-2.2.6-8.1mdv2008.0.x86_64.rpm\n 16ca885969a1bd9d7f6d4a00a7c33095 2008.0/x86_64/apache-devel-2.2.6-8.1mdv2008.0.x86_64.rpm\n 76bcdbe509c56ec471ff767f5f7f925f 2008.0/x86_64/apache-htcacheclean-2.2.6-8.1mdv2008.0.x86_64.rpm\n 36fc978398d6b8f406f0913ecac5576e 2008.0/x86_64/apache-mod_authn_dbd-2.2.6-8.1mdv2008.0.x86_64.rpm\n d6644c5729325e3a0f7bda5ffe12523c 2008.0/x86_64/apache-mod_cache-2.2.6-8.1mdv2008.0.x86_64.rpm\n 98e86f62995310727dc7b7343776c948 2008.0/x86_64/apache-mod_dav-2.2.6-8.1mdv2008.0.x86_64.rpm\n 7aa7da7cb9fc4f29071535620de42023 2008.0/x86_64/apache-mod_dbd-2.2.6-8.1mdv2008.0.x86_64.rpm\n 8cb681d914e9619adf261dca86154538 2008.0/x86_64/apache-mod_deflate-2.2.6-8.1mdv2008.0.x86_64.rpm\n 1ebc35b8050495230d6809f97dd89731 2008.0/x86_64/apache-mod_disk_cache-2.2.6-8.1mdv2008.0.x86_64.rpm\n 7db7d64521dc4253edc59645e79a5e57 2008.0/x86_64/apache-mod_file_cache-2.2.6-8.1mdv2008.0.x86_64.rpm\n 5624b75d6d1eb311e6332c6a7e10e42f 2008.0/x86_64/apache-mod_ldap-2.2.6-8.1mdv2008.0.x86_64.rpm\n e7049015c893a5a75d0c4bbc68e18615 2008.0/x86_64/apache-mod_mem_cache-2.2.6-8.1mdv2008.0.x86_64.rpm\n 910e8bcb28e00501ebd39aa9c30e3cad 2008.0/x86_64/apache-mod_proxy-2.2.6-8.1mdv2008.0.x86_64.rpm\n 2451f7726434398f715bac328422faa8 2008.0/x86_64/apache-mod_proxy_ajp-2.2.6-8.1mdv2008.0.x86_64.rpm\n c6a102776378eecfbe64f87d2a4f261b 2008.0/x86_64/apache-mod_ssl-2.2.6-8.1mdv2008.0.x86_64.rpm\n 27a79220cf963ba1dfe6f17d6e66d3f5 2008.0/x86_64/apache-mod_userdir-2.2.6-8.1mdv2008.0.x86_64.rpm\n e87a2f8d0e8cf23fe0cc3a7a44195f68 2008.0/x86_64/apache-modules-2.2.6-8.1mdv2008.0.x86_64.rpm\n 6224d03ea5169e71fd588ddff0b95f16 2008.0/x86_64/apache-mpm-event-2.2.6-8.1mdv2008.0.x86_64.rpm\n e61bcd69bd997a5cddacc2f58dd1f1b9 2008.0/x86_64/apache-mpm-itk-2.2.6-8.1mdv2008.0.x86_64.rpm\n 304a7257ba0104bb799c3ab6a09cb977 2008.0/x86_64/apache-mpm-prefork-2.2.6-8.1mdv2008.0.x86_64.rpm\n d19f57238828efc73f24ff69c1dca341 2008.0/x86_64/apache-mpm-worker-2.2.6-8.1mdv2008.0.x86_64.rpm\n e72351edf865715beac70996ca1ea09b 2008.0/x86_64/apache-source-2.2.6-8.1mdv2008.0.x86_64.rpm \n 2d535ab37b9a247e827054766219f7e6 2008.0/SRPMS/apache-2.2.6-8.1mdv2008.0.src.rpm\n\n Corporate 4.0:\n 0c36f90139943f6564058fb6c9a0028c corporate/4.0/i586/apache-base-2.2.3-1.3.20060mlcs4.i586.rpm\n 2c23db7c0c820a6d05cf9e89e10d437b corporate/4.0/i586/apache-devel-2.2.3-1.3.20060mlcs4.i586.rpm\n 6729c4c238ea40547ca8ad4ad34fac39 corporate/4.0/i586/apache-htcacheclean-2.2.3-1.3.20060mlcs4.i586.rpm\n 8c6b35f7192abf90e6af6a07c27099d0 corporate/4.0/i586/apache-mod_authn_dbd-2.2.3-1.3.20060mlcs4.i586.rpm\n 6f3ae30580187b440261747c0f975ec6 corporate/4.0/i586/apache-mod_cache-2.2.3-1.3.20060mlcs4.i586.rpm\n 56dd118e6e37165e6638baab4e58d08e corporate/4.0/i586/apache-mod_dav-2.2.3-1.3.20060mlcs4.i586.rpm\n 6e3512489622cf59e0f32458d943f65b corporate/4.0/i586/apache-mod_dbd-2.2.3-1.3.20060mlcs4.i586.rpm\n 7946432730bdac3ec21ca376f8f8ca12 corporate/4.0/i586/apache-mod_deflate-2.2.3-1.3.20060mlcs4.i586.rpm\n eeac05dfe0a57512de566f6a2e1e105e corporate/4.0/i586/apache-mod_disk_cache-2.2.3-1.3.20060mlcs4.i586.rpm\n b50af44b3084fcff0bc6cff1ac50023f corporate/4.0/i586/apache-mod_file_cache-2.2.3-1.3.20060mlcs4.i586.rpm\n a92816a879182cbca50ebace4bb5f193 corporate/4.0/i586/apache-mod_ldap-2.2.3-1.3.20060mlcs4.i586.rpm\n 2ca6a18de738a817cb346f1eb31bf76a corporate/4.0/i586/apache-mod_mem_cache-2.2.3-1.3.20060mlcs4.i586.rpm\n b984ff19a2458f844f62be84635060d1 corporate/4.0/i586/apache-mod_proxy-2.2.3-1.3.20060mlcs4.i586.rpm\n b816b9c09345b92da5a0216f5e9db932 corporate/4.0/i586/apache-mod_proxy_ajp-2.2.3-1.3.20060mlcs4.i586.rpm\n 240fb4ea33d91846fc083def26b19465 corporate/4.0/i586/apache-mod_ssl-2.2.3-1.3.20060mlcs4.i586.rpm\n afcda5d86a48edba71a81a8fda0d0f75 corporate/4.0/i586/apache-mod_userdir-2.2.3-1.3.20060mlcs4.i586.rpm\n 76705f36eb869b9a1520df0c09a7d1e9 corporate/4.0/i586/apache-modules-2.2.3-1.3.20060mlcs4.i586.rpm\n eb5bc900fa99aab700c29af7978ca44f corporate/4.0/i586/apache-mpm-prefork-2.2.3-1.3.20060mlcs4.i586.rpm\n 57a7cb6d3fc97eca6c46685f606a3618 corporate/4.0/i586/apache-mpm-worker-2.2.3-1.3.20060mlcs4.i586.rpm\n 804752d26fd2db2088cbc73ee9aee8f5 corporate/4.0/i586/apache-source-2.2.3-1.3.20060mlcs4.i586.rpm \n ece351bfa879df71f200f00d143779b9 corporate/4.0/SRPMS/apache-2.2.3-1.3.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n 74d411bb422230857a8971a9ce428c0e corporate/4.0/x86_64/apache-base-2.2.3-1.3.20060mlcs4.x86_64.rpm\n 5ede29fb5e502fdc96dbb4722b69bb26 corporate/4.0/x86_64/apache-devel-2.2.3-1.3.20060mlcs4.x86_64.rpm\n dcecf6dece1ec0c083f924b8e545b864 corporate/4.0/x86_64/apache-htcacheclean-2.2.3-1.3.20060mlcs4.x86_64.rpm\n b7bf0d94f575d6e1e42296b69e5d056b corporate/4.0/x86_64/apache-mod_authn_dbd-2.2.3-1.3.20060mlcs4.x86_64.rpm\n 6718af7bd108e06d8e6be0046473ce69 corporate/4.0/x86_64/apache-mod_cache-2.2.3-1.3.20060mlcs4.x86_64.rpm\n fce075627de036b3d71a93ceafa6105e corporate/4.0/x86_64/apache-mod_dav-2.2.3-1.3.20060mlcs4.x86_64.rpm\n 973a484aed44fd0281c34a0227131400 corporate/4.0/x86_64/apache-mod_dbd-2.2.3-1.3.20060mlcs4.x86_64.rpm\n 359ad6bfc294b82d14788ea3f2fb5b1f corporate/4.0/x86_64/apache-mod_deflate-2.2.3-1.3.20060mlcs4.x86_64.rpm\n ce014700683860f81922680ab29d335b corporate/4.0/x86_64/apache-mod_disk_cache-2.2.3-1.3.20060mlcs4.x86_64.rpm\n b918e9b9eeb06303a8b3f26f63666f74 corporate/4.0/x86_64/apache-mod_file_cache-2.2.3-1.3.20060mlcs4.x86_64.rpm\n 969c3cf38987f91d576de441e5781b5d corporate/4.0/x86_64/apache-mod_ldap-2.2.3-1.3.20060mlcs4.x86_64.rpm\n e3c4128b336c45e9470e57a1439cead9 corporate/4.0/x86_64/apache-mod_mem_cache-2.2.3-1.3.20060mlcs4.x86_64.rpm\n e6c07bd0bed38660852db97807e0b3dd corporate/4.0/x86_64/apache-mod_proxy-2.2.3-1.3.20060mlcs4.x86_64.rpm\n d6b2621b48abe4c74ecd5e24e7c3c9f9 corporate/4.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.3.20060mlcs4.x86_64.rpm\n 166b443903e18e77afee950f368ae763 corporate/4.0/x86_64/apache-mod_ssl-2.2.3-1.3.20060mlcs4.x86_64.rpm\n bcbd01a168655d57ad7dcbf424b4d91a corporate/4.0/x86_64/apache-mod_userdir-2.2.3-1.3.20060mlcs4.x86_64.rpm\n 3723d163f681e478e677c75a286f352e corporate/4.0/x86_64/apache-modules-2.2.3-1.3.20060mlcs4.x86_64.rpm\n f17cbd7d765045b30dd43f62efb7cfd3 corporate/4.0/x86_64/apache-mpm-prefork-2.2.3-1.3.20060mlcs4.x86_64.rpm\n 6e704ce4a8ab0b5817273af16b997ea2 corporate/4.0/x86_64/apache-mpm-worker-2.2.3-1.3.20060mlcs4.x86_64.rpm\n f35f2e3795dba910451ac03ec63f8898 corporate/4.0/x86_64/apache-source-2.2.3-1.3.20060mlcs4.x86_64.rpm \n ece351bfa879df71f200f00d143779b9 corporate/4.0/SRPMS/apache-2.2.3-1.3.20060mlcs4.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS), unauthorized access, unauthorized disclosure of information, or unauthorized modifications. \nHP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier. \n\nKit Name\n Location\n\nHP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c01607570\nVersion: 1\n\nHPSBMA02388 SSRT080059 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Cross Site Scripting (XSS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2008-11-19\nLast Updated: 2008-11-19\n\nPotential Security Impact: Remote cross site scripting (XSS)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). The vulnerabilities could be exploited remotely to allow cross site scripting (XSS). \n\nReferences: CVE-2007-6388, CVE-2007-5000\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP OpenView Network Node Manager (OV NNM) v7.01, v7.51, v7.53 running on HP-UX, Linux, and Solaris\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics \n===============================================\nReference Base Vector Base Score \nCVE-2007-6388 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2007-5000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\n===============================================\nInformation on CVSS is documented in HP Customer Notice: HPSN-2008-002. \n\nRESOLUTION\n\nHP has made patches available to resolve the vulnerabilities. \n\nThe patches are available from http://itrc.hp.com \n\nOV NNM v7.53 \n===========\nOperating_System - HP-UX (IA)\nResolved in Patch - PHSS_38148 or subsequent\n \nOperating_System - HP-UX (PA)\nResolved in Patch - PHSS_38147 or subsequent\n \nOperating_System - Linux RedHatAS2.1 \nResolved in Patch - LXOV_00085 or subsequent\n \nOperating_System - Linux RedHat4AS-x86_64 \nResolved in Patch - LXOV_00086 or subsequent\n \nOperating_System - Solaris\nResolved in Patch - PSOV_03514 or subsequent\n \nOV NNM v7.51 \n===========\nUpgrade to NNM v7.53 and install the patches listed above. \n\nOV NNM v7.01 \n===========\nOperating_System - HP-UX (PA)\nResolved in Patch - PHSS_38761 or subsequent\n \nOperating_System - Solaris\nResolved in Patch - PSOV_03516 or subsequent\n \n\nMANUAL ACTIONS: Yes - NonUpdate \nApply the appropriate file as described in the Resolution. \n\nPRODUCT SPECIFIC INFORMATION \n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa \n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS (for HP-UX)\n\nFor HP-UX OV NNM 7.53 \nHP-UX B.11.31 \nHP-UX B.11.23 (IA) \n============= \nOVNNMgr.OVNNM-RUN \naction: install PHSS_38148 or subsequent \nURL: http://itrc.hp.com \n\nHP-UX B.11.23 (PA) \nHP-UX B.11.11 \n============= \nOVNNMgr.OVNNM-RUN \naction: install PHSS_38147 or subsequent \nURL: http://itrc.hp.com \n\nFor HP-UX OV NNM 7.51 \nHP-UX B.11.31 \nHP-UX B.11.23 \nHP-UX B.11.11 \n============= \nOVNNMgr.OVNNM-RUN \naction: upgrade NNM v7.51 to NNM v7.53 and apply the appropriate patches \n\nFor HP-UX OV NNM 7.01 \nHP-UX B.11.00 \nHP-UX B.11.11 \n============= \nOVNNMgr.OVNNM-RUN \naction: install PHSS_38761 or subsequent \nURL: http://itrc.hp.com \n\nEND AFFECTED VERSIONS (for HP-UX)\n\nHISTORY \nVersion:1 (rev.1) - 19 November 2008 Initial release \n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com \nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n To: security-alert@hp.com \n Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email: \nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC \nOn the web page: ITRC security bulletins and patch sign-up \nUnder Step1: your ITRC security bulletins and patches \n - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems \n - verify your operating system selections are checked and save. \n\n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php \nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do \n\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: \n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n \nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2008 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 8.1\n\niQA/AwUBSSQhVOAfOvwtKn1ZEQIlVQCg4n4fABzC24c9qQ5gz68oPLMVKI0AoMbs\nA2UIaH3YB7z+o42Tm7Eg7ahn\n=lskD\n-----END PGP SIGNATURE-----\n. The goal of this project is to\nprovide a secure, efficient and extensible server that provides\nHTTP services in sync with the current HTTP standards. The November 2005 Netcraft Web Server Survey found\nthat more than 70% of the web sites on the Internet are using\nApache, thus making it more widely used than all other web\nservers combined. A HTML page is presented that gives the current server statistics in an easily readable form. If required this page can be made to automatically refresh (given a compatible browser). Another page gives a simple machine-readable list of the current server state.\"\n\n- --- 1. Apache Refresh Header - Open Redirector (XSS) Vulnerability ---\n\nDuring the fact that Apache mod_status do not filter char \";\" we can inject new URL. \nThis fact give attacker open redirector and can lead to phishing attack. \nAlso attacker can create more advanced method to trigger XSS on victim\u0027s browser. Exploit ---\n\nSecurityReason is not going to release a exploit to the general public. \nExploit was provided and tested for Apache Team . References ---\n\nA Refreshing Look at Redirection : http://www.securityfocus.com/archive/1/450418 by Amit Klein\n\n- --- 5. Greets ---\n\nFor: Maksymilian Arciemowicz ( cXIb8O3 ), Infospec, pi3, p_e_a, mpp\n\n- --- 6. \nHP-UX B.11.11, B.11.23, B.11.31 running Apache v2.0.59.00.2 or earlier", "sources": [ { "db": "NVD", "id": "CVE-2007-6388" }, { "db": "JVNDB", "id": "JVNDB-2008-001001" }, { "db": "BID", "id": "27237" }, { "db": "VULMON", "id": "CVE-2007-6388" }, { "db": "PACKETSTORM", "id": "63262" }, { "db": "PACKETSTORM", "id": "62720" }, { "db": "PACKETSTORM", "id": "89987" }, { "db": "PACKETSTORM", "id": "80533" }, { "db": "PACKETSTORM", "id": "62719" }, { "db": "PACKETSTORM", "id": "62721" }, { "db": "PACKETSTORM", "id": "101257" }, { "db": "PACKETSTORM", "id": "72120" }, { "db": "PACKETSTORM", "id": "62634" }, { "db": "PACKETSTORM", "id": "63601" } ], "trust": 2.88 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2007-6388", "trust": 3.8 }, { "db": "BID", "id": "27237", "trust": 2.8 }, { "db": "SECUNIA", "id": "28471", "trust": 2.5 }, { "db": "USCERT", "id": "TA08-150A", "trust": 2.5 }, { "db": "SECTRACK", "id": "1019154", "trust": 2.5 }, { "db": "SECUNIA", "id": "29988", "trust": 1.7 }, { "db": "SECUNIA", "id": "28607", "trust": 1.7 }, { "db": "SECUNIA", "id": "28977", "trust": 1.7 }, { "db": "SECUNIA", "id": "30732", "trust": 1.7 }, { "db": "SECUNIA", "id": "30430", "trust": 1.7 }, { "db": "SECUNIA", "id": "29504", "trust": 1.7 }, { "db": "SECUNIA", "id": "28526", "trust": 1.7 }, { "db": "SECUNIA", "id": "29806", "trust": 1.7 }, { "db": "SECUNIA", "id": "33200", "trust": 1.7 }, { "db": "SECUNIA", "id": "28749", "trust": 1.7 }, { "db": "SECUNIA", "id": "28922", "trust": 1.7 }, { "db": "SECUNIA", "id": "30356", "trust": 1.7 }, { "db": "SECUNIA", "id": "29640", "trust": 1.7 }, { "db": "SECUNIA", "id": "32800", "trust": 1.7 }, { "db": "SECUNIA", "id": "31142", "trust": 1.7 }, { "db": "SECUNIA", "id": "29420", "trust": 1.7 }, { "db": "SECUNIA", "id": "28965", "trust": 1.7 }, { "db": "SECUNIA", "id": "28467", "trust": 1.7 }, { "db": "SREASON", "id": "3541", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2008-0809", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2008-0047", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2008-1623", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2008-1697", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2008-0554", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2008-0447", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2008-0924", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2008-1224", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2008-0986", "trust": 1.7 }, { "db": "USCERT", "id": "SA08-150A", "trust": 0.8 }, { "db": "USCERT", "id": "TA08-079A", "trust": 0.8 }, { "db": "USCERT", "id": "SA08-079A", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2008-001001", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-200801-095", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2007-6388", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "63262", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "62720", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "89987", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "80533", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "62719", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "62721", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "101257", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "72120", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "62634", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "63601", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2007-6388" }, { "db": "BID", "id": "27237" }, { "db": "JVNDB", "id": "JVNDB-2008-001001" }, { "db": "PACKETSTORM", "id": "63262" }, { "db": "PACKETSTORM", "id": "62720" }, { "db": "PACKETSTORM", "id": "89987" }, { "db": "PACKETSTORM", "id": "80533" }, { "db": "PACKETSTORM", "id": "62719" }, { "db": "PACKETSTORM", "id": "62721" }, { "db": "PACKETSTORM", "id": "101257" }, { "db": "PACKETSTORM", "id": "72120" }, { "db": "PACKETSTORM", "id": "62634" }, { "db": "PACKETSTORM", "id": "63601" }, { "db": "CNNVD", "id": "CNNVD-200801-095" }, { "db": "NVD", "id": "CVE-2007-6388" } ] }, "id": "VAR-200801-0561", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.16519225 }, "last_update_date": "2024-11-29T20:27:08.417000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Fixed in Apache httpd 1.3.41", "trust": 0.8, "url": "http://httpd.apache.org/security/vulnerabilities_13.html#1.3.41" }, { "title": "Fixed in Apache httpd 2.0.63", "trust": 0.8, "url": "http://httpd.apache.org/security/vulnerabilities_20.html#2.0.63" }, { "title": "Fixed in Apache httpd 2.2.8", "trust": 0.8, "url": "http://httpd.apache.org/security/vulnerabilities_22.html#2.2.8" }, { "title": "Security Update 2008-003", "trust": 0.8, "url": "http://support.apple.com/kb/HT1897" }, { "title": "Security Update 2008-002", "trust": 0.8, "url": "http://docs.info.apple.com/article.html?artnum=307562-en" }, { "title": "Security Update 2008-003", "trust": 0.8, "url": "http://support.apple.com/kb/HT1897?viewlocale=ja_JP" }, { "title": "Security Update 2008-002", "trust": 0.8, "url": "http://docs.info.apple.com/article.html?artnum=307562-ja" }, { "title": "httpd-2.2.3-11.3.1AX", "trust": 0.8, "url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=94" }, { "title": "HS08-016", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS08-016/index.html" }, { "title": "HPSBUX02313", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01364714" }, { "title": "HPSBUX02313", "trust": 0.8, "url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/HP-UX/HPSBUX02313.html" }, { "title": "4019245", "trust": 0.8, "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24019245" }, { "title": "PK65782", "trust": 0.8, "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK65782" }, { "title": "PK63273", "trust": 0.8, "url": "http://www-1.ibm.com/support/docview.wss?rs=0\u0026context=SSEQTJ\u0026uid=swg1PK63273\u0026loc=en_US\u0026cs=utf-8\u0026cc=US\u0026lang=all" }, { "title": "7007033", "trust": 0.8, "url": "http://www-1.ibm.com/support/docview.wss?uid=swg27007033#60227" }, { "title": "httpd (V3.0)", "trust": 0.8, "url": "http://www.miraclelinux.com/update/linux/list.php?errata_id=1224" }, { "title": "httpd (V4.0)", "trust": 0.8, "url": "http://www.miraclelinux.com/update/linux/list.php?errata_id=1221" }, { "title": "apache (V2.x)", "trust": 0.8, "url": "http://www.miraclelinux.com/update/linux/list.php?errata_id=1205" }, { "title": "Oracle Critical Patch Update Advisory - July 2013", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html" }, { "title": "Text Form of Oracle Critical Patch Update - July 2013 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013verbose-1899830.html" }, { "title": "RHSA-2008:0004", "trust": 0.8, "url": "https://rhn.redhat.com/errata/RHSA-2008-0004.html" }, { "title": "RHSA-2008:0005", "trust": 0.8, "url": "https://rhn.redhat.com/errata/RHSA-2008-0005.html" }, { "title": "RHSA-2008:0006", "trust": 0.8, "url": "https://rhn.redhat.com/errata/RHSA-2008-0006.html" }, { "title": "RHSA-2008:0007", "trust": 0.8, "url": "https://rhn.redhat.com/errata/RHSA-2008-0007.html" }, { "title": "RHSA-2008:0008", "trust": 0.8, "url": "https://rhn.redhat.com/errata/RHSA-2008-0008.html" }, { "title": "July 2013 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/july_2013_critical_patch_update" }, { "title": "233623", "trust": 0.8, "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-233623-1" }, { "title": "TLSA-2008-5", "trust": 0.8, "url": "http://www.turbolinux.com/security/2008/TLSA-2008-5.txt" }, { "title": "interstage_as_200808", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_200808.html" }, { "title": "HS08-016", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS08-016/index.html" }, { "title": "RHSA-2008:0005", "trust": 0.8, "url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2008-0005J.html" }, { "title": "RHSA-2008:0006", "trust": 0.8, "url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2008-0006J.html" }, { "title": "RHSA-2008:0008", "trust": 0.8, "url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2008-0008J.html" }, { "title": "RHSA-2008:0004", "trust": 0.8, "url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2008-0004J.html" }, { "title": "TLSA-2008-5", "trust": 0.8, "url": "http://www.turbolinux.co.jp/security/2008/TLSA-2008-5j.txt" }, { "title": "Ubuntu Security Notice: apache2 vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-575-1" }, { "title": "", "trust": 0.1, "url": "https://github.com/SecureAxom/strike " } ], "sources": [ { "db": "VULMON", "id": "CVE-2007-6388" }, { "db": "JVNDB", "id": "JVNDB-2008-001001" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-79", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2008-001001" }, { "db": "NVD", "id": "CVE-2007-6388" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.6, "url": "http://www.securityfocus.com/bid/27237" }, { "trust": 2.5, "url": "http://securitytracker.com/id?1019154" }, { "trust": 2.5, "url": "http://www.us-cert.gov/cas/techalerts/ta08-150a.html" }, { "trust": 2.0, "url": "http://support.avaya.com/elmodocs2/security/asa-2008-032.htm" }, { "trust": 2.0, "url": "http://support.nortel.com/go/main.jsp?cscat=bltndetail\u0026id=689039" }, { "trust": 2.0, "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1pk62966" }, { "trust": 2.0, "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1pk63273" }, { "trust": 2.0, "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24019245" }, { "trust": 2.0, "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200808e.html" }, { "trust": 2.0, "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html" }, { "trust": 1.7, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2008:014" }, { "trust": 1.7, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2008:015" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2008-0004.html" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2008-0005.html" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2008-0006.html" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2008-0007.html" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2008-0008.html" }, { "trust": 1.7, "url": "http://secunia.com/advisories/28467" }, { "trust": 1.7, "url": "http://secunia.com/advisories/28471" }, { "trust": 1.7, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2008:016" }, { "trust": 1.7, "url": "http://secunia.com/advisories/28526" }, { "trust": 1.7, "url": "http://secunia.com/advisories/28607" }, { "trust": 1.7, "url": "http://www.ubuntu.com/usn/usn-575-1" }, { "trust": 1.7, "url": "http://secunia.com/advisories/28749" }, { "trust": 1.7, "url": "http://www116.nortel.com/pub/repository/clarify/document/2008/05/023342-01.pdf" }, { "trust": 1.7, "url": "http://secunia.com/advisories/28965" }, { "trust": 1.7, "url": "https://www.redhat.com/archives/fedora-package-announce/2008-february/msg00562.html" }, { "trust": 1.7, "url": "https://www.redhat.com/archives/fedora-package-announce/2008-february/msg00541.html" }, { "trust": 1.7, "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.595748" }, { "trust": 1.7, "url": "http://secunia.com/advisories/28977" }, { "trust": 1.7, "url": "http://secunia.com/advisories/28922" }, { "trust": 1.7, "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-233623-1" }, { "trust": 1.7, "url": "http://docs.info.apple.com/article.html?artnum=307562" }, { "trust": 1.7, "url": "http://lists.apple.com/archives/security-announce/2008/mar/msg00001.html" }, { "trust": 1.7, "url": "http://secunia.com/advisories/29420" }, { "trust": 1.7, "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=pk59667\u0026apar=only" }, { "trust": 1.7, "url": "http://secunia.com/advisories/29504" }, { "trust": 1.7, "url": "http://securityreason.com/securityalert/3541" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html" }, { "trust": 1.7, "url": "http://secunia.com/advisories/29640" }, { "trust": 1.7, "url": "http://secunia.com/advisories/29806" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2008-0009.html" }, { "trust": 1.7, "url": "http://secunia.com/advisories/29988" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2008-0261.html" }, { "trust": 1.7, "url": "http://secunia.com/advisories/30356" }, { "trust": 1.7, "url": "http://lists.apple.com/archives/security-announce/2008//may/msg00001.html" }, { "trust": 1.7, "url": "http://secunia.com/advisories/30430" }, { "trust": 1.7, "url": "http://secunia.com/advisories/31142" }, { "trust": 1.7, "url": "http://secunia.com/advisories/30732" }, { "trust": 1.7, "url": "http://secunia.com/advisories/33200" }, { "trust": 1.7, "url": "http://lists.vmware.com/pipermail/security-announce/2009/000062.html" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2008/1697" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2008/0924/references" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2008/0809/references" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2008/0554" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2008/0986/references" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2008/0047" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2008/1224/references" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2008/0447/references" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2008/1623/references" }, { "trust": 1.7, "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2" }, { "trust": 1.7, "url": "http://secunia.com/advisories/32800" }, { "trust": 1.7, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39472" }, { "trust": 1.7, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10272" }, { "trust": 1.7, "url": "http://www.securityfocus.com/archive/1/505990/100/0/threaded" }, { "trust": 1.7, "url": "http://www.securityfocus.com/archive/1/498523/100/0/threaded" }, { "trust": 1.7, "url": "http://www.securityfocus.com/archive/1/494428/100/0/threaded" }, { "trust": 1.7, "url": "http://www.securityfocus.com/archive/1/488082/100/0/threaded" }, { "trust": 1.5, "url": "http://httpd.apache.org/security/vulnerabilities_13.html" }, { "trust": 1.5, "url": "http://httpd.apache.org/security/vulnerabilities_20.html" }, { "trust": 1.5, "url": "http://httpd.apache.org/security/vulnerabilities_22.html" }, { "trust": 1.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6388" }, { "trust": 1.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6388" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3ccvs.httpd.apache.org%3e" }, { "trust": 0.8, "url": "http://www.frsirt.com/english/advisories/2008/0047" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnta08-079a/index.html" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnta08-150a/" }, { "trust": 0.8, "url": "http://jvn.jp/tr/trta08-079a/index.html" }, { "trust": 0.8, "url": "http://jvn.jp/tr/trta08-150a/index.html" }, { "trust": 0.8, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-6388" }, { "trust": 0.8, "url": "http://secunia.com/advisories/28471/" }, { "trust": 0.8, "url": "http://www.us-cert.gov/cas/alerts/sa08-079a.html" }, { "trust": 0.8, "url": "http://www.us-cert.gov/cas/alerts/sa08-150a.html" }, { "trust": 0.8, "url": "http://www.us-cert.gov/cas/techalerts/ta08-079a.html" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5000" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0005" }, { "trust": 0.6, "url": "httpd.apache.org%3e" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3ccvs." }, { "trust": 0.6, "url": "httpd.apache.org/security/vulnerabilities_13.html" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3ccvs." }, { "trust": 0.6, "url": "httpd.apache.org/security/vulnerabilities_22.html" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs." }, { "trust": 0.6, "url": "httpd.apache.org/security/vulnerabilities_20.html" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3ccvs." }, { "trust": 0.4, "url": "http://securityreason.com/achievement_securityalert/50" }, { "trust": 0.4, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5000" }, { "trust": 0.4, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0005" }, { "trust": 0.4, "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do" }, { "trust": 0.4, "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc" }, { "trust": 0.4, "url": "http://h30046.www3.hp.com/subsignin.php" }, { "trust": 0.3, "url": "http://httpd.apache.org/" }, { "trust": 0.3, "url": "https://www13.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c01607570\u0026admit=109447627+1227181083938+28353475" }, { "trust": 0.3, "url": " http://www.phptoys.com/product/micro-news.html" }, { "trust": 0.3, "url": "https://www14.software.ibm.com/webapp/set2/sas/f/hmc/power5/install/v61.readme.html#mh01110" }, { "trust": 0.3, "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-233623-1" }, { "trust": 0.3, "url": "http://www.apache.org/dist/httpd/announcement1.3.html" }, { "trust": 0.3, "url": "http://www.apache.org/dist/httpd/announcement2.0.html" }, { "trust": 0.3, "url": "http://support.avaya.com/elmodocs2/security/asa-2008-026.htm" }, { "trust": 0.3, "url": "http://support.avaya.com/elmodocs2/security/asa-2008-031.htm" }, { "trust": 0.3, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01364714" }, { "trust": 0.3, "url": "http://rhn.redhat.com/errata/rhsa-2008-0004.html" }, { "trust": 0.3, "url": "http://rhn.redhat.com/errata/rhsa-2008-0005.html" }, { "trust": 0.3, "url": "http://rhn.redhat.com/errata/rhsa-2008-0006.html" }, { "trust": 0.3, "url": "http://rhn.redhat.com/errata/rhsa-2008-0007.html" }, { "trust": 0.3, "url": "http://rhn.redhat.com/errata/rhsa-2008-0008.html" }, { "trust": 0.3, "url": "http://rhn.redhat.com/errata/rhsa-2008-0261.html" }, { "trust": 0.3, "url": "http://rhn.redhat.com/errata/rhsa-2008-0263.html" }, { "trust": 0.3, "url": "http://rhn.redhat.com/errata/rhsa-2008-0523.html" }, { "trust": 0.3, "url": "http://rhn.redhat.com/errata/rhsa-2008-0524.html" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6422" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6421" }, { "trust": 0.3, "url": "http://www.mandriva.com/security/" }, { "trust": 0.3, "url": "http://www.mandriva.com/security/advisories" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-4465" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3918" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-3847" }, { "trust": 0.2, "url": "https://www.hp.com/go/swa" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/79.html" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/575-1/" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.4-3ubuntu0.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2.dsc" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3.orig.tar.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.4-3ubuntu0.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.3-3.2ubuntu2.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4.orig.tar.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3.dsc" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.4-3ubuntu0.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.3-3.2ubuntu2.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu4.2_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.3-3.2ubuntu2.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1.dsc" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1.diff.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2.diff.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1.dsc" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3.diff.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.3_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1.diff.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_powerpc.deb" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-2364" }, { "trust": 0.1, "url": "http://support.openview.hp.com/support.jsp" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6420" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-2939" }, { "trust": 0.1, "url": "http://download3.vmware.com/software/vmplayer/vmware-player-2.5.3-185404.i386.rpm" }, { "trust": 0.1, "url": "http://www.vmware.com/support/ace25/doc/releasenotes_ace253.html" }, { "trust": 0.1, "url": "http://www.vmware.com/support/player25/doc/releasenotes_player253.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-1863" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1863" }, { "trust": 0.1, "url": "http://www.vmware.com/download/ace/" }, { "trust": 0.1, "url": "http://www.vmware.com/download/player/" }, { "trust": 0.1, "url": "http://www.vmware.com/security" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/1055" }, { "trust": 0.1, "url": "http://www.vmware.com/support/ws65/doc/releasenotes_ws653.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-3304" }, { "trust": 0.1, "url": "http://www.vmware.com/download/ws/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0040" }, { "trust": 0.1, "url": "http://www.vmware.com/support/policies/security_response.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3304" }, { "trust": 0.1, "url": "http://download3.vmware.com/software/vmplayer/vmware-player-2.5.3-185404.x86_64.rpm" }, { "trust": 0.1, "url": "http://www.vmware.com/support/policies/eos.html" }, { "trust": 0.1, "url": "http://download3.vmware.com/software/vmplayer/vmware-player-2.5.3-185404.exe" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2006-5752" }, { "trust": 0.1, "url": "http://download3.vmware.com/software/vmplayer/vmware-player-2.5.3-185404.i386.bundle" }, { "trust": 0.1, "url": "http://download3.vmware.com/software/vmplayer/vmware-player-2.5.3-185404.x86_64.bundle" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0040" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3847" }, { "trust": 0.1, "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce" }, { "trust": 0.1, "url": "http://www.vmware.com/support/policies/eos_vi.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5752" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4465" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6422" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6421" }, { "trust": 0.1, "url": "http://secunia.com/" }, { "trust": 0.1, "url": "http://lists.grok.org.uk/full-disclosure-charter.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2002-0840" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3293" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2004-0492" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3292" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0010" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2003-0542" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3747" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3291" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2002-0839" }, { "trust": 0.1, "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws_php.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3357" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3352" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2491" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3095" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555" }, { "trust": 0.1, "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1891" }, { "trust": 0.1, "url": "http://itrc.hp.com" }, { "trust": 0.1, "url": "http://httpd.apache.org/docs/2.0/mod/mod_status.html" }, { "trust": 0.1, "url": "http://securityreason.com/key/sp3x.gpg" }, { "trust": 0.1, "url": "http://www.securityfocus.com/archive/1/450418" }, { "trust": 0.1, "url": "http://securityreason.com" }, { "trust": 0.1, "url": "http://httpd.apache.org" } ], "sources": [ { "db": "VULMON", "id": "CVE-2007-6388" }, { "db": "BID", "id": "27237" }, { "db": "JVNDB", "id": "JVNDB-2008-001001" }, { "db": "PACKETSTORM", "id": "63262" }, { "db": "PACKETSTORM", "id": "62720" }, { "db": "PACKETSTORM", "id": "89987" }, { "db": "PACKETSTORM", "id": "80533" }, { "db": "PACKETSTORM", "id": "62719" }, { "db": "PACKETSTORM", "id": "62721" }, { "db": "PACKETSTORM", "id": "101257" }, { "db": "PACKETSTORM", "id": "72120" }, { "db": "PACKETSTORM", "id": "62634" }, { "db": "PACKETSTORM", "id": "63601" }, { "db": "CNNVD", "id": "CNNVD-200801-095" }, { "db": "NVD", "id": "CVE-2007-6388" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2007-6388" }, { "db": "BID", "id": "27237" }, { "db": "JVNDB", "id": "JVNDB-2008-001001" }, { "db": "PACKETSTORM", "id": "63262" }, { "db": "PACKETSTORM", "id": "62720" }, { "db": "PACKETSTORM", "id": "89987" }, { "db": "PACKETSTORM", "id": "80533" }, { "db": "PACKETSTORM", "id": "62719" }, { "db": "PACKETSTORM", "id": "62721" }, { "db": "PACKETSTORM", "id": "101257" }, { "db": "PACKETSTORM", "id": "72120" }, { "db": "PACKETSTORM", "id": "62634" }, { "db": "PACKETSTORM", "id": "63601" }, { "db": "CNNVD", "id": "CNNVD-200801-095" }, { "db": "NVD", "id": "CVE-2007-6388" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2008-01-08T00:00:00", "db": "VULMON", "id": "CVE-2007-6388" }, { "date": "2008-01-10T00:00:00", "db": "BID", "id": "27237" }, { "date": "2008-01-22T00:00:00", "db": "JVNDB", "id": "JVNDB-2008-001001" }, { "date": "2008-02-05T00:41:56", "db": "PACKETSTORM", "id": "63262" }, { "date": "2008-01-17T05:57:19", "db": "PACKETSTORM", "id": "62720" }, { "date": "2010-05-27T05:11:37", "db": "PACKETSTORM", "id": "89987" }, { "date": "2009-08-23T16:31:17", "db": "PACKETSTORM", "id": "80533" }, { "date": "2008-01-17T05:56:17", "db": "PACKETSTORM", "id": "62719" }, { "date": "2008-01-17T05:59:17", "db": "PACKETSTORM", "id": "62721" }, { "date": "2011-05-10T00:45:11", "db": "PACKETSTORM", "id": "101257" }, { "date": "2008-11-20T19:21:09", "db": "PACKETSTORM", "id": "72120" }, { "date": "2008-01-15T20:26:59", "db": "PACKETSTORM", "id": "62634" }, { "date": "2008-02-13T22:27:37", "db": "PACKETSTORM", "id": "63601" }, { "date": "2008-01-08T00:00:00", "db": "CNNVD", "id": "CNNVD-200801-095" }, { "date": "2008-01-08T18:46:00", "db": "NVD", "id": "CVE-2007-6388" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-06-06T00:00:00", "db": "VULMON", "id": "CVE-2007-6388" }, { "date": "2015-04-13T21:21:00", "db": "BID", "id": "27237" }, { "date": "2014-05-21T00:00:00", "db": "JVNDB", "id": "JVNDB-2008-001001" }, { "date": "2021-06-07T00:00:00", "db": "CNNVD", "id": "CNNVD-200801-095" }, { "date": "2024-11-21T00:40:01.837000", "db": "NVD", "id": "CVE-2007-6388" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-200801-095" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache HTTP Server of mod_status Vulnerable to cross-site scripting", "sources": [ { "db": "JVNDB", "id": "JVNDB-2008-001001" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "xss", "sources": [ { "db": "PACKETSTORM", "id": "63262" }, { "db": "PACKETSTORM", "id": "62720" }, { "db": "PACKETSTORM", "id": "62719" }, { "db": "PACKETSTORM", "id": "62721" }, { "db": "PACKETSTORM", "id": "72120" }, { "db": "PACKETSTORM", "id": "62634" }, { "db": "CNNVD", "id": "CNNVD-200801-095" } ], "trust": 1.2 } }
var-201201-0259
Vulnerability from variot
Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. Some programming language implementations do not sufficiently randomize their hash functions or provide means to limit key collision attacks, which can be leveraged by an unauthenticated attacker to cause a denial-of-service (DoS) condition. Apache Tomcat Calculates the hash value of the form parameter without restricting the assumption of hash collision. (CPU Resource consumption ) There is a vulnerability that becomes a condition.A third party can send a large amount of crafted parameters to disrupt service operation. (CPU Resource consumption ) There is a possibility of being put into a state. ----------------------------------------------------------------------
Secunia is hiring!
Find your next job here:
http://secunia.com/company/jobs/
TITLE: Hitachi COBOL2002 Products Unspecified Vulnerability
SECUNIA ADVISORY ID: SA47643
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47643/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47643
RELEASE DATE: 2012-01-20
DISCUSS ADVISORY: http://secunia.com/advisories/47643/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/47643/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=47643
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Hitachi has reported a vulnerability in some COBOL2002 products, which can be exploited by malicious users to compromise a vulnerable system.
For more information: SA47612
The vulnerability is reported in versions 01-00, 01-01 through 01-01-/D, 01-02 through 01-02-/F, and 01-03 through 01-03-/F.
SOLUTION: Upgrade to version 02-01-/D.
PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.
ORIGINAL ADVISORY: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-002/index.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201206-24
http://security.gentoo.org/
Severity: Normal Title: Apache Tomcat: Multiple vulnerabilities Date: June 24, 2012 Bugs: #272566, #273662, #303719, #320963, #329937, #373987, #374619, #382043, #386213, #396401, #399227 ID: 201206-24
Synopsis
Multiple vulnerabilities were found in Apache Tomcat, the worst of which allowing to read, modify and overwrite arbitrary files.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/tomcat < 5.5.34 >= 6.0.35 *< 6.0.35 >= 7.0.23 < 7.0.23
Description
Multiple vulnerabilities have been discovered in Apache Tomcat. Please review the CVE identifiers referenced below for details.
Impact
The vulnerabilities allow an attacker to cause a Denial of Service, to hijack a session, to bypass authentication, to inject webscript, to enumerate valid usernames, to read, modify and overwrite arbitrary files, to bypass intended access restrictions, to delete work-directory files, to discover the server's hostname or IP, to bypass read permissions for files or HTTP headers, to read or write files outside of the intended working directory, and to obtain sensitive information by reading a log file.
Workaround
There is no known workaround at this time.
Resolution
All Apache Tomcat 6.0.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/tomcat-6.0.35"
All Apache Tomcat 7.0.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/tomcat-7.0.23"
References
[ 1 ] CVE-2008-5515 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5515 [ 2 ] CVE-2009-0033 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0033 [ 3 ] CVE-2009-0580 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0580 [ 4 ] CVE-2009-0781 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0781 [ 5 ] CVE-2009-0783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0783 [ 6 ] CVE-2009-2693 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2693 [ 7 ] CVE-2009-2901 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2901 [ 8 ] CVE-2009-2902 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2902 [ 9 ] CVE-2010-1157 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1157 [ 10 ] CVE-2010-2227 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2227 [ 11 ] CVE-2010-3718 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3718 [ 12 ] CVE-2010-4172 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4172 [ 13 ] CVE-2010-4312 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4312 [ 14 ] CVE-2011-0013 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0013 [ 15 ] CVE-2011-0534 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0534 [ 16 ] CVE-2011-1088 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1088 [ 17 ] CVE-2011-1183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1183 [ 18 ] CVE-2011-1184 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1184 [ 19 ] CVE-2011-1419 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1419 [ 20 ] CVE-2011-1475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1475 [ 21 ] CVE-2011-1582 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1582 [ 22 ] CVE-2011-2204 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2204 [ 23 ] CVE-2011-2481 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2481 [ 24 ] CVE-2011-2526 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2526 [ 25 ] CVE-2011-2729 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2729 [ 26 ] CVE-2011-3190 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3190 [ 27 ] CVE-2011-3375 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3375 [ 28 ] CVE-2011-4858 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4858 [ 29 ] CVE-2011-5062 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5062 [ 30 ] CVE-2011-5063 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5063 [ 31 ] CVE-2011-5064 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5064 [ 32 ] CVE-2012-0022 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0022
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201206-24.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Optional (v. 6) - noarch Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch Red Hat Enterprise Linux Workstation (v. 6) - noarch Red Hat Enterprise Linux Workstation Optional (v. 6) - noarch
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: tomcat6 security and bug fix update Advisory ID: RHSA-2012:0682-01 Product: JBoss Enterprise Web Server Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0682.html Issue date: 2012-05-21 CVE Names: CVE-2011-1184 CVE-2011-2204 CVE-2011-2526 CVE-2011-3190 CVE-2011-3375 CVE-2011-4858 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064 CVE-2012-0022 =====================================================================
- Summary:
Updated tomcat6 packages that fix multiple security issues and three bugs are now available for JBoss Enterprise Web Server 1.0.2 for Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
JBoss Enterprise Web Server 1.0 for RHEL 5 Server - noarch JBoss Enterprise Web Server 1.0 for RHEL 6 Server - noarch
- Description:
Apache Tomcat is a servlet container.
JBoss Enterprise Web Server includes the Tomcat Native library, providing Apache Portable Runtime (APR) support for Tomcat. References in this text to APR refer to the Tomcat Native implementation, not any other apr package.
This update fixes the JBPAPP-4873, JBPAPP-6133, and JBPAPP-6852 bugs. It also resolves the following security issues:
Multiple flaws weakened the Tomcat HTTP DIGEST authentication implementation, subjecting it to some of the weaknesses of HTTP BASIC authentication, for example, allowing remote attackers to perform session replay attacks. (CVE-2011-1184, CVE-2011-5062, CVE-2011-5063, CVE-2011-5064)
A flaw was found in the way the Coyote (org.apache.coyote.ajp.AjpProcessor) and APR (org.apache.coyote.ajp.AjpAprProcessor) Tomcat AJP (Apache JServ Protocol) connectors processed certain POST requests. An attacker could send a specially-crafted request that would cause the connector to treat the message body as a new request. This allows arbitrary AJP messages to be injected, possibly allowing an attacker to bypass a web application's authentication checks and gain access to information they would otherwise be unable to access. The JK (org.apache.jk.server.JkCoyoteHandler) connector is used by default when the APR libraries are not present. The JK connector is not affected by this flaw. (CVE-2011-3190)
A flaw in the way Tomcat recycled objects that contain data from user requests (such as IP addresses and HTTP headers) when certain errors occurred. If a user sent a request that caused an error to be logged, Tomcat would return a reply to the next request (which could be sent by a different user) with data from the first user's request, leading to information disclosure. Under certain conditions, a remote attacker could leverage this flaw to hijack sessions. (CVE-2011-3375)
The Java hashCode() method implementation was susceptible to predictable hash collisions. This update introduces a limit on the number of parameters processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties. (CVE-2011-4858)
Tomcat did not handle large numbers of parameters and large parameter values efficiently. A remote attacker could make Tomcat use an excessive amount of CPU time by sending an HTTP request containing a large number of parameters or large parameter values. This update introduces limits on the number of parameters and headers processed per request to address this issue. Refer to the CVE-2011-4858 description for information about the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties. (CVE-2012-0022)
A flaw in the Tomcat MemoryUserDatabase. If a runtime exception occurred when creating a new user with a JMX client, that user's password was logged to Tomcat log files. Note: By default, only administrators have access to such log files. (CVE-2011-2204)
A flaw in the way Tomcat handled sendfile request attributes when using the HTTP APR or NIO (Non-Blocking I/O) connector. A malicious web application running on a Tomcat instance could use this flaw to bypass security manager restrictions and gain access to files it would otherwise be unable to access, or possibly terminate the Java Virtual Machine (JVM). The HTTP NIO connector is used by default in JBoss Enterprise Web Server. (CVE-2011-2526)
Red Hat would like to thank oCERT for reporting CVE-2011-4858, and the Apache Tomcat project for reporting CVE-2011-2526. oCERT acknowledges Julian Wälde and Alexander Klink as the original reporters of CVE-2011-4858.
- Solution:
Users of Tomcat should upgrade to these updated packages, which resolve these issues. Tomcat must be restarted for this update to take effect.
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258
- Bugs fixed (http://bugzilla.redhat.com/):
717013 - CVE-2011-2204 tomcat: password disclosure vulnerability 720948 - CVE-2011-2526 tomcat: security manager restrictions bypass 734868 - CVE-2011-3190 tomcat: authentication bypass and information disclosure 741401 - CVE-2011-1184 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064 tomcat: Multiple weaknesses in HTTP DIGEST authentication 750521 - CVE-2011-4858 tomcat: hash table collisions CPU usage DoS (oCERT-2011-003) 782624 - CVE-2011-3375 tomcat: information disclosure due to improper response and request object recycling 783359 - CVE-2012-0022 tomcat: large number of parameters DoS
- Package List:
JBoss Enterprise Web Server 1.0 for RHEL 5 Server:
Source: tomcat6-6.0.32-24_patch_07.ep5.el5.src.rpm
noarch: tomcat6-6.0.32-24_patch_07.ep5.el5.noarch.rpm tomcat6-admin-webapps-6.0.32-24_patch_07.ep5.el5.noarch.rpm tomcat6-docs-webapp-6.0.32-24_patch_07.ep5.el5.noarch.rpm tomcat6-el-1.0-api-6.0.32-24_patch_07.ep5.el5.noarch.rpm tomcat6-javadoc-6.0.32-24_patch_07.ep5.el5.noarch.rpm tomcat6-jsp-2.1-api-6.0.32-24_patch_07.ep5.el5.noarch.rpm tomcat6-lib-6.0.32-24_patch_07.ep5.el5.noarch.rpm tomcat6-log4j-6.0.32-24_patch_07.ep5.el5.noarch.rpm tomcat6-servlet-2.5-api-6.0.32-24_patch_07.ep5.el5.noarch.rpm tomcat6-webapps-6.0.32-24_patch_07.ep5.el5.noarch.rpm
JBoss Enterprise Web Server 1.0 for RHEL 6 Server:
Source: tomcat6-6.0.32-24_patch_07.ep5.el6.src.rpm
noarch: tomcat6-6.0.32-24_patch_07.ep5.el6.noarch.rpm tomcat6-admin-webapps-6.0.32-24_patch_07.ep5.el6.noarch.rpm tomcat6-docs-webapp-6.0.32-24_patch_07.ep5.el6.noarch.rpm tomcat6-el-1.0-api-6.0.32-24_patch_07.ep5.el6.noarch.rpm tomcat6-javadoc-6.0.32-24_patch_07.ep5.el6.noarch.rpm tomcat6-jsp-2.1-api-6.0.32-24_patch_07.ep5.el6.noarch.rpm tomcat6-lib-6.0.32-24_patch_07.ep5.el6.noarch.rpm tomcat6-log4j-6.0.32-24_patch_07.ep5.el6.noarch.rpm tomcat6-servlet-2.5-api-6.0.32-24_patch_07.ep5.el6.noarch.rpm tomcat6-webapps-6.0.32-24_patch_07.ep5.el6.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2011-1184.html https://www.redhat.com/security/data/cve/CVE-2011-2204.html https://www.redhat.com/security/data/cve/CVE-2011-2526.html https://www.redhat.com/security/data/cve/CVE-2011-3190.html https://www.redhat.com/security/data/cve/CVE-2011-3375.html https://www.redhat.com/security/data/cve/CVE-2011-4858.html https://www.redhat.com/security/data/cve/CVE-2011-5062.html https://www.redhat.com/security/data/cve/CVE-2011-5063.html https://www.redhat.com/security/data/cve/CVE-2011-5064.html https://www.redhat.com/security/data/cve/CVE-2012-0022.html https://access.redhat.com/security/updates/classification/#moderate http://tomcat.apache.org/security-6.html https://issues.jboss.org/browse/JBPAPP-4873 https://issues.jboss.org/browse/JBPAPP-6133 https://issues.jboss.org/browse/JBPAPP-6852
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFPunmrXlSAg2UNWIIRAkA4AKCTaGA0dlkzcdXw8BMDz6i6Kk31iQCbBwk5 HGbJnvqJAVX57f9/Kpj3+R4= =pyZw -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
A flaw was found in the way JBoss Web handled UTF-8 surrogate pair characters. If JBoss Web was hosting an application with UTF-8 character encoding enabled, or that included user-supplied UTF-8 strings in a response, a remote attacker could use this flaw to cause a denial of service (infinite loop) on the JBoss Web server.
Warning: Before applying this update, back up your JBoss Enterprise Application Platform's "jboss-as/server/[PROFILE]/deploy/" directory, along with all other customized configuration files. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Enterprise Middleware components that have been tested and certified together to provide an integrated experience. Refer to the JBoss Enterprise Portal Platform 4.3 CP07 Release Notes, available shortly from docs.redhat.com, for information on the most significant bug fixes included in this release.
The following security fixes are also included:
JBoss Seam 2 did not properly block access to JBoss Expression Language (EL) constructs in page exception handling, allowing arbitrary Java methods to be executed. A remote attacker could use this flaw to execute arbitrary code via a specially-crafted URL provided to certain applications based on the JBoss Seam 2 framework. Note: A properly configured and enabled Java Security Manager would prevent exploitation of this flaw. (CVE-2011-1484)
Note: If you have created custom applications that are packaged with a copy of the JBoss Seam 2 library, those applications must be rebuilt with the updated jboss-seam.jar file provided by this update. (CVE-2011-1184, CVE-2011-5062, CVE-2011-5063, CVE-2011-5064)
The invoker servlets, deployed by default via httpha-invoker, only performed access control on the HTTP GET and POST methods, allowing remote attackers to make unauthenticated requests by using different HTTP methods. Due to the second layer of authentication provided by a security interceptor, this issue is not exploitable on default installations unless an administrator has misconfigured the security interceptor or disabled it. Solution:
The References section of this erratum contains a download link (you must log in to download the update). Note that if you have created custom applications that are packaged with a copy of the JBoss Seam 2 library, those applications must be rebuilt with the updated jboss-seam.jar file provided by this update. Description:
The JBoss Communications Platform (JBCP) is an open source VoIP platform certified for JAIN SLEE 1.1 and SIP Servlets 1.1 compliance. JBCP serves as a high performance core for Service Delivery Platforms (SDPs) and IP Multimedia Subsystems (IMSs) by leveraging J2EE to enable the convergence of data and video in Next-Generation Intelligent Network (NGIN) applications
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201201-0259", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.1" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.2" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.9" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.15" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.0" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.1" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.25" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.21" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.13" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.3" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.3" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.15" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.16" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.33" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "5.5.35" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.11" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.22" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.6" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.20" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.7" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.10" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.6" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.4" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.2" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.22" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.27" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.10" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.18" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.18" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.17" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.5" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.19" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.14" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.30" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.7" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.9" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.12" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.24" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.14" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.11" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.5" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.23" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.0" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.19" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.32" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.12" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.29" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.17" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.8" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.31" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.16" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.20" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.21" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.4" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.34" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.8" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.13" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.28" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.26" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "apache tomcat", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "microsoft", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "oracle", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "ruby", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "the php group", "version": null }, { "model": "interstage list works", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage service integrator", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 5" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "st ard" }, { "model": "systemwalker software configuration manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker it change manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "enterprise version 6" }, { "model": "interstage xml business activity recorder", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "st ard-j edition v7.1 to v8.1" }, { "model": "tomcat", "scope": "lt", "trust": 0.8, "vendor": "apache", "version": "7.x" }, { "model": "interstage web server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "enterprise service bus v6.4 to v8.4" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "enterprise edition v4.1 to v6.5" }, { "model": "ucosminexus service", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "platform" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "smart edition" }, { "model": "it operations analyzer", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "tomcat", "scope": "lt", "trust": 0.8, "vendor": "apache", "version": "6.x" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional for plug-in" }, { "model": "cosminexus component container", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "systemwalker operation manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker it process master", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "developer v7.1 to v8.1" }, { "model": "interstage application development cycle manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage application server", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "none" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "portal v8.2 to v8.3" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "enterprise edition v7.1 to v8.1" }, { "model": "csview", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "/faq navigator v4 v5" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "enterprise v8.2 to v8.4" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "st ard-r" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "foundation v8.2 to v8.4" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "sip application server st ard edition v7.1 to v8.1" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "development environment v6.1 to v6.5" }, { "model": "systemwalker desktop inspection", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "tomcat", "scope": "eq", "trust": 0.8, "vendor": "apache", "version": "6.0.35" }, { "model": "websam storage vmware vcenter plug-in", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v1.1" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "web edition v7.1 to v8.1" }, { "model": "success server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage application server", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "plus developer / apworks / studio" }, { "model": "systemwalker service quality coordinator", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "uddi registry v1.1 to v7.1" }, { "model": "systemwalker runbook automation", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "serverview", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "resource orchestrator cloud edition" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "st ard v8.2 to v8.4" }, { "model": "ucosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "base" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional version 6" }, { "model": "interstage list manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "st ard-j edition v4.1 to v6.5" }, { "model": "cosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "base" }, { "model": "interstage business application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "infoframe documentskipper", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v4.1" }, { "model": "infocage", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "pc security v1.44 before" }, { "model": "ucosminexus service", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "architect" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "st ard edition v4.1 to v6.5" }, { "model": "internet navigware server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 5" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "express" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "light" }, { "model": "infoframe documentskipper", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v3.2" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "enterprise" }, { "model": "websam securemaster", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "enterpriseidentitymanager ver4.1 all versions up to" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "01" }, { "model": "interstage application framework suite", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker availability view", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage shunsaku data manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 5" }, { "model": "interstage form coordinator workflow", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker service catalog manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "web edition v4.1 to v6.5" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "st ard edition v7.1 to v8.1" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "st ard version 6" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "light" }, { "model": "websam securemaster", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "enterpriseaccessmanager ver5.0 to ver6.1" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "st ard" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "light version 6" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "express v8.2 to v8.4" }, { "model": "tomcat", "scope": "eq", "trust": 0.8, "vendor": "apache", "version": "7.0.23" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional" }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "st ard version 6" }, { "model": "garoon", "scope": "eq", "trust": 0.8, "vendor": "cybozu", "version": "2.0.0 to 3.1" }, { "model": "ucosminexus service", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "platform - messaging" }, { "model": "infoframe documentskipper", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v5.1" }, { "model": "interstage job workload server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null } ], "sources": [ { "db": "CERT/CC", "id": "VU#903934" }, { "db": "JVNDB", "id": "JVNDB-2012-001003" }, { "db": "NVD", "id": "CVE-2011-4858" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:apache:tomcat", "vulnerable": true }, { "cpe22Uri": "cpe:/a:ibm:cognos_business_intelligence", "vulnerable": true }, { "cpe22Uri": "cpe:/a:cybozu:garoon", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:csview", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:infocage", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:infoframe_documentskipper", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:webotx", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:webotx_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:websam_securemaster", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_component_container", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_developer", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_primary_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_studio", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:it_operations_analyzer", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_primary_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_service", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:internet_navigware_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_development_cycle_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_framework_suite", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_form_coordinator_workflow", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_job_workload_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_list_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_list_works", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_service_integrator", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_shunsaku_data_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_web_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_xml_business_activity_recorder", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:serverview", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:success_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_availability_view", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_desktop_inspection", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_it_change_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_it_process_master", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_operation_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_runbook_automation", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_service_catalog_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_service_quality_coordinator", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_software_configuration_manager", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-001003" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "111783" }, { "db": "PACKETSTORM", "id": "112906" }, { "db": "PACKETSTORM", "id": "110084" }, { "db": "PACKETSTORM", "id": "109272" }, { "db": "PACKETSTORM", "id": "109367" }, { "db": "PACKETSTORM", "id": "109274" } ], "trust": 0.6 }, "cve": "CVE-2011-4858", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2011-4858", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2011-4858", "trust": 1.0, "value": "MEDIUM" }, { "author": "CARNEGIE MELLON", "id": "VU#903934", "trust": 0.8, "value": "10.80" }, { "author": "NVD", "id": "CVE-2011-4858", "trust": 0.8, "value": "Medium" }, { "author": "VULMON", "id": "CVE-2011-4858", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CERT/CC", "id": "VU#903934" }, { "db": "VULMON", "id": "CVE-2011-4858" }, { "db": "JVNDB", "id": "JVNDB-2012-001003" }, { "db": "NVD", "id": "CVE-2011-4858" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. Some programming language implementations do not sufficiently randomize their hash functions or provide means to limit key collision attacks, which can be leveraged by an unauthenticated attacker to cause a denial-of-service (DoS) condition. Apache Tomcat Calculates the hash value of the form parameter without restricting the assumption of hash collision. (CPU Resource consumption ) There is a vulnerability that becomes a condition.A third party can send a large amount of crafted parameters to disrupt service operation. (CPU Resource consumption ) There is a possibility of being put into a state. ----------------------------------------------------------------------\n\nSecunia is hiring!\n\nFind your next job here:\n\nhttp://secunia.com/company/jobs/\n\n----------------------------------------------------------------------\n\nTITLE:\nHitachi COBOL2002 Products Unspecified Vulnerability\n\nSECUNIA ADVISORY ID:\nSA47643\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/47643/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47643\n\nRELEASE DATE:\n2012-01-20\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/47643/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/47643/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47643\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nHitachi has reported a vulnerability in some COBOL2002 products,\nwhich can be exploited by malicious users to compromise a vulnerable\nsystem. \n\nFor more information:\nSA47612\n\nThe vulnerability is reported in versions 01-00, 01-01 through\n01-01-/D, 01-02 through 01-02-/F, and 01-03 through 01-03-/F. \n\nSOLUTION:\nUpgrade to version 02-01-/D. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nhttp://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-002/index.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201206-24\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Apache Tomcat: Multiple vulnerabilities\n Date: June 24, 2012\n Bugs: #272566, #273662, #303719, #320963, #329937, #373987,\n #374619, #382043, #386213, #396401, #399227\n ID: 201206-24\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities were found in Apache Tomcat, the worst of\nwhich allowing to read, modify and overwrite arbitrary files. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/tomcat *\u003c 5.5.34 *\u003e= 6.0.35\n *\u003c 6.0.35 \u003e= 7.0.23\n \u003c 7.0.23\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Apache Tomcat. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n======\n\nThe vulnerabilities allow an attacker to cause a Denial of Service, to\nhijack a session, to bypass authentication, to inject webscript, to\nenumerate valid usernames, to read, modify and overwrite arbitrary\nfiles, to bypass intended access restrictions, to delete work-directory\nfiles, to discover the server\u0027s hostname or IP, to bypass read\npermissions for files or HTTP headers, to read or write files outside\nof the intended working directory, and to obtain sensitive information\nby reading a log file. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Apache Tomcat 6.0.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/tomcat-6.0.35\"\n\nAll Apache Tomcat 7.0.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/tomcat-7.0.23\"\n\nReferences\n==========\n\n[ 1 ] CVE-2008-5515\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5515\n[ 2 ] CVE-2009-0033\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0033\n[ 3 ] CVE-2009-0580\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0580\n[ 4 ] CVE-2009-0781\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0781\n[ 5 ] CVE-2009-0783\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0783\n[ 6 ] CVE-2009-2693\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2693\n[ 7 ] CVE-2009-2901\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2901\n[ 8 ] CVE-2009-2902\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2902\n[ 9 ] CVE-2010-1157\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1157\n[ 10 ] CVE-2010-2227\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2227\n[ 11 ] CVE-2010-3718\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3718\n[ 12 ] CVE-2010-4172\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4172\n[ 13 ] CVE-2010-4312\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4312\n[ 14 ] CVE-2011-0013\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0013\n[ 15 ] CVE-2011-0534\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0534\n[ 16 ] CVE-2011-1088\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1088\n[ 17 ] CVE-2011-1183\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1183\n[ 18 ] CVE-2011-1184\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1184\n[ 19 ] CVE-2011-1419\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1419\n[ 20 ] CVE-2011-1475\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1475\n[ 21 ] CVE-2011-1582\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1582\n[ 22 ] CVE-2011-2204\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2204\n[ 23 ] CVE-2011-2481\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2481\n[ 24 ] CVE-2011-2526\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2526\n[ 25 ] CVE-2011-2729\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2729\n[ 26 ] CVE-2011-3190\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3190\n[ 27 ] CVE-2011-3375\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3375\n[ 28 ] CVE-2011-4858\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4858\n[ 29 ] CVE-2011-5062\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5062\n[ 30 ] CVE-2011-5063\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5063\n[ 31 ] CVE-2011-5064\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5064\n[ 32 ] CVE-2012-0022\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0022\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201206-24.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop Optional (v. 6) - noarch\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - noarch\nRed Hat Enterprise Linux Workstation (v. 6) - noarch\nRed Hat Enterprise Linux Workstation Optional (v. 6) - noarch\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: tomcat6 security and bug fix update\nAdvisory ID: RHSA-2012:0682-01\nProduct: JBoss Enterprise Web Server\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2012-0682.html\nIssue date: 2012-05-21\nCVE Names: CVE-2011-1184 CVE-2011-2204 CVE-2011-2526 \n CVE-2011-3190 CVE-2011-3375 CVE-2011-4858 \n CVE-2011-5062 CVE-2011-5063 CVE-2011-5064 \n CVE-2012-0022 \n=====================================================================\n\n1. Summary:\n\nUpdated tomcat6 packages that fix multiple security issues and three bugs\nare now available for JBoss Enterprise Web Server 1.0.2 for Red Hat\nEnterprise Linux 5 and 6. \n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nJBoss Enterprise Web Server 1.0 for RHEL 5 Server - noarch\nJBoss Enterprise Web Server 1.0 for RHEL 6 Server - noarch\n\n3. Description:\n\nApache Tomcat is a servlet container. \n\nJBoss Enterprise Web Server includes the Tomcat Native library, providing\nApache Portable Runtime (APR) support for Tomcat. References in this text\nto APR refer to the Tomcat Native implementation, not any other apr\npackage. \n\nThis update fixes the JBPAPP-4873, JBPAPP-6133, and JBPAPP-6852 bugs. It\nalso resolves the following security issues:\n\nMultiple flaws weakened the Tomcat HTTP DIGEST authentication\nimplementation, subjecting it to some of the weaknesses of HTTP BASIC\nauthentication, for example, allowing remote attackers to perform session\nreplay attacks. (CVE-2011-1184, CVE-2011-5062, CVE-2011-5063,\nCVE-2011-5064)\n\nA flaw was found in the way the Coyote (org.apache.coyote.ajp.AjpProcessor)\nand APR (org.apache.coyote.ajp.AjpAprProcessor) Tomcat AJP (Apache JServ\nProtocol) connectors processed certain POST requests. An attacker could\nsend a specially-crafted request that would cause the connector to treat\nthe message body as a new request. This allows arbitrary AJP messages to be\ninjected, possibly allowing an attacker to bypass a web application\u0027s\nauthentication checks and gain access to information they would otherwise\nbe unable to access. The JK (org.apache.jk.server.JkCoyoteHandler)\nconnector is used by default when the APR libraries are not present. The JK\nconnector is not affected by this flaw. (CVE-2011-3190)\n\nA flaw in the way Tomcat recycled objects that contain data from user\nrequests (such as IP addresses and HTTP headers) when certain errors\noccurred. If a user sent a request that caused an error to be logged,\nTomcat would return a reply to the next request (which could be sent by a\ndifferent user) with data from the first user\u0027s request, leading to\ninformation disclosure. Under certain conditions, a remote attacker could\nleverage this flaw to hijack sessions. (CVE-2011-3375)\n\nThe Java hashCode() method implementation was susceptible to predictable\nhash collisions. This update\nintroduces a limit on the number of parameters processed per request to\nmitigate this issue. The default limit is 512 for parameters and 128 for\nheaders. These defaults can be changed by setting the\norg.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties. \n(CVE-2011-4858)\n\nTomcat did not handle large numbers of parameters and large parameter\nvalues efficiently. A remote attacker could make Tomcat use an excessive\namount of CPU time by sending an HTTP request containing a large number of\nparameters or large parameter values. This update introduces limits on the\nnumber of parameters and headers processed per request to address this\nissue. Refer to the CVE-2011-4858 description for information about the\norg.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties. \n(CVE-2012-0022)\n\nA flaw in the Tomcat MemoryUserDatabase. If a runtime exception occurred\nwhen creating a new user with a JMX client, that user\u0027s password was logged\nto Tomcat log files. Note: By default, only administrators have access to\nsuch log files. (CVE-2011-2204)\n\nA flaw in the way Tomcat handled sendfile request attributes when using the\nHTTP APR or NIO (Non-Blocking I/O) connector. A malicious web application\nrunning on a Tomcat instance could use this flaw to bypass security manager\nrestrictions and gain access to files it would otherwise be unable to\naccess, or possibly terminate the Java Virtual Machine (JVM). The HTTP NIO\nconnector is used by default in JBoss Enterprise Web Server. \n(CVE-2011-2526)\n\nRed Hat would like to thank oCERT for reporting CVE-2011-4858, and the\nApache Tomcat project for reporting CVE-2011-2526. oCERT acknowledges\nJulian W\u00e4lde and Alexander Klink as the original reporters of\nCVE-2011-4858. \n\n4. Solution:\n\nUsers of Tomcat should upgrade to these updated packages, which\nresolve these issues. Tomcat must be restarted for this update to take\neffect. \n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n717013 - CVE-2011-2204 tomcat: password disclosure vulnerability\n720948 - CVE-2011-2526 tomcat: security manager restrictions bypass\n734868 - CVE-2011-3190 tomcat: authentication bypass and information disclosure\n741401 - CVE-2011-1184 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064 tomcat: Multiple weaknesses in HTTP DIGEST authentication\n750521 - CVE-2011-4858 tomcat: hash table collisions CPU usage DoS (oCERT-2011-003)\n782624 - CVE-2011-3375 tomcat: information disclosure due to improper response and request object recycling\n783359 - CVE-2012-0022 tomcat: large number of parameters DoS\n\n6. Package List:\n\nJBoss Enterprise Web Server 1.0 for RHEL 5 Server:\n\nSource:\ntomcat6-6.0.32-24_patch_07.ep5.el5.src.rpm\n\nnoarch:\ntomcat6-6.0.32-24_patch_07.ep5.el5.noarch.rpm\ntomcat6-admin-webapps-6.0.32-24_patch_07.ep5.el5.noarch.rpm\ntomcat6-docs-webapp-6.0.32-24_patch_07.ep5.el5.noarch.rpm\ntomcat6-el-1.0-api-6.0.32-24_patch_07.ep5.el5.noarch.rpm\ntomcat6-javadoc-6.0.32-24_patch_07.ep5.el5.noarch.rpm\ntomcat6-jsp-2.1-api-6.0.32-24_patch_07.ep5.el5.noarch.rpm\ntomcat6-lib-6.0.32-24_patch_07.ep5.el5.noarch.rpm\ntomcat6-log4j-6.0.32-24_patch_07.ep5.el5.noarch.rpm\ntomcat6-servlet-2.5-api-6.0.32-24_patch_07.ep5.el5.noarch.rpm\ntomcat6-webapps-6.0.32-24_patch_07.ep5.el5.noarch.rpm\n\nJBoss Enterprise Web Server 1.0 for RHEL 6 Server:\n\nSource:\ntomcat6-6.0.32-24_patch_07.ep5.el6.src.rpm\n\nnoarch:\ntomcat6-6.0.32-24_patch_07.ep5.el6.noarch.rpm\ntomcat6-admin-webapps-6.0.32-24_patch_07.ep5.el6.noarch.rpm\ntomcat6-docs-webapp-6.0.32-24_patch_07.ep5.el6.noarch.rpm\ntomcat6-el-1.0-api-6.0.32-24_patch_07.ep5.el6.noarch.rpm\ntomcat6-javadoc-6.0.32-24_patch_07.ep5.el6.noarch.rpm\ntomcat6-jsp-2.1-api-6.0.32-24_patch_07.ep5.el6.noarch.rpm\ntomcat6-lib-6.0.32-24_patch_07.ep5.el6.noarch.rpm\ntomcat6-log4j-6.0.32-24_patch_07.ep5.el6.noarch.rpm\ntomcat6-servlet-2.5-api-6.0.32-24_patch_07.ep5.el6.noarch.rpm\ntomcat6-webapps-6.0.32-24_patch_07.ep5.el6.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2011-1184.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-2204.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-2526.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3190.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3375.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-4858.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-5062.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-5063.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-5064.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0022.html\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttp://tomcat.apache.org/security-6.html\nhttps://issues.jboss.org/browse/JBPAPP-4873\nhttps://issues.jboss.org/browse/JBPAPP-6133\nhttps://issues.jboss.org/browse/JBPAPP-6852\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2012 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFPunmrXlSAg2UNWIIRAkA4AKCTaGA0dlkzcdXw8BMDz6i6Kk31iQCbBwk5\nHGbJnvqJAVX57f9/Kpj3+R4=\n=pyZw\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nA flaw was found in the way JBoss Web handled UTF-8 surrogate pair\ncharacters. If JBoss Web was hosting an application with UTF-8 character\nencoding enabled, or that included user-supplied UTF-8 strings in a\nresponse, a remote attacker could use this flaw to cause a denial of\nservice (infinite loop) on the JBoss Web server. \n\nWarning: Before applying this update, back up your JBoss Enterprise\nApplication Platform\u0027s \"jboss-as/server/[PROFILE]/deploy/\" directory, along\nwith all other customized configuration files. It comprises a set of offerings for enterprise\ncustomers who are looking for pre-configured profiles of JBoss Enterprise\nMiddleware components that have been tested and certified together to\nprovide an integrated experience. Refer to the\nJBoss Enterprise Portal Platform 4.3 CP07 Release Notes, available shortly\nfrom docs.redhat.com, for information on the most significant bug fixes\nincluded in this release. \n\nThe following security fixes are also included:\n\nJBoss Seam 2 did not properly block access to JBoss Expression Language\n(EL) constructs in page exception handling, allowing arbitrary Java methods\nto be executed. A remote attacker could use this flaw to execute arbitrary\ncode via a specially-crafted URL provided to certain applications based on\nthe JBoss Seam 2 framework. Note: A properly configured and enabled Java\nSecurity Manager would prevent exploitation of this flaw. (CVE-2011-1484)\n\nNote: If you have created custom applications that are packaged with a copy\nof the JBoss Seam 2 library, those applications must be rebuilt with the\nupdated jboss-seam.jar file provided by this update. (CVE-2011-1184, CVE-2011-5062,\nCVE-2011-5063, CVE-2011-5064)\n\nThe invoker servlets, deployed by default via httpha-invoker, only\nperformed access control on the HTTP GET and POST methods, allowing remote\nattackers to make unauthenticated requests by using different HTTP methods. \nDue to the second layer of authentication provided by a security\ninterceptor, this issue is not exploitable on default installations unless\nan administrator has misconfigured the security interceptor or disabled it. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \nNote that if you have created custom applications that are packaged with a\ncopy of the JBoss Seam 2 library, those applications must be rebuilt with\nthe updated jboss-seam.jar file provided by this update. Description:\n\nThe JBoss Communications Platform (JBCP) is an open source VoIP platform\ncertified for JAIN SLEE 1.1 and SIP Servlets 1.1 compliance. JBCP serves as\na high performance core for Service Delivery Platforms (SDPs) and IP\nMultimedia Subsystems (IMSs) by leveraging J2EE to enable the convergence\nof data and video in Next-Generation Intelligent Network (NGIN)\napplications", "sources": [ { "db": "NVD", "id": "CVE-2011-4858" }, { "db": "CERT/CC", "id": "VU#903934" }, { "db": "JVNDB", "id": "JVNDB-2012-001003" }, { "db": "VULMON", "id": "CVE-2011-4858" }, { "db": "PACKETSTORM", "id": "108860" }, { "db": "PACKETSTORM", "id": "114139" }, { "db": "PACKETSTORM", "id": "111783" }, { "db": "PACKETSTORM", "id": "112906" }, { "db": "PACKETSTORM", "id": "110084" }, { "db": "PACKETSTORM", "id": "109272" }, { "db": "PACKETSTORM", "id": "109367" }, { "db": "PACKETSTORM", "id": "109274" } ], "trust": 3.15 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=2012", "trust": 0.1, "type": "exploit" } ], "sources": [ { "db": "VULMON", "id": "CVE-2011-4858" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "CERT/CC", "id": "VU#903934", "trust": 2.7 }, { "db": "NVD", "id": "CVE-2011-4858", "trust": 2.6 }, { "db": "OCERT", "id": "OCERT-2011-003", "trust": 1.9 }, { "db": "SECUNIA", "id": "48791", "trust": 1.1 }, { "db": "SECUNIA", "id": "48790", "trust": 1.1 }, { "db": "SECUNIA", "id": "48549", "trust": 1.1 }, { "db": "SECUNIA", "id": "54971", "trust": 1.1 }, { "db": "SECUNIA", "id": "55115", "trust": 1.1 }, { "db": "BID", "id": "51200", "trust": 1.1 }, { "db": "JVNDB", "id": "JVNDB-2012-001003", "trust": 0.8 }, { "db": "SECUNIA", "id": "47643", "trust": 0.2 }, { "db": "EXPLOIT-DB", "id": "2012", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2011-4858", "trust": 0.1 }, { "db": "HITACHI", "id": "HS12-002", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "108860", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "114139", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "111783", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "112906", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "110084", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "109272", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "109367", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "109274", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#903934" }, { "db": "VULMON", "id": "CVE-2011-4858" }, { "db": "JVNDB", "id": "JVNDB-2012-001003" }, { "db": "PACKETSTORM", "id": "108860" }, { "db": "PACKETSTORM", "id": "114139" }, { "db": "PACKETSTORM", "id": "111783" }, { "db": "PACKETSTORM", "id": "112906" }, { "db": "PACKETSTORM", "id": "110084" }, { "db": "PACKETSTORM", "id": "109272" }, { "db": "PACKETSTORM", "id": "109367" }, { "db": "PACKETSTORM", "id": "109274" }, { "db": "NVD", "id": "CVE-2011-4858" } ] }, "id": "VAR-201201-0259", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.26205936 }, "last_update_date": "2024-11-29T22:15:39.169000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Changelog", "trust": 0.8, "url": "http://tomcat.apache.org/tomcat-7.0-doc/changelog.html" }, { "title": "HS12-019", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-019/index.html" }, { "title": "HS12-003", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-003/index.html" }, { "title": "1626697", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21626697" }, { "title": "4034373", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24034373" }, { "title": "NV12-003", "trust": 0.8, "url": "http://www.nec.co.jp/security-info/secinfo/nv12-003.html" }, { "title": "Bug 750521", "trust": 0.8, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=750521" }, { "title": "Multiple vulnerabilities in Oracle Java Web Console - oracle_java", "trust": 0.8, "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_oracle_java" }, { "title": "Multiple vulnerabilities in Oracle Java Web Console - oracle_java1", "trust": 0.8, "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_oracle_java1" }, { "title": "Multiple Denial of Service (DoS) vulnerabilities in Apache Tomcat", "trust": 0.8, "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_denial_of_service_dos" }, { "title": "CY12-02-006", "trust": 0.8, "url": "http://cs.cybozu.co.jp/information/20120224up08.php" }, { "title": "interstage_as_201201", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_201201.html" }, { "title": "HS12-019", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-019/index.html" }, { "title": "HS12-003", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-003/index.html" }, { "title": "\u3010iStorage M\u30b7\u30ea\u30fc\u30ba\u3011WebSAM Storage VMware vCenter Plug-inV1.1\u304c\u4f7f\u7528\u3057\u3066\u3044\u308bApache Tomcat\u8106\u5f31\u6027\u554f\u984c\u306e\u5bfe\u51e6\u306b\u3064\u3044\u3066", "trust": 0.8, "url": "http://www.support.nec.co.jp/View.aspx?id=3140100906" }, { "title": "WebOTX Web\u30b3\u30f3\u30c6\u30ca \u306e\u30cf\u30c3\u30b7\u30e5\u306b\u95a2\u3059\u308b\u8106\u5f31\u6027\uff08CVE-2011-4858\uff09\u306b\u3064\u3044\u3066", "trust": 0.8, "url": "https://www.support.nec.co.jp/View.aspx?id=3010100358" }, { "title": "InfoCage PC\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 - \u91cd\u8981\u306a\u304a\u77e5\u3089\u305b", "trust": 0.8, "url": "http://www.nec.co.jp/cced/infocage/info/pc_security_news120329.html" }, { "title": "Red Hat: Moderate: tomcat6 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120475 - Security Advisory" }, { "title": "Red Hat: Moderate: tomcat5 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120474 - Security Advisory" }, { "title": "Red Hat: Important: jbossweb security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120074 - Security Advisory" }, { "title": "Red Hat: Important: jbossweb security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120076 - Security Advisory" }, { "title": "Ubuntu Security Notice: tomcat6 vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1359-1" }, { "title": "Red Hat: Moderate: tomcat5 security and bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120680 - Security Advisory" }, { "title": "Red Hat: Moderate: tomcat6 security and bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120682 - Security Advisory" }, { "title": "", "trust": 0.1, "url": "https://github.com/Live-Hack-CVE/CVE-2011-4084 " } ], "sources": [ { "db": "VULMON", "id": "CVE-2011-4858" }, { "db": "JVNDB", "id": "JVNDB-2012-001003" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-399", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-001003" }, { "db": "NVD", "id": "CVE-2011-4858" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.9, "url": "http://www.ocert.org/advisories/ocert-2011-003.html" }, { "trust": 1.9, "url": "http://www.nruns.com/_downloads/advisory28122011.pdf" }, { "trust": 1.9, "url": "http://www.kb.cert.org/vuls/id/903934" }, { "trust": 1.2, "url": "http://rhn.redhat.com/errata/rhsa-2012-0074.html" }, { "trust": 1.2, "url": "http://rhn.redhat.com/errata/rhsa-2012-0325.html" }, { "trust": 1.2, "url": "http://rhn.redhat.com/errata/rhsa-2012-0078.html" }, { "trust": 1.1, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=750521" }, { "trust": 1.1, "url": "http://tomcat.apache.org/tomcat-7.0-doc/changelog.html" }, { "trust": 1.1, "url": "https://github.com/firefart/hashcollision-dos-poc/blob/master/hashtablepoc.py" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=132871655717248\u0026w=2" }, { "trust": 1.1, "url": "http://www.debian.org/security/2012/dsa-2401" }, { "trust": 1.1, "url": "http://secunia.com/advisories/48791" }, { "trust": 1.1, "url": "http://secunia.com/advisories/48790" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2" }, { "trust": 1.1, "url": "http://secunia.com/advisories/54971" }, { "trust": 1.1, "url": "http://secunia.com/advisories/55115" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2012-0089.html" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2012-0406.html" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2012-0075.html" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2012-0076.html" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2012-0077.html" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/51200" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a18886" }, { "trust": 1.1, "url": "http://secunia.com/advisories/48549" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=133294394108746\u0026w=2" }, { "trust": 1.0, "url": "http://mail-archives.apache.org/mod_mbox/tomcat-announce/201112.mbox/%3c4efb9800.5010106%40apache.org%3e" }, { "trust": 0.8, "url": "http://www.cs.rice.edu/~scrosby/hash/crosbywallach_usenixsec2003.pdf" }, { "trust": 0.8, "url": "http://technet.microsoft.com/en-us/security/bulletin/ms11-100.mspx" }, { "trust": 0.8, "url": "http://blogs.technet.com/b/srd/archive/2011/12/27/more-information-about-the-december-2011-asp-net-vulnerability.aspx" }, { "trust": 0.8, "url": "http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-talk/391606" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4858" }, { "trust": 0.8, "url": "http://www.ipa.go.jp/security/ciadr/vul/20120106-web.html" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu903934" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4858" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4858" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2526" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1184" }, { "trust": 0.6, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.6, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.6, "url": "https://www.redhat.com/security/data/cve/cve-2011-4858.html" }, { "trust": 0.6, "url": "http://bugzilla.redhat.com/):" }, { "trust": 0.5, "url": "https://www.redhat.com/security/data/cve/cve-2012-0022.html" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0022" }, { "trust": 0.5, "url": "https://www.redhat.com/security/data/cve/cve-2011-5063.html" }, { "trust": 0.5, "url": "https://www.redhat.com/security/data/cve/cve-2011-2526.html" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-5063" }, { "trust": 0.5, "url": "https://www.redhat.com/security/data/cve/cve-2011-5064.html" }, { "trust": 0.5, "url": "https://www.redhat.com/security/data/cve/cve-2011-1184.html" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-5064" }, { "trust": 0.5, "url": "https://www.redhat.com/security/data/cve/cve-2011-5062.html" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-5062" }, { "trust": 0.4, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/key/#package" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-4610.html" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4610" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2204" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3190" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3375" }, { "trust": 0.2, "url": "https://access.redhat.com/kb/docs/doc-11259" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.2, "url": "http://tomcat.apache.org/security-6.html" }, { "trust": 0.2, "url": "https://docs.redhat.com/docs/en-us/index.html" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/399.html" }, { "trust": 0.1, "url": "http://mail-archives.apache.org/mod_mbox/tomcat-announce/201112.mbox/%3c4efb9800.5010106@apache.org%3e" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2012:0475" }, { "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2011-4084" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/1359-1/" }, { "trust": 0.1, "url": "https://www.exploit-db.com/exploits/2012/" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=24901" }, { "trust": 0.1, "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs12-002/index.html" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47643" }, { "trust": 0.1, "url": "http://secunia.com/company/jobs/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/47643/#comments" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/47643/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0783" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0033" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0033" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0781" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2729" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2902" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-5062" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2902" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0534" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1183" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3718" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1475" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0534" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0013" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-5063" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3718" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1582" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0580" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4172" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-5064" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4312" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2693" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1475" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0781" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2227" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1088" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0580" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2901" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2526" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1183" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1184" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2204" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-5515" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0022" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2693" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1157" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4172" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1088" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2481" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0783" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4312" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4858" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2227" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2481" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0013" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1157" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2729" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5515" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2901" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3190" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1419" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3375" }, { "trust": 0.1, "url": "http://security.gentoo.org/glsa/glsa-201206-24.xml" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1582" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1419" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2012-0475.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-2204.html" }, { "trust": 0.1, "url": "https://issues.jboss.org/browse/jbpapp-6852" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3375.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3190.html" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2012-0682.html" }, { "trust": 0.1, "url": "https://issues.jboss.org/browse/jbpapp-6133" }, { "trust": 0.1, "url": "https://issues.jboss.org/browse/jbpapp-4873" }, { "trust": 0.1, "url": "https://access.redhat.com/knowledge/articles/11258" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=brms\u0026downloadtype=securitypatches\u0026version=5.2.0" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=soaplatform\u0026downloadtype=securitypatches\u0026version=5.2.0+ga" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=jbportal\u0026downloadtype=securitypatches\u0026version=5.2.0" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4085" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1484" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jbportal\u0026version=4.3+cp07" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-1484.html" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2012-0091.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-4085.html" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=communications.platform\u0026downloadtype=distributions" } ], "sources": [ { "db": "CERT/CC", "id": "VU#903934" }, { "db": "VULMON", "id": "CVE-2011-4858" }, { "db": "JVNDB", "id": "JVNDB-2012-001003" }, { "db": "PACKETSTORM", "id": "108860" }, { "db": "PACKETSTORM", "id": "114139" }, { "db": "PACKETSTORM", "id": "111783" }, { "db": "PACKETSTORM", "id": "112906" }, { "db": "PACKETSTORM", "id": "110084" }, { "db": "PACKETSTORM", "id": "109272" }, { "db": "PACKETSTORM", "id": "109367" }, { "db": "PACKETSTORM", "id": "109274" }, { "db": "NVD", "id": "CVE-2011-4858" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#903934" }, { "db": "VULMON", "id": "CVE-2011-4858" }, { "db": "JVNDB", "id": "JVNDB-2012-001003" }, { "db": "PACKETSTORM", "id": "108860" }, { "db": "PACKETSTORM", "id": "114139" }, { "db": "PACKETSTORM", "id": "111783" }, { "db": "PACKETSTORM", "id": "112906" }, { "db": "PACKETSTORM", "id": "110084" }, { "db": "PACKETSTORM", "id": "109272" }, { "db": "PACKETSTORM", "id": "109367" }, { "db": "PACKETSTORM", "id": "109274" }, { "db": "NVD", "id": "CVE-2011-4858" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2011-12-28T00:00:00", "db": "CERT/CC", "id": "VU#903934" }, { "date": "2012-01-05T00:00:00", "db": "VULMON", "id": "CVE-2011-4858" }, { "date": "2012-01-06T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-001003" }, { "date": "2012-01-20T08:20:03", "db": "PACKETSTORM", "id": "108860" }, { "date": "2012-06-24T23:54:31", "db": "PACKETSTORM", "id": "114139" }, { "date": "2012-04-12T03:14:12", "db": "PACKETSTORM", "id": "111783" }, { "date": "2012-05-22T00:21:41", "db": "PACKETSTORM", "id": "112906" }, { "date": "2012-02-23T04:44:48", "db": "PACKETSTORM", "id": "110084" }, { "date": "2012-02-01T02:55:02", "db": "PACKETSTORM", "id": "109272" }, { "date": "2012-02-03T00:18:35", "db": "PACKETSTORM", "id": "109367" }, { "date": "2012-02-01T02:55:27", "db": "PACKETSTORM", "id": "109274" }, { "date": "2012-01-05T19:55:01.033000", "db": "NVD", "id": "CVE-2011-4858" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-02-15T00:00:00", "db": "CERT/CC", "id": "VU#903934" }, { "date": "2018-01-09T00:00:00", "db": "VULMON", "id": "CVE-2011-4858" }, { "date": "2013-03-08T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-001003" }, { "date": "2024-11-21T01:33:07.977000", "db": "NVD", "id": "CVE-2011-4858" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "111783" }, { "db": "PACKETSTORM", "id": "112906" }, { "db": "PACKETSTORM", "id": "110084" }, { "db": "PACKETSTORM", "id": "109272" } ], "trust": 0.4 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Hash table implementations vulnerable to algorithmic complexity attacks", "sources": [ { "db": "CERT/CC", "id": "VU#903934" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "arbitrary", "sources": [ { "db": "PACKETSTORM", "id": "114139" } ], "trust": 0.1 } }
var-200705-0681
Vulnerability from variot
Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer.". Apache is prone to multiple denial-of-service vulnerabilities. An attacker with the ability to execute arbitrary server-side script-code can exploit these issues to stop arbitrary services on the affected computer in the context of the master webserver process; other attacks may also be possible.
A vulnerability was found in the Apache mod_cache module that could cause the httpd server child process to crash if it was sent a carefully crafted request. This could lead to a denial of service if using a threaded MPM (CVE-2007-1863). A local attacker with the ability to run scripts on the server could manipulate the scoreboard and cause arbitrary processes to be terminated (CVE-2007-3304).
Updated packages have been patched to prevent the above issues.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304
Updated Packages:
Mandriva Linux 2007.0: 5f906bba3e1195f5ffbc3fcb2a6bde38 2007.0/i586/apache-base-2.2.3-1.1mdv2007.0.i586.rpm 83a4844cd98ef203958796ce280a71b2 2007.0/i586/apache-devel-2.2.3-1.1mdv2007.0.i586.rpm 2a6853cad61ca0548715486c5d4c8a23 2007.0/i586/apache-htcacheclean-2.2.3-1.1mdv2007.0.i586.rpm bebbc850c030be2ef87ce12d420fb825 2007.0/i586/apache-mod_authn_dbd-2.2.3-1.1mdv2007.0.i586.rpm 9e08e4738b304aab4f90f4f18aa5da45 2007.0/i586/apache-mod_cache-2.2.3-1.1mdv2007.0.i586.rpm 989d0538f7882277053f6d4c89ca581c 2007.0/i586/apache-mod_dav-2.2.3-1.1mdv2007.0.i586.rpm c1c0fc53dd811dd6176800226574efbf 2007.0/i586/apache-mod_dbd-2.2.3-1.1mdv2007.0.i586.rpm e68509c01d66b9d42e676e7974360154 2007.0/i586/apache-mod_deflate-2.2.3-1.1mdv2007.0.i586.rpm 5596cb5359b7919125fc10be83598445 2007.0/i586/apache-mod_disk_cache-2.2.3-1.1mdv2007.0.i586.rpm d71b54240667224fd7da7fec4693c30b 2007.0/i586/apache-mod_file_cache-2.2.3-1.1mdv2007.0.i586.rpm 3571cab041e622f9399c57f377ac3fe3 2007.0/i586/apache-mod_ldap-2.2.3-1.1mdv2007.0.i586.rpm 598fdd7aad80fdc557142c5e9fc00677 2007.0/i586/apache-mod_mem_cache-2.2.3-1.1mdv2007.0.i586.rpm f4ec774478f5d198ad2e3d3384a5ad83 2007.0/i586/apache-mod_proxy-2.2.3-1.1mdv2007.0.i586.rpm ab7726290be59f03a5ade2029a2b02f8 2007.0/i586/apache-mod_proxy_ajp-2.2.3-1.1mdv2007.0.i586.rpm d72ab4173d51da4a0c1df63dbb52ccf5 2007.0/i586/apache-mod_ssl-2.2.3-1.1mdv2007.0.i586.rpm fcde0ec8b64d83402b53f926ec7fa835 2007.0/i586/apache-mod_userdir-2.2.3-1.1mdv2007.0.i586.rpm 58a0628d42d23c9aa5df6567789fad40 2007.0/i586/apache-modules-2.2.3-1.1mdv2007.0.i586.rpm 011487e1afdfb400419303182e5320c7 2007.0/i586/apache-mpm-prefork-2.2.3-1.1mdv2007.0.i586.rpm 7a755b22020153b44f8d00ba153d3d97 2007.0/i586/apache-mpm-worker-2.2.3-1.1mdv2007.0.i586.rpm ef6e11f0d26db492bc9fe83a2dbf53d7 2007.0/i586/apache-source-2.2.3-1.1mdv2007.0.i586.rpm 411b90e42ed304f329e9989d64a9dfc5 2007.0/SRPMS/apache-2.2.3-1.1mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64: 7c5408879073413fb27f2d40854813d0 2007.0/x86_64/apache-base-2.2.3-1.1mdv2007.0.x86_64.rpm c720f2a661616b0bf35bc353d14b9b3b 2007.0/x86_64/apache-devel-2.2.3-1.1mdv2007.0.x86_64.rpm 12164d6d70972cb9ed2fb6581e212bf1 2007.0/x86_64/apache-htcacheclean-2.2.3-1.1mdv2007.0.x86_64.rpm 5278f8d03ce9d59ec4929d4362b04bbe 2007.0/x86_64/apache-mod_authn_dbd-2.2.3-1.1mdv2007.0.x86_64.rpm 40c83185db12d04f4953a374b329ebb3 2007.0/x86_64/apache-mod_cache-2.2.3-1.1mdv2007.0.x86_64.rpm fe37fb1d4378c4bbcfd8d63bd57c3d4d 2007.0/x86_64/apache-mod_dav-2.2.3-1.1mdv2007.0.x86_64.rpm 0830bc5d1718a533e3358a45975596ce 2007.0/x86_64/apache-mod_dbd-2.2.3-1.1mdv2007.0.x86_64.rpm e18c3a6a322258e73b87170766aa7882 2007.0/x86_64/apache-mod_deflate-2.2.3-1.1mdv2007.0.x86_64.rpm fc8c27067e6b04bd549fe0b95579ebaa 2007.0/x86_64/apache-mod_disk_cache-2.2.3-1.1mdv2007.0.x86_64.rpm b31385db2199fd33eeb624c80e9d882a 2007.0/x86_64/apache-mod_file_cache-2.2.3-1.1mdv2007.0.x86_64.rpm 08123786649152eab65e123c75db8e66 2007.0/x86_64/apache-mod_ldap-2.2.3-1.1mdv2007.0.x86_64.rpm 7de4b739d93683648209dcdc69dd5473 2007.0/x86_64/apache-mod_mem_cache-2.2.3-1.1mdv2007.0.x86_64.rpm 85fde2923d945f3849d77f806b8bc55d 2007.0/x86_64/apache-mod_proxy-2.2.3-1.1mdv2007.0.x86_64.rpm b68991944f2989b6d3f89f7272239d76 2007.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.1mdv2007.0.x86_64.rpm 19871683773211daa721957dc5dd565d 2007.0/x86_64/apache-mod_ssl-2.2.3-1.1mdv2007.0.x86_64.rpm 5cf2a97219d6789e4572da1ecddedf16 2007.0/x86_64/apache-mod_userdir-2.2.3-1.1mdv2007.0.x86_64.rpm feede872aaf0ca4bbd86ffe24455e9cd 2007.0/x86_64/apache-modules-2.2.3-1.1mdv2007.0.x86_64.rpm a00a35d4eba8f538cea741b2fc4079f4 2007.0/x86_64/apache-mpm-prefork-2.2.3-1.1mdv2007.0.x86_64.rpm da86251e4417f068d2cafed30e380779 2007.0/x86_64/apache-mpm-worker-2.2.3-1.1mdv2007.0.x86_64.rpm ceb7fd32d3ad933ab6a914085f858911 2007.0/x86_64/apache-source-2.2.3-1.1mdv2007.0.x86_64.rpm 411b90e42ed304f329e9989d64a9dfc5 2007.0/SRPMS/apache-2.2.3-1.1mdv2007.0.src.rpm
Mandriva Linux 2007.1: 9daef91724ded29a3c76e74c261f7766 2007.1/i586/apache-base-2.2.4-6.2mdv2007.1.i586.rpm 9288ee938a0853d6e0072f839c68c1c2 2007.1/i586/apache-devel-2.2.4-6.2mdv2007.1.i586.rpm 613a986f9f654f1ce3432ee6f6db2391 2007.1/i586/apache-htcacheclean-2.2.4-6.2mdv2007.1.i586.rpm 8e0eb376d851d1ddba8850d4233fc3d3 2007.1/i586/apache-mod_authn_dbd-2.2.4-6.2mdv2007.1.i586.rpm 24de68668efa15e4abaaffd690837256 2007.1/i586/apache-mod_cache-2.2.4-6.2mdv2007.1.i586.rpm 288866908d43959c4b31c368346ba65d 2007.1/i586/apache-mod_dav-2.2.4-6.2mdv2007.1.i586.rpm d25838ec739d7a0037148f573262f81c 2007.1/i586/apache-mod_dbd-2.2.4-6.2mdv2007.1.i586.rpm ebad14bcccb73c8f8a27e98a6982a6f1 2007.1/i586/apache-mod_deflate-2.2.4-6.2mdv2007.1.i586.rpm 810d445f2146848b582e798e368b32ab 2007.1/i586/apache-mod_disk_cache-2.2.4-6.2mdv2007.1.i586.rpm 307de93279683b5b3e76ee6d971781cc 2007.1/i586/apache-mod_file_cache-2.2.4-6.2mdv2007.1.i586.rpm f59890e1bc38cfa598a4100705cf4cc6 2007.1/i586/apache-mod_ldap-2.2.4-6.2mdv2007.1.i586.rpm 098a05d1cbaa6bfa2d2707896dd6366c 2007.1/i586/apache-mod_mem_cache-2.2.4-6.2mdv2007.1.i586.rpm 6504f5e57440ff07da16de3d928898f6 2007.1/i586/apache-mod_proxy-2.2.4-6.2mdv2007.1.i586.rpm adc3a611a780e23178e93a6cedf135d4 2007.1/i586/apache-mod_proxy_ajp-2.2.4-6.2mdv2007.1.i586.rpm 659508a67fbe28b5dd9f861384ca1cf1 2007.1/i586/apache-mod_ssl-2.2.4-6.2mdv2007.1.i586.rpm 604eb70716d7e7b6bc6e8399cc4d9f5c 2007.1/i586/apache-mod_userdir-2.2.4-6.2mdv2007.1.i586.rpm 750d7cb431356abc88fe7a031f872b04 2007.1/i586/apache-modules-2.2.4-6.2mdv2007.1.i586.rpm 210be718db221db891452f05a001ee4e 2007.1/i586/apache-mpm-event-2.2.4-6.2mdv2007.1.i586.rpm 482e3d3af6756108c3e9a26ec2a8ac56 2007.1/i586/apache-mpm-itk-2.2.4-6.2mdv2007.1.i586.rpm b76ff4578c127ebd248b21a85a31140a 2007.1/i586/apache-mpm-prefork-2.2.4-6.2mdv2007.1.i586.rpm 2484dee8a4d4e7604a69abcd1b443954 2007.1/i586/apache-mpm-worker-2.2.4-6.2mdv2007.1.i586.rpm 9823f9b97e1829df97999494c3a3d453 2007.1/i586/apache-source-2.2.4-6.2mdv2007.1.i586.rpm ccbd9fad2b29ff86d8601f7201f48d72 2007.1/SRPMS/apache-2.2.4-6.2mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64: 4d043339268bff11fa07897ee3dc2988 2007.1/x86_64/apache-base-2.2.4-6.2mdv2007.1.x86_64.rpm afbae73f408fa95c9e4d25e3aa39583d 2007.1/x86_64/apache-devel-2.2.4-6.2mdv2007.1.x86_64.rpm d92c22ff28fcd919b3a8525f753066c3 2007.1/x86_64/apache-htcacheclean-2.2.4-6.2mdv2007.1.x86_64.rpm abe81d2effd6f4975accbdc8d25d089e 2007.1/x86_64/apache-mod_authn_dbd-2.2.4-6.2mdv2007.1.x86_64.rpm 480d5c31af3289f26953a691f92e2a51 2007.1/x86_64/apache-mod_cache-2.2.4-6.2mdv2007.1.x86_64.rpm 3feae93ade4038e67fcbaa691f2a74aa 2007.1/x86_64/apache-mod_dav-2.2.4-6.2mdv2007.1.x86_64.rpm b60eead7fe808fbc5eff6cb34f1de80b 2007.1/x86_64/apache-mod_dbd-2.2.4-6.2mdv2007.1.x86_64.rpm 023afee3221da629fd8e1d34006b7463 2007.1/x86_64/apache-mod_deflate-2.2.4-6.2mdv2007.1.x86_64.rpm 1180446c8cf65c196352006d6da00e17 2007.1/x86_64/apache-mod_disk_cache-2.2.4-6.2mdv2007.1.x86_64.rpm 0e8c2dfc0e42c23b0afbada9f8868bb6 2007.1/x86_64/apache-mod_file_cache-2.2.4-6.2mdv2007.1.x86_64.rpm 32aa45f45b8893d6c23c6892b7ad7e62 2007.1/x86_64/apache-mod_ldap-2.2.4-6.2mdv2007.1.x86_64.rpm 15c20ffb5fdc8ab2a6fa92157c9f0536 2007.1/x86_64/apache-mod_mem_cache-2.2.4-6.2mdv2007.1.x86_64.rpm f91fd6552f480eb36d030bb2e91d30b4 2007.1/x86_64/apache-mod_proxy-2.2.4-6.2mdv2007.1.x86_64.rpm 2c9d1e35af7adebaeb6284bf5da4dd5f 2007.1/x86_64/apache-mod_proxy_ajp-2.2.4-6.2mdv2007.1.x86_64.rpm caa59aaba47c89d20e799a3f02271afd 2007.1/x86_64/apache-mod_ssl-2.2.4-6.2mdv2007.1.x86_64.rpm 8ac44f8c409ea29492a3acdc1eb44c7f 2007.1/x86_64/apache-mod_userdir-2.2.4-6.2mdv2007.1.x86_64.rpm 0f2198ec988390ff3b7843a1e7090517 2007.1/x86_64/apache-modules-2.2.4-6.2mdv2007.1.x86_64.rpm 2548664fde736f25acf59f46c847d1ff 2007.1/x86_64/apache-mpm-event-2.2.4-6.2mdv2007.1.x86_64.rpm 2434c402bae11969ddf5281f2f042d24 2007.1/x86_64/apache-mpm-itk-2.2.4-6.2mdv2007.1.x86_64.rpm 8a06ecd19726db033496a042c6a6be2f 2007.1/x86_64/apache-mpm-prefork-2.2.4-6.2mdv2007.1.x86_64.rpm e8d339c397409391f3fb36f704c38c6c 2007.1/x86_64/apache-mpm-worker-2.2.4-6.2mdv2007.1.x86_64.rpm 8a6f923428242f7aa1b4d489739e241b 2007.1/x86_64/apache-source-2.2.4-6.2mdv2007.1.x86_64.rpm ccbd9fad2b29ff86d8601f7201f48d72 2007.1/SRPMS/apache-2.2.4-6.2mdv2007.1.src.rpm
Corporate 4.0: 74beb8d1579ce5d5f12c8b15981b6e63 corporate/4.0/i586/apache-base-2.2.3-1.1.20060mlcs4.i586.rpm 326a8259b0d99bc2938bfa6cd85743e7 corporate/4.0/i586/apache-devel-2.2.3-1.1.20060mlcs4.i586.rpm ca305d0928255a65814af781b345a056 corporate/4.0/i586/apache-htcacheclean-2.2.3-1.1.20060mlcs4.i586.rpm 48c2b6a5ee11c3f011b1f6dc60a86479 corporate/4.0/i586/apache-mod_authn_dbd-2.2.3-1.1.20060mlcs4.i586.rpm b81a3077cb88a34af43a61ad6f2559ea corporate/4.0/i586/apache-mod_cache-2.2.3-1.1.20060mlcs4.i586.rpm ba5aee0b2a86182560e54f0cf4d360bd corporate/4.0/i586/apache-mod_dav-2.2.3-1.1.20060mlcs4.i586.rpm b696352106c5a0d1697385523455c767 corporate/4.0/i586/apache-mod_dbd-2.2.3-1.1.20060mlcs4.i586.rpm e79f271f000dd7f3a009cca70fd7e4a2 corporate/4.0/i586/apache-mod_deflate-2.2.3-1.1.20060mlcs4.i586.rpm c7bdb987f61099b64e751639ca02dd8a corporate/4.0/i586/apache-mod_disk_cache-2.2.3-1.1.20060mlcs4.i586.rpm b0303fcc2f43bdcf25419dde56df2297 corporate/4.0/i586/apache-mod_file_cache-2.2.3-1.1.20060mlcs4.i586.rpm f818ff0f890abe230c92069f9d256e5c corporate/4.0/i586/apache-mod_ldap-2.2.3-1.1.20060mlcs4.i586.rpm 4247be23e42c368b3880c7ab5ac13c89 corporate/4.0/i586/apache-mod_mem_cache-2.2.3-1.1.20060mlcs4.i586.rpm e50f1749935c96d3364bdce9af5d22bf corporate/4.0/i586/apache-mod_proxy-2.2.3-1.1.20060mlcs4.i586.rpm a619b4e0130d1db7f77a790fee0917a6 corporate/4.0/i586/apache-mod_proxy_ajp-2.2.3-1.1.20060mlcs4.i586.rpm 8170e0e77256f08d07b02119400a19f9 corporate/4.0/i586/apache-mod_ssl-2.2.3-1.1.20060mlcs4.i586.rpm 4a5d94d4f94295efe48266a1d529486e corporate/4.0/i586/apache-mod_userdir-2.2.3-1.1.20060mlcs4.i586.rpm 7c0c27197d6b44115366eac339c424f2 corporate/4.0/i586/apache-modules-2.2.3-1.1.20060mlcs4.i586.rpm 56351aafc723fdea2f2fac22d5046944 corporate/4.0/i586/apache-mpm-prefork-2.2.3-1.1.20060mlcs4.i586.rpm ccbb2f27b762b5dd564dc7a00aac6db0 corporate/4.0/i586/apache-mpm-worker-2.2.3-1.1.20060mlcs4.i586.rpm a65137ff29ed6a1da1f894d19997faec corporate/4.0/i586/apache-source-2.2.3-1.1.20060mlcs4.i586.rpm 8cdf592a822485abba00dfb6591615ea corporate/4.0/SRPMS/apache-2.2.3-1.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64: 7a9b4f5b3fcf2cac67e4c38022ee2441 corporate/4.0/x86_64/apache-base-2.2.3-1.1.20060mlcs4.x86_64.rpm 5604ba341d957fbe6182bd2eb29a8e9d corporate/4.0/x86_64/apache-devel-2.2.3-1.1.20060mlcs4.x86_64.rpm 8983bda4bbe3b58f9c6c317531eb52b7 corporate/4.0/x86_64/apache-htcacheclean-2.2.3-1.1.20060mlcs4.x86_64.rpm 9baf252cbc8ef8a093ed25e7a0daf25d corporate/4.0/x86_64/apache-mod_authn_dbd-2.2.3-1.1.20060mlcs4.x86_64.rpm 26cc58bcbfd25a83c15051c8f590a36d corporate/4.0/x86_64/apache-mod_cache-2.2.3-1.1.20060mlcs4.x86_64.rpm 941a32aea1b1b3bca1ae343d5d925892 corporate/4.0/x86_64/apache-mod_dav-2.2.3-1.1.20060mlcs4.x86_64.rpm 1d79a7b921ce150de88e22ffbaba4b31 corporate/4.0/x86_64/apache-mod_dbd-2.2.3-1.1.20060mlcs4.x86_64.rpm d80b9ffca3dd024e73d069e55ba7fa3e corporate/4.0/x86_64/apache-mod_deflate-2.2.3-1.1.20060mlcs4.x86_64.rpm 7a7a11645680a7bee9cf88b166b0d32f corporate/4.0/x86_64/apache-mod_disk_cache-2.2.3-1.1.20060mlcs4.x86_64.rpm fcc85c0f9faf1fa08a01f3d4ecb68033 corporate/4.0/x86_64/apache-mod_file_cache-2.2.3-1.1.20060mlcs4.x86_64.rpm 55789d16ff565bcd31dfa522435d4d4b corporate/4.0/x86_64/apache-mod_ldap-2.2.3-1.1.20060mlcs4.x86_64.rpm 7ee708824d65878b71ede35e139ac94d corporate/4.0/x86_64/apache-mod_mem_cache-2.2.3-1.1.20060mlcs4.x86_64.rpm e8579835f848cade641da14354196497 corporate/4.0/x86_64/apache-mod_proxy-2.2.3-1.1.20060mlcs4.x86_64.rpm 6a1e70a638aecf603f3bc2485d14bd78 corporate/4.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.1.20060mlcs4.x86_64.rpm 212f40574d0821b909972ebc36fb697a corporate/4.0/x86_64/apache-mod_ssl-2.2.3-1.1.20060mlcs4.x86_64.rpm 32a8dd886e42c8093be05c9ee4d31855 corporate/4.0/x86_64/apache-mod_userdir-2.2.3-1.1.20060mlcs4.x86_64.rpm 265bccd86baa7fca942f1c6d4d694523 corporate/4.0/x86_64/apache-modules-2.2.3-1.1.20060mlcs4.x86_64.rpm babdb585a6c754f23d91c41fc844a5e2 corporate/4.0/x86_64/apache-mpm-prefork-2.2.3-1.1.20060mlcs4.x86_64.rpm 63274f5c5dc3897d0062f621b1c63e0e corporate/4.0/x86_64/apache-mpm-worker-2.2.3-1.1.20060mlcs4.x86_64.rpm 18782a1fcbcb760d36162ce830ac4cdd corporate/4.0/x86_64/apache-source-2.2.3-1.1.20060mlcs4.x86_64.rpm 8cdf592a822485abba00dfb6591615ea corporate/4.0/SRPMS/apache-2.2.3-1.1.20060mlcs4.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFGjD3WmqjQ0CJFipgRAtGoAKCXMGCKCMbkso0ugvF0TpsWNwkPjgCfVakS Re00IyLecNs4MIGgsrv2qJE= =5EEm -----END PGP SIGNATURE-----
.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/apache < 2.2.6 *>= 2.0.59-r5 >= 2.2.6
Description
Multiple cross-site scripting vulnerabilities have been discovered in mod_status and mod_autoindex (CVE-2006-5752, CVE-2007-4465). An error has been discovered in the recall_headers() function in mod_mem_cache (CVE-2007-1862). The mod_cache module does not properly sanitize requests before processing them (CVE-2007-1863). The Prefork module does not properly check PID values before sending signals (CVE-2007-3304). The mod_proxy module does not correctly check headers before processing them (CVE-2007-3847).
Impact
A remote attacker could exploit one of these vulnerabilities to inject arbitrary script or HTML content, obtain sensitive information or cause a Denial of Service.
Workaround
There is no known workaround at this time.
Resolution
All Apache users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-servers/apache-2.0.59-r5"
References
[ 1 ] CVE-2006-5752 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752 [ 2 ] CVE-2007-1862 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1862 [ 3 ] CVE-2007-1863 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863 [ 4 ] CVE-2007-3304 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304 [ 5 ] CVE-2007-3847 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847 [ 6 ] CVE-2007-4465 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4465
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200711-06.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUPPORT COMMUNICATION - SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01182588 Version: 1
HPSBUX02273 SSRT071476 rev. 1 - HP-UX running Apache, Remote Unauthorized Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2007-10-10 Last Updated: 2007-10-10
Potential Security Impact: Remote Unauthorized Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP-UX Apache version 2.0.59. The vulnerability could be exploited remotely to create a Denial of Service (DoS).
References: CVE-2007-3847, CVE-2007-3304
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running Apache 2.0.59.00
BACKGROUND
To determine if a system has an affected version, search the output of "swlist -a revision -l fileset" for an affected fileset. Then determine if the recommended action has been taken.
AFFECTED VERSIONS
For IPv4: HP-UX B.11.11 ============= hpuxwsAPACHE action: install revision B.2.0.59.00.0 or subsequent restart Apache URL: ftp://ssrt1476:ssrt1476@hprc.external.hp.com
For IPv6: HP-UX B.11.11 HP-UX B.11.23 HP-UX B.11.31 ============= hpuxwsAPACHE,revision=B.1.0.00.01 hpuxwsAPACHE,revision=B.1.0.07.01 hpuxwsAPACHE,revision=B.1.0.08.01 hpuxwsAPACHE,revision=B.1.0.09.01 hpuxwsAPACHE,revision=B.1.0.10.01 hpuxwsAPACHE,revision=B.2.0.48.00 hpuxwsAPACHE,revision=B.2.0.49.00 hpuxwsAPACHE,revision=B.2.0.50.00 hpuxwsAPACHE,revision=B.2.0.51.00 hpuxwsAPACHE,revision=B.2.0.52.00 hpuxwsAPACHE,revision=B.2.0.53.00 hpuxwsAPACHE,revision=B.2.0.54.00 hpuxwsAPACHE,revision=B.2.0.55.00 hpuxwsAPACHE,revision=B.2.0.56.00 hpuxwsAPACHE,revision=B.2.0.58.00 hpuxwsAPACHE,revision=B.2.0.58.01 hpuxwsAPACHE,revision=B.2.0.59.00
action: install revision B.2.0.59.00.0 or subsequent restart Apache URL: ftp://ssrt1476:ssrt1476@hprc.external.hp.com
END AFFECTED VERSIONS
RESOLUTION HP has made the following available to resolve the vulnerability.
OS Release Depot name MD5 Sum
B.11.11 (IPv4) HPUXWSA-B218-01-1111ipv4.depot eb3bb933baac0f05e1e0809ef1e84eb2
B.11.11 (IPv6) HPUXWSA-B218-01-1111ipv6.depot 540a56b155699336bcbfac0eaf87e3ce
B.11.23 PA-32 HPUXWSA-B218-01-1123-32.depot 2900a0cbea01b6905dc768680fbd5381
B.11.23 IA-64 HPUXWSA-B218-01-1123-64.depot 3be084d96e8a509692e37c71c0184014
B.11.31 PA-32 HPUXWSA-B218-01-1131-32.depot 861122eef70f1b53d68c5adafc64cdb5
B.11.31 IA-64 HPUXWSA-B218-01-1131-64.depot 8dc57222257fe27fb5994da16e91f9a4
The updates are available from: ftp://ssrt1476:ssrt1476@hprc.external.hp.com/ ftp://ssrt1476:ssrt1476@192.170.19.100/
MANUAL ACTIONS: Yes - Update Install Apache 2.0.59.00.0 or subsequent.
PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all HP-issued Security Bulletins and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
HISTORY Revision: 1 (rev.1) - 10 October 2007 Initial release
Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
- The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux
TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
\xa9Copyright 2007 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: PGP 8.1
iQA/AwUBRw4UMuAfOvwtKn1ZEQLDowCgnVZZuBkuV66atvv6mh6sxARqYYkAmQEy 7CP41v96ckMOtfU4yeG76pv2 =VMzd -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
VMware Security Advisory
Advisory ID: VMSA-2009-0010 Synopsis: VMware Hosted products update libpng and Apache HTTP Server Issue date: 2009-08-20 Updated on: 2009-08-20 (initial release of advisory) CVE numbers: CVE-2009-0040 CVE-2007-3847 CVE-2007-1863 CVE-2006-5752 CVE-2007-3304 CVE-2007-6388 CVE-2007-5000 CVE-2008-0005
- Summary
Updated VMware Hosted products address security issues in libpng and the Apace HTTP Server.
- Relevant releases
VMware Workstation 6.5.2 and earlier, VMware Player 2.5.2 and earlier, VMware ACE 2.5.2 and earlier
- Problem Description
a. Third Party Library libpng Updated to 1.2.35
Several flaws were discovered in the way third party library libpng
handled uninitialized pointers. An attacker could create a PNG image
file in such a way, that when loaded by an application linked to
libpng, it could cause the application to crash or execute arbitrary
code at the privilege level of the user that runs the application.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2009-0040 to this issue.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
Workstation 6.5.x any 6.5.3 build 185404 or later
Player 2.5.x any 2.5.3 build 185404 or later
ACE 2.5.x any 2.5.3 build 185404 or later
Server 2.x any patch pending
Server 1.x any patch pending
Fusion 2.x Mac OS/X not affected
Fusion 1.x Mac OS/X not affected
ESXi 4.0 ESXi not affected
ESXi 3.5 ESXi not affected
ESX 4.0 ESX not affected
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
ESX 3.0.2 ESX not affected
ESX 2.5.5 ESX not affected *
* The libpng update for the Service Console of ESX 2.5.5 is
documented in VMSA-2009-0007.
b. Apache HTTP Server updated to 2.0.63
The new version of ACE updates the Apache HTTP Server on Windows
hosts to version 2.0.63 which addresses multiple security issues
that existed in the previous versions of this server.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2007-3847, CVE-2007-1863, CVE-2006-5752,
CVE-2007-3304, CVE-2007-6388, CVE-2007-5000, CVE-2008-0005 to the
issues that have been addressed by this update.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
Workstation 6.5.x any not affected
Player 2.5.x any not affected
ACE 2.5.x Windows 2.5.3 build 185404 or later
ACE 2.5.x Linux update Apache on host system *
Server 2.x any not affected
Server 1.x any not affected
Fusion 2.x Mac OS/X not affected
Fusion 1.x Mac OS/X not affected
ESXi 4.0 ESXi not affected
ESXi 3.5 ESXi not affected
ESX 4.0 ESX not affected
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
ESX 3.0.2 ESX not affected
ESX 2.5.5 ESX not affected
* The Apache HTTP Server is not part of an ACE install on a Linux
host. Update the Apache HTTP Server on the host system to version
2.0.63 in order to remediate the vulnerabilities listed above.
- Solution
Please review the patch/release notes for your product and version and verify the md5sum and/or the sha1sum of your downloaded file.
VMware Workstation 6.5.3
http://www.vmware.com/download/ws/ Release notes: http://www.vmware.com/support/ws65/doc/releasenotes_ws653.html
For Windows
Workstation for Windows 32-bit and 64-bit Windows 32-bit and 64-bit .exe md5sum: 7565d16b7d7e0173b90c3b76ca4656bc sha1sum: 9f687afd8b0f39cde40aeceb3213a91be487aad1
For Linux
Workstation for Linux 32-bit Linux 32-bit .rpm md5sum: 4d55c491bd008ded0ea19f373d1d1fd4 sha1sum: 1f43131c960e76a530390d3b6984c78dfc2da23e
Workstation for Linux 32-bit Linux 32-bit .bundle md5sum: d4a721c1918c0e8a87c6fa4bad49ad35 sha1sum: c0c6f9b56e70bd3ffdb5467ee176110e283a69e5
Workstation for Linux 64-bit Linux 64-bit .rpm md5sum: 72adfdb03de4959f044fcb983412ae7c sha1sum: ba16163c8d9b5aa572526b34a7b63dc6e68f9bbb
Workstation for Linux 64-bit Linux 64-bit .bundle md5sum: 83e1f0c94d6974286256c4d3b559e854 sha1sum: 8763f250a3ac5fc4698bd26319b93fecb498d542
VMware Player 2.5.3
http://www.vmware.com/download/player/ Release notes: http://www.vmware.com/support/player25/doc/releasenotes_player253.html
Player for Windows binary
http://download3.vmware.com/software/vmplayer/VMware-player-2.5.3-185404.exe md5sum: fe28f193374c9457752ee16cd6cad4e7 sha1sum: 13bd3ff93c04fa272544d3ef6de5ae746708af04
Player for Linux (.rpm)
http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.i386.rpm md5sum: c99cd65f19fdfc7651bcb7f328b73bc2 sha1sum: a33231b26e2358a72d16e1b4e2656a5873fe637e
Player for Linux (.bundle)
http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.i386.bundle md5sum: 210f4cb5615bd3b2171bc054b9b2bac5 sha1sum: 2f6497890b17b37480165bab9f430e8645edae9b
Player for Linux - 64-bit (.rpm)
http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.x86_64.rpm md5sum: f91576ef90b322d83225117ae9335968 sha1sum: f492fa9cf26ee2818f164aac04cde1680c25d974
Player for Linux - 64-bit (.bundle)
http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.x86_64.bundle md5sum: 595d44d7945c129b1aeb679d2f001b05 sha1sum: acd69fcb0c6bc49fd4af748c65c7fb730ab1e8c4
VMware ACE 2.5.3
http://www.vmware.com/download/ace/ Release notes: http://www.vmware.com/support/ace25/doc/releasenotes_ace253.html
ACE Management Server Virtual Appliance AMS Virtual Appliance .zip md5sum: 44cc7b86353047f02cf6ea0653e38418 sha1sum: 9f44b15e6681a6e58dd20784f829c68091a62cd1
VMware ACE for Windows 32-bit and 64-bit Windows 32-bit and 64-bit .exe md5sum: 0779da73408c5e649e0fd1c62d23820f sha1sum: 2b2e4963adc89f3b642874685f490222523b63ef
ACE Management Server for Windows Windows .exe md5sum: 0779da73408c5e649e0fd1c62d23820f sha1sum: 2b2e4963adc89f3b642874685f490222523b63ef
ACE Management Server for SUSE Enterprise Linux 9 SLES 9 .rpm md5sum: a4fc92d7197f0d569361cdf4b8cca642 sha1sum: af8a135cca398cacaa82c8c3c325011c6cd3ed75
ACE Management Server for Red Hat Enterprise Linux 4 RHEL 4 .rpm md5sum: 841005151338c8b954f08d035815fd58 sha1sum: 67e48624dba20e6be9e41ec9a5aba407dd8cc01e
- References
CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0040 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005
- Change log
2009-08-20 VMSA-2009-0010 Initial security advisory after release of Workstation 6.5.3, Player 2.5.3, and ACE 2.5.3 on 2009-08-20.
- Contact
E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
- security-announce at lists.vmware.com
- bugtraq at securityfocus.com
- full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055
VMware Security Center http://www.vmware.com/security
VMware security response policy http://www.vmware.com/support/policies/security_response.html
General support life cycle policy http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html
Copyright 2009 VMware Inc. All rights reserved. =========================================================== Ubuntu Security Notice USN-499-1 August 16, 2007 apache2 vulnerabilities CVE-2006-5752, CVE-2007-1863, CVE-2007-3304 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 6.06 LTS: apache2-common 2.0.55-4ubuntu2.2 apache2-mpm-prefork 2.0.55-4ubuntu2.2 apache2-mpm-worker 2.0.55-4ubuntu2.2
Ubuntu 6.10: apache2-common 2.0.55-4ubuntu4.1 apache2-mpm-prefork 2.0.55-4ubuntu4.1 apache2-mpm-worker 2.0.55-4ubuntu4.1
Ubuntu 7.04: apache2-mpm-prefork 2.2.3-3.2ubuntu0.1 apache2-mpm-worker 2.2.3-3.2ubuntu0.1 apache2.2-common 2.2.3-3.2ubuntu0.1
In general, a standard system upgrade is sufficient to effect the necessary changes.
Details follow:
Stefan Esser discovered that mod_status did not force a character set, which could result in browsers becoming vulnerable to XSS attacks when processing the output. If a user were tricked into viewing server status output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. By default, mod_status is disabled in Ubuntu. (CVE-2006-5752)
Niklas Edmundsson discovered that the mod_cache module could be made to crash using a specially crafted request. A remote user could use this to cause a denial of service if Apache was configured to use a threaded worker. By default, mod_cache is disabled in Ubuntu. (CVE-2007-1863)
A flaw was discovered in the signal handling of Apache. A local attacker could trick Apache into sending SIGUSR1 to other processes. The vulnerable code was only present in Ubuntu Feisty. (CVE-2007-3304)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2.diff.gz
Size/MD5: 115882 e94e45574e3b131d3a9a0e07e193f1e5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2.dsc
Size/MD5: 1148 c2bc143625fbf8ca59fea300845c5a42
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz
Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.2_all.deb
Size/MD5: 2124364 9b8ca5d5757c63f5ee6bbd507f0a8357
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.2_amd64.deb
Size/MD5: 833000 be4c7770c725f5f4401ca06d1347211f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.2_amd64.deb
Size/MD5: 227832 41c12dfe84f109e6544a33e4e1d791a8
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.2_amd64.deb
Size/MD5: 222934 7e4d072bad27239e366a6eda94c09190
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.2_amd64.deb
Size/MD5: 227576 8fc59f78a3fa0e5d6dac81e875039bda
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.2_amd64.deb
Size/MD5: 171082 4318f93373b705563251f377ed398614
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.2_amd64.deb
Size/MD5: 171860 257f4183d70be5a00546c39c5a18f108
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.2_amd64.deb
Size/MD5: 93916 695cee55f91ceb9424abe31d8b6ee1dd
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2_amd64.deb
Size/MD5: 35902 00c1082a77ff1d863f72874c4472a26d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.2_amd64.deb
Size/MD5: 285336 0a8510634b21f56f0d9619aa6fc9cec9
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.2_amd64.deb
Size/MD5: 143952 d75f83ac219bce95a15a8f44b82b8ea7
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.2_i386.deb
Size/MD5: 786186 4e78fa0d438867194f66b11b4eb6fc2e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.2_i386.deb
Size/MD5: 202448 74cf60884e18c1fc93f157010a15b12c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.2_i386.deb
Size/MD5: 198456 209a0b92995fec453ed4c2c181e3e555
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.2_i386.deb
Size/MD5: 202038 6cbd437caf993fa2b2b38369cd3d5863
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.2_i386.deb
Size/MD5: 171074 0a5a26aa58af7aa2d51d1cf5d7c543d6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.2_i386.deb
Size/MD5: 171848 af9ca78febc5bc0c7936296dab958349
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.2_i386.deb
Size/MD5: 91884 2857d60b507b28c736f83815c9f3d1b8
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2_i386.deb
Size/MD5: 35906 202b5b233af0d26e29ca7302cf7fd04c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.2_i386.deb
Size/MD5: 261418 c90342706ac26682d15032a5ba5cb51a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.2_i386.deb
Size/MD5: 131850 951a4573901bc2f10d5febf940d57516
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.2_powerpc.deb
Size/MD5: 859126 afdd8642ca447fc9dc70dfed92be0fa6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.2_powerpc.deb
Size/MD5: 219898 6d9c9f924d2356bf9d3438a280870a7d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.2_powerpc.deb
Size/MD5: 215602 dd554132cdea0f860e01cf5d4e0dbc7c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.2_powerpc.deb
Size/MD5: 219378 7a1f4b325dacef287c901fa66680c04e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.2_powerpc.deb
Size/MD5: 171096 a0e2547d38ef1b84dc419d69e42ffa0b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.2_powerpc.deb
Size/MD5: 171864 200ab662b2c13786658486df37fda881
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.2_powerpc.deb
Size/MD5: 103628 ae36642fbd4698bb362fa4bf9417b0e3
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2_powerpc.deb
Size/MD5: 35910 358027282f2f19451d3aa784dc0474dc
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.2_powerpc.deb
Size/MD5: 280950 0d9b56ec076da25e2a03f6d3c6445057
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.2_powerpc.deb
Size/MD5: 141074 f5d3d5e0e5911e0c0156ae55af50f87b
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.2_sparc.deb
Size/MD5: 803440 d66da6a91c08956c3c5062668349ef41
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.2_sparc.deb
Size/MD5: 209970 57f0a8f823a4502ee9a2608e3181cc81
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.2_sparc.deb
Size/MD5: 205582 1dcfb0df796e85c409f614544ea589fe
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.2_sparc.deb
Size/MD5: 209330 6bf7ae824eea35d3487febef384fce91
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.2_sparc.deb
Size/MD5: 171080 1088337f4abcb6c8f65751b6120c2307
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.2_sparc.deb
Size/MD5: 171868 5cda04cd73a9c6d8dfc18abd55c09ebd
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.2_sparc.deb
Size/MD5: 92972 850ab3bb0904e8fe9b6255c42ba7f84c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2_sparc.deb
Size/MD5: 35904 7af260b95c4faa17ef34810fed888caf
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.2_sparc.deb
Size/MD5: 267550 08182a8a2cab00fc0e6bca2cccf5165f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.2_sparc.deb
Size/MD5: 129760 a60606c6d2f12209b0bdae997be4a13f
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1.diff.gz
Size/MD5: 116265 2732761b18dfb3c2cd1aa0b54c2cf623
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1.dsc
Size/MD5: 1148 4b9c4612469c521db0c5fdbe2f6b9b25
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz
Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu4.1_all.deb
Size/MD5: 2124550 8d5c30342b35f9fd595fb09d7659b6fc
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.1_amd64.deb
Size/MD5: 836342 2c4ba483b0b20fdc2d43819109177941
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.1_amd64.deb
Size/MD5: 227390 e61cc1998f5b8f2c44dce587e59d288a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.1_amd64.deb
Size/MD5: 222376 6bdbff7f7f80fd464d1e3ec52d6e7171
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.1_amd64.deb
Size/MD5: 226848 4356b4caf2b40f364c8893c41b9f9355
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.1_amd64.deb
Size/MD5: 171304 c4395af051e876228541ef5b8037d979
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.1_amd64.deb
Size/MD5: 172074 99dadc4ad0f0947f9368d89f4589d95a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.1_amd64.deb
Size/MD5: 94204 30f3bb8c72575fe93940ecc730b8e4b6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1_amd64.deb
Size/MD5: 36152 ea3cbefcbee7e2f6e5555edb44733ad9
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.1_amd64.deb
Size/MD5: 286544 d555931490d44d93bec31c4bfc19ed12
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.1_amd64.deb
Size/MD5: 145014 3e06ceb0a55598d82f9f781c44e210b3
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.1_i386.deb
Size/MD5: 806938 050bb7665332d3761e1a8e47939fa507
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.1_i386.deb
Size/MD5: 209556 ee530b24aba8838001ebb6c901bc90cd
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.1_i386.deb
Size/MD5: 205718 b52a17c63909eae3c49bad0ab1958f4b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.1_i386.deb
Size/MD5: 209158 1844fa5e09224a90944f8b886ddb5a2a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.1_i386.deb
Size/MD5: 171296 9de8aba41f7e3d60f41536ca712adebb
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.1_i386.deb
Size/MD5: 172078 01ccd554177364747b08e2933f121d2c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.1_i386.deb
Size/MD5: 93240 4573597317416869646eb2ea42cd0945
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1_i386.deb
Size/MD5: 36150 77666d65bade6a91bd58826c79f11dc9
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.1_i386.deb
Size/MD5: 266390 a3963d8e76f6865404f7fadb47880c87
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.1_i386.deb
Size/MD5: 137604 387f6bcdaa58dbbe53082241b3231844
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.1_powerpc.deb
Size/MD5: 865372 27d7f1de1fcb2114d3f3b0a774302488
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.1_powerpc.deb
Size/MD5: 221542 1ae8fa5cf4b77f3b2aa054e2886e587e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.1_powerpc.deb
Size/MD5: 217044 9134983c40107f79fcac8d1eacbc7117
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.1_powerpc.deb
Size/MD5: 221324 b435dc09c63ecbcd564a0923a8f07350
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.1_powerpc.deb
Size/MD5: 171296 6d2a0abfb7a1daaeae56559eeb322dcb
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.1_powerpc.deb
Size/MD5: 172064 ecc2037409554ea43c5a6848aa510c76
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.1_powerpc.deb
Size/MD5: 104654 d0957d8df044c4a34437241792ed97d1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1_powerpc.deb
Size/MD5: 36148 34e102e1d2e1c6a6f31801dfb98cb82a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.1_powerpc.deb
Size/MD5: 284548 c8f325ccc42cbe77191d4ddd9abc2a4e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.1_powerpc.deb
Size/MD5: 144238 82cfbfcec5fc4931078145af8947c035
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.1_sparc.deb
Size/MD5: 811594 d8548e537fd81994bbb638e105dfbf8b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.1_sparc.deb
Size/MD5: 212160 81cd0197ff89b79c967c1074ede9f8d7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.1_sparc.deb
Size/MD5: 207870 5d80ed8dc39b0d4d59fccb747624a684
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.1_sparc.deb
Size/MD5: 211578 9407383d85db831dab728b39cce9acc8
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.1_sparc.deb
Size/MD5: 171294 5e4d695a99bdc1fdfb0bfcef8b91d03d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.1_sparc.deb
Size/MD5: 172064 06e3e765d799e281dba7329ff9d9e138
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.1_sparc.deb
Size/MD5: 93796 1048b47b289fb2047fa9ac7ebbe94a57
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1_sparc.deb
Size/MD5: 36150 0d106a177aa4271b1cfc0e96eec1a748
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.1_sparc.deb
Size/MD5: 268444 3912123e7c71cc638132305ca89fe23b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.1_sparc.deb
Size/MD5: 130626 f4444e0239c2da7d3c31e3486606f95a
Updated packages for Ubuntu 7.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu0.1.diff.gz
Size/MD5: 112120 f7b1a17718aed7ca73da3a6d7aad06b0
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu0.1.dsc
Size/MD5: 1128 e82b1bee591fff50d6673ed1a443e543
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3.orig.tar.gz
Size/MD5: 6342475 f72ffb176e2dc7b322be16508c09f63c
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.3-3.2ubuntu0.1_all.deb
Size/MD5: 2199184 c03756f87cb164213428532f70e0c198
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.3-3.2ubuntu0.1_all.deb
Size/MD5: 272064 5be351f491f8d1aae9a270d1214e93e3
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.3-3.2ubuntu0.1_all.deb
Size/MD5: 6674104 bdbabf8f478562f0e003737e977ffc7b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu0.1_all.deb
Size/MD5: 38668 9f0c7c01e8441285c084002eb4619065
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu0.1_amd64.deb
Size/MD5: 449624 1b54a8000c40eaaa0f9e31527b9bb180
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu0.1_amd64.deb
Size/MD5: 445346 d15625641a3247fbf5d9d9b9aed34968
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu0.1_amd64.deb
Size/MD5: 449208 55f39c28a4de98d53f80231aeb7d6c59
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu0.1_amd64.deb
Size/MD5: 403570 0042c75be8a2d128d62b79398deaefa8
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu0.1_amd64.deb
Size/MD5: 404138 929772b95ea67f338ad423a65b2b7011
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu0.1_amd64.deb
Size/MD5: 341312 906819b0de863209575aa65d39a594a5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu0.1_amd64.deb
Size/MD5: 971462 f85e32c5f6437ce149553aee97ffd934
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu0.1_i386.deb
Size/MD5: 432922 c1b81ac7dc7b7a0b2261fd10d9bcf5c6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu0.1_i386.deb
Size/MD5: 428856 f506f2a9dd2dbd5c2d3f72a476cc3537
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu0.1_i386.deb
Size/MD5: 432314 a5a11947ad8cf14604efa7ddcfd20bfe
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu0.1_i386.deb
Size/MD5: 403574 da84a3a99276f14a11ac892ce7eee170
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu0.1_i386.deb
Size/MD5: 404138 0fdd43a53e6957aa3a348a7bd9c876f5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu0.1_i386.deb
Size/MD5: 340396 88a0ddbc58335416d91c9f10adc9d5f5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu0.1_i386.deb
Size/MD5: 929716 138d58487b882e6002e3c5e4a9489add
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu0.1_powerpc.deb
Size/MD5: 451530 ddc437092ef642fcd396713cd1972f4c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu0.1_powerpc.deb
Size/MD5: 446960 af1b667708e062f81bca4e995355394d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu0.1_powerpc.deb
Size/MD5: 450940 ed9f31ec5045a88446115987c6e97655
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu0.1_powerpc.deb
Size/MD5: 403574 65801ab51335a15dc370b9341a0e50dd
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu0.1_powerpc.deb
Size/MD5: 404146 fd35e65fadd836feb0190b209947b466
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu0.1_powerpc.deb
Size/MD5: 360518 b74bc9eead429cd8f0ebecd6a94e5edb
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu0.1_powerpc.deb
Size/MD5: 1073812 376fe5b1ee383a6d870eea5dd3c6a704
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu0.1_sparc.deb
Size/MD5: 434408 c70ef2e9aed191fe53886ceb3725596e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu0.1_sparc.deb
Size/MD5: 430574 7b690896da23a151ee5e106d596c1143
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu0.1_sparc.deb
Size/MD5: 433918 cc01edfcfc673ba9a86c83fcc66e6870
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu0.1_sparc.deb
Size/MD5: 403568 a7660cff70394403c764cf8f30c7298a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu0.1_sparc.deb
Size/MD5: 404136 b8587d5eba0be59a6576d6cf645b2122
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu0.1_sparc.deb
Size/MD5: 343370 1572a001a612add57d23350210ac1736
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu0.1_sparc.deb
Size/MD5: 938586 b74a91fcfbb0503355e94981310bd1ce
Show details on source website
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200705-0681", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "http server", "scope": "eq", "trust": 1.1, "vendor": "ibm", "version": "6.1.0.13" }, { "model": "http server", "scope": "eq", "trust": 1.1, "vendor": "ibm", "version": "6.0.2.23" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "5.0" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "6.06" }, { "model": "http server", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "2.0.0" }, { "model": "http server", "scope": "lt", "trust": 1.0, "vendor": "apache", "version": "1.3.39" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "5.0" }, { "model": "http server", "scope": "lt", "trust": 1.0, "vendor": "apache", "version": "2.2.6" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "7" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "6.10" }, { "model": "http server", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "2.2.0" }, { "model": "enterprise linux server", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "5.0" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "7.04" }, { "model": "http server", "scope": "lt", "trust": 1.0, "vendor": "apache", "version": "2.0.61" }, { "model": "http server", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "1.3.0" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "3.0" }, { "model": "http server", "scope": "lte", "trust": 0.8, "vendor": "apache", "version": "2.0.59 and earlier" }, { "model": "rhel desktop workstation", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (client)" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "2.1 (as)" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4 (ws)" }, { "model": "http server", "scope": "lte", "trust": 0.8, "vendor": "apache", "version": "1.3.37 and earlier" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4 (es)" }, { "model": "interstage application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage apworks", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "2.1 (es)" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.23" }, { "model": "interstage application framework suite", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "3 (as)" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "9 (sparc)" }, { "model": "http server", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "2.0.47" }, { "model": "systemwalker resource coordinator", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "http server", "scope": "lte", "trust": 0.8, "vendor": "apache", "version": "2.2.4 and earlier" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "8 (sparc)" }, { "model": "trendmicro interscan web security suite", "scope": "eq", "trust": 0.8, "vendor": "trend micro", "version": "1.1 solaris edition" }, { "model": "linux advanced workstation", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "2.1" }, { "model": "http server", "scope": "lt", "trust": 0.8, "vendor": "ibm", "version": "version" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "8 (x86)" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "2.1 (ws)" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "10 (x86)" }, { "model": "interstage web server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4 (as)" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4.0" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "9 (x86)" }, { "model": "interstage studio", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "3.0" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "3.0 (x86-64)" }, { "model": "interstage business application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "http server", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "1.3.28.1" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "3 (es)" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.11" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.31" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "4.0 (x86-64)" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (server)" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5.0 (client)" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "3 (ws)" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "10 (sparc)" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "4.0" }, { "model": "interstage job workload server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.0.59" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.2.4" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "1.3.37" }, { "model": "workstation", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "6.5.2" }, { "model": "workstation", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "6.5.1" }, { "model": "player", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.5.2" }, { "model": "player", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.5.1" }, { "model": "ace", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.5.2" }, { "model": "ace", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.5.1" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "7.04" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "7.04" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "7.04" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "7.04" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.10" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.10" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.10" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.10" }, { "model": "linux lts sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.06" }, { "model": "linux lts powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.06" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.06" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.06" }, { "model": "server", "scope": "eq", "trust": 0.3, "vendor": "turbolinux", "version": "10.0x86" }, { "model": "server", "scope": "eq", "trust": 0.3, "vendor": "turbolinux", "version": "10.0.0x64" }, { "model": "fuji", "scope": "eq", "trust": 0.3, "vendor": "turbolinux", "version": "0" }, { "model": "appliance server", "scope": "eq", "trust": 0.3, "vendor": "turbolinux", "version": "2.0" }, { "model": "secure linux", "scope": "eq", "trust": 0.3, "vendor": "trustix", "version": "3.0.5" }, { "model": "secure linux", "scope": "eq", "trust": 0.3, "vendor": "trustix", "version": "3.0" }, { "model": "secure linux", "scope": "eq", "trust": 0.3, "vendor": "trustix", "version": "2.2" }, { "model": "operating system enterprise server", "scope": "eq", "trust": 0.3, "vendor": "trustix", "version": "2.0" }, { "model": "linux enterprise server", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "9" }, { "model": "linux enterprise server sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "linux enterprise sdk 10.sp1", "scope": null, "trust": 0.3, "vendor": "suse", "version": null }, { "model": "linux enterprise sdk", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10.3" }, { "model": "solaris 9 x86", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "solaris 9 sparc", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "solaris 8 x86", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "solaris 8 sparc", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "solaris 10 x86", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "propack sp6", "scope": "eq", "trust": 0.3, "vendor": "sgi", "version": "3.0" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.2" }, { "model": "open-enterprise-server", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "0" }, { "model": "novell linux pos", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "9" }, { "model": "novell linux desktop sdk", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "9.0" }, { "model": "novell linux desktop", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "9.0" }, { "model": "linux professional oss", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.0" }, { "model": "linux professional", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.1" }, { "model": "linux personal oss", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.0" }, { "model": "linux personal", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "rpath", "version": "1" }, { "model": "network satellite (for rhel", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4)4.2" }, { "model": "network proxy (for rhel", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "3)4.2" }, { "model": "enterprise linux ws", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "enterprise linux ws", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "3" }, { "model": "enterprise linux ws ia64", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2.1" }, { "model": "enterprise linux ws", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2.1" }, { "model": "enterprise linux es", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "enterprise linux es", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "3" }, { "model": "enterprise linux es ia64", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2.1" }, { "model": "enterprise linux es", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2.1" }, { "model": "enterprise linux desktop workstation client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4.0" }, { "model": "desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "3.0" }, { "model": "certificate server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7.3" }, { "model": "advanced workstation for the itanium processor ia64", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2.1" }, { "model": "advanced workstation for the itanium processor", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2.1" }, { "model": "hat red hat network satellite server", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5.0" }, { "model": "hat network satellite (for rhel", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "3)4.2" }, { "model": "hat network proxy (for rhel", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "4)5.0" }, { "model": "hat network proxy (for rhel", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "4)4.2" }, { "model": "hat enterprise linux desktop client", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "hat enterprise linux as", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "4" }, { "model": "hat enterprise linux as", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "3" }, { "model": "hat enterprise linux as ia64", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "2.1" }, { "model": "hat enterprise linux as", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "2.1" }, { "model": "hat enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2007.1" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2007.1" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2007.0" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2007.0" }, { "model": "multi network firewall", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "2.0" }, { "model": "corporate server x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "4.0" }, { "model": "corporate server x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "3.0" }, { "model": "corporate server", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "3.0" }, { "model": "corporate server", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "4.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.1" }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "hp-ux b.11.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "interstage studio standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage studio standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "interstage studio enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage studio enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "interstage job workload server", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.1" }, { "model": "interstage business application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.0" }, { "model": "interstage apworks standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0" }, { "model": "interstage apworks modelers-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage apworks modelers-j edition 6.0a", "scope": null, "trust": 0.3, "vendor": "fujitsu", "version": null }, { "model": "interstage apworks modelers-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage apworks enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0" }, { "model": "interstage application server web-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "interstage application server standard-j edition a", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.2" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0" }, { "model": "interstage application server standard edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "interstage application server plus developer", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0.1" }, { "model": "interstage application server plus developer", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage application server plus developer", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0.1" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0.1" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server enterprise edition a", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.2" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0.1" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0.1" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage application server enterprise edition 6.0a", "scope": null, "trust": 0.3, "vendor": "fujitsu", "version": null }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "ses", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "messaging storage server mm3.0", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.0" }, { "model": "messaging storage server", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "message networking mn", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1" }, { "model": "message networking", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "intuity lx", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "intuity lx", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "interactive response", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.3" }, { "model": "interactive response", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.0" }, { "model": "interactive response", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "emmc", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.021" }, { "model": "emmc", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.017" }, { "model": "emmc", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "0" }, { "model": "communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0.1" }, { "model": "communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1" }, { "model": "communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1.1" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1.3" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.0" }, { "model": "software foundation mpm prefork", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "0" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.4" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.59" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.37" }, { "model": "software foundation apache", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": "2.2.6" }, { "model": "software foundation apache 2.3.38-dev", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": null }, { "model": "software foundation apache 2.0.60-dev", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": null } ], "sources": [ { "db": "BID", "id": "24215" }, { "db": "JVNDB", "id": "JVNDB-2007-000477" }, { "db": "CNNVD", "id": "CNNVD-200706-316" }, { "db": "NVD", "id": "CVE-2007-3304" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:apache:http_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:ibm:http_server", "vulnerable": true }, { "cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server", "vulnerable": true }, { "cpe22Uri": "cpe:/o:sun:solaris", "vulnerable": true }, { "cpe22Uri": "cpe:/a:trendmicro:interscan_web_security_suite", "vulnerable": true }, { "cpe22Uri": "cpe:/o:hp:hp-ux", "vulnerable": true }, { "cpe22Uri": "cpe:/o:redhat:enterprise_linux", "vulnerable": true }, { "cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop", "vulnerable": true }, { "cpe22Uri": "cpe:/o:redhat:linux_advanced_workstation", "vulnerable": true }, { "cpe22Uri": "cpe:/o:redhat:rhel_desktop_workstation", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_framework_suite", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_apworks", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_job_workload_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_studio", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_web_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_resource_coordinator", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2007-000477" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Blazej Miga", "sources": [ { "db": "CNNVD", "id": "CNNVD-200706-316" } ], "trust": 0.6 }, "cve": "CVE-2007-3304", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 4.7, "confidentialityImpact": "NONE", "exploitabilityScore": 3.4, "id": "CVE-2007-3304", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2007-3304", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2007-3304", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-200706-316", "trust": 0.6, "value": "LOW" }, { "author": "VULMON", "id": "CVE-2007-3304", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2007-3304" }, { "db": "JVNDB", "id": "JVNDB-2007-000477" }, { "db": "CNNVD", "id": "CNNVD-200706-316" }, { "db": "NVD", "id": "CVE-2007-3304" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka \"SIGUSR1 killer.\". Apache is prone to multiple denial-of-service vulnerabilities. \nAn attacker with the ability to execute arbitrary server-side script-code can exploit these issues to stop arbitrary services on the affected computer in the context of the master webserver process; other attacks may also be possible. \n \n A vulnerability was found in the Apache mod_cache module that could\n cause the httpd server child process to crash if it was sent a\n carefully crafted request. This could lead to a denial of service\n if using a threaded MPM (CVE-2007-1863). A local attacker with the\n ability to run scripts on the server could manipulate the scoreboard\n and cause arbitrary processes to be terminated (CVE-2007-3304). \n \n Updated packages have been patched to prevent the above issues. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2007.0:\n 5f906bba3e1195f5ffbc3fcb2a6bde38 2007.0/i586/apache-base-2.2.3-1.1mdv2007.0.i586.rpm\n 83a4844cd98ef203958796ce280a71b2 2007.0/i586/apache-devel-2.2.3-1.1mdv2007.0.i586.rpm\n 2a6853cad61ca0548715486c5d4c8a23 2007.0/i586/apache-htcacheclean-2.2.3-1.1mdv2007.0.i586.rpm\n bebbc850c030be2ef87ce12d420fb825 2007.0/i586/apache-mod_authn_dbd-2.2.3-1.1mdv2007.0.i586.rpm\n 9e08e4738b304aab4f90f4f18aa5da45 2007.0/i586/apache-mod_cache-2.2.3-1.1mdv2007.0.i586.rpm\n 989d0538f7882277053f6d4c89ca581c 2007.0/i586/apache-mod_dav-2.2.3-1.1mdv2007.0.i586.rpm\n c1c0fc53dd811dd6176800226574efbf 2007.0/i586/apache-mod_dbd-2.2.3-1.1mdv2007.0.i586.rpm\n e68509c01d66b9d42e676e7974360154 2007.0/i586/apache-mod_deflate-2.2.3-1.1mdv2007.0.i586.rpm\n 5596cb5359b7919125fc10be83598445 2007.0/i586/apache-mod_disk_cache-2.2.3-1.1mdv2007.0.i586.rpm\n d71b54240667224fd7da7fec4693c30b 2007.0/i586/apache-mod_file_cache-2.2.3-1.1mdv2007.0.i586.rpm\n 3571cab041e622f9399c57f377ac3fe3 2007.0/i586/apache-mod_ldap-2.2.3-1.1mdv2007.0.i586.rpm\n 598fdd7aad80fdc557142c5e9fc00677 2007.0/i586/apache-mod_mem_cache-2.2.3-1.1mdv2007.0.i586.rpm\n f4ec774478f5d198ad2e3d3384a5ad83 2007.0/i586/apache-mod_proxy-2.2.3-1.1mdv2007.0.i586.rpm\n ab7726290be59f03a5ade2029a2b02f8 2007.0/i586/apache-mod_proxy_ajp-2.2.3-1.1mdv2007.0.i586.rpm\n d72ab4173d51da4a0c1df63dbb52ccf5 2007.0/i586/apache-mod_ssl-2.2.3-1.1mdv2007.0.i586.rpm\n fcde0ec8b64d83402b53f926ec7fa835 2007.0/i586/apache-mod_userdir-2.2.3-1.1mdv2007.0.i586.rpm\n 58a0628d42d23c9aa5df6567789fad40 2007.0/i586/apache-modules-2.2.3-1.1mdv2007.0.i586.rpm\n 011487e1afdfb400419303182e5320c7 2007.0/i586/apache-mpm-prefork-2.2.3-1.1mdv2007.0.i586.rpm\n 7a755b22020153b44f8d00ba153d3d97 2007.0/i586/apache-mpm-worker-2.2.3-1.1mdv2007.0.i586.rpm\n ef6e11f0d26db492bc9fe83a2dbf53d7 2007.0/i586/apache-source-2.2.3-1.1mdv2007.0.i586.rpm \n 411b90e42ed304f329e9989d64a9dfc5 2007.0/SRPMS/apache-2.2.3-1.1mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n 7c5408879073413fb27f2d40854813d0 2007.0/x86_64/apache-base-2.2.3-1.1mdv2007.0.x86_64.rpm\n c720f2a661616b0bf35bc353d14b9b3b 2007.0/x86_64/apache-devel-2.2.3-1.1mdv2007.0.x86_64.rpm\n 12164d6d70972cb9ed2fb6581e212bf1 2007.0/x86_64/apache-htcacheclean-2.2.3-1.1mdv2007.0.x86_64.rpm\n 5278f8d03ce9d59ec4929d4362b04bbe 2007.0/x86_64/apache-mod_authn_dbd-2.2.3-1.1mdv2007.0.x86_64.rpm\n 40c83185db12d04f4953a374b329ebb3 2007.0/x86_64/apache-mod_cache-2.2.3-1.1mdv2007.0.x86_64.rpm\n fe37fb1d4378c4bbcfd8d63bd57c3d4d 2007.0/x86_64/apache-mod_dav-2.2.3-1.1mdv2007.0.x86_64.rpm\n 0830bc5d1718a533e3358a45975596ce 2007.0/x86_64/apache-mod_dbd-2.2.3-1.1mdv2007.0.x86_64.rpm\n e18c3a6a322258e73b87170766aa7882 2007.0/x86_64/apache-mod_deflate-2.2.3-1.1mdv2007.0.x86_64.rpm\n fc8c27067e6b04bd549fe0b95579ebaa 2007.0/x86_64/apache-mod_disk_cache-2.2.3-1.1mdv2007.0.x86_64.rpm\n b31385db2199fd33eeb624c80e9d882a 2007.0/x86_64/apache-mod_file_cache-2.2.3-1.1mdv2007.0.x86_64.rpm\n 08123786649152eab65e123c75db8e66 2007.0/x86_64/apache-mod_ldap-2.2.3-1.1mdv2007.0.x86_64.rpm\n 7de4b739d93683648209dcdc69dd5473 2007.0/x86_64/apache-mod_mem_cache-2.2.3-1.1mdv2007.0.x86_64.rpm\n 85fde2923d945f3849d77f806b8bc55d 2007.0/x86_64/apache-mod_proxy-2.2.3-1.1mdv2007.0.x86_64.rpm\n b68991944f2989b6d3f89f7272239d76 2007.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.1mdv2007.0.x86_64.rpm\n 19871683773211daa721957dc5dd565d 2007.0/x86_64/apache-mod_ssl-2.2.3-1.1mdv2007.0.x86_64.rpm\n 5cf2a97219d6789e4572da1ecddedf16 2007.0/x86_64/apache-mod_userdir-2.2.3-1.1mdv2007.0.x86_64.rpm\n feede872aaf0ca4bbd86ffe24455e9cd 2007.0/x86_64/apache-modules-2.2.3-1.1mdv2007.0.x86_64.rpm\n a00a35d4eba8f538cea741b2fc4079f4 2007.0/x86_64/apache-mpm-prefork-2.2.3-1.1mdv2007.0.x86_64.rpm\n da86251e4417f068d2cafed30e380779 2007.0/x86_64/apache-mpm-worker-2.2.3-1.1mdv2007.0.x86_64.rpm\n ceb7fd32d3ad933ab6a914085f858911 2007.0/x86_64/apache-source-2.2.3-1.1mdv2007.0.x86_64.rpm \n 411b90e42ed304f329e9989d64a9dfc5 2007.0/SRPMS/apache-2.2.3-1.1mdv2007.0.src.rpm\n\n Mandriva Linux 2007.1:\n 9daef91724ded29a3c76e74c261f7766 2007.1/i586/apache-base-2.2.4-6.2mdv2007.1.i586.rpm\n 9288ee938a0853d6e0072f839c68c1c2 2007.1/i586/apache-devel-2.2.4-6.2mdv2007.1.i586.rpm\n 613a986f9f654f1ce3432ee6f6db2391 2007.1/i586/apache-htcacheclean-2.2.4-6.2mdv2007.1.i586.rpm\n 8e0eb376d851d1ddba8850d4233fc3d3 2007.1/i586/apache-mod_authn_dbd-2.2.4-6.2mdv2007.1.i586.rpm\n 24de68668efa15e4abaaffd690837256 2007.1/i586/apache-mod_cache-2.2.4-6.2mdv2007.1.i586.rpm\n 288866908d43959c4b31c368346ba65d 2007.1/i586/apache-mod_dav-2.2.4-6.2mdv2007.1.i586.rpm\n d25838ec739d7a0037148f573262f81c 2007.1/i586/apache-mod_dbd-2.2.4-6.2mdv2007.1.i586.rpm\n ebad14bcccb73c8f8a27e98a6982a6f1 2007.1/i586/apache-mod_deflate-2.2.4-6.2mdv2007.1.i586.rpm\n 810d445f2146848b582e798e368b32ab 2007.1/i586/apache-mod_disk_cache-2.2.4-6.2mdv2007.1.i586.rpm\n 307de93279683b5b3e76ee6d971781cc 2007.1/i586/apache-mod_file_cache-2.2.4-6.2mdv2007.1.i586.rpm\n f59890e1bc38cfa598a4100705cf4cc6 2007.1/i586/apache-mod_ldap-2.2.4-6.2mdv2007.1.i586.rpm\n 098a05d1cbaa6bfa2d2707896dd6366c 2007.1/i586/apache-mod_mem_cache-2.2.4-6.2mdv2007.1.i586.rpm\n 6504f5e57440ff07da16de3d928898f6 2007.1/i586/apache-mod_proxy-2.2.4-6.2mdv2007.1.i586.rpm\n adc3a611a780e23178e93a6cedf135d4 2007.1/i586/apache-mod_proxy_ajp-2.2.4-6.2mdv2007.1.i586.rpm\n 659508a67fbe28b5dd9f861384ca1cf1 2007.1/i586/apache-mod_ssl-2.2.4-6.2mdv2007.1.i586.rpm\n 604eb70716d7e7b6bc6e8399cc4d9f5c 2007.1/i586/apache-mod_userdir-2.2.4-6.2mdv2007.1.i586.rpm\n 750d7cb431356abc88fe7a031f872b04 2007.1/i586/apache-modules-2.2.4-6.2mdv2007.1.i586.rpm\n 210be718db221db891452f05a001ee4e 2007.1/i586/apache-mpm-event-2.2.4-6.2mdv2007.1.i586.rpm\n 482e3d3af6756108c3e9a26ec2a8ac56 2007.1/i586/apache-mpm-itk-2.2.4-6.2mdv2007.1.i586.rpm\n b76ff4578c127ebd248b21a85a31140a 2007.1/i586/apache-mpm-prefork-2.2.4-6.2mdv2007.1.i586.rpm\n 2484dee8a4d4e7604a69abcd1b443954 2007.1/i586/apache-mpm-worker-2.2.4-6.2mdv2007.1.i586.rpm\n 9823f9b97e1829df97999494c3a3d453 2007.1/i586/apache-source-2.2.4-6.2mdv2007.1.i586.rpm \n ccbd9fad2b29ff86d8601f7201f48d72 2007.1/SRPMS/apache-2.2.4-6.2mdv2007.1.src.rpm\n\n Mandriva Linux 2007.1/X86_64:\n 4d043339268bff11fa07897ee3dc2988 2007.1/x86_64/apache-base-2.2.4-6.2mdv2007.1.x86_64.rpm\n afbae73f408fa95c9e4d25e3aa39583d 2007.1/x86_64/apache-devel-2.2.4-6.2mdv2007.1.x86_64.rpm\n d92c22ff28fcd919b3a8525f753066c3 2007.1/x86_64/apache-htcacheclean-2.2.4-6.2mdv2007.1.x86_64.rpm\n abe81d2effd6f4975accbdc8d25d089e 2007.1/x86_64/apache-mod_authn_dbd-2.2.4-6.2mdv2007.1.x86_64.rpm\n 480d5c31af3289f26953a691f92e2a51 2007.1/x86_64/apache-mod_cache-2.2.4-6.2mdv2007.1.x86_64.rpm\n 3feae93ade4038e67fcbaa691f2a74aa 2007.1/x86_64/apache-mod_dav-2.2.4-6.2mdv2007.1.x86_64.rpm\n b60eead7fe808fbc5eff6cb34f1de80b 2007.1/x86_64/apache-mod_dbd-2.2.4-6.2mdv2007.1.x86_64.rpm\n 023afee3221da629fd8e1d34006b7463 2007.1/x86_64/apache-mod_deflate-2.2.4-6.2mdv2007.1.x86_64.rpm\n 1180446c8cf65c196352006d6da00e17 2007.1/x86_64/apache-mod_disk_cache-2.2.4-6.2mdv2007.1.x86_64.rpm\n 0e8c2dfc0e42c23b0afbada9f8868bb6 2007.1/x86_64/apache-mod_file_cache-2.2.4-6.2mdv2007.1.x86_64.rpm\n 32aa45f45b8893d6c23c6892b7ad7e62 2007.1/x86_64/apache-mod_ldap-2.2.4-6.2mdv2007.1.x86_64.rpm\n 15c20ffb5fdc8ab2a6fa92157c9f0536 2007.1/x86_64/apache-mod_mem_cache-2.2.4-6.2mdv2007.1.x86_64.rpm\n f91fd6552f480eb36d030bb2e91d30b4 2007.1/x86_64/apache-mod_proxy-2.2.4-6.2mdv2007.1.x86_64.rpm\n 2c9d1e35af7adebaeb6284bf5da4dd5f 2007.1/x86_64/apache-mod_proxy_ajp-2.2.4-6.2mdv2007.1.x86_64.rpm\n caa59aaba47c89d20e799a3f02271afd 2007.1/x86_64/apache-mod_ssl-2.2.4-6.2mdv2007.1.x86_64.rpm\n 8ac44f8c409ea29492a3acdc1eb44c7f 2007.1/x86_64/apache-mod_userdir-2.2.4-6.2mdv2007.1.x86_64.rpm\n 0f2198ec988390ff3b7843a1e7090517 2007.1/x86_64/apache-modules-2.2.4-6.2mdv2007.1.x86_64.rpm\n 2548664fde736f25acf59f46c847d1ff 2007.1/x86_64/apache-mpm-event-2.2.4-6.2mdv2007.1.x86_64.rpm\n 2434c402bae11969ddf5281f2f042d24 2007.1/x86_64/apache-mpm-itk-2.2.4-6.2mdv2007.1.x86_64.rpm\n 8a06ecd19726db033496a042c6a6be2f 2007.1/x86_64/apache-mpm-prefork-2.2.4-6.2mdv2007.1.x86_64.rpm\n e8d339c397409391f3fb36f704c38c6c 2007.1/x86_64/apache-mpm-worker-2.2.4-6.2mdv2007.1.x86_64.rpm\n 8a6f923428242f7aa1b4d489739e241b 2007.1/x86_64/apache-source-2.2.4-6.2mdv2007.1.x86_64.rpm \n ccbd9fad2b29ff86d8601f7201f48d72 2007.1/SRPMS/apache-2.2.4-6.2mdv2007.1.src.rpm\n\n Corporate 4.0:\n 74beb8d1579ce5d5f12c8b15981b6e63 corporate/4.0/i586/apache-base-2.2.3-1.1.20060mlcs4.i586.rpm\n 326a8259b0d99bc2938bfa6cd85743e7 corporate/4.0/i586/apache-devel-2.2.3-1.1.20060mlcs4.i586.rpm\n ca305d0928255a65814af781b345a056 corporate/4.0/i586/apache-htcacheclean-2.2.3-1.1.20060mlcs4.i586.rpm\n 48c2b6a5ee11c3f011b1f6dc60a86479 corporate/4.0/i586/apache-mod_authn_dbd-2.2.3-1.1.20060mlcs4.i586.rpm\n b81a3077cb88a34af43a61ad6f2559ea corporate/4.0/i586/apache-mod_cache-2.2.3-1.1.20060mlcs4.i586.rpm\n ba5aee0b2a86182560e54f0cf4d360bd corporate/4.0/i586/apache-mod_dav-2.2.3-1.1.20060mlcs4.i586.rpm\n b696352106c5a0d1697385523455c767 corporate/4.0/i586/apache-mod_dbd-2.2.3-1.1.20060mlcs4.i586.rpm\n e79f271f000dd7f3a009cca70fd7e4a2 corporate/4.0/i586/apache-mod_deflate-2.2.3-1.1.20060mlcs4.i586.rpm\n c7bdb987f61099b64e751639ca02dd8a corporate/4.0/i586/apache-mod_disk_cache-2.2.3-1.1.20060mlcs4.i586.rpm\n b0303fcc2f43bdcf25419dde56df2297 corporate/4.0/i586/apache-mod_file_cache-2.2.3-1.1.20060mlcs4.i586.rpm\n f818ff0f890abe230c92069f9d256e5c corporate/4.0/i586/apache-mod_ldap-2.2.3-1.1.20060mlcs4.i586.rpm\n 4247be23e42c368b3880c7ab5ac13c89 corporate/4.0/i586/apache-mod_mem_cache-2.2.3-1.1.20060mlcs4.i586.rpm\n e50f1749935c96d3364bdce9af5d22bf corporate/4.0/i586/apache-mod_proxy-2.2.3-1.1.20060mlcs4.i586.rpm\n a619b4e0130d1db7f77a790fee0917a6 corporate/4.0/i586/apache-mod_proxy_ajp-2.2.3-1.1.20060mlcs4.i586.rpm\n 8170e0e77256f08d07b02119400a19f9 corporate/4.0/i586/apache-mod_ssl-2.2.3-1.1.20060mlcs4.i586.rpm\n 4a5d94d4f94295efe48266a1d529486e corporate/4.0/i586/apache-mod_userdir-2.2.3-1.1.20060mlcs4.i586.rpm\n 7c0c27197d6b44115366eac339c424f2 corporate/4.0/i586/apache-modules-2.2.3-1.1.20060mlcs4.i586.rpm\n 56351aafc723fdea2f2fac22d5046944 corporate/4.0/i586/apache-mpm-prefork-2.2.3-1.1.20060mlcs4.i586.rpm\n ccbb2f27b762b5dd564dc7a00aac6db0 corporate/4.0/i586/apache-mpm-worker-2.2.3-1.1.20060mlcs4.i586.rpm\n a65137ff29ed6a1da1f894d19997faec corporate/4.0/i586/apache-source-2.2.3-1.1.20060mlcs4.i586.rpm \n 8cdf592a822485abba00dfb6591615ea corporate/4.0/SRPMS/apache-2.2.3-1.1.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n 7a9b4f5b3fcf2cac67e4c38022ee2441 corporate/4.0/x86_64/apache-base-2.2.3-1.1.20060mlcs4.x86_64.rpm\n 5604ba341d957fbe6182bd2eb29a8e9d corporate/4.0/x86_64/apache-devel-2.2.3-1.1.20060mlcs4.x86_64.rpm\n 8983bda4bbe3b58f9c6c317531eb52b7 corporate/4.0/x86_64/apache-htcacheclean-2.2.3-1.1.20060mlcs4.x86_64.rpm\n 9baf252cbc8ef8a093ed25e7a0daf25d corporate/4.0/x86_64/apache-mod_authn_dbd-2.2.3-1.1.20060mlcs4.x86_64.rpm\n 26cc58bcbfd25a83c15051c8f590a36d corporate/4.0/x86_64/apache-mod_cache-2.2.3-1.1.20060mlcs4.x86_64.rpm\n 941a32aea1b1b3bca1ae343d5d925892 corporate/4.0/x86_64/apache-mod_dav-2.2.3-1.1.20060mlcs4.x86_64.rpm\n 1d79a7b921ce150de88e22ffbaba4b31 corporate/4.0/x86_64/apache-mod_dbd-2.2.3-1.1.20060mlcs4.x86_64.rpm\n d80b9ffca3dd024e73d069e55ba7fa3e corporate/4.0/x86_64/apache-mod_deflate-2.2.3-1.1.20060mlcs4.x86_64.rpm\n 7a7a11645680a7bee9cf88b166b0d32f corporate/4.0/x86_64/apache-mod_disk_cache-2.2.3-1.1.20060mlcs4.x86_64.rpm\n fcc85c0f9faf1fa08a01f3d4ecb68033 corporate/4.0/x86_64/apache-mod_file_cache-2.2.3-1.1.20060mlcs4.x86_64.rpm\n 55789d16ff565bcd31dfa522435d4d4b corporate/4.0/x86_64/apache-mod_ldap-2.2.3-1.1.20060mlcs4.x86_64.rpm\n 7ee708824d65878b71ede35e139ac94d corporate/4.0/x86_64/apache-mod_mem_cache-2.2.3-1.1.20060mlcs4.x86_64.rpm\n e8579835f848cade641da14354196497 corporate/4.0/x86_64/apache-mod_proxy-2.2.3-1.1.20060mlcs4.x86_64.rpm\n 6a1e70a638aecf603f3bc2485d14bd78 corporate/4.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.1.20060mlcs4.x86_64.rpm\n 212f40574d0821b909972ebc36fb697a corporate/4.0/x86_64/apache-mod_ssl-2.2.3-1.1.20060mlcs4.x86_64.rpm\n 32a8dd886e42c8093be05c9ee4d31855 corporate/4.0/x86_64/apache-mod_userdir-2.2.3-1.1.20060mlcs4.x86_64.rpm\n 265bccd86baa7fca942f1c6d4d694523 corporate/4.0/x86_64/apache-modules-2.2.3-1.1.20060mlcs4.x86_64.rpm\n babdb585a6c754f23d91c41fc844a5e2 corporate/4.0/x86_64/apache-mpm-prefork-2.2.3-1.1.20060mlcs4.x86_64.rpm\n 63274f5c5dc3897d0062f621b1c63e0e corporate/4.0/x86_64/apache-mpm-worker-2.2.3-1.1.20060mlcs4.x86_64.rpm\n 18782a1fcbcb760d36162ce830ac4cdd corporate/4.0/x86_64/apache-source-2.2.3-1.1.20060mlcs4.x86_64.rpm \n 8cdf592a822485abba00dfb6591615ea corporate/4.0/SRPMS/apache-2.2.3-1.1.20060mlcs4.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (GNU/Linux)\n\niD8DBQFGjD3WmqjQ0CJFipgRAtGoAKCXMGCKCMbkso0ugvF0TpsWNwkPjgCfVakS\nRe00IyLecNs4MIGgsrv2qJE=\n=5EEm\n-----END PGP SIGNATURE-----\n\n. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/apache \u003c 2.2.6 *\u003e= 2.0.59-r5\n \u003e= 2.2.6\n\nDescription\n===========\n\nMultiple cross-site scripting vulnerabilities have been discovered in\nmod_status and mod_autoindex (CVE-2006-5752, CVE-2007-4465). An error\nhas been discovered in the recall_headers() function in mod_mem_cache\n(CVE-2007-1862). The mod_cache module does not properly sanitize\nrequests before processing them (CVE-2007-1863). The Prefork module\ndoes not properly check PID values before sending signals\n(CVE-2007-3304). The mod_proxy module does not correctly check headers\nbefore processing them (CVE-2007-3847). \n\nImpact\n======\n\nA remote attacker could exploit one of these vulnerabilities to inject\narbitrary script or HTML content, obtain sensitive information or cause\na Denial of Service. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Apache users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/apache-2.0.59-r5\"\n\nReferences\n==========\n\n [ 1 ] CVE-2006-5752\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752\n [ 2 ] CVE-2007-1862\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1862\n [ 3 ] CVE-2007-1863\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863\n [ 4 ] CVE-2007-3304\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304\n [ 5 ] CVE-2007-3847\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847\n [ 6 ] CVE-2007-4465\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4465\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-200711-06.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2007 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c01182588\nVersion: 1\n\nHPSBUX02273 SSRT071476 rev. 1 - HP-UX running Apache, Remote Unauthorized Denial of Service (DoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2007-10-10\nLast Updated: 2007-10-10\n\nPotential Security Impact: Remote Unauthorized Denial of Service (DoS) \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security vulnerability has been identified with HP-UX Apache version 2.0.59. The vulnerability could be exploited remotely to create a Denial of Service (DoS). \n\nReferences: CVE-2007-3847, CVE-2007-3304\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, B.11.31 running Apache 2.0.59.00\n\nBACKGROUND\n\nTo determine if a system has an affected version, search the output of \"swlist -a revision -l fileset\" for an affected fileset. Then determine if the recommended action has been taken. \n\nAFFECTED VERSIONS \n\nFor IPv4: \nHP-UX B.11.11 \n============= \nhpuxwsAPACHE \naction: install revision B.2.0.59.00.0 or subsequent \nrestart Apache \nURL: ftp://ssrt1476:ssrt1476@hprc.external.hp.com \n\nFor IPv6: \nHP-UX B.11.11 \nHP-UX B.11.23 \nHP-UX B.11.31 \n============= \nhpuxwsAPACHE,revision=B.1.0.00.01 \nhpuxwsAPACHE,revision=B.1.0.07.01 \nhpuxwsAPACHE,revision=B.1.0.08.01 \nhpuxwsAPACHE,revision=B.1.0.09.01 \nhpuxwsAPACHE,revision=B.1.0.10.01 \nhpuxwsAPACHE,revision=B.2.0.48.00 \nhpuxwsAPACHE,revision=B.2.0.49.00 \nhpuxwsAPACHE,revision=B.2.0.50.00 \nhpuxwsAPACHE,revision=B.2.0.51.00 \nhpuxwsAPACHE,revision=B.2.0.52.00 \nhpuxwsAPACHE,revision=B.2.0.53.00 \nhpuxwsAPACHE,revision=B.2.0.54.00 \nhpuxwsAPACHE,revision=B.2.0.55.00 \nhpuxwsAPACHE,revision=B.2.0.56.00 \nhpuxwsAPACHE,revision=B.2.0.58.00 \nhpuxwsAPACHE,revision=B.2.0.58.01 \nhpuxwsAPACHE,revision=B.2.0.59.00 \n\naction: install revision B.2.0.59.00.0 or subsequent \nrestart Apache \nURL: ftp://ssrt1476:ssrt1476@hprc.external.hp.com \n\nEND AFFECTED VERSIONS \n\n\nRESOLUTION\nHP has made the following available to resolve the vulnerability. \n\nOS Release \n Depot name \n MD5 Sum \n \nB.11.11 (IPv4)\n HPUXWSA-B218-01-1111ipv4.depot\n eb3bb933baac0f05e1e0809ef1e84eb2\n \nB.11.11 (IPv6) \n HPUXWSA-B218-01-1111ipv6.depot\n 540a56b155699336bcbfac0eaf87e3ce\n \nB.11.23 PA-32\n HPUXWSA-B218-01-1123-32.depot\n 2900a0cbea01b6905dc768680fbd5381\n \nB.11.23 IA-64\n HPUXWSA-B218-01-1123-64.depot\n 3be084d96e8a509692e37c71c0184014\n \nB.11.31 PA-32\n HPUXWSA-B218-01-1131-32.depot\n 861122eef70f1b53d68c5adafc64cdb5\n \nB.11.31 IA-64\n HPUXWSA-B218-01-1131-64.depot\n 8dc57222257fe27fb5994da16e91f9a4\n \n\nThe updates are available from: \nftp://ssrt1476:ssrt1476@hprc.external.hp.com/ \nftp://ssrt1476:ssrt1476@192.170.19.100/ \n\nMANUAL ACTIONS: Yes - Update \nInstall Apache 2.0.59.00.0 or subsequent. \n\nPRODUCT SPECIFIC INFORMATION \nHP-UX Software Assistant: \nHP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all HP-issued Security Bulletins and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. \nFor more information see: https://www.hp.com/go/swa \n\nHISTORY \nRevision: 1 (rev.1) - 10 October 2007 Initial release \n\nThird Party Security Patches: \nThird party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com \nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n To: security-alert@hp.com \n Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email: \nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC \nOn the web page: ITRC security bulletins and patch sign-up \nUnder Step1: your ITRC security bulletins and patches \n -check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems \n -verify your operating system selections are checked and save. \n\n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php \nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do \n\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: \n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS \nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\n\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n \n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 8.1\n\niQA/AwUBRw4UMuAfOvwtKn1ZEQLDowCgnVZZuBkuV66atvv6mh6sxARqYYkAmQEy\n7CP41v96ckMOtfU4yeG76pv2\n=VMzd\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- ------------------------------------------------------------------------\n VMware Security Advisory\n\nAdvisory ID: VMSA-2009-0010\nSynopsis: VMware Hosted products update libpng and Apache HTTP\n Server\nIssue date: 2009-08-20\nUpdated on: 2009-08-20 (initial release of advisory)\nCVE numbers: CVE-2009-0040 CVE-2007-3847 CVE-2007-1863\n CVE-2006-5752 CVE-2007-3304 CVE-2007-6388\n CVE-2007-5000 CVE-2008-0005\n- ------------------------------------------------------------------------\n\n1. Summary\n\n Updated VMware Hosted products address security issues in libpng and\n the Apace HTTP Server. \n\n2. Relevant releases\n\n VMware Workstation 6.5.2 and earlier,\n VMware Player 2.5.2 and earlier,\n VMware ACE 2.5.2 and earlier\n\n3. Problem Description\n\n a. Third Party Library libpng Updated to 1.2.35\n\n Several flaws were discovered in the way third party library libpng\n handled uninitialized pointers. An attacker could create a PNG image\n file in such a way, that when loaded by an application linked to\n libpng, it could cause the application to crash or execute arbitrary\n code at the privilege level of the user that runs the application. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2009-0040 to this issue. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n VirtualCenter any Windows not affected\n\n Workstation 6.5.x any 6.5.3 build 185404 or later\n\n Player 2.5.x any 2.5.3 build 185404 or later\n\n ACE 2.5.x any 2.5.3 build 185404 or later\n\n Server 2.x any patch pending\n Server 1.x any patch pending\n\n Fusion 2.x Mac OS/X not affected\n Fusion 1.x Mac OS/X not affected\n\n ESXi 4.0 ESXi not affected\n ESXi 3.5 ESXi not affected\n\n ESX 4.0 ESX not affected\n ESX 3.5 ESX not affected\n ESX 3.0.3 ESX not affected\n ESX 3.0.2 ESX not affected\n ESX 2.5.5 ESX not affected *\n\n * The libpng update for the Service Console of ESX 2.5.5 is\n documented in VMSA-2009-0007. \n\n b. Apache HTTP Server updated to 2.0.63\n\n The new version of ACE updates the Apache HTTP Server on Windows\n hosts to version 2.0.63 which addresses multiple security issues\n that existed in the previous versions of this server. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2007-3847, CVE-2007-1863, CVE-2006-5752,\n CVE-2007-3304, CVE-2007-6388, CVE-2007-5000, CVE-2008-0005 to the\n issues that have been addressed by this update. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n VirtualCenter any Windows not affected\n\n Workstation 6.5.x any not affected\n\n Player 2.5.x any not affected\n\n ACE 2.5.x Windows 2.5.3 build 185404 or later\n ACE 2.5.x Linux update Apache on host system *\n\n Server 2.x any not affected\n Server 1.x any not affected\n\n Fusion 2.x Mac OS/X not affected\n Fusion 1.x Mac OS/X not affected\n\n ESXi 4.0 ESXi not affected\n ESXi 3.5 ESXi not affected\n\n ESX 4.0 ESX not affected\n ESX 3.5 ESX not affected\n ESX 3.0.3 ESX not affected\n ESX 3.0.2 ESX not affected\n ESX 2.5.5 ESX not affected\n\n * The Apache HTTP Server is not part of an ACE install on a Linux\n host. Update the Apache HTTP Server on the host system to version\n 2.0.63 in order to remediate the vulnerabilities listed above. \n\n4. Solution\n\n Please review the patch/release notes for your product and version\n and verify the md5sum and/or the sha1sum of your downloaded file. \n\n VMware Workstation 6.5.3\n ------------------------\n http://www.vmware.com/download/ws/\n Release notes:\n http://www.vmware.com/support/ws65/doc/releasenotes_ws653.html\n\n For Windows\n\n Workstation for Windows 32-bit and 64-bit\n Windows 32-bit and 64-bit .exe\n md5sum: 7565d16b7d7e0173b90c3b76ca4656bc\n sha1sum: 9f687afd8b0f39cde40aeceb3213a91be487aad1\n\n For Linux\n\n Workstation for Linux 32-bit\n Linux 32-bit .rpm\n md5sum: 4d55c491bd008ded0ea19f373d1d1fd4\n sha1sum: 1f43131c960e76a530390d3b6984c78dfc2da23e\n\n Workstation for Linux 32-bit\n Linux 32-bit .bundle\n md5sum: d4a721c1918c0e8a87c6fa4bad49ad35\n sha1sum: c0c6f9b56e70bd3ffdb5467ee176110e283a69e5\n\n Workstation for Linux 64-bit\n Linux 64-bit .rpm\n md5sum: 72adfdb03de4959f044fcb983412ae7c\n sha1sum: ba16163c8d9b5aa572526b34a7b63dc6e68f9bbb\n\n Workstation for Linux 64-bit\n Linux 64-bit .bundle\n md5sum: 83e1f0c94d6974286256c4d3b559e854\n sha1sum: 8763f250a3ac5fc4698bd26319b93fecb498d542\n\n\n VMware Player 2.5.3\n -------------------\n http://www.vmware.com/download/player/\n Release notes:\n http://www.vmware.com/support/player25/doc/releasenotes_player253.html\n\n Player for Windows binary\n\nhttp://download3.vmware.com/software/vmplayer/VMware-player-2.5.3-185404.exe\n md5sum: fe28f193374c9457752ee16cd6cad4e7\n sha1sum: 13bd3ff93c04fa272544d3ef6de5ae746708af04\n\n Player for Linux (.rpm)\n\nhttp://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.i386.rpm\n md5sum: c99cd65f19fdfc7651bcb7f328b73bc2\n sha1sum: a33231b26e2358a72d16e1b4e2656a5873fe637e\n\n Player for Linux (.bundle)\n\nhttp://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.i386.bundle\n md5sum: 210f4cb5615bd3b2171bc054b9b2bac5\n sha1sum: 2f6497890b17b37480165bab9f430e8645edae9b\n\n Player for Linux - 64-bit (.rpm)\n\nhttp://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.x86_64.rpm\n md5sum: f91576ef90b322d83225117ae9335968\n sha1sum: f492fa9cf26ee2818f164aac04cde1680c25d974\n\n Player for Linux - 64-bit (.bundle)\n\nhttp://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.x86_64.bundle\n md5sum: 595d44d7945c129b1aeb679d2f001b05\n sha1sum: acd69fcb0c6bc49fd4af748c65c7fb730ab1e8c4\n\n\n VMware ACE 2.5.3\n ----------------\n http://www.vmware.com/download/ace/\n Release notes:\n http://www.vmware.com/support/ace25/doc/releasenotes_ace253.html\n\n ACE Management Server Virtual Appliance\n AMS Virtual Appliance .zip\n md5sum: 44cc7b86353047f02cf6ea0653e38418\n sha1sum: 9f44b15e6681a6e58dd20784f829c68091a62cd1\n\n VMware ACE for Windows 32-bit and 64-bit\n Windows 32-bit and 64-bit .exe\n md5sum: 0779da73408c5e649e0fd1c62d23820f\n sha1sum: 2b2e4963adc89f3b642874685f490222523b63ef\n\n ACE Management Server for Windows\n Windows .exe\n md5sum: 0779da73408c5e649e0fd1c62d23820f\n sha1sum: 2b2e4963adc89f3b642874685f490222523b63ef\n\n ACE Management Server for SUSE Enterprise Linux 9\n SLES 9 .rpm\n md5sum: a4fc92d7197f0d569361cdf4b8cca642\n sha1sum: af8a135cca398cacaa82c8c3c325011c6cd3ed75\n\n ACE Management Server for Red Hat Enterprise Linux 4\n RHEL 4 .rpm\n md5sum: 841005151338c8b954f08d035815fd58\n sha1sum: 67e48624dba20e6be9e41ec9a5aba407dd8cc01e\n\n\n5. References\n\n CVE numbers\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0040\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005\n\n- ------------------------------------------------------------------------\n6. Change log\n\n2009-08-20 VMSA-2009-0010\nInitial security advisory after release of Workstation 6.5.3,\nPlayer 2.5.3, and ACE 2.5.3 on 2009-08-20. \n\n\n- ------------------------------------------------------------------------\n7. Contact\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n * security-announce at lists.vmware.com\n * bugtraq at securityfocus.com\n * full-disclosure at lists.grok.org.uk\n\nE-mail: security at vmware.com\nPGP key at: http://kb.vmware.com/kb/1055\n\nVMware Security Center\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2009 VMware Inc. All rights reserved. =========================================================== \nUbuntu Security Notice USN-499-1 August 16, 2007\napache2 vulnerabilities\nCVE-2006-5752, CVE-2007-1863, CVE-2007-3304\n===========================================================\n\nA security issue affects the following Ubuntu releases:\n\nUbuntu 6.06 LTS\nUbuntu 6.10\nUbuntu 7.04\n\nThis advisory also applies to the corresponding versions of\nKubuntu, Edubuntu, and Xubuntu. \n\nThe problem can be corrected by upgrading your system to the\nfollowing package versions:\n\nUbuntu 6.06 LTS:\n apache2-common 2.0.55-4ubuntu2.2\n apache2-mpm-prefork 2.0.55-4ubuntu2.2\n apache2-mpm-worker 2.0.55-4ubuntu2.2\n\nUbuntu 6.10:\n apache2-common 2.0.55-4ubuntu4.1\n apache2-mpm-prefork 2.0.55-4ubuntu4.1\n apache2-mpm-worker 2.0.55-4ubuntu4.1\n\nUbuntu 7.04:\n apache2-mpm-prefork 2.2.3-3.2ubuntu0.1\n apache2-mpm-worker 2.2.3-3.2ubuntu0.1\n apache2.2-common 2.2.3-3.2ubuntu0.1\n\nIn general, a standard system upgrade is sufficient to effect the\nnecessary changes. \n\nDetails follow:\n\nStefan Esser discovered that mod_status did not force a character set,\nwhich could result in browsers becoming vulnerable to XSS attacks when\nprocessing the output. If a user were tricked into viewing server\nstatus output during a crafted server request, a remote attacker could\nexploit this to modify the contents, or steal confidential data (such as\npasswords), within the same domain. By default, mod_status is disabled\nin Ubuntu. (CVE-2006-5752)\n\nNiklas Edmundsson discovered that the mod_cache module could be made to\ncrash using a specially crafted request. A remote user could use this\nto cause a denial of service if Apache was configured to use a threaded\nworker. By default, mod_cache is disabled in Ubuntu. (CVE-2007-1863)\n\nA flaw was discovered in the signal handling of Apache. A local\nattacker could trick Apache into sending SIGUSR1 to other processes. \nThe vulnerable code was only present in Ubuntu Feisty. (CVE-2007-3304)\n\n\nUpdated packages for Ubuntu 6.06 LTS:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2.diff.gz\n Size/MD5: 115882 e94e45574e3b131d3a9a0e07e193f1e5\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2.dsc\n Size/MD5: 1148 c2bc143625fbf8ca59fea300845c5a42\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz\n Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.2_all.deb\n Size/MD5: 2124364 9b8ca5d5757c63f5ee6bbd507f0a8357\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon)\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.2_amd64.deb\n Size/MD5: 833000 be4c7770c725f5f4401ca06d1347211f\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.2_amd64.deb\n Size/MD5: 227832 41c12dfe84f109e6544a33e4e1d791a8\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.2_amd64.deb\n Size/MD5: 222934 7e4d072bad27239e366a6eda94c09190\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.2_amd64.deb\n Size/MD5: 227576 8fc59f78a3fa0e5d6dac81e875039bda\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.2_amd64.deb\n Size/MD5: 171082 4318f93373b705563251f377ed398614\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.2_amd64.deb\n Size/MD5: 171860 257f4183d70be5a00546c39c5a18f108\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.2_amd64.deb\n Size/MD5: 93916 695cee55f91ceb9424abe31d8b6ee1dd\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2_amd64.deb\n Size/MD5: 35902 00c1082a77ff1d863f72874c4472a26d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.2_amd64.deb\n Size/MD5: 285336 0a8510634b21f56f0d9619aa6fc9cec9\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.2_amd64.deb\n Size/MD5: 143952 d75f83ac219bce95a15a8f44b82b8ea7\n\n i386 architecture (x86 compatible Intel/AMD)\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.2_i386.deb\n Size/MD5: 786186 4e78fa0d438867194f66b11b4eb6fc2e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.2_i386.deb\n Size/MD5: 202448 74cf60884e18c1fc93f157010a15b12c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.2_i386.deb\n Size/MD5: 198456 209a0b92995fec453ed4c2c181e3e555\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.2_i386.deb\n Size/MD5: 202038 6cbd437caf993fa2b2b38369cd3d5863\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.2_i386.deb\n Size/MD5: 171074 0a5a26aa58af7aa2d51d1cf5d7c543d6\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.2_i386.deb\n Size/MD5: 171848 af9ca78febc5bc0c7936296dab958349\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.2_i386.deb\n Size/MD5: 91884 2857d60b507b28c736f83815c9f3d1b8\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2_i386.deb\n Size/MD5: 35906 202b5b233af0d26e29ca7302cf7fd04c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.2_i386.deb\n Size/MD5: 261418 c90342706ac26682d15032a5ba5cb51a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.2_i386.deb\n Size/MD5: 131850 951a4573901bc2f10d5febf940d57516\n\n powerpc architecture (Apple Macintosh G3/G4/G5)\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.2_powerpc.deb\n Size/MD5: 859126 afdd8642ca447fc9dc70dfed92be0fa6\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.2_powerpc.deb\n Size/MD5: 219898 6d9c9f924d2356bf9d3438a280870a7d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.2_powerpc.deb\n Size/MD5: 215602 dd554132cdea0f860e01cf5d4e0dbc7c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.2_powerpc.deb\n Size/MD5: 219378 7a1f4b325dacef287c901fa66680c04e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.2_powerpc.deb\n Size/MD5: 171096 a0e2547d38ef1b84dc419d69e42ffa0b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.2_powerpc.deb\n Size/MD5: 171864 200ab662b2c13786658486df37fda881\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.2_powerpc.deb\n Size/MD5: 103628 ae36642fbd4698bb362fa4bf9417b0e3\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2_powerpc.deb\n Size/MD5: 35910 358027282f2f19451d3aa784dc0474dc\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.2_powerpc.deb\n Size/MD5: 280950 0d9b56ec076da25e2a03f6d3c6445057\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.2_powerpc.deb\n Size/MD5: 141074 f5d3d5e0e5911e0c0156ae55af50f87b\n\n sparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.2_sparc.deb\n Size/MD5: 803440 d66da6a91c08956c3c5062668349ef41\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.2_sparc.deb\n Size/MD5: 209970 57f0a8f823a4502ee9a2608e3181cc81\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.2_sparc.deb\n Size/MD5: 205582 1dcfb0df796e85c409f614544ea589fe\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.2_sparc.deb\n Size/MD5: 209330 6bf7ae824eea35d3487febef384fce91\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.2_sparc.deb\n Size/MD5: 171080 1088337f4abcb6c8f65751b6120c2307\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.2_sparc.deb\n Size/MD5: 171868 5cda04cd73a9c6d8dfc18abd55c09ebd\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.2_sparc.deb\n Size/MD5: 92972 850ab3bb0904e8fe9b6255c42ba7f84c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2_sparc.deb\n Size/MD5: 35904 7af260b95c4faa17ef34810fed888caf\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.2_sparc.deb\n Size/MD5: 267550 08182a8a2cab00fc0e6bca2cccf5165f\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.2_sparc.deb\n Size/MD5: 129760 a60606c6d2f12209b0bdae997be4a13f\n\nUpdated packages for Ubuntu 6.10:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1.diff.gz\n Size/MD5: 116265 2732761b18dfb3c2cd1aa0b54c2cf623\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1.dsc\n Size/MD5: 1148 4b9c4612469c521db0c5fdbe2f6b9b25\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz\n Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu4.1_all.deb\n Size/MD5: 2124550 8d5c30342b35f9fd595fb09d7659b6fc\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon)\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.1_amd64.deb\n Size/MD5: 836342 2c4ba483b0b20fdc2d43819109177941\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.1_amd64.deb\n Size/MD5: 227390 e61cc1998f5b8f2c44dce587e59d288a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.1_amd64.deb\n Size/MD5: 222376 6bdbff7f7f80fd464d1e3ec52d6e7171\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.1_amd64.deb\n Size/MD5: 226848 4356b4caf2b40f364c8893c41b9f9355\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.1_amd64.deb\n Size/MD5: 171304 c4395af051e876228541ef5b8037d979\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.1_amd64.deb\n Size/MD5: 172074 99dadc4ad0f0947f9368d89f4589d95a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.1_amd64.deb\n Size/MD5: 94204 30f3bb8c72575fe93940ecc730b8e4b6\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1_amd64.deb\n Size/MD5: 36152 ea3cbefcbee7e2f6e5555edb44733ad9\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.1_amd64.deb\n Size/MD5: 286544 d555931490d44d93bec31c4bfc19ed12\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.1_amd64.deb\n Size/MD5: 145014 3e06ceb0a55598d82f9f781c44e210b3\n\n i386 architecture (x86 compatible Intel/AMD)\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.1_i386.deb\n Size/MD5: 806938 050bb7665332d3761e1a8e47939fa507\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.1_i386.deb\n Size/MD5: 209556 ee530b24aba8838001ebb6c901bc90cd\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.1_i386.deb\n Size/MD5: 205718 b52a17c63909eae3c49bad0ab1958f4b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.1_i386.deb\n Size/MD5: 209158 1844fa5e09224a90944f8b886ddb5a2a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.1_i386.deb\n Size/MD5: 171296 9de8aba41f7e3d60f41536ca712adebb\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.1_i386.deb\n Size/MD5: 172078 01ccd554177364747b08e2933f121d2c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.1_i386.deb\n Size/MD5: 93240 4573597317416869646eb2ea42cd0945\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1_i386.deb\n Size/MD5: 36150 77666d65bade6a91bd58826c79f11dc9\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.1_i386.deb\n Size/MD5: 266390 a3963d8e76f6865404f7fadb47880c87\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.1_i386.deb\n Size/MD5: 137604 387f6bcdaa58dbbe53082241b3231844\n\n powerpc architecture (Apple Macintosh G3/G4/G5)\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.1_powerpc.deb\n Size/MD5: 865372 27d7f1de1fcb2114d3f3b0a774302488\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.1_powerpc.deb\n Size/MD5: 221542 1ae8fa5cf4b77f3b2aa054e2886e587e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.1_powerpc.deb\n Size/MD5: 217044 9134983c40107f79fcac8d1eacbc7117\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.1_powerpc.deb\n Size/MD5: 221324 b435dc09c63ecbcd564a0923a8f07350\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.1_powerpc.deb\n Size/MD5: 171296 6d2a0abfb7a1daaeae56559eeb322dcb\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.1_powerpc.deb\n Size/MD5: 172064 ecc2037409554ea43c5a6848aa510c76\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.1_powerpc.deb\n Size/MD5: 104654 d0957d8df044c4a34437241792ed97d1\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1_powerpc.deb\n Size/MD5: 36148 34e102e1d2e1c6a6f31801dfb98cb82a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.1_powerpc.deb\n Size/MD5: 284548 c8f325ccc42cbe77191d4ddd9abc2a4e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.1_powerpc.deb\n Size/MD5: 144238 82cfbfcec5fc4931078145af8947c035\n\n sparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.1_sparc.deb\n Size/MD5: 811594 d8548e537fd81994bbb638e105dfbf8b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.1_sparc.deb\n Size/MD5: 212160 81cd0197ff89b79c967c1074ede9f8d7\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.1_sparc.deb\n Size/MD5: 207870 5d80ed8dc39b0d4d59fccb747624a684\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.1_sparc.deb\n Size/MD5: 211578 9407383d85db831dab728b39cce9acc8\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.1_sparc.deb\n Size/MD5: 171294 5e4d695a99bdc1fdfb0bfcef8b91d03d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.1_sparc.deb\n Size/MD5: 172064 06e3e765d799e281dba7329ff9d9e138\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.1_sparc.deb\n Size/MD5: 93796 1048b47b289fb2047fa9ac7ebbe94a57\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1_sparc.deb\n Size/MD5: 36150 0d106a177aa4271b1cfc0e96eec1a748\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.1_sparc.deb\n Size/MD5: 268444 3912123e7c71cc638132305ca89fe23b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.1_sparc.deb\n Size/MD5: 130626 f4444e0239c2da7d3c31e3486606f95a\n\nUpdated packages for Ubuntu 7.04:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu0.1.diff.gz\n Size/MD5: 112120 f7b1a17718aed7ca73da3a6d7aad06b0\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu0.1.dsc\n Size/MD5: 1128 e82b1bee591fff50d6673ed1a443e543\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3.orig.tar.gz\n Size/MD5: 6342475 f72ffb176e2dc7b322be16508c09f63c\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.3-3.2ubuntu0.1_all.deb\n Size/MD5: 2199184 c03756f87cb164213428532f70e0c198\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.3-3.2ubuntu0.1_all.deb\n Size/MD5: 272064 5be351f491f8d1aae9a270d1214e93e3\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.3-3.2ubuntu0.1_all.deb\n Size/MD5: 6674104 bdbabf8f478562f0e003737e977ffc7b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu0.1_all.deb\n Size/MD5: 38668 9f0c7c01e8441285c084002eb4619065\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon)\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu0.1_amd64.deb\n Size/MD5: 449624 1b54a8000c40eaaa0f9e31527b9bb180\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu0.1_amd64.deb\n Size/MD5: 445346 d15625641a3247fbf5d9d9b9aed34968\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu0.1_amd64.deb\n Size/MD5: 449208 55f39c28a4de98d53f80231aeb7d6c59\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu0.1_amd64.deb\n Size/MD5: 403570 0042c75be8a2d128d62b79398deaefa8\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu0.1_amd64.deb\n Size/MD5: 404138 929772b95ea67f338ad423a65b2b7011\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu0.1_amd64.deb\n Size/MD5: 341312 906819b0de863209575aa65d39a594a5\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu0.1_amd64.deb\n Size/MD5: 971462 f85e32c5f6437ce149553aee97ffd934\n\n i386 architecture (x86 compatible Intel/AMD)\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu0.1_i386.deb\n Size/MD5: 432922 c1b81ac7dc7b7a0b2261fd10d9bcf5c6\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu0.1_i386.deb\n Size/MD5: 428856 f506f2a9dd2dbd5c2d3f72a476cc3537\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu0.1_i386.deb\n Size/MD5: 432314 a5a11947ad8cf14604efa7ddcfd20bfe\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu0.1_i386.deb\n Size/MD5: 403574 da84a3a99276f14a11ac892ce7eee170\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu0.1_i386.deb\n Size/MD5: 404138 0fdd43a53e6957aa3a348a7bd9c876f5\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu0.1_i386.deb\n Size/MD5: 340396 88a0ddbc58335416d91c9f10adc9d5f5\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu0.1_i386.deb\n Size/MD5: 929716 138d58487b882e6002e3c5e4a9489add\n\n powerpc architecture (Apple Macintosh G3/G4/G5)\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu0.1_powerpc.deb\n Size/MD5: 451530 ddc437092ef642fcd396713cd1972f4c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu0.1_powerpc.deb\n Size/MD5: 446960 af1b667708e062f81bca4e995355394d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu0.1_powerpc.deb\n Size/MD5: 450940 ed9f31ec5045a88446115987c6e97655\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu0.1_powerpc.deb\n Size/MD5: 403574 65801ab51335a15dc370b9341a0e50dd\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu0.1_powerpc.deb\n Size/MD5: 404146 fd35e65fadd836feb0190b209947b466\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu0.1_powerpc.deb\n Size/MD5: 360518 b74bc9eead429cd8f0ebecd6a94e5edb\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu0.1_powerpc.deb\n Size/MD5: 1073812 376fe5b1ee383a6d870eea5dd3c6a704\n\n sparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu0.1_sparc.deb\n Size/MD5: 434408 c70ef2e9aed191fe53886ceb3725596e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu0.1_sparc.deb\n Size/MD5: 430574 7b690896da23a151ee5e106d596c1143\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu0.1_sparc.deb\n Size/MD5: 433918 cc01edfcfc673ba9a86c83fcc66e6870\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu0.1_sparc.deb\n Size/MD5: 403568 a7660cff70394403c764cf8f30c7298a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu0.1_sparc.deb\n Size/MD5: 404136 b8587d5eba0be59a6576d6cf645b2122\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu0.1_sparc.deb\n Size/MD5: 343370 1572a001a612add57d23350210ac1736\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu0.1_sparc.deb\n Size/MD5: 938586 b74a91fcfbb0503355e94981310bd1ce\n\n", "sources": [ { "db": "NVD", "id": "CVE-2007-3304" }, { "db": "JVNDB", "id": "JVNDB-2007-000477" }, { "db": "BID", "id": "24215" }, { "db": "VULMON", "id": "CVE-2007-3304" }, { "db": "PACKETSTORM", "id": "57505" }, { "db": "PACKETSTORM", "id": "60759" }, { "db": "PACKETSTORM", "id": "60039" }, { "db": "PACKETSTORM", "id": "80533" }, { "db": "PACKETSTORM", "id": "57507" }, { "db": "PACKETSTORM", "id": "58667" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2007-3304", "trust": 3.4 }, { "db": "BID", "id": "24215", "trust": 2.8 }, { "db": "VUPEN", "id": "ADV-2007-3100", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2007-3283", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2007-2727", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2007-4305", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2008-0233", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2007-3494", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2007-3420", "trust": 1.7 }, { "db": "SECUNIA", "id": "26211", "trust": 1.7 }, { "db": "SECUNIA", "id": "27732", "trust": 1.7 }, { "db": "SECUNIA", "id": "25920", "trust": 1.7 }, { "db": "SECUNIA", "id": "26759", "trust": 1.7 }, { "db": "SECUNIA", "id": "26993", "trust": 1.7 }, { "db": "SECUNIA", "id": "28212", "trust": 1.7 }, { "db": "SECUNIA", "id": "28606", "trust": 1.7 }, { "db": "SECUNIA", "id": "28224", "trust": 1.7 }, { "db": "SECUNIA", "id": "26790", "trust": 1.7 }, { "db": "SECUNIA", "id": "26842", "trust": 1.7 }, { "db": "SECUNIA", "id": "27563", "trust": 1.7 }, { "db": "SECUNIA", "id": "27209", "trust": 1.7 }, { "db": "SECUNIA", "id": "27121", "trust": 1.7 }, { "db": "SECUNIA", "id": "26508", "trust": 1.7 }, { "db": "SECUNIA", "id": "26443", "trust": 1.7 }, { "db": "SECUNIA", "id": "26822", "trust": 1.7 }, { "db": "SECUNIA", "id": "26611", "trust": 1.7 }, { "db": "SECUNIA", "id": "26273", "trust": 1.7 }, { "db": "SECUNIA", "id": "25827", "trust": 1.7 }, { "db": "SECUNIA", "id": "25830", "trust": 1.7 }, { "db": "SREASON", "id": "2814", "trust": 1.7 }, { "db": "OSVDB", "id": "38939", "trust": 1.7 }, { "db": "SECTRACK", "id": "1018304", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2007-000477", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-200706-316", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2007-3304", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "57505", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "60759", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "60039", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "80533", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "57507", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "58667", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2007-3304" }, { "db": "BID", "id": "24215" }, { "db": "JVNDB", "id": "JVNDB-2007-000477" }, { "db": "PACKETSTORM", "id": "57505" }, { "db": "PACKETSTORM", "id": "60759" }, { "db": "PACKETSTORM", "id": "60039" }, { "db": "PACKETSTORM", "id": "80533" }, { "db": "PACKETSTORM", "id": "57507" }, { "db": "PACKETSTORM", "id": "58667" }, { "db": "CNNVD", "id": "CNNVD-200706-316" }, { "db": "NVD", "id": "CVE-2007-3304" } ] }, "id": "VAR-200705-0681", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.16519225 }, "last_update_date": "2024-11-29T21:27:08.901000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Fixed in Apache httpd 1.3.39-dev", "trust": 0.8, "url": "http://httpd.apache.org/security/vulnerabilities_13.html#1.3.39-dev" }, { "title": "Fixed in Apache httpd 2.0.61-dev", "trust": 0.8, "url": "http://httpd.apache.org/security/vulnerabilities_20.html#2.0.61-dev" }, { "title": "Fixed in Apache httpd 2.2.6-dev", "trust": 0.8, "url": "http://httpd.apache.org/security/vulnerabilities_22.html#2.2.6-dev" }, { "title": "Revision 551843", "trust": 0.8, "url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?view=markup" }, { "title": "HPSBUX02273", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01182588" }, { "title": "HPSBUX02273", "trust": 0.8, "url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/HP-UX/HPSBUX02273.html" }, { "title": "PK50467", "trust": 0.8, "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK50467" }, { "title": "PK55141", "trust": 0.8, "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK55141" }, { "title": "4017303", "trust": 0.8, "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24017303" }, { "title": "Fix Pack 13 (6.1.0.13)", "trust": 0.8, "url": "http://www-1.ibm.com/support/docview.wss?uid=swg27007951#61013" }, { "title": "4017141", "trust": 0.8, "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24017141" }, { "title": "httpd (V3.0/V4.0)", "trust": 0.8, "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=1093" }, { "title": "RHSA-2007:0532", "trust": 0.8, "url": "https://rhn.redhat.com/errata/RHSA-2007-0532.html" }, { "title": "RHSA-2007:0556", "trust": 0.8, "url": "https://rhn.redhat.com/errata/RHSA-2007-0556.html" }, { "title": "RHSA-2007:0662", "trust": 0.8, "url": "https://rhn.redhat.com/errata/RHSA-2007-0662.html" }, { "title": "103179", "trust": 0.8, "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103179-1" }, { "title": "readme_iwss11_sol_patch7_b1182", "trust": 0.8, "url": "http://www.trendmicro.com/ftp/jp/ucmodule/iwss/sol/11/readme_iwss11_sol_patch7_b1182.txt" }, { "title": "RHSA-2007:0532", "trust": 0.8, "url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2007-0532J.html" }, { "title": "RHSA-2007:0556", "trust": 0.8, "url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2007-0556J.html" }, { "title": "RHSA-2007:0662", "trust": 0.8, "url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2007-0662J.html" }, { "title": "interstage_as_200802", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_200802.html" }, { "title": "Apache HTTP Server Worker Repair measures for multiple local denial of service vulnerabilities in the process", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=145950" }, { "title": "Ubuntu Security Notice: apache2 vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-499-1" }, { "title": "", "trust": 0.1, "url": "https://github.com/Live-Hack-CVE/CVE-2007-3304 " }, { "title": "", "trust": 0.1, "url": "https://github.com/kasem545/vulnsearch " } ], "sources": [ { "db": "VULMON", "id": "CVE-2007-3304" }, { "db": "JVNDB", "id": "JVNDB-2007-000477" }, { "db": "CNNVD", "id": "CNNVD-200706-316" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "CWE-DesignError", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2007-000477" }, { "db": "NVD", "id": "CVE-2007-3304" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.6, "url": "http://www.securityfocus.com/bid/24215" }, { "trust": 2.0, "url": "http://support.avaya.com/elmodocs2/security/asa-2007-353.htm" }, { "trust": 2.0, "url": "http://support.avaya.com/elmodocs2/security/asa-2007-363.htm" }, { "trust": 2.0, "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1pk52702" }, { "trust": 2.0, "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1pk53984" }, { "trust": 2.0, "url": "http://rhn.redhat.com/errata/rhsa-2007-0556.html" }, { "trust": 2.0, "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103179-1" }, { "trust": 2.0, "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.html" }, { "trust": 2.0, "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200032-1" }, { "trust": 1.8, "url": "http://security.gentoo.org/glsa/glsa-200711-06.xml" }, { "trust": 1.7, "url": "http://security.psnc.pl/files/apache_report.pdf" }, { "trust": 1.7, "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245111" }, { "trust": 1.7, "url": "http://svn.apache.org/viewvc?view=rev\u0026revision=547987" }, { "trust": 1.7, "url": "https://issues.rpath.com/browse/rpl-1710" }, { "trust": 1.7, "url": "http://bugs.gentoo.org/show_bug.cgi?id=186219" }, { "trust": 1.7, "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=pk50467\u0026apar=only" }, { "trust": 1.7, "url": "http://www.redhat.com/archives/fedora-package-announce/2007-september/msg00320.html" }, { "trust": 1.7, "url": "http://www.mandriva.com/security/advisories?name=mdksa-2007:140" }, { "trust": 1.7, "url": "http://www.mandriva.com/security/advisories?name=mdksa-2007:142" }, { "trust": 1.7, "url": "http://www.redhat.com/errata/rhsa-2007-0532.html" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2007-0557.html" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2007-0662.html" }, { "trust": 1.7, "url": "http://www.novell.com/linux/security/advisories/2007_61_apache2.html" }, { "trust": 1.7, "url": "http://www.trustix.org/errata/2007/0026/" }, { "trust": 1.7, "url": "http://www.ubuntu.com/usn/usn-499-1" }, { "trust": 1.7, "url": "http://www.securitytracker.com/id?1018304" }, { "trust": 1.7, "url": "http://secunia.com/advisories/25827" }, { "trust": 1.7, "url": "http://secunia.com/advisories/25830" }, { "trust": 1.7, "url": "http://secunia.com/advisories/25920" }, { "trust": 1.7, "url": "http://secunia.com/advisories/26211" }, { "trust": 1.7, "url": "http://secunia.com/advisories/26273" }, { "trust": 1.7, "url": "http://secunia.com/advisories/26443" }, { "trust": 1.7, "url": "http://secunia.com/advisories/26508" }, { "trust": 1.7, "url": "http://secunia.com/advisories/26611" }, { "trust": 1.7, "url": "http://secunia.com/advisories/26759" }, { "trust": 1.7, "url": "http://secunia.com/advisories/26790" }, { "trust": 1.7, "url": "http://secunia.com/advisories/26822" }, { "trust": 1.7, "url": "http://secunia.com/advisories/26842" }, { "trust": 1.7, "url": "http://secunia.com/advisories/26993" }, { "trust": 1.7, "url": "http://secunia.com/advisories/27121" }, { "trust": 1.7, "url": "http://secunia.com/advisories/27209" }, { "trust": 1.7, "url": "http://secunia.com/advisories/27563" }, { "trust": 1.7, "url": "http://secunia.com/advisories/27732" }, { "trust": 1.7, "url": "http://securityreason.com/securityalert/2814" }, { "trust": 1.7, "url": "http://secunia.com/advisories/28212" }, { "trust": 1.7, "url": "http://secunia.com/advisories/28224" }, { "trust": 1.7, "url": "http://secunia.com/advisories/28606" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2008-0261.html" }, { "trust": 1.7, "url": "http://lists.vmware.com/pipermail/security-announce/2009/000062.html" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2008/0233" }, { "trust": 1.7, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01182588" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2007/3494" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2007/3100" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2007/3420" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2007/4305" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2007/3283" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2007/2727" }, { "trust": 1.7, "url": "http://osvdb.org/38939" }, { "trust": 1.7, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35095" }, { "trust": 1.7, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11589" }, { "trust": 1.7, "url": "http://www.securityfocus.com/archive/1/505990/100/0/threaded" }, { "trust": 1.7, "url": "http://www.securityfocus.com/archive/1/471832/100/0/threaded" }, { "trust": 1.7, "url": "http://www.securityfocus.com/archive/1/469899/100/0/threaded" }, { "trust": 1.4, "url": "http://httpd.apache.org/security/vulnerabilities_13.html" }, { "trust": 1.4, "url": "http://httpd.apache.org/security/vulnerabilities_20.html" }, { "trust": 1.4, "url": "http://httpd.apache.org/security/vulnerabilities_22.html" }, { "trust": 1.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3304" }, { "trust": 1.1, "url": "http://marc.info/?l=apache-httpd-dev\u0026m=118252946632447\u0026w=2" }, { "trust": 1.1, "url": "ftp://patches.sgi.com/support/free/security/advisories/20070701-01-p.asc" }, { "trust": 1.0, "url": "http://mail-archives.apache.org/mod_mbox/httpd-dev/200706.mbox/%3c20070629141032.ga15192%40redhat.com%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3ccvs.httpd.apache.org%3e" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-3304" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-3304" }, { "trust": 0.6, "url": "httpd.apache.org%3e" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840@%3ccvs." }, { "trust": 0.6, "url": "httpd.apache.org/security/vulnerabilities_13.html" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3ccvs." }, { "trust": 0.6, "url": "httpd.apache.org/security/vulnerabilities_22.html" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs." }, { "trust": 0.6, "url": "httpd.apache.org/security/vulnerabilities_20.html" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6@%3ccvs." }, { "trust": 0.6, "url": "httpd-dev/200706.mbox/%3c20070629141032.ga15192@redhat.com%3e" }, { "trust": 0.6, "url": "http://mail-archives.apache.org/mod_mbox/" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3ccvs." }, { "trust": 0.6, "url": "httpd-dev\u0026m=118252946632447\u0026w=2" }, { "trust": 0.6, "url": "http://marc.info/?l=apache-" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3ccvs." }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2006-5752" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-1863" }, { "trust": 0.4, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5752" }, { "trust": 0.3, "url": "http://httpd.apache.org/" }, { "trust": 0.3, "url": "http://support.avaya.com/elmodocs2/security/asa-2008-012.htm" }, { "trust": 0.3, "url": "http://www.apache.org/dist/httpd/changes_2.2.6" }, { "trust": 0.3, "url": "/archive/1/482486" }, { "trust": 0.3, "url": "/archive/1/469899" }, { "trust": 0.3, "url": "/archive/1/479708" }, { "trust": 0.3, "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1pk50467" }, { "trust": 0.3, "url": "http://rhn.redhat.com/errata/rhsa-2007-0532.html" }, { "trust": 0.3, "url": "https://rhn.redhat.com/errata/rhsa-2007-0662.html" }, { "trust": 0.3, "url": "http://rhn.redhat.com/errata/rhsa-2008-0261.html" }, { "trust": 0.3, "url": "http://rhn.redhat.com/errata/rhsa-2008-0263.html" }, { "trust": 0.3, "url": "http://rhn.redhat.com/errata/rhsa-2008-0523.html" }, { "trust": 0.3, "url": "http://rhn.redhat.com/errata/rhsa-2008-0524.html" }, { "trust": 0.3, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1863" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-3847" }, { "trust": 0.2, "url": "http://www.mandriva.com/security/" }, { "trust": 0.2, "url": "http://www.mandriva.com/security/advisories" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3847" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/.html" }, { "trust": 0.1, "url": "http://mail-archives.apache.org/mod_mbox/httpd-dev/200706.mbox/%3c20070629141032.ga15192@redhat.com%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2007-3304" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/499-1/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1862" }, { "trust": 0.1, "url": "http://secunia.com/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4465" }, { "trust": 0.1, "url": "http://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://enigmail.mozdev.org" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-1862" }, { "trust": 0.1, "url": "http://lists.grok.org.uk/full-disclosure-charter.html" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-4465" }, { "trust": 0.1, "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do" }, { "trust": 0.1, "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc" }, { "trust": 0.1, "url": "https://www.hp.com/go/swa" }, { "trust": 0.1, "url": "http://h30046.www3.hp.com/subsignin.php" }, { "trust": 0.1, "url": "http://download3.vmware.com/software/vmplayer/vmware-player-2.5.3-185404.i386.rpm" }, { "trust": 0.1, "url": "http://www.vmware.com/support/ace25/doc/releasenotes_ace253.html" }, { "trust": 0.1, "url": "http://www.vmware.com/support/player25/doc/releasenotes_player253.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5000" }, { "trust": 0.1, "url": "http://www.vmware.com/download/ace/" }, { "trust": 0.1, "url": "http://www.vmware.com/download/player/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6388" }, { "trust": 0.1, "url": "http://www.vmware.com/security" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0005" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/1055" }, { "trust": 0.1, "url": "http://www.vmware.com/support/ws65/doc/releasenotes_ws653.html" }, { "trust": 0.1, "url": "http://www.vmware.com/download/ws/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0040" }, { "trust": 0.1, "url": "http://www.vmware.com/support/policies/security_response.html" }, { "trust": 0.1, "url": "http://download3.vmware.com/software/vmplayer/vmware-player-2.5.3-185404.x86_64.rpm" }, { "trust": 0.1, "url": "http://www.vmware.com/support/policies/eos.html" }, { "trust": 0.1, "url": "http://download3.vmware.com/software/vmplayer/vmware-player-2.5.3-185404.exe" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5000" }, { "trust": 0.1, "url": "http://download3.vmware.com/software/vmplayer/vmware-player-2.5.3-185404.i386.bundle" }, { "trust": 0.1, "url": "http://download3.vmware.com/software/vmplayer/vmware-player-2.5.3-185404.x86_64.bundle" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0040" }, { "trust": 0.1, "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6388" }, { "trust": 0.1, "url": "http://www.vmware.com/support/policies/eos_vi.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0005" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu0.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu0.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu0.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu0.1.dsc" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu0.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu0.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu0.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu0.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu0.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3.orig.tar.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu0.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu0.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu0.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.2_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu0.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1.diff.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu0.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu0.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu0.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu0.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.3-3.2ubuntu0.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu0.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.3-3.2ubuntu0.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.3-3.2ubuntu0.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu0.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu0.1.diff.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu4.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2.dsc" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu0.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu0.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1.dsc" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu0.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2.diff.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu0.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu0.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu0.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu0.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu0.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu0.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu0.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu0.1_i386.deb" } ], "sources": [ { "db": "VULMON", "id": "CVE-2007-3304" }, { "db": "BID", "id": "24215" }, { "db": "JVNDB", "id": "JVNDB-2007-000477" }, { "db": "PACKETSTORM", "id": "57505" }, { "db": "PACKETSTORM", "id": "60759" }, { "db": "PACKETSTORM", "id": "60039" }, { "db": "PACKETSTORM", "id": "80533" }, { "db": "PACKETSTORM", "id": "57507" }, { "db": "PACKETSTORM", "id": "58667" }, { "db": "CNNVD", "id": "CNNVD-200706-316" }, { "db": "NVD", "id": "CVE-2007-3304" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2007-3304" }, { "db": "BID", "id": "24215" }, { "db": "JVNDB", "id": "JVNDB-2007-000477" }, { "db": "PACKETSTORM", "id": "57505" }, { "db": "PACKETSTORM", "id": "60759" }, { "db": "PACKETSTORM", "id": "60039" }, { "db": "PACKETSTORM", "id": "80533" }, { "db": "PACKETSTORM", "id": "57507" }, { "db": "PACKETSTORM", "id": "58667" }, { "db": "CNNVD", "id": "CNNVD-200706-316" }, { "db": "NVD", "id": "CVE-2007-3304" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2007-06-20T00:00:00", "db": "VULMON", "id": "CVE-2007-3304" }, { "date": "2007-05-29T00:00:00", "db": "BID", "id": "24215" }, { "date": "2007-07-02T00:00:00", "db": "JVNDB", "id": "JVNDB-2007-000477" }, { "date": "2007-07-07T04:29:41", "db": "PACKETSTORM", "id": "57505" }, { "date": "2007-11-07T20:27:55", "db": "PACKETSTORM", "id": "60759" }, { "date": "2007-10-12T04:41:53", "db": "PACKETSTORM", "id": "60039" }, { "date": "2009-08-23T16:31:17", "db": "PACKETSTORM", "id": "80533" }, { "date": "2007-07-07T04:32:02", "db": "PACKETSTORM", "id": "57507" }, { "date": "2007-08-17T06:30:14", "db": "PACKETSTORM", "id": "58667" }, { "date": "2007-05-29T00:00:00", "db": "CNNVD", "id": "CNNVD-200706-316" }, { "date": "2007-06-20T22:30:00", "db": "NVD", "id": "CVE-2007-3304" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-09-21T00:00:00", "db": "VULMON", "id": "CVE-2007-3304" }, { "date": "2010-08-05T21:15:00", "db": "BID", "id": "24215" }, { "date": "2009-02-09T00:00:00", "db": "JVNDB", "id": "JVNDB-2007-000477" }, { "date": "2022-09-22T00:00:00", "db": "CNNVD", "id": "CNNVD-200706-316" }, { "date": "2024-11-21T00:32:54.327000", "db": "NVD", "id": "CVE-2007-3304" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "PACKETSTORM", "id": "57505" }, { "db": "PACKETSTORM", "id": "57507" }, { "db": "CNNVD", "id": "CNNVD-200706-316" } ], "trust": 0.8 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache HTTP Server of Prefork MPM Service disruption in modules (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2007-000477" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-200706-316" } ], "trust": 0.6 } }
var-200808-0011
Vulnerability from variot
Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter. A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system. Apache Tomcat is prone to a remote information-disclosure vulnerability. Remote attackers can exploit this issue to obtain the contents of sensitive files stored on the server. Information obtained may lead to further attacks. The following versions are affected: Tomcat 4.1.0 through 4.1.37 Tomcat 5.5.0 through 5.5.26 Tomcat 6.0.0 through 6.0.16 Tomcat 3.x, 4.0.x, and 5.0.x may also be affected. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
CVE-2008-2370: Apache Tomcat information disclosure vulnerability
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected: Tomcat 4.1.0 to 4.1.37 Tomcat 5.5.0 to 5.5.26 Tomcat 6.0.0 to 6.0.16 The unsupported Tomcat 3.x, 4.0.x and 5.0.x versions may be also affected
Description: When using a RequestDispatcher the target path was normalised before the query string was removed. A request that included a specially crafted request parameter could be used to access content that would otherwise be protected by a security constraint or by locating it in under the WEB-INF directory.
Mitigation: 6.0.x users should upgrade to 6.0.18 5.5.x users should obtain the latest source from svn or apply this patch which will be included from 5.5.27 http://svn.apache.org/viewvc?rev=680949&view=rev 4.1.x users should obtain the latest source from svn or apply this patch which will be included from 4.1.38 http://svn.apache.org/viewvc?rev=680950&view=rev
Example: For a page that contains: <% pageContext.forward("/page2.jsp?somepar=someval&par="+request.getParameter("blah")); %> an attacker can use: http://host/page.jsp?blah=/../WEB-INF/web.xml
Credit: This issue was discovered by Stefano Di Paola of Minded Security Research Labs. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01650939 Version: 1
HPSBUX02401 SSRT090005 rev.1 - HP-UX Running Apache Web Server Suite, Remote Denial of Service (DoS), Cross-site Scripting (XSS), Execution of Arbitrary Code, Cross-Site Request Forgery (CSRF)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2009-02-02 Last Updated: 2009-02-02
Potential Security Impact: Remote Denial of Service (DoS), cross-site scripting (XSS), execution of arbitrary code, cross-site request forgery (CSRF)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX running Apache-based Web Server or Tomcat-based Servelet Engine. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS), cross-site scripting (XSS), execution of arbitrary code, or cross-site request forgery (CSRF). Apache-based Web Server and Tomcat-based Servelet Engine are contained in the Apache Web Server Suite.
References: CVE-2007-6420, CVE-2008-1232, CVE-2008-1947, CVE-2008-2364, CVE-2008-2370, CVE-2008-2938, CVE-2008-2939, CVE-2008-3658
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.23 and B.11.31 running Apache-based Web Server v2.2.8.01.01 or earlier or Tomcat-based Servelet Engine v5.5.27.01.01 or earlier HP-UX B.11.11 running Apache-based Web Server v2.2.8.01.01 or earlier
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2007-6420 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-1232 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-1947 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-2364 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 5.0 CVE-2008-2370 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 5.0 CVE-2008-2938 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-2939 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-3658 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 7.5 =============================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002.
RESOLUTION
HP has provided the following upgrades to resolve these vulnerabilities. The upgrades are available from the following location: URL: http://software.hp.com
Note: HP-UX Web Server Suite v.3.02 contains HP-UX Apache-based Web Server v.2.2.8.01.02 and HP-UX Tomcat-based Servlet Engine 5.5.27.01.01
HP-UX Release - B.11.23 and B.11.31 PA-32 Apache Depot name - HPUXWSATW-B302-32.depot
HP-UX Release - B.11.23 and B.11.31 IA-64 Apache Depot name - HPUXWSATW-B302-64.depot
HP-UX Release - B.11.11 PA-32 Apache Depot name - HPUXWSATW-B222-1111.depot
MANUAL ACTIONS: Yes - Update
Install Apache-based Web Server or Tomcat-based Servelet Engine from the Apache Web Server Suite v3.02 or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11
hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY hpuxwsTOMCAT.TOMCAT hpuxwsWEBMIN.WEBMIN
action: install revision B.2.2.8.01.02 or subsequent URL: http://software.hp.com
HP-UX B.11.23
hpuxws22APCH32.APACHE hpuxws22APCH32.APACHE2 hpuxws22APCH32.AUTH_LDAP hpuxws22APCH32.AUTH_LDAP2 hpuxws22APCH32.MOD_JK hpuxws22APCH32.MOD_JK2 hpuxws22APCH32.MOD_PERL hpuxws22APCH32.MOD_PERL2 hpuxws22APCH32.PHP hpuxws22APCH32.PHP2 hpuxws22APCH32.WEBPROXY hpuxws22APCH32.WEBPROXY2 hpuxws22TOMCAT.TOMCAT hpuxws22WEBMIN.WEBMIN
action: install revision B.2.2.8.01.02 or subsequent URL: http://software.hp.com
HP-UX B.11.31
hpuxws22APACHE.APACHE hpuxws22APACHE.APACHE2 hpuxws22APACHE.AUTH_LDAP hpuxws22APACHE.AUTH_LDAP2 hpuxws22APACHE.MOD_JK hpuxws22APACHE.MOD_JK2 hpuxws22APACHE.MOD_PERL hpuxws22APACHE.MOD_PERL2 hpuxws22APACHE.PHP hpuxws22APACHE.PHP2 hpuxws22APACHE.WEBPROXY hpuxws22APACHE.WEBPROXY2 hpuxws22TOMCAT.TOMCAT hpuxws22WEBMIN.WEBMIN
action: install revision B.2.2.8.01.02 or subsequent URL: http://software.hp.com
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) 2 February 2009 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
- The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
\xa9Copyright 2009 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
VMware Security Advisory
Advisory ID: VMSA-2009-0016 Synopsis: VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components Issue date: 2009-11-20 Updated on: 2009-11-20 (initial release of advisory) CVE numbers: --- JRE --- CVE-2009-1093 CVE-2009-1094 CVE-2009-1095 CVE-2009-1096 CVE-2009-1097 CVE-2009-1098 CVE-2009-1099 CVE-2009-1100 CVE-2009-1101 CVE-2009-1102 CVE-2009-1103 CVE-2009-1104 CVE-2009-1105 CVE-2009-1106 CVE-2009-1107 CVE-2009-2625 CVE-2009-2670 CVE-2009-2671 CVE-2009-2672 CVE-2009-2673 CVE-2009-2675 CVE-2009-2676 CVE-2009-2716 CVE-2009-2718 CVE-2009-2719 CVE-2009-2720 CVE-2009-2721 CVE-2009-2722 CVE-2009-2723 CVE-2009-2724 --- Tomcat --- CVE-2008-5515 CVE-2009-0033 CVE-2009-0580 CVE-2009-0781 CVE-2009-0783 CVE-2008-1232 CVE-2008-1947 CVE-2008-2370 CVE-2007-5333 CVE-2007-5342 CVE-2007-5461 CVE-2007-6286 CVE-2008-0002 --- ntp --- CVE-2009-1252 CVE-2009-0159 --- kernel --- CVE-2008-3528 CVE-2008-5700 CVE-2009-0028 CVE-2009-0269 CVE-2009-0322 CVE-2009-0675 CVE-2009-0676 CVE-2009-0778 CVE-2008-4307 CVE-2009-0834 CVE-2009-1337 CVE-2009-0787 CVE-2009-1336 CVE-2009-1439 CVE-2009-1633 CVE-2009-1072 CVE-2009-1630 CVE-2009-1192 CVE-2007-5966 CVE-2009-1385 CVE-2009-1388 CVE-2009-1389 CVE-2009-1895 CVE-2009-2406 CVE-2009-2407 CVE-2009-2692 CVE-2009-2698 CVE-2009-0745 CVE-2009-0746 CVE-2009-0747 CVE-2009-0748 CVE-2009-2847 CVE-2009-2848 --- python --- CVE-2007-2052 CVE-2007-4965 CVE-2008-1721 CVE-2008-1887 CVE-2008-2315 CVE-2008-3142 CVE-2008-3143 CVE-2008-3144 CVE-2008-4864 CVE-2008-5031 --- bind --- CVE-2009-0696 --- libxml and libxml2 --- CVE-2009-2414 CVE-2009-2416 --- curl -- CVE-2009-2417 --- gnutil --- CVE-2007-2052
- Summary
Updated Java JRE packages and Tomcat packages address several security issues. Updates for the ESX Service Console and vMA include kernel, ntp, Python, bind libxml, libxml2, curl and gnutil packages. ntp is also updated for ESXi userworlds.
- Relevant releases
vCenter Server 4.0 before Update 1
ESXi 4.0 without patch ESXi400-200911201-UG
ESX 4.0 without patches ESX400-200911201-UG, ESX400-200911223-UG, ESX400-200911232-SG, ESX400-200911233-SG, ESX400-200911234-SG, ESX400-200911235-SG, ESX400-200911237-SG, ESX400-200911238-SG
vMA 4.0 before patch 02
- Problem Description
a. JRE Security Update
JRE update to version 1.5.0_20, which addresses multiple security
issues that existed in earlier releases of JRE.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the following names to the security issues fixed in
JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,
CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099,
CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103,
CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the following names to the security issues fixed in
JRE 1.5.0_20: CVE-2009-2625, CVE-2009-2670, CVE-2009-2671,
CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676,
CVE-2009-2716, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720,
CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter 4.0 Windows Update 1
VirtualCenter 2.5 Windows affected, patch pending
VirtualCenter 2.0.2 Windows affected, patch pending
Workstation any any not affected
Player any any not affected
Server 2.0 any affected, patch pending
Server 1.0 any not affected
ACE any any not affected
Fusion any any not affected
ESXi any ESXi not affected
ESX 4.0 ESX ESX400-200911223-UG
ESX 3.5 ESX affected, patch pending
ESX 3.0.3 ESX affected, patch pending
ESX 2.5.5 ESX not affected
vMA 4.0 RHEL5 Patch 2 *
-
vMA JRE is updated to version JRE 1.5.0_21
Notes: These vulnerabilities can be exploited remotely only if the attacker has access to the Service Console network.
Security best practices provided by VMware recommend that the Service Console be isolated from the VM network. Please see http://www.vmware.com/resources/techresources/726 for more information on VMware security best practices. The currently installed version of JRE depends on your patch deployment history.
b. Update Apache Tomcat version to 6.0.20
Update for VirtualCenter and ESX patch update the Tomcat package to version 6.0.20 which addresses multiple security issues that existed in the previous version of Apache Tomcat.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.20: CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.18: CVE-2008-1232, CVE-2008-1947, CVE-2008-2370.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.16: CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-6286, CVE-2008-0002.
The following table lists what action remediates the vulnerability (column 4) if a solution is available.
VMware Product Running Replace with/ Product Version on Apply Patch ======== ======== ======= ======================= vCenter 4.0 Windows Update 1 VirtualCenter 2.5 Windows affected, patch pending VirtualCenter 2.0.2 Windows affected, patch pending
Workstation any any not affected
Player any any not affected
ACE any Windows not affected
Server 2.x any affected, patch pending Server 1.x any not affected
Fusion any Mac OS/X not affected
ESXi any ESXi not affected
ESX 4.0 ESX ESX400-200911223-UG ESX 3.5 ESX affected, patch pending ESX 3.0.3 ESX affected, patch pending ESX 2.5.5 ESX not affected
vMA 4.0 RHEL5 not affected
Notes: These vulnerabilities can be exploited remotely only if the
attacker has access to the Service Console network.
Security best practices provided by VMware recommend that the
Service Console be isolated from the VM network. Please see
http://www.vmware.com/resources/techresources/726 for more
information on VMware security best practices.
The currently installed version of Tomcat depends on
your patch deployment history.
c. Third party library update for ntp.
The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source.
ESXi 3.5 and ESXi 4.0 have a ntp client that is affected by the following security issue. Note that the same security issue is present in the ESX Service Console as described in section d. of this advisory.
A buffer overflow flaw was discovered in the ntpd daemon's NTPv4 authentication code. If ntpd was configured to use public key cryptography for NTP packet authentication, a remote attacker could use this flaw to send a specially-crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the "ntp" user.
The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-1252 to this issue.
The NTP security issue identified by CVE-2009-0159 is not relevant for ESXi 3.5 and ESXi 4.0.
The following table lists what action remediates the vulnerability in this component (column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi 4.0 ESXi ESXi400-200911201-UG
ESXi 3.5 ESXi affected, patch pending
ESX 4.0 ESX not affected
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
ESX 2.5.5 ESX not affected
vMA 4.0 RHEL5 not affected
- hosted products are VMware Workstation, Player, ACE, Server, Fusion.
d. Service Console update for ntp
Service Console package ntp updated to version ntp-4.2.2pl-9.el5_3.2
The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source.
The Service Console present in ESX is affected by the following security issues.
A buffer overflow flaw was discovered in the ntpd daemon's NTPv4 authentication code. If ntpd was configured to use public key cryptography for NTP packet authentication, a remote attacker could use this flaw to send a specially-crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the "ntp" user.
NTP authentication is not enabled by default on the Service Console.
The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-1252 to this issue.
A buffer overflow flaw was found in the ntpq diagnostic command. A malicious, remote server could send a specially-crafted reply to an ntpq request that could crash ntpq or, potentially, execute arbitrary code with the privileges of the user running the ntpq command.
The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-0159 to this issue.
The following table lists what action remediates the vulnerability in the Service Console (column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.0 ESX ESX400-200911238-SG
ESX 3.5 ESX affected, patch pending **
ESX 3.0.3 ESX affected, patch pending **
ESX 2.5.5 ESX affected, patch pending **
vMA 4.0 RHEL5 Patch 2
- hosted products are VMware Workstation, Player, ACE, Server, Fusion.
** The service consoles of ESX 2.5.5, ESX 3.0.3 and ESX 3.5 are not affected by CVE-2009-1252. The security issue identified by CVE-2009-0159 has a low impact on the service console of ESX 2.5.5, ESX 3.0.3 and ESX 3.5.
e. Updated Service Console package kernel
Updated Service Console package kernel addresses the security
issues below.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2008-3528, CVE-2008-5700, CVE-2009-0028,
CVE-2009-0269, CVE-2009-0322, CVE-2009-0675, CVE-2009-0676,
CVE-2009-0778 to the security issues fixed in kernel
2.6.18-128.1.6.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2008-4307, CVE-2009-0834, CVE-2009-1337,
CVE-2009-0787, CVE-2009-1336 to the security issues fixed in
kernel 2.6.18-128.1.10.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2009-1439, CVE-2009-1633, CVE-2009-1072,
CVE-2009-1630, CVE-2009-1192 to the security issues fixed in
kernel 2.6.18-128.1.14.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2007-5966, CVE-2009-1385, CVE-2009-1388,
CVE-2009-1389, CVE-2009-1895, CVE-2009-2406, CVE-2009-2407 to the
security issues fixed in kernel 2.6.18-128.4.1.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2009-2692, CVE-2009-2698 to the
security issues fixed in kernel 2.6.18-128.7.1.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2009-0745, CVE-2009-0746, CVE-2009-0747,
CVE-2009-0748, CVE-2009-2847, CVE-2009-2848 to the security issues
fixed in kernel 2.6.18-164.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not applicable
hosted * any any not applicable
ESXi any ESXi not applicable
ESX 4.0 ESX ESX400-200911201-UG
ESX 3.5 ESX not applicable
ESX 3.0.3 ESX not applicable
ESX 2.5.5 ESX not applicable
vMA 4.0 RHEL5 Patch 2 **
- hosted products are VMware Workstation, Player, ACE, Server, Fusion.
** vMA is updated to kernel version 2.6.18-164.
f. Updated Service Console package python
Service Console package Python update to version 2.4.3-24.el5.
When the assert() system call was disabled, an input sanitization
flaw was revealed in the Python string object implementation that
led to a buffer overflow. The missing check for negative size values
meant the Python memory allocator could allocate less memory than
expected. This could result in arbitrary code execution with the
Python interpreter's privileges.
Multiple buffer and integer overflow flaws were found in the Python
Unicode string processing and in the Python Unicode and string
object implementations. An attacker could use these flaws to cause
a denial of service.
Multiple integer overflow flaws were found in the Python imageop
module. If a Python application used the imageop module to
process untrusted images, it could cause the application to
disclose sensitive information, crash or, potentially, execute
arbitrary code with the Python interpreter's privileges.
Multiple integer underflow and overflow flaws were found in the
Python snprintf() wrapper implementation. An attacker could use
these flaws to cause a denial of service (memory corruption).
Multiple integer overflow flaws were found in various Python
modules. An attacker could use these flaws to cause a denial of
service.
An integer signedness error, leading to a buffer overflow, was
found in the Python zlib extension module. If a Python application
requested the negative byte count be flushed for a decompression
stream, it could cause the application to crash or, potentially,
execute arbitrary code with the Python interpreter's privileges.
A flaw was discovered in the strxfrm() function of the Python
locale module. Strings generated by this function were not properly
NULL-terminated, which could possibly cause disclosure of data
stored in the memory of a Python application using this function.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2007-2052 CVE-2007-4965 CVE-2008-1721
CVE-2008-1887 CVE-2008-2315 CVE-2008-3142 CVE-2008-3143
CVE-2008-3144 CVE-2008-4864 CVE-2008-5031 to these issues.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not applicable
hosted * any any not applicable
ESXi any ESXi not applicable
ESX 4.0 ESX ESX400-200911235-SG
ESX 3.5 ESX affected, patch pending
ESX 3.0.3 ESX affected, patch pending
ESX 2.5.5 ESX affected, patch pending
vMA 4.0 RHEL5 Patch 2
- hosted products are VMware Workstation, Player, ACE, Server, Fusion.
g. Updated Service Console package bind
Service Console package bind updated to version 9.3.6-4.P1.el5
The Berkeley Internet Name Domain (BIND) is an implementation of the
Domain Name System (DNS) protocols. BIND includes a DNS server
(named); a resolver library (routines for applications to use when
interfacing with DNS); and tools for verifying that the DNS server
is operating correctly.
A flaw was found in the way BIND handles dynamic update message
packets containing the "ANY" record type. A remote attacker could
use this flaw to send a specially-crafted dynamic update packet
that could cause named to exit with an assertion failure.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2009-0696 to this issue.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not applicable
hosted * any any not applicable
ESXi any ESXi not applicable
ESX 4.0 ESX ESX400-200911237-SG
ESX 3.5 ESX affected, patch pending
ESX 3.0.3 ESX affected, patch pending
ESX 2.5.5 ESX affected, patch pending
vMA 4.0 RHEL5 Patch 2
- hosted products are VMware Workstation, Player, ACE, Server, Fusion.
h. Updated Service Console package libxml2
Service Console package libxml2 updated to version 2.6.26-2.1.2.8.
libxml is a library for parsing and manipulating XML files. A
Document Type Definition (DTD) defines the legal syntax (and also
which elements can be used) for certain types of files, such as XML
files.
A stack overflow flaw was found in the way libxml processes the
root XML document element definition in a DTD. A remote attacker
could provide a specially-crafted XML file, which once opened by a
local, unsuspecting user, would lead to denial of service.
Multiple use-after-free flaws were found in the way libxml parses
the Notation and Enumeration attribute types. A remote attacker
could provide a specially-crafted XML file, which once opened by a
local, unsuspecting user, would lead to denial of service.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2009-2414 and CVE-2009-2416 to these
issues.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not applicable
hosted * any any not applicable
ESXi any ESXi not applicable
ESX 4.0 ESX ESX400-200911234-SG
ESX 3.5 ESX affected, patch pending
ESX 3.0.3 ESX affected, patch pending
ESX 2.5.5 ESX affected, patch pending
vMA 4.0 RHEL5 Patch 2
- hosted products are VMware Workstation, Player, ACE, Server, Fusion.
i. Updated Service Console package curl
Service Console package curl updated to version 7.15.5-2.1.el5_3.5
A cURL is affected by the previously published "null prefix attack",
caused by incorrect handling of NULL characters in X.509
certificates. If an attacker is able to get a carefully-crafted
certificate signed by a trusted Certificate Authority, the attacker
could use the certificate during a man-in-the-middle attack and
potentially confuse cURL into accepting it by mistake.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2009-2417 to this issue
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not applicable
hosted * any any not applicable
ESXi any ESXi not applicable
ESX 4.0 ESX ESX400-200911232-SG
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
ESX 2.5.5 ESX not affected
vMA 4.0 RHEL5 Patch 2
- hosted products are VMware Workstation, Player, ACE, Server, Fusion.
j. Updated Service Console package gnutls
Service Console package gnutil updated to version 1.4.1-3.el5_3.5
A flaw was discovered in the way GnuTLS handles NULL characters in
certain fields of X.509 certificates. If an attacker is able to get
a carefully-crafted certificate signed by a Certificate Authority
trusted by an application using GnuTLS, the attacker could use the
certificate during a man-in-the-middle attack and potentially
confuse the application into accepting it by mistake.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2009-2730 to this issue
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not applicable
hosted * any any not applicable
ESXi any ESXi not applicable
ESX 4.0 ESX ESX400-200911233-SG
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
ESX 2.5.5 ESX not affected
vMA 4.0 RHEL5 Patch 2
-
hosted products are VMware Workstation, Player, ACE, Server, Fusion.
-
Solution
Please review the patch/release notes for your product and version and verify the md5sum of your downloaded file.
VMware vCenter Server 4 Update 1
Version 4.0 Update 1 Build Number 208156 Release Date 2009/11/19 Type Product Binaries http://downloads.vmware.com/download/download.do?downloadGroup=VC40U1
VMware vCenter Server 4 and modules File size: 1.8 GB File type: .iso MD5SUM: 057d55b32eb27fe5f3e01bc8d3df3bc5 SHA1SUM: c90134418c2e4d3d6637d8bee44261300ad95ec1
VMware vCenter Server 4 and modules File size: 1.5 GB File type: .zip MD5SUM: f843d9c19795eb3bc5a77f5c545468a8 SHA1SUM: 9a7abd8e70bd983151e2ee40e1b3931525c4480c
VMware vSphere Client and Host Update Utility File size: 113.8 MB File type: .exe MD5SUM: 6cc6b2c958e7e9529c284e48dfae22a9 SHA1SUM: f4c19c63a75d93cffc57b170066358160788c959
VMware vCenter Converter BootCD File size: 98.8 MB File type: .zip MD5SUM: 3df94eb0e93de76b0389132ada2a3799 SHA1SUM: 5d7c04e4f9f8ae25adc8de5963fefd8a4c92464c
VMware vCenter Converter CLI (Linux) File size: 36.9 MB File type: .tar.gz MD5SUM: 3766097563936ba5e03e87e898f6bd48 SHA1SUM: 36d485bdb5eb279296ce8c8523df04bfb12a2cb4
ESXi 4.0 Update 1
ESXi400-200911201-UG
https://hostupdate.vmware.com/software/VUM/OFFLINE/release-155-20091116-013169/ESXi-4.0.0-update01.zip md5sum:c6fdd6722d9e5cacb280bdcc2cca0627 sha1sum:de9d4875f86b6493f9da991a8cff37784215db2e http://kb.vmware.com/kb/1014886
NOTE: The three ESXi patches for Firmware, VMware Tools, and the VI Client "C" are contained in a single download file.
ESX 4.0 Update 1
https://hostupdate.vmware.com/software/VUM/OFFLINE/release-158-20091118-187517/ESX-4.0.0-update01.zip md5sum: 68934321105c34dcda4cbeeab36a2b8f sha1sum: 0d8ae58cf9143d5c7113af9692dea11ed2dd864b http://kb.vmware.com/kb/1014842
To install an individual bulletin use esxupdate with the -b option. esxupdate --bundle=ESX-4.0.0-update01.zip -b ESX400-200911223-UG -b ESX400-200911238-SG -b ESX400-200911201-UG -b ESX400-200911235-SG -b ESX400-200911237-SG -b ESX400-200911234-SG -b ESX400-200911232-SG -b ESX400-200911233-SG update
- References
CVE numbers --- JRE --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1093 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1094 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1095 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1096 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1097 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1098 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1099 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1100 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1101 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1102 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1103 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1104 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1105 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1106 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1107 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2625 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2670 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2671 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2672 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2673 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2675 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2676 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2716 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2718 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2719 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2720 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2721 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2722 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2723 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2724 --- Tomcat --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5515 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0033 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0580 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0781 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0783 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6286 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0002 --- ntp --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1252 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0159 --- kernel --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3528 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5700 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0028 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0269 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0322 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0675 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0676 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0778 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4307 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0834 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1337 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0787 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1336 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1439 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1633 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1072 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1630 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1192 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5966 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1385 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1388 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1895 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2406 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2407 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2692 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2698 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0745 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0746 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0747 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0748 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2847 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2848 --- python --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2052 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4965 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1721 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1887 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2315 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3142 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3143 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3144 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4864 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5031 --- bind --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0696 --- libxml and libxml2 --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2414 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2416 --- curl -- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2417 --- gnutil --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2052
- Change log
2009-11-20 VMSA-2009-0016 Initial security advisory after release of vCenter 4.0 Update 1 and ESX 4.0 Update 1 on 2009-11-19 and release of vMA Patch 2 on 2009-11-23.
- Contact
E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
- security-announce at lists.vmware.com
- bugtraq at securityfocus.com
- full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055
VMware Security Center http://www.vmware.com/security
VMware security response policy http://www.vmware.com/support/policies/security_response.html
General support life cycle policy http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/lifecycle/
Copyright 2009 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAksHAooACgkQS2KysvBH1xmQMACfTEcnuPanvucXPmgJCTT054o+ dtoAniXz+9xLskrkPr3oUzAcDeV729WG =wSRz -----END PGP SIGNATURE----- .
Affected Products
The WiKID Strong Authentication Server - Enterprise Edition The WiKID Strong Authentication Server - Community Edition
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6286
Mitigation
Commercial users may download the most recent RPMs from the website: http://www.wikidsystems.com/downloads/
Users of the open source community version may download packages from Sourceforge: https://sourceforge.net/project/showfiles.php?group_id=144774
Nick Owen WiKID Systems, Inc. 404-962-8983 (desk) http://www.wikidsystems.com Two-factor authentication, without the hassle factor. References
Tomcat release notes tomcat.apache.org/security-5.html
CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370
A cross-site scripting vulnerability was found in the HttpServletResponse.sendError() method which could allow a remote attacker to inject arbitrary web script or HTML via forged HTTP headers (CVE-2008-1232).
A cross-site scripting vulnerability was found in the host manager application that could allow a remote attacker to inject arbitrary web script or HTML via the hostname parameter (CVE-2008-1947).
A traversal vulnerability was found when the 'allowLinking' and 'URIencoding' settings were actived which could allow a remote attacker to use a UTF-8-encoded request to extend their privileges and obtain local files accessible to the Tomcat process (CVE-2008-2938).
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938
Updated Packages:
Mandriva Linux 2008.0: 56ca5eb3e331c6675634a5e3f3c5afd7 2008.0/i586/tomcat5-5.5.23-9.2.10.2mdv2008.0.i586.rpm a1c688654decf045f80fb6d8978c73fa 2008.0/i586/tomcat5-admin-webapps-5.5.23-9.2.10.2mdv2008.0.i586.rpm 2b7a97313ece05bbd5596045853cfca0 2008.0/i586/tomcat5-common-lib-5.5.23-9.2.10.2mdv2008.0.i586.rpm e8384332efad0e2317a646241bece6ee 2008.0/i586/tomcat5-jasper-5.5.23-9.2.10.2mdv2008.0.i586.rpm a30cc8061f55f2613c517574263cdd21 2008.0/i586/tomcat5-jasper-javadoc-5.5.23-9.2.10.2mdv2008.0.i586.rpm 4f4a12c8479f27c7f9ed877f5821afa3 2008.0/i586/tomcat5-jsp-2.0-api-5.5.23-9.2.10.2mdv2008.0.i586.rpm ced904c459478c1123ed5da41dddbd7f 2008.0/i586/tomcat5-jsp-2.0-api-javadoc-5.5.23-9.2.10.2mdv2008.0.i586.rpm 183e045a9b44747c7a4adaec5c860441 2008.0/i586/tomcat5-server-lib-5.5.23-9.2.10.2mdv2008.0.i586.rpm 78af5a5788ac359a99a24f03a39c7b94 2008.0/i586/tomcat5-servlet-2.4-api-5.5.23-9.2.10.2mdv2008.0.i586.rpm 8e8569bfab5abef912299b9b751e49e9 2008.0/i586/tomcat5-servlet-2.4-api-javadoc-5.5.23-9.2.10.2mdv2008.0.i586.rpm 6899c327906423cdd02b930221c2496e 2008.0/i586/tomcat5-webapps-5.5.23-9.2.10.2mdv2008.0.i586.rpm 39fd3985d73f2f20efe4ed97c2a5e7c7 2008.0/SRPMS/tomcat5-5.5.23-9.2.10.2mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64: c4d1c4471c29d8cd34adb9f2002ef294 2008.0/x86_64/tomcat5-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm 2caf09173a64a378636496196d99756f 2008.0/x86_64/tomcat5-admin-webapps-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm d6a9a290638267a1117a55041986d31a 2008.0/x86_64/tomcat5-common-lib-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm 2eead87d72af58ddc9e934b55e49a1aa 2008.0/x86_64/tomcat5-jasper-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm 0fab26f89e83c882c5948a430bf82c8b 2008.0/x86_64/tomcat5-jasper-javadoc-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm 833334424b555a77e2a9951b71ed8fa3 2008.0/x86_64/tomcat5-jsp-2.0-api-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm 115561d6233c3890cf3b85a7599ed03b 2008.0/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm eccf76ede6fb9256a2b52c861a9b0bb3 2008.0/x86_64/tomcat5-server-lib-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm cd9df1a8a1a5cb3216221bdefdfe8476 2008.0/x86_64/tomcat5-servlet-2.4-api-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm f7440a4111ec2fd30fa32e4bd74a0a20 2008.0/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm 1464eb297888c4df98d8b7eabe7f0197 2008.0/x86_64/tomcat5-webapps-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm 39fd3985d73f2f20efe4ed97c2a5e7c7 2008.0/SRPMS/tomcat5-5.5.23-9.2.10.2mdv2008.0.src.rpm
Mandriva Linux 2008.1: 594abdc70bc430657eb831520926c73f 2008.1/i586/tomcat5-5.5.25-1.2.1.1mdv2008.1.i586.rpm bdec2b83b4fdb4d10a01a65fbdac512d 2008.1/i586/tomcat5-admin-webapps-5.5.25-1.2.1.1mdv2008.1.i586.rpm 3dbc007722996d1c36f31642f80b5c2a 2008.1/i586/tomcat5-common-lib-5.5.25-1.2.1.1mdv2008.1.i586.rpm 04b23d162d13f84d1d8707646ea9148c 2008.1/i586/tomcat5-jasper-5.5.25-1.2.1.1mdv2008.1.i586.rpm 602bf7d4ff261e8af20d50b9e76634bb 2008.1/i586/tomcat5-jasper-eclipse-5.5.25-1.2.1.1mdv2008.1.i586.rpm 0066e7519a2d3478f0a3e70bd95a7e5b 2008.1/i586/tomcat5-jasper-javadoc-5.5.25-1.2.1.1mdv2008.1.i586.rpm 1ba4743762cfa4594a27f0393de47823 2008.1/i586/tomcat5-jsp-2.0-api-5.5.25-1.2.1.1mdv2008.1.i586.rpm 262f2a39b800562cef36d724ce3efa35 2008.1/i586/tomcat5-jsp-2.0-api-javadoc-5.5.25-1.2.1.1mdv2008.1.i586.rpm b9f2af35a734d0e3a2d9bfe292aaced1 2008.1/i586/tomcat5-server-lib-5.5.25-1.2.1.1mdv2008.1.i586.rpm 8307ef374c5b995feac394b6f27474d5 2008.1/i586/tomcat5-servlet-2.4-api-5.5.25-1.2.1.1mdv2008.1.i586.rpm 3f4692170c35f992defcb4111a8133cd 2008.1/i586/tomcat5-servlet-2.4-api-javadoc-5.5.25-1.2.1.1mdv2008.1.i586.rpm 02b9d28af879b825754eff6199bf1788 2008.1/i586/tomcat5-webapps-5.5.25-1.2.1.1mdv2008.1.i586.rpm 2621d41df35e895a1ed0ed471f93f211 2008.1/SRPMS/tomcat5-5.5.25-1.2.1.1mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64: 6b1e03e5206eb262970198dccba7d0a3 2008.1/x86_64/tomcat5-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm 930cf38058a0f8902e2741c6512e0aa0 2008.1/x86_64/tomcat5-admin-webapps-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm c527521cb93bab31df3f91422faf02a6 2008.1/x86_64/tomcat5-common-lib-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm f8bef98047ef956c8e4c0f877155e1f1 2008.1/x86_64/tomcat5-jasper-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm 97a8a59178259d26838ce20c176c459a 2008.1/x86_64/tomcat5-jasper-eclipse-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm 3bb885debc8576bd305c9fa4c9d25bfb 2008.1/x86_64/tomcat5-jasper-javadoc-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm 66dcf08e163fdaaf81992a7d25d84a20 2008.1/x86_64/tomcat5-jsp-2.0-api-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm dd92aab81bf4c75ab30b9b82153b24c0 2008.1/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm 517ed776282d089dd84f81d47104f660 2008.1/x86_64/tomcat5-server-lib-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm 83d4bb973b7fec461e812d74541a5949 2008.1/x86_64/tomcat5-servlet-2.4-api-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm cbdd58e1c9e1e8f0089af055abbd85e0 2008.1/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm cbee0f1f720269f77a66e30709ecd7ae 2008.1/x86_64/tomcat5-webapps-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm 2621d41df35e895a1ed0ed471f93f211 2008.1/SRPMS/tomcat5-5.5.25-1.2.1.1mdv2008.1.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFIwYsKmqjQ0CJFipgRApJjAKCVZ1XtEGoADQcp8l/m1ECSRstnjACg4qE8 j+sCdAEJN0CXvurmFcjUvNU= =+kFf -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ .
Bist Du interessiert an einem neuen Job in IT-Sicherheit?
Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/
TITLE: Nucleus XML-RPC PHP Code Execution Vulnerability
SECUNIA ADVISORY ID: SA15895
VERIFY ADVISORY: http://secunia.com/advisories/15895/
CRITICAL: Highly critical
IMPACT: System access
WHERE:
From remote
SOFTWARE: Nucleus 3.x http://secunia.com/product/3699/
DESCRIPTION: A vulnerability has been reported in Nucleus, which can be exploited by malicious people to compromise a vulnerable system. http://sourceforge.net/project/showfiles.php?group_id=66479
OTHER REFERENCES: SA15852: http://secunia.com/advisories/15852/
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. HP has updated the Apache Tomcat and Oracle database software to address vulnerabilities affecting confidentiality, availability, and integrity. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200808-0011", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "tomcat", "scope": "eq", "trust": 1.9, "vendor": "apache", "version": "6.0.14" }, { "model": "tomcat", "scope": "eq", "trust": 1.9, "vendor": "apache", "version": "6.0.13" }, { "model": "tomcat", "scope": "eq", "trust": 1.9, "vendor": "apache", "version": "6.0.12" }, { "model": "tomcat", "scope": "eq", "trust": 1.9, "vendor": "apache", "version": "6.0.11" }, { "model": "tomcat", "scope": "eq", "trust": 1.9, "vendor": "apache", "version": "6.0.10" }, { "model": "tomcat", "scope": "eq", "trust": 1.9, "vendor": "apache", "version": "6.0.9" }, { "model": "tomcat", "scope": "eq", "trust": 1.9, "vendor": "apache", "version": "6.0.8" }, { "model": "tomcat", "scope": "eq", "trust": 1.9, "vendor": "apache", "version": "6.0.7" }, { "model": "tomcat", "scope": "eq", "trust": 1.9, "vendor": "apache", "version": "6.0.6" }, { "model": "tomcat", "scope": "eq", "trust": 1.9, "vendor": "apache", "version": "6.0.5" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "6.0.16" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "6.0.15" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "6.0.4" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "6.0.3" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "6.0.2" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "6.0.1" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.26" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.25" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.24" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.23" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.22" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.21" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.20" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.19" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.18" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.17" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.16" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.15" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.14" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.13" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.12" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.11" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.10" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.9" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.8" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.7" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.6" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.5" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.4" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.3" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.2" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.1" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "4.1.37" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "4.1.36" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "4.1.34" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "4.1.32" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "4.1.31" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "4.1.30" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "4.1.29" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "4.1.28" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "4.1.24" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "4.1.12" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "4.1.10" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "4.1.3" }, { "model": "virtualcenter", "scope": "eq", "trust": 1.1, "vendor": "vmware", "version": "2.0.2" }, { "model": "virtualcenter", "scope": "eq", "trust": 1.1, "vendor": "vmware", "version": "2.5" }, { "model": "vcenter", "scope": "eq", "trust": 1.1, "vendor": "vmware", "version": "4.0" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.7" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.14" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.18" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.0" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.23" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.22" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.33" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.8" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.5" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.26" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.4" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.6" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.13" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.0" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.27" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.20" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.9" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.15" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "5.5.0" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.35" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.21" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.11" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.17" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.19" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.25" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.2" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.16" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.1" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "drupal", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "gentoo linux", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "mandriva", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "pear xml rpc", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "phpxmlrpc", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "postnuke", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "red hat", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "serendipity", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "trustix secure linux", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "ubuntu linux", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "wordpress", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "xoops", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "phpmyfaq", "version": null }, { "model": "tomcat", "scope": "eq", "trust": 0.8, "vendor": "apache", "version": "4.1.0 to 4.1.37 version" }, { "model": "tomcat", "scope": "eq", "trust": 0.8, "vendor": "apache", "version": "5.5.0 to 5.5.26 version" }, { "model": "tomcat", "scope": "eq", "trust": 0.8, "vendor": "apache", "version": "6.0.0 to 6.0.16 version" }, { "model": "esx", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "3.0.3" }, { "model": "esx", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "3.5" }, { "model": "esx", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "4.0" }, { "model": "server", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "2.x" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.5.5" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "2.0" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "2.1" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "3 (x86)" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "3 (x86-64)" }, { "model": "opensolaris", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "(sparc)" }, { "model": "opensolaris", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "(x86)" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "10 (sparc)" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "10 (x86)" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "9 (sparc)" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "9 (x86)" }, { "model": "hp xp p9000 performance advisor software", "scope": "lt", "trust": 0.8, "vendor": "hewlett packard", "version": "5.4.1" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (server)" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5.0 (client)" }, { "model": "rhel desktop workstation", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (client)" }, { "model": "webotx application server", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "interstage application framework suite", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage apworks", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage business application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage job workload server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage studio", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage web server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systems wikid server", "scope": "eq", "trust": 0.3, "vendor": "wikid", "version": "3.0.4" }, { "model": "virtualcenter 2.5.update build", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "31" }, { "model": "virtualcenter update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.55" }, { "model": "virtualcenter update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.52" }, { "model": "virtualcenter update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.51" }, { "model": "virtualcenter update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.0.25" }, { "model": "virtualcenter update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.0.24" }, { "model": "virtualcenter update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.0.23" }, { "model": "virtualcenter update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.0.22" }, { "model": "virtualcenter update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.0.21" }, { "model": "server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.0.2" }, { "model": "server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.0.1" }, { "model": "server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.0" }, { "model": "esx server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "3.0.3" }, { "model": "esx server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "3.0.2" }, { "model": "esx server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "3.0.1" }, { "model": "esx server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "3.0" }, { "model": "esx server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.0" }, { "model": "esx server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "3.5" }, { "model": "linux enterprise server sp2", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "solaris 9 x86", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "solaris 9 sparc", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "solaris 10 x86", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "solaris 10 sparc", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 99", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 96", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 95", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 92", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 91", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 90", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 89", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 88", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 87", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 86", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 85", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 84", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 83", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 82", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 81", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 80", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 78", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 77", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 76", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 68", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 67", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 64", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 61", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 59", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 57", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 50", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 39", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 36", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 29", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 22", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 19", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 13", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 100", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.0" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.3" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.2" }, { "model": "red hat network satellite server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5.0.1" }, { "model": "red hat network satellite server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5.0" }, { "model": "red hat network satellite (for rhel", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4)5.1" }, { "model": "jboss enterprise application platform el5", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4.2" }, { "model": "jboss enterprise application platform el4", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4.2" }, { "model": "jboss enterprise application platform .cp03", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4.2" }, { "model": "jboss enterprise application platform", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4.2" }, { "model": "enterprise linux desktop workstation client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "enterprise linux desktop client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "developer suite as4", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "3" }, { "model": "certificate server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7.3" }, { "model": "application server ws4", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2" }, { "model": "application server es4", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2" }, { "model": "application server as4", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "pardus", "version": "20080" }, { "model": "zenworks linux management", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "7.3" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2008.1" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2008.1" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2008.0" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2008.0" }, { "model": "xp p9000 performance advisor", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.4.1" }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "interstage studio standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage studio standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "interstage studio enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage studio enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "interstage business application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.0" }, { "model": "interstage apworks modelers-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage apworks modelers-j edition 6.0a", "scope": null, "trust": 0.3, "vendor": "fujitsu", "version": null }, { "model": "interstage apworks modelers-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.1" }, { "model": "interstage application server standard-j edition a", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.2" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0" }, { "model": "interstage application server plus developer", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage application server plus developer", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0.1" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.1" }, { "model": "interstage application server enterprise edition a", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.2" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0.1" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "meeting exchange enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0.0.52" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1.6" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1.5" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1.4" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1.3" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.5" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5" }, { "model": "tomcat beta", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "4.1.9" }, { "model": "tomcat beta", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "4.1.3" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "4.1" }, { "model": "ode", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.2" }, { "model": "ode", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.0" }, { "model": "systems wikid server", "scope": "ne", "trust": 0.3, "vendor": "wikid", "version": "3.0.5" }, { "model": "virtualcenter update", "scope": "ne", "trust": 0.3, "vendor": "vmware", "version": "2.56" }, { "model": "vcenter update", "scope": "ne", "trust": 0.3, "vendor": "vmware", "version": "4.01" }, { "model": "opensolaris build snv 101", "scope": "ne", "trust": 0.3, "vendor": "sun", "version": null }, { "model": "jboss enterprise application platform .cp04", "scope": "ne", "trust": 0.3, "vendor": "redhat", "version": "4.2" }, { "model": "xp p9000 performance advisor", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5.5.1" }, { "model": "tomcat", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": "6.0.18" }, { "model": "tomcat", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": "5.5.27" }, { "model": "tomcat", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": "4.1.38" }, { "model": "ode", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": "1.3.3" } ], "sources": [ { "db": "CERT/CC", "id": "VU#442845" }, { "db": "BID", "id": "30494" }, { "db": "JVNDB", "id": "JVNDB-2008-001606" }, { "db": "CNNVD", "id": "CNNVD-200808-030" }, { "db": "NVD", "id": "CVE-2008-2370" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:apache:tomcat", "vulnerable": true }, { "cpe22Uri": "cpe:/a:vmware:esx", "vulnerable": true }, { "cpe22Uri": "cpe:/a:vmware:server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:vmware:vcenter", "vulnerable": true }, { "cpe22Uri": "cpe:/a:vmware:virtualcenter", "vulnerable": true }, { "cpe22Uri": "cpe:/o:apple:mac_os_x_server", "vulnerable": true }, { "cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server", "vulnerable": true }, { "cpe22Uri": "cpe:/o:sun:opensolaris", "vulnerable": true }, { "cpe22Uri": "cpe:/o:sun:solaris", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hp:xp_9000_performance_advisor_software", "vulnerable": true }, { "cpe22Uri": "cpe:/o:redhat:enterprise_linux", "vulnerable": true }, { "cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop", "vulnerable": true }, { "cpe22Uri": "cpe:/o:redhat:rhel_desktop_workstation", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:webotx_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_framework_suite", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_apworks", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_job_workload_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_studio", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_web_server", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2008-001606" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "\u0026#65279;Stefano Di Paola", "sources": [ { "db": "CNNVD", "id": "CNNVD-200808-030" } ], "trust": 0.6 }, "cve": "CVE-2008-2370", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2008-2370", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2008-2370", "trust": 1.0, "value": "MEDIUM" }, { "author": "CARNEGIE MELLON", "id": "VU#442845", "trust": 0.8, "value": "20.75" }, { "author": "NVD", "id": "CVE-2008-2370", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-200808-030", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2008-2370", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CERT/CC", "id": "VU#442845" }, { "db": "VULMON", "id": "CVE-2008-2370" }, { "db": "JVNDB", "id": "JVNDB-2008-001606" }, { "db": "CNNVD", "id": "CNNVD-200808-030" }, { "db": "NVD", "id": "CVE-2008-2370" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter. A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system. Apache Tomcat is prone to a remote information-disclosure vulnerability. \nRemote attackers can exploit this issue to obtain the contents of sensitive files stored on the server. Information obtained may lead to further attacks. \nThe following versions are affected:\nTomcat 4.1.0 through 4.1.37\nTomcat 5.5.0 through 5.5.26\nTomcat 6.0.0 through 6.0.16\nTomcat 3.x, 4.0.x, and 5.0.x may also be affected. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nCVE-2008-2370: Apache Tomcat information disclosure vulnerability\n\nSeverity: Important\n\nVendor:\nThe Apache Software Foundation\n\nVersions Affected:\nTomcat 4.1.0 to 4.1.37\nTomcat 5.5.0 to 5.5.26\nTomcat 6.0.0 to 6.0.16\nThe unsupported Tomcat 3.x, 4.0.x and 5.0.x versions may be also affected\n\nDescription:\nWhen using a RequestDispatcher the target path was normalised before the\nquery string was removed. A request that included a specially crafted\nrequest parameter could be used to access content that would otherwise be\nprotected by a security constraint or by locating it in under the WEB-INF\ndirectory. \n\nMitigation:\n6.0.x users should upgrade to 6.0.18\n5.5.x users should obtain the latest source from svn or apply this patch\nwhich will be included from 5.5.27\nhttp://svn.apache.org/viewvc?rev=680949\u0026view=rev\n4.1.x users should obtain the latest source from svn or apply this patch\nwhich will be included from 4.1.38\nhttp://svn.apache.org/viewvc?rev=680950\u0026view=rev\n\nExample:\nFor a page that contains:\n\u003c%\npageContext.forward(\"/page2.jsp?somepar=someval\u0026par=\"+request.getParameter(\"blah\"));\n%\u003e\nan attacker can use:\nhttp://host/page.jsp?blah=/../WEB-INF/web.xml\n\nCredit:\nThis issue was discovered by \ufeffStefano Di Paola of Minded Security Research\nLabs. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c01650939\nVersion: 1\n\nHPSBUX02401 SSRT090005 rev.1 - HP-UX Running Apache Web Server Suite, Remote Denial of Service (DoS), Cross-site Scripting (XSS), Execution of Arbitrary Code, Cross-Site Request Forgery (CSRF)\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2009-02-02\nLast Updated: 2009-02-02\n\nPotential Security Impact: Remote Denial of Service (DoS), cross-site scripting (XSS), execution of arbitrary code, cross-site request forgery (CSRF)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP-UX running Apache-based Web Server or Tomcat-based Servelet Engine. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS), cross-site scripting (XSS), execution of arbitrary code, or cross-site request forgery (CSRF). Apache-based Web Server and Tomcat-based Servelet Engine are contained in the Apache Web Server Suite. \n\nReferences: CVE-2007-6420, CVE-2008-1232, CVE-2008-1947, CVE-2008-2364, CVE-2008-2370, CVE-2008-2938, CVE-2008-2939, CVE-2008-3658\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.23 and B.11.31 running Apache-based Web Server v2.2.8.01.01 or earlier or Tomcat-based Servelet Engine v5.5.27.01.01 or earlier \nHP-UX B.11.11 running Apache-based Web Server v2.2.8.01.01 or earlier \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics \n===============================================\nReference Base Vector Base Score \nCVE-2007-6420 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2008-1232 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2008-1947 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2008-2364 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 5.0\nCVE-2008-2370 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 5.0\nCVE-2008-2938 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2008-2939 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2008-3658 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 7.5\n===============================================\nInformation on CVSS is documented in HP Customer Notice: HPSN-2008-002. \n \nRESOLUTION\n\nHP has provided the following upgrades to resolve these vulnerabilities. \nThe upgrades are available from the following location: \nURL: http://software.hp.com \n\nNote: HP-UX Web Server Suite v.3.02 contains HP-UX Apache-based Web Server v.2.2.8.01.02 \nand HP-UX Tomcat-based Servlet Engine 5.5.27.01.01 \n\nHP-UX Release - B.11.23 and B.11.31 PA-32\nApache Depot name - HPUXWSATW-B302-32.depot\n \nHP-UX Release - B.11.23 and B.11.31 IA-64\nApache Depot name - HPUXWSATW-B302-64.depot\n \nHP-UX Release - B.11.11 PA-32\nApache Depot name - HPUXWSATW-B222-1111.depot\n \n\nMANUAL ACTIONS: Yes - Update \n\nInstall Apache-based Web Server or Tomcat-based Servelet Engine from the Apache Web Server Suite v3.02 or subsequent \n\nPRODUCT SPECIFIC INFORMATION \n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa \n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS \n\nHP-UX B.11.11 \n================== \nhpuxwsAPACHE.APACHE \nhpuxwsAPACHE.APACHE2 \nhpuxwsAPACHE.AUTH_LDAP \nhpuxwsAPACHE.AUTH_LDAP2 \nhpuxwsAPACHE.MOD_JK \nhpuxwsAPACHE.MOD_JK2 \nhpuxwsAPACHE.MOD_PERL \nhpuxwsAPACHE.MOD_PERL2 \nhpuxwsAPACHE.PHP \nhpuxwsAPACHE.PHP2 \nhpuxwsAPACHE.WEBPROXY \nhpuxwsTOMCAT.TOMCAT \nhpuxwsWEBMIN.WEBMIN \n\naction: install revision B.2.2.8.01.02 or subsequent \nURL: http://software.hp.com \n\nHP-UX B.11.23 \n================== \nhpuxws22APCH32.APACHE \nhpuxws22APCH32.APACHE2 \nhpuxws22APCH32.AUTH_LDAP \nhpuxws22APCH32.AUTH_LDAP2 \nhpuxws22APCH32.MOD_JK \nhpuxws22APCH32.MOD_JK2 \nhpuxws22APCH32.MOD_PERL \nhpuxws22APCH32.MOD_PERL2 \nhpuxws22APCH32.PHP \nhpuxws22APCH32.PHP2 \nhpuxws22APCH32.WEBPROXY \nhpuxws22APCH32.WEBPROXY2 \nhpuxws22TOMCAT.TOMCAT \nhpuxws22WEBMIN.WEBMIN \n\naction: install revision B.2.2.8.01.02 or subsequent \nURL: http://software.hp.com \n\nHP-UX B.11.31 \n================== \nhpuxws22APACHE.APACHE \nhpuxws22APACHE.APACHE2 \nhpuxws22APACHE.AUTH_LDAP \nhpuxws22APACHE.AUTH_LDAP2 \nhpuxws22APACHE.MOD_JK \nhpuxws22APACHE.MOD_JK2 \nhpuxws22APACHE.MOD_PERL \nhpuxws22APACHE.MOD_PERL2 \nhpuxws22APACHE.PHP \nhpuxws22APACHE.PHP2 \nhpuxws22APACHE.WEBPROXY \nhpuxws22APACHE.WEBPROXY2 \nhpuxws22TOMCAT.TOMCAT \nhpuxws22WEBMIN.WEBMIN \n\naction: install revision B.2.2.8.01.02 or subsequent \nURL: http://software.hp.com \n\nEND AFFECTED VERSIONS \n\nHISTORY \nVersion:1 (rev.1) 2 February 2009 Initial release \n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com \nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n To: security-alert@hp.com \n Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email: \nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC \nOn the web page: ITRC security bulletins and patch sign-up \nUnder Step1: your ITRC security bulletins and patches \n - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems \n - verify your operating system selections are checked and save. \n\n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php \nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do \n\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: \n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n \nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2009 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- -----------------------------------------------------------------------\n VMware Security Advisory\n\nAdvisory ID: VMSA-2009-0016\nSynopsis: VMware vCenter and ESX update release and vMA patch\n release address multiple security issue in third\n party components\nIssue date: 2009-11-20\nUpdated on: 2009-11-20 (initial release of advisory)\nCVE numbers: --- JRE ---\n CVE-2009-1093 CVE-2009-1094 CVE-2009-1095\n CVE-2009-1096 CVE-2009-1097 CVE-2009-1098\n CVE-2009-1099 CVE-2009-1100 CVE-2009-1101\n CVE-2009-1102 CVE-2009-1103 CVE-2009-1104\n CVE-2009-1105 CVE-2009-1106 CVE-2009-1107\n CVE-2009-2625 CVE-2009-2670 CVE-2009-2671\n CVE-2009-2672 CVE-2009-2673 CVE-2009-2675\n CVE-2009-2676 CVE-2009-2716 CVE-2009-2718\n CVE-2009-2719 CVE-2009-2720 CVE-2009-2721\n CVE-2009-2722 CVE-2009-2723 CVE-2009-2724\n --- Tomcat ---\n CVE-2008-5515 CVE-2009-0033 CVE-2009-0580\n CVE-2009-0781 CVE-2009-0783 CVE-2008-1232\n CVE-2008-1947 CVE-2008-2370 CVE-2007-5333\n CVE-2007-5342 CVE-2007-5461 CVE-2007-6286\n CVE-2008-0002\n --- ntp ---\n CVE-2009-1252 CVE-2009-0159\n --- kernel ---\n CVE-2008-3528 CVE-2008-5700 CVE-2009-0028\n CVE-2009-0269 CVE-2009-0322 CVE-2009-0675\n CVE-2009-0676 CVE-2009-0778 CVE-2008-4307\n CVE-2009-0834 CVE-2009-1337 CVE-2009-0787\n CVE-2009-1336 CVE-2009-1439 CVE-2009-1633\n CVE-2009-1072 CVE-2009-1630 CVE-2009-1192\n CVE-2007-5966 CVE-2009-1385 CVE-2009-1388\n CVE-2009-1389 CVE-2009-1895 CVE-2009-2406\n CVE-2009-2407 CVE-2009-2692 CVE-2009-2698\n CVE-2009-0745 CVE-2009-0746 CVE-2009-0747\n CVE-2009-0748 CVE-2009-2847 CVE-2009-2848\n --- python ---\n CVE-2007-2052 CVE-2007-4965 CVE-2008-1721\n CVE-2008-1887 CVE-2008-2315 CVE-2008-3142\n CVE-2008-3143 CVE-2008-3144 CVE-2008-4864\n CVE-2008-5031\n --- bind ---\n CVE-2009-0696\n --- libxml and libxml2 ---\n CVE-2009-2414 CVE-2009-2416\n --- curl --\n CVE-2009-2417\n --- gnutil ---\n CVE-2007-2052\n- -----------------------------------------------------------------------\n\n1. Summary\n\n Updated Java JRE packages and Tomcat packages address several security\n issues. Updates for the ESX Service Console and vMA include kernel,\n ntp, Python, bind libxml, libxml2, curl and gnutil packages. ntp is\n also updated for ESXi userworlds. \n\n2. Relevant releases\n\n vCenter Server 4.0 before Update 1\n\n ESXi 4.0 without patch ESXi400-200911201-UG\n\n ESX 4.0 without patches ESX400-200911201-UG, ESX400-200911223-UG,\n ESX400-200911232-SG, ESX400-200911233-SG,\n ESX400-200911234-SG, ESX400-200911235-SG,\n ESX400-200911237-SG, ESX400-200911238-SG\n\n vMA 4.0 before patch 02\n\n3. Problem Description\n\n a. JRE Security Update\n\n JRE update to version 1.5.0_20, which addresses multiple security\n issues that existed in earlier releases of JRE. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the following names to the security issues fixed in\n JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,\n CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099,\n CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103,\n CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the following names to the security issues fixed in\n JRE 1.5.0_20: CVE-2009-2625, CVE-2009-2670, CVE-2009-2671,\n CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676,\n CVE-2009-2716, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720,\n CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter 4.0 Windows Update 1\n VirtualCenter 2.5 Windows affected, patch pending\n VirtualCenter 2.0.2 Windows affected, patch pending\n\n Workstation any any not affected\n\n Player any any not affected\n\n Server 2.0 any affected, patch pending\n Server 1.0 any not affected\n\n ACE any any not affected\n\n Fusion any any not affected\n\n ESXi any ESXi not affected\n\n ESX 4.0 ESX ESX400-200911223-UG\n ESX 3.5 ESX affected, patch pending\n ESX 3.0.3 ESX affected, patch pending\n ESX 2.5.5 ESX not affected\n\n vMA 4.0 RHEL5 Patch 2 *\n\n * vMA JRE is updated to version JRE 1.5.0_21\n\n Notes: These vulnerabilities can be exploited remotely only if the\n attacker has access to the Service Console network. \n\n Security best practices provided by VMware recommend that the\n Service Console be isolated from the VM network. Please see\n http://www.vmware.com/resources/techresources/726 for more\n information on VMware security best practices. \n\n The currently installed version of JRE depends on your patch\n deployment history. \n\n\n b. Update Apache Tomcat version to 6.0.20\n\n Update for VirtualCenter and ESX patch update the Tomcat package to\n version 6.0.20 which addresses multiple security issues that existed\n in the previous version of Apache Tomcat. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the following names to the security issues fixed in\n Apache Tomcat 6.0.20: CVE-2008-5515, CVE-2009-0033, CVE-2009-0580,\n CVE-2009-0781, CVE-2009-0783. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the following names to the security issues fixed in\n Apache Tomcat 6.0.18: CVE-2008-1232, CVE-2008-1947, CVE-2008-2370. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the following names to the security issues fixed in\n Apache Tomcat 6.0.16: CVE-2007-5333, CVE-2007-5342, CVE-2007-5461,\n CVE-2007-6286, CVE-2008-0002. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ======== ======== ======= =======================\n vCenter 4.0 Windows Update 1\n VirtualCenter 2.5 Windows affected, patch pending\n VirtualCenter 2.0.2 Windows affected, patch pending\n\n Workstation any any not affected\n\n Player any any not affected\n\n ACE any Windows not affected\n\n Server 2.x any affected, patch pending\n Server 1.x any not affected\n\n Fusion any Mac OS/X not affected\n\n ESXi any ESXi not affected\n\n ESX 4.0 ESX ESX400-200911223-UG\n ESX 3.5 ESX affected, patch pending\n ESX 3.0.3 ESX affected, patch pending\n ESX 2.5.5 ESX not affected\n\n vMA 4.0 RHEL5 not affected\n\n Notes: These vulnerabilities can be exploited remotely only if the\n attacker has access to the Service Console network. \n\n Security best practices provided by VMware recommend that the\n Service Console be isolated from the VM network. Please see\n http://www.vmware.com/resources/techresources/726 for more\n information on VMware security best practices. \n\n The currently installed version of Tomcat depends on\n your patch deployment history. \n\n c. Third party library update for ntp. \n\n The Network Time Protocol (NTP) is used to synchronize a computer\u0027s\n time with a referenced time source. \n\n ESXi 3.5 and ESXi 4.0 have a ntp client that is affected by the\n following security issue. Note that the same security issue is\n present in the ESX Service Console as described in section d. of\n this advisory. \n\n A buffer overflow flaw was discovered in the ntpd daemon\u0027s NTPv4\n authentication code. If ntpd was configured to use public key\n cryptography for NTP packet authentication, a remote attacker could\n use this flaw to send a specially-crafted request packet that could\n crash ntpd or, potentially, execute arbitrary code with the\n privileges of the \"ntp\" user. \n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2009-1252 to this issue. \n\n The NTP security issue identified by CVE-2009-0159 is not relevant\n for ESXi 3.5 and ESXi 4.0. \n\n The following table lists what action remediates the vulnerability\n in this component (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter any Windows not affected\n\n hosted * any any not affected\n\n ESXi 4.0 ESXi ESXi400-200911201-UG\n ESXi 3.5 ESXi affected, patch pending\n\n ESX 4.0 ESX not affected\n ESX 3.5 ESX not affected\n ESX 3.0.3 ESX not affected\n ESX 2.5.5 ESX not affected\n\n vMA 4.0 RHEL5 not affected\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n d. Service Console update for ntp\n\n Service Console package ntp updated to version ntp-4.2.2pl-9.el5_3.2\n\n The Network Time Protocol (NTP) is used to synchronize a computer\u0027s\n time with a referenced time source. \n\n The Service Console present in ESX is affected by the following\n security issues. \n\n A buffer overflow flaw was discovered in the ntpd daemon\u0027s NTPv4\n authentication code. If ntpd was configured to use public key\n cryptography for NTP packet authentication, a remote attacker could\n use this flaw to send a specially-crafted request packet that could\n crash ntpd or, potentially, execute arbitrary code with the\n privileges of the \"ntp\" user. \n\n NTP authentication is not enabled by default on the Service Console. \n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2009-1252 to this issue. \n\n A buffer overflow flaw was found in the ntpq diagnostic command. A\n malicious, remote server could send a specially-crafted reply to an\n ntpq request that could crash ntpq or, potentially, execute\n arbitrary code with the privileges of the user running the ntpq\n command. \n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2009-0159 to this issue. \n\n The following table lists what action remediates the vulnerability\n in the Service Console (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter any Windows not affected\n\n hosted * any any not affected\n\n ESXi any ESXi not affected\n\n ESX 4.0 ESX ESX400-200911238-SG\n ESX 3.5 ESX affected, patch pending **\n ESX 3.0.3 ESX affected, patch pending **\n ESX 2.5.5 ESX affected, patch pending **\n\n vMA 4.0 RHEL5 Patch 2\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n ** The service consoles of ESX 2.5.5, ESX 3.0.3 and ESX 3.5 are not\naffected\n by CVE-2009-1252. The security issue identified by CVE-2009-0159 has a\n low impact on the service console of ESX 2.5.5, ESX 3.0.3 and ESX 3.5. \n\n e. Updated Service Console package kernel\n\n Updated Service Console package kernel addresses the security\n issues below. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2008-3528, CVE-2008-5700, CVE-2009-0028,\n CVE-2009-0269, CVE-2009-0322, CVE-2009-0675, CVE-2009-0676,\n CVE-2009-0778 to the security issues fixed in kernel\n 2.6.18-128.1.6. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2008-4307, CVE-2009-0834, CVE-2009-1337,\n CVE-2009-0787, CVE-2009-1336 to the security issues fixed in\n kernel 2.6.18-128.1.10. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2009-1439, CVE-2009-1633, CVE-2009-1072,\n CVE-2009-1630, CVE-2009-1192 to the security issues fixed in\n kernel 2.6.18-128.1.14. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2007-5966, CVE-2009-1385, CVE-2009-1388,\n CVE-2009-1389, CVE-2009-1895, CVE-2009-2406, CVE-2009-2407 to the\n security issues fixed in kernel 2.6.18-128.4.1. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2009-2692, CVE-2009-2698 to the\n security issues fixed in kernel 2.6.18-128.7.1. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2009-0745, CVE-2009-0746, CVE-2009-0747,\n CVE-2009-0748, CVE-2009-2847, CVE-2009-2848 to the security issues\n fixed in kernel 2.6.18-164. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter any Windows not applicable\n\n hosted * any any not applicable\n\n ESXi any ESXi not applicable\n\n ESX 4.0 ESX ESX400-200911201-UG\n ESX 3.5 ESX not applicable\n ESX 3.0.3 ESX not applicable\n ESX 2.5.5 ESX not applicable\n\n vMA 4.0 RHEL5 Patch 2 **\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n ** vMA is updated to kernel version 2.6.18-164. \n\n f. Updated Service Console package python\n\n Service Console package Python update to version 2.4.3-24.el5. \n\n When the assert() system call was disabled, an input sanitization\n flaw was revealed in the Python string object implementation that\n led to a buffer overflow. The missing check for negative size values\n meant the Python memory allocator could allocate less memory than\n expected. This could result in arbitrary code execution with the\n Python interpreter\u0027s privileges. \n\n Multiple buffer and integer overflow flaws were found in the Python\n Unicode string processing and in the Python Unicode and string\n object implementations. An attacker could use these flaws to cause\n a denial of service. \n\n Multiple integer overflow flaws were found in the Python imageop\n module. If a Python application used the imageop module to\n process untrusted images, it could cause the application to\n disclose sensitive information, crash or, potentially, execute\n arbitrary code with the Python interpreter\u0027s privileges. \n\n Multiple integer underflow and overflow flaws were found in the\n Python snprintf() wrapper implementation. An attacker could use\n these flaws to cause a denial of service (memory corruption). \n\n Multiple integer overflow flaws were found in various Python\n modules. An attacker could use these flaws to cause a denial of\n service. \n\n An integer signedness error, leading to a buffer overflow, was\n found in the Python zlib extension module. If a Python application\n requested the negative byte count be flushed for a decompression\n stream, it could cause the application to crash or, potentially,\n execute arbitrary code with the Python interpreter\u0027s privileges. \n\n A flaw was discovered in the strxfrm() function of the Python\n locale module. Strings generated by this function were not properly\n NULL-terminated, which could possibly cause disclosure of data\n stored in the memory of a Python application using this function. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2007-2052 CVE-2007-4965 CVE-2008-1721\n CVE-2008-1887 CVE-2008-2315 CVE-2008-3142 CVE-2008-3143\n CVE-2008-3144 CVE-2008-4864 CVE-2008-5031 to these issues. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter any Windows not applicable\n\n hosted * any any not applicable\n\n ESXi any ESXi not applicable\n\n ESX 4.0 ESX ESX400-200911235-SG\n ESX 3.5 ESX affected, patch pending\n ESX 3.0.3 ESX affected, patch pending\n ESX 2.5.5 ESX affected, patch pending\n\n vMA 4.0 RHEL5 Patch 2\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n g. Updated Service Console package bind\n\n Service Console package bind updated to version 9.3.6-4.P1.el5\n\n The Berkeley Internet Name Domain (BIND) is an implementation of the\n Domain Name System (DNS) protocols. BIND includes a DNS server\n (named); a resolver library (routines for applications to use when\n interfacing with DNS); and tools for verifying that the DNS server\n is operating correctly. \n\n A flaw was found in the way BIND handles dynamic update message\n packets containing the \"ANY\" record type. A remote attacker could\n use this flaw to send a specially-crafted dynamic update packet\n that could cause named to exit with an assertion failure. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2009-0696 to this issue. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter any Windows not applicable\n\n hosted * any any not applicable\n\n ESXi any ESXi not applicable\n\n ESX 4.0 ESX ESX400-200911237-SG\n ESX 3.5 ESX affected, patch pending\n ESX 3.0.3 ESX affected, patch pending\n ESX 2.5.5 ESX affected, patch pending\n\n vMA 4.0 RHEL5 Patch 2\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n h. Updated Service Console package libxml2\n\n Service Console package libxml2 updated to version 2.6.26-2.1.2.8. \n\n libxml is a library for parsing and manipulating XML files. A\n Document Type Definition (DTD) defines the legal syntax (and also\n which elements can be used) for certain types of files, such as XML\n files. \n\n A stack overflow flaw was found in the way libxml processes the\n root XML document element definition in a DTD. A remote attacker\n could provide a specially-crafted XML file, which once opened by a\n local, unsuspecting user, would lead to denial of service. \n\n Multiple use-after-free flaws were found in the way libxml parses\n the Notation and Enumeration attribute types. A remote attacker\n could provide a specially-crafted XML file, which once opened by a\n local, unsuspecting user, would lead to denial of service. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2009-2414 and CVE-2009-2416 to these\n issues. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter any Windows not applicable\n\n hosted * any any not applicable\n\n ESXi any ESXi not applicable\n\n ESX 4.0 ESX ESX400-200911234-SG\n ESX 3.5 ESX affected, patch pending\n ESX 3.0.3 ESX affected, patch pending\n ESX 2.5.5 ESX affected, patch pending\n\n vMA 4.0 RHEL5 Patch 2\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n i. Updated Service Console package curl\n\n Service Console package curl updated to version 7.15.5-2.1.el5_3.5\n\n A cURL is affected by the previously published \"null prefix attack\",\n caused by incorrect handling of NULL characters in X.509\n certificates. If an attacker is able to get a carefully-crafted\n certificate signed by a trusted Certificate Authority, the attacker\n could use the certificate during a man-in-the-middle attack and\n potentially confuse cURL into accepting it by mistake. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2009-2417 to this issue\n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter any Windows not applicable\n\n hosted * any any not applicable\n\n ESXi any ESXi not applicable\n\n ESX 4.0 ESX ESX400-200911232-SG\n ESX 3.5 ESX not affected\n ESX 3.0.3 ESX not affected\n ESX 2.5.5 ESX not affected\n\n vMA 4.0 RHEL5 Patch 2\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n j. Updated Service Console package gnutls\n\n Service Console package gnutil updated to version 1.4.1-3.el5_3.5\n\n A flaw was discovered in the way GnuTLS handles NULL characters in\n certain fields of X.509 certificates. If an attacker is able to get\n a carefully-crafted certificate signed by a Certificate Authority\n trusted by an application using GnuTLS, the attacker could use the\n certificate during a man-in-the-middle attack and potentially\n confuse the application into accepting it by mistake. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2009-2730 to this issue\n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter any Windows not applicable\n\n hosted * any any not applicable\n\n ESXi any ESXi not applicable\n\n ESX 4.0 ESX ESX400-200911233-SG\n ESX 3.5 ESX not affected\n ESX 3.0.3 ESX not affected\n ESX 2.5.5 ESX not affected\n\n vMA 4.0 RHEL5 Patch 2\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n4. Solution\n\n Please review the patch/release notes for your product and version\n and verify the md5sum of your downloaded file. \n\n\n VMware vCenter Server 4 Update 1\n --------------------------------\n Version 4.0 Update 1\n Build Number 208156\n Release Date 2009/11/19\n Type Product Binaries\n http://downloads.vmware.com/download/download.do?downloadGroup=VC40U1\n\n VMware vCenter Server 4 and modules\n File size: 1.8 GB\n File type: .iso\n MD5SUM: 057d55b32eb27fe5f3e01bc8d3df3bc5\n SHA1SUM: c90134418c2e4d3d6637d8bee44261300ad95ec1\n\n VMware vCenter Server 4 and modules\n File size: 1.5 GB\n File type: .zip\n MD5SUM: f843d9c19795eb3bc5a77f5c545468a8\n SHA1SUM: 9a7abd8e70bd983151e2ee40e1b3931525c4480c\n\n VMware vSphere Client and Host Update Utility\n File size: 113.8 MB\n File type: .exe\n MD5SUM: 6cc6b2c958e7e9529c284e48dfae22a9\n SHA1SUM: f4c19c63a75d93cffc57b170066358160788c959\n\n VMware vCenter Converter BootCD\n File size: 98.8 MB\n File type: .zip\n MD5SUM: 3df94eb0e93de76b0389132ada2a3799\n SHA1SUM: 5d7c04e4f9f8ae25adc8de5963fefd8a4c92464c\n\n VMware vCenter Converter CLI (Linux)\n File size: 36.9 MB\n File type: .tar.gz\n MD5SUM: 3766097563936ba5e03e87e898f6bd48\n SHA1SUM: 36d485bdb5eb279296ce8c8523df04bfb12a2cb4\n\n\n ESXi 4.0 Update 1\n -----------------\n ESXi400-200911201-UG\n\nhttps://hostupdate.vmware.com/software/VUM/OFFLINE/release-155-20091116-013169/ESXi-4.0.0-update01.zip\n md5sum:c6fdd6722d9e5cacb280bdcc2cca0627\n sha1sum:de9d4875f86b6493f9da991a8cff37784215db2e\n http://kb.vmware.com/kb/1014886\n\n NOTE: The three ESXi patches for Firmware, VMware Tools, and the\n VI Client \"C\" are contained in a single download file. \n\n\n ESX 4.0 Update 1\n ----------------\n\nhttps://hostupdate.vmware.com/software/VUM/OFFLINE/release-158-20091118-187517/ESX-4.0.0-update01.zip\n md5sum: 68934321105c34dcda4cbeeab36a2b8f\n sha1sum: 0d8ae58cf9143d5c7113af9692dea11ed2dd864b\n http://kb.vmware.com/kb/1014842\n\n To install an individual bulletin use esxupdate with the -b option. \n esxupdate --bundle=ESX-4.0.0-update01.zip -b ESX400-200911223-UG\n -b ESX400-200911238-SG -b ESX400-200911201-UG -b ESX400-200911235-SG\n -b ESX400-200911237-SG -b ESX400-200911234-SG -b ESX400-200911232-SG\n -b ESX400-200911233-SG update\n\n\n5. References\n\n CVE numbers\n --- JRE ---\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1093\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1094\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1095\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1096\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1097\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1098\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1099\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1100\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1101\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1102\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1103\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1104\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1105\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1106\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1107\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2625\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2670\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2671\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2672\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2673\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2675\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2676\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2716\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2718\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2719\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2720\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2721\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2722\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2723\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2724\n --- Tomcat ---\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5515\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0033\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0580\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0781\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0783\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6286\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0002\n --- ntp ---\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1252\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0159\n --- kernel ---\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3528\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5700\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0028\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0269\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0322\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0675\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0676\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0778\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4307\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0834\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1337\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0787\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1336\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1439\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1633\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1072\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1630\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1192\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5966\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1385\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1388\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1389\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1895\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2406\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2407\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2692\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2698\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0745\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0746\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0747\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0748\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2847\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2848\n --- python ---\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2052\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4965\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1721\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1887\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2315\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3142\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3143\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3144\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4864\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5031\n --- bind ---\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0696\n --- libxml and libxml2 ---\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2414\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2416\n --- curl --\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2417\n --- gnutil ---\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2052\n\n\n- ------------------------------------------------------------------------\n6. Change log\n\n2009-11-20 VMSA-2009-0016\nInitial security advisory after release of vCenter 4.0 Update 1 and\nESX 4.0 Update 1 on 2009-11-19 and release of vMA Patch 2 on 2009-11-23. \n\n- -----------------------------------------------------------------------\n7. Contact\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n * security-announce at lists.vmware.com\n * bugtraq at securityfocus.com\n * full-disclosure at lists.grok.org.uk\n\nE-mail: security at vmware.com\nPGP key at: http://kb.vmware.com/kb/1055\n\nVMware Security Center\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/lifecycle/\n\nCopyright 2009 VMware Inc. All rights reserved. \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2.0.11 (GNU/Linux)\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/\n\niEYEARECAAYFAksHAooACgkQS2KysvBH1xmQMACfTEcnuPanvucXPmgJCTT054o+\ndtoAniXz+9xLskrkPr3oUzAcDeV729WG\n=wSRz\n-----END PGP SIGNATURE-----\n. \n\n\nAffected Products\n=================\nThe WiKID Strong Authentication Server - Enterprise Edition\nThe WiKID Strong Authentication Server - Community Edition\n\nReferences\n==========\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6286\n\nMitigation\n==========\n\nCommercial users may download the most recent RPMs from the website:\nhttp://www.wikidsystems.com/downloads/\n\nUsers of the open source community version may download packages from\nSourceforge:\nhttps://sourceforge.net/project/showfiles.php?group_id=144774\n\n\n\n- --\nNick Owen\nWiKID Systems, Inc. \n404-962-8983 (desk)\nhttp://www.wikidsystems.com\nTwo-factor authentication, without the hassle factor. References\n\n Tomcat release notes\n tomcat.apache.org/security-5.html\n\n CVE numbers\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370\n\n- - ------------------------------------------------------------------------\n6. \n \n A cross-site scripting vulnerability was found in the\n HttpServletResponse.sendError() method which could allow a remote\n attacker to inject arbitrary web script or HTML via forged HTTP headers\n (CVE-2008-1232). \n \n A cross-site scripting vulnerability was found in the host manager\n application that could allow a remote attacker to inject arbitrary\n web script or HTML via the hostname parameter (CVE-2008-1947). \n \n A traversal vulnerability was found when the \u0027allowLinking\u0027 and\n \u0027URIencoding\u0027 settings were actived which could allow a remote attacker\n to use a UTF-8-encoded request to extend their privileges and obtain\n local files accessible to the Tomcat process (CVE-2008-2938). \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2008.0:\n 56ca5eb3e331c6675634a5e3f3c5afd7 2008.0/i586/tomcat5-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n a1c688654decf045f80fb6d8978c73fa 2008.0/i586/tomcat5-admin-webapps-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n 2b7a97313ece05bbd5596045853cfca0 2008.0/i586/tomcat5-common-lib-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n e8384332efad0e2317a646241bece6ee 2008.0/i586/tomcat5-jasper-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n a30cc8061f55f2613c517574263cdd21 2008.0/i586/tomcat5-jasper-javadoc-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n 4f4a12c8479f27c7f9ed877f5821afa3 2008.0/i586/tomcat5-jsp-2.0-api-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n ced904c459478c1123ed5da41dddbd7f 2008.0/i586/tomcat5-jsp-2.0-api-javadoc-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n 183e045a9b44747c7a4adaec5c860441 2008.0/i586/tomcat5-server-lib-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n 78af5a5788ac359a99a24f03a39c7b94 2008.0/i586/tomcat5-servlet-2.4-api-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n 8e8569bfab5abef912299b9b751e49e9 2008.0/i586/tomcat5-servlet-2.4-api-javadoc-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n 6899c327906423cdd02b930221c2496e 2008.0/i586/tomcat5-webapps-5.5.23-9.2.10.2mdv2008.0.i586.rpm \n 39fd3985d73f2f20efe4ed97c2a5e7c7 2008.0/SRPMS/tomcat5-5.5.23-9.2.10.2mdv2008.0.src.rpm\n\n Mandriva Linux 2008.0/X86_64:\n c4d1c4471c29d8cd34adb9f2002ef294 2008.0/x86_64/tomcat5-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n 2caf09173a64a378636496196d99756f 2008.0/x86_64/tomcat5-admin-webapps-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n d6a9a290638267a1117a55041986d31a 2008.0/x86_64/tomcat5-common-lib-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n 2eead87d72af58ddc9e934b55e49a1aa 2008.0/x86_64/tomcat5-jasper-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n 0fab26f89e83c882c5948a430bf82c8b 2008.0/x86_64/tomcat5-jasper-javadoc-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n 833334424b555a77e2a9951b71ed8fa3 2008.0/x86_64/tomcat5-jsp-2.0-api-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n 115561d6233c3890cf3b85a7599ed03b 2008.0/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n eccf76ede6fb9256a2b52c861a9b0bb3 2008.0/x86_64/tomcat5-server-lib-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n cd9df1a8a1a5cb3216221bdefdfe8476 2008.0/x86_64/tomcat5-servlet-2.4-api-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n f7440a4111ec2fd30fa32e4bd74a0a20 2008.0/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n 1464eb297888c4df98d8b7eabe7f0197 2008.0/x86_64/tomcat5-webapps-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm \n 39fd3985d73f2f20efe4ed97c2a5e7c7 2008.0/SRPMS/tomcat5-5.5.23-9.2.10.2mdv2008.0.src.rpm\n\n Mandriva Linux 2008.1:\n 594abdc70bc430657eb831520926c73f 2008.1/i586/tomcat5-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n bdec2b83b4fdb4d10a01a65fbdac512d 2008.1/i586/tomcat5-admin-webapps-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n 3dbc007722996d1c36f31642f80b5c2a 2008.1/i586/tomcat5-common-lib-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n 04b23d162d13f84d1d8707646ea9148c 2008.1/i586/tomcat5-jasper-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n 602bf7d4ff261e8af20d50b9e76634bb 2008.1/i586/tomcat5-jasper-eclipse-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n 0066e7519a2d3478f0a3e70bd95a7e5b 2008.1/i586/tomcat5-jasper-javadoc-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n 1ba4743762cfa4594a27f0393de47823 2008.1/i586/tomcat5-jsp-2.0-api-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n 262f2a39b800562cef36d724ce3efa35 2008.1/i586/tomcat5-jsp-2.0-api-javadoc-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n b9f2af35a734d0e3a2d9bfe292aaced1 2008.1/i586/tomcat5-server-lib-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n 8307ef374c5b995feac394b6f27474d5 2008.1/i586/tomcat5-servlet-2.4-api-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n 3f4692170c35f992defcb4111a8133cd 2008.1/i586/tomcat5-servlet-2.4-api-javadoc-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n 02b9d28af879b825754eff6199bf1788 2008.1/i586/tomcat5-webapps-5.5.25-1.2.1.1mdv2008.1.i586.rpm \n 2621d41df35e895a1ed0ed471f93f211 2008.1/SRPMS/tomcat5-5.5.25-1.2.1.1mdv2008.1.src.rpm\n\n Mandriva Linux 2008.1/X86_64:\n 6b1e03e5206eb262970198dccba7d0a3 2008.1/x86_64/tomcat5-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n 930cf38058a0f8902e2741c6512e0aa0 2008.1/x86_64/tomcat5-admin-webapps-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n c527521cb93bab31df3f91422faf02a6 2008.1/x86_64/tomcat5-common-lib-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n f8bef98047ef956c8e4c0f877155e1f1 2008.1/x86_64/tomcat5-jasper-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n 97a8a59178259d26838ce20c176c459a 2008.1/x86_64/tomcat5-jasper-eclipse-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n 3bb885debc8576bd305c9fa4c9d25bfb 2008.1/x86_64/tomcat5-jasper-javadoc-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n 66dcf08e163fdaaf81992a7d25d84a20 2008.1/x86_64/tomcat5-jsp-2.0-api-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n dd92aab81bf4c75ab30b9b82153b24c0 2008.1/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n 517ed776282d089dd84f81d47104f660 2008.1/x86_64/tomcat5-server-lib-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n 83d4bb973b7fec461e812d74541a5949 2008.1/x86_64/tomcat5-servlet-2.4-api-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n cbdd58e1c9e1e8f0089af055abbd85e0 2008.1/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n cbee0f1f720269f77a66e30709ecd7ae 2008.1/x86_64/tomcat5-webapps-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm \n 2621d41df35e895a1ed0ed471f93f211 2008.1/SRPMS/tomcat5-5.5.25-1.2.1.1mdv2008.1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niD8DBQFIwYsKmqjQ0CJFipgRApJjAKCVZ1XtEGoADQcp8l/m1ECSRstnjACg4qE8\nj+sCdAEJN0CXvurmFcjUvNU=\n=+kFf\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \n\n----------------------------------------------------------------------\n\nBist Du interessiert an einem neuen Job in IT-Sicherheit?\n\n\nSecunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-\nSicherheit:\nhttp://secunia.com/secunia_vacancies/\n\n----------------------------------------------------------------------\n\nTITLE:\nNucleus XML-RPC PHP Code Execution Vulnerability\n\nSECUNIA ADVISORY ID:\nSA15895\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/15895/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nNucleus 3.x\nhttp://secunia.com/product/3699/\n\nDESCRIPTION:\nA vulnerability has been reported in Nucleus, which can be exploited\nby malicious people to compromise a vulnerable system. \nhttp://sourceforge.net/project/showfiles.php?group_id=66479\n\nOTHER REFERENCES:\nSA15852:\nhttp://secunia.com/advisories/15852/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. HP has updated the Apache Tomcat and Oracle database software to\naddress vulnerabilities affecting confidentiality, availability, and\nintegrity. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com", "sources": [ { "db": "NVD", "id": "CVE-2008-2370" }, { "db": "CERT/CC", "id": "VU#442845" }, { "db": "JVNDB", "id": "JVNDB-2008-001606" }, { "db": "BID", "id": "30494" }, { "db": "VULMON", "id": "CVE-2008-2370" }, { "db": "PACKETSTORM", "id": "68743" }, { "db": "PACKETSTORM", "id": "74633" }, { "db": "PACKETSTORM", "id": "82837" }, { "db": "PACKETSTORM", "id": "70055" }, { "db": "PACKETSTORM", "id": "125556" }, { "db": "PACKETSTORM", "id": "75161" }, { "db": "PACKETSTORM", "id": "69700" }, { "db": "PACKETSTORM", "id": "38388" }, { "db": "PACKETSTORM", "id": "125436" } ], "trust": 3.51 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=32137", "trust": 0.1, "type": "exploit" } ], "sources": [ { "db": "VULMON", "id": "CVE-2008-2370" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2008-2370", "trust": 3.6 }, { "db": "BID", "id": "30494", "trust": 2.8 }, { "db": "SECUNIA", "id": "31381", "trust": 2.5 }, { "db": "SECUNIA", "id": "31379", "trust": 2.5 }, { "db": "SECTRACK", "id": "1020623", "trust": 2.5 }, { "db": "SECUNIA", "id": "33797", "trust": 1.7 }, { "db": "SECUNIA", "id": "31639", "trust": 1.7 }, { "db": "SECUNIA", "id": "36249", "trust": 1.7 }, { "db": "SECUNIA", "id": "37460", "trust": 1.7 }, { "db": "SECUNIA", "id": "31982", "trust": 1.7 }, { "db": "SECUNIA", "id": "32120", "trust": 1.7 }, { "db": "SECUNIA", "id": "35393", "trust": 1.7 }, { "db": "SECUNIA", "id": "32266", "trust": 1.7 }, { "db": "SECUNIA", "id": "32222", "trust": 1.7 }, { "db": "SECUNIA", "id": "33999", "trust": 1.7 }, { "db": "SECUNIA", "id": "31865", "trust": 1.7 }, { "db": "SECUNIA", "id": "57126", "trust": 1.7 }, { "db": "SECUNIA", "id": "31891", "trust": 1.7 }, { "db": "SECUNIA", "id": "34013", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2009-1535", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2009-0503", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2008-2823", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2008-2780", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2009-3316", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2009-0320", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2009-2215", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2008-2305", "trust": 1.7 }, { "db": "BID", "id": "31681", "trust": 1.7 }, { "db": "SREASON", "id": "4099", "trust": 1.7 }, { "db": "SECUNIA", "id": "15895", "trust": 0.9 }, { "db": "SECUNIA", "id": "15810", "trust": 0.8 }, { "db": "SECUNIA", "id": "15922", "trust": 0.8 }, { "db": "SECUNIA", "id": "15852", "trust": 0.8 }, { "db": "SECUNIA", "id": "15855", "trust": 0.8 }, { "db": "SECUNIA", "id": "15861", "trust": 0.8 }, { "db": "SECUNIA", "id": "15862", "trust": 0.8 }, { "db": "SECUNIA", "id": "15872", "trust": 0.8 }, { "db": "SECUNIA", "id": "15883", "trust": 0.8 }, { "db": "SECUNIA", "id": "15884", "trust": 0.8 }, { "db": "BID", "id": "14088", "trust": 0.8 }, { "db": "SECTRACK", "id": "1014327", "trust": 0.8 }, { "db": "CERT/CC", "id": "VU#442845", "trust": 0.8 }, { "db": "XF", "id": "44156", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2008-001606", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-200808-030", "trust": 0.6 }, { "db": "EXPLOIT-DB", "id": "32137", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2008-2370", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "68743", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "74633", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "82837", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "70055", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "125556", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "75161", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "69700", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "38388", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "125436", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#442845" }, { "db": "VULMON", "id": "CVE-2008-2370" }, { "db": "BID", "id": "30494" }, { "db": "JVNDB", "id": "JVNDB-2008-001606" }, { "db": "PACKETSTORM", "id": "68743" }, { "db": "PACKETSTORM", "id": "74633" }, { "db": "PACKETSTORM", "id": "82837" }, { "db": "PACKETSTORM", "id": "70055" }, { "db": "PACKETSTORM", "id": "125556" }, { "db": "PACKETSTORM", "id": "75161" }, { "db": "PACKETSTORM", "id": "69700" }, { "db": "PACKETSTORM", "id": "38388" }, { "db": "PACKETSTORM", "id": "125436" }, { "db": "CNNVD", "id": "CNNVD-200808-030" }, { "db": "NVD", "id": "CVE-2008-2370" } ] }, "id": "VAR-200808-0011", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.16519225 }, "last_update_date": "2024-11-29T22:25:20.272000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Fixed in Apache Tomcat 5.5.SVN", "trust": 0.8, "url": "http://tomcat.apache.org/security-5.html" }, { "title": "Fixed in Apache Tomcat 6.0.18", "trust": 0.8, "url": "http://tomcat.apache.org/security-6.html" }, { "title": "Fixed in Apache Tomcat 4.1.SVN", "trust": 0.8, "url": "http://tomcat.apache.org/security-4.html" }, { "title": "APPLE-SA-2008-10-09 Security Update 2008-007", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html" }, { "title": "HT3216", "trust": 0.8, "url": "http://support.apple.com/en-us/HT3216" }, { "title": "HT3216", "trust": 0.8, "url": "http://support.apple.com/ja-jp/HT3216" }, { "title": "tomcat5-5.5.23-0jpp.7.1.1AXS3", "trust": 0.8, "url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=156" }, { "title": "ASA-2008-401", "trust": 0.8, "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm" }, { "title": "HPSBUX02401 SSRT090005", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01650939" }, { "title": "HPSBST02955 SSRT101157", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c04047415" }, { "title": "1381", "trust": 0.8, "url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=1381" }, { "title": "NV09-012", "trust": 0.8, "url": "http://www.nec.co.jp/security-info/secinfo/nv09-012.html" }, { "title": "RHSA-2008:0648", "trust": 0.8, "url": "https://rhn.redhat.com/errata/RHSA-2008-0648.html" }, { "title": "RHSA-2008:0862", "trust": 0.8, "url": "https://rhn.redhat.com/errata/RHSA-2008-0862.html" }, { "title": "Multiple vulnerabilities in Oracle Java Web Console", "trust": 0.8, "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_oracle_java1" }, { "title": "251986", "trust": 0.8, "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-251986-1" }, { "title": "VMSA-2009-0002", "trust": 0.8, "url": "http://www.vmware.com/security/advisories/VMSA-2009-0002.html" }, { "title": "VMSA-2009-0016", "trust": 0.8, "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" }, { "title": "interstage_as_200902", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_200902.html" }, { "title": "Red Hat: Important: jbossweb security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20080877 - Security Advisory" }, { "title": "Red Hat: Important: tomcat security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20080864 - Security Advisory" }, { "title": "Red Hat: Important: tomcat security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20080862 - Security Advisory" }, { "title": "Red Hat: Low: tomcat security update for Red Hat Network Satellite Server", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20081007 - Security Advisory" }, { "title": "VMware Security Advisories: VirtualCenter Update 4 and ESX patch update Tomcat to version 5.5.27", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=73a787a1c84c97013ffa2f87f6d2e4ba" }, { "title": "VMware Security Advisories: VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=4675848a694e2124743f676a2c827ef7" } ], "sources": [ { "db": "VULMON", "id": "CVE-2008-2370" }, { "db": "JVNDB", "id": "JVNDB-2008-001606" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-22", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2008-001606" }, { "db": "NVD", "id": "CVE-2008-2370" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.2, "url": "http://www.securityfocus.com/bid/30494" }, { "trust": 2.5, "url": "http://www.securitytracker.com/id?1020623" }, { "trust": 2.5, "url": "http://secunia.com/advisories/31379" }, { "trust": 2.5, "url": "http://secunia.com/advisories/31381" }, { "trust": 2.4, "url": "http://www.vmware.com/security/advisories/vmsa-2009-0002.html" }, { "trust": 2.3, "url": "http://www.securityfocus.com/bid/31681" }, { "trust": 2.3, "url": "http://www.vmware.com/security/advisories/vmsa-2009-0016.html" }, { "trust": 2.0, "url": "http://tomcat.apache.org/security-4.html" }, { "trust": 2.0, "url": "http://tomcat.apache.org/security-5.html" }, { "trust": 2.0, "url": "http://tomcat.apache.org/security-6.html" }, { "trust": 2.0, "url": "http://support.avaya.com/elmodocs2/security/asa-2008-401.htm" }, { "trust": 2.0, "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html" }, { "trust": 1.7, "url": "http://secunia.com/advisories/31639" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2008-0648.html" }, { "trust": 1.7, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2008:188" }, { "trust": 1.7, "url": "https://www.redhat.com/archives/fedora-package-announce/2008-september/msg00889.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html" }, { "trust": 1.7, "url": "https://www.redhat.com/archives/fedora-package-announce/2008-september/msg00859.html" }, { "trust": 1.7, "url": "http://secunia.com/advisories/31891" }, { "trust": 1.7, "url": "https://www.redhat.com/archives/fedora-package-announce/2008-september/msg00712.html" }, { "trust": 1.7, "url": "http://secunia.com/advisories/31865" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2008-0862.html" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2008-0864.html" }, { "trust": 1.7, "url": "http://lists.apple.com/archives/security-announce/2008/oct/msg00001.html" }, { "trust": 1.7, "url": "http://support.apple.com/kb/ht3216" }, { "trust": 1.7, "url": "http://secunia.com/advisories/32222" }, { "trust": 1.7, "url": "http://securityreason.com/securityalert/4099" }, { "trust": 1.7, "url": "http://secunia.com/advisories/31982" }, { "trust": 1.7, "url": "http://marc.info/?l=bugtraq\u0026m=123376588623823\u0026w=2" }, { "trust": 1.7, "url": "http://secunia.com/advisories/33797" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "trust": 1.7, "url": "http://secunia.com/advisories/32120" }, { "trust": 1.7, "url": "http://secunia.com/advisories/32266" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2009/0503" }, { "trust": 1.7, "url": "http://secunia.com/advisories/33999" }, { "trust": 1.7, "url": "http://secunia.com/advisories/34013" }, { "trust": 1.7, "url": "http://secunia.com/advisories/35393" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2009/1535" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2009/2215" }, { "trust": 1.7, "url": "http://secunia.com/advisories/36249" }, { "trust": 1.7, "url": "http://secunia.com/advisories/37460" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2009/3316" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2008/2780" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2009/0320" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2008/2823" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2008/2305" }, { "trust": 1.7, "url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2" }, { "trust": 1.7, "url": "http://secunia.com/advisories/57126" }, { "trust": 1.7, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44156" }, { "trust": 1.7, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a5876" }, { "trust": 1.7, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10577" }, { "trust": 1.7, "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded" }, { "trust": 1.7, "url": "http://www.securityfocus.com/archive/1/495022/100/0/threaded" }, { "trust": 1.6, "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3cdev.tomcat.apache.org%3e" }, { "trust": 1.6, "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3cdev.tomcat.apache.org%3e" }, { "trust": 1.6, "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3cdev.tomcat.apache.org%3e" }, { "trust": 1.6, "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3cdev.tomcat.apache.org%3e" }, { "trust": 1.6, "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3cdev.tomcat.apache.org%3e" }, { "trust": 1.6, "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3cdev.tomcat.apache.org%3e" }, { "trust": 1.6, "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3cdev.tomcat.apache.org%3e" }, { "trust": 1.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2370" }, { "trust": 0.9, "url": "http://secunia.com/advisories/15895/" }, { "trust": 0.9, "url": "http://secunia.com/advisories/15852/" }, { "trust": 0.8, "url": "http://www.hardened-php.net/advisory-022005.php" }, { "trust": 0.8, "url": "http://secunia.com/advisories/15861/" }, { "trust": 0.8, "url": "http://secunia.com/advisories/15862/" }, { "trust": 0.8, "url": "http://secunia.com/advisories/15884/" }, { "trust": 0.8, "url": "http://secunia.com/advisories/15883/" }, { "trust": 0.8, "url": "http://news.postnuke.com/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=2699" }, { "trust": 0.8, "url": "http://secunia.com/advisories/15855/" }, { "trust": 0.8, "url": "http://secunia.com/advisories/15810/" }, { "trust": 0.8, "url": "http://secunia.com/advisories/15872/" }, { "trust": 0.8, "url": "http://secunia.com/advisories/15922/" }, { "trust": 0.8, "url": "http://securitytracker.com/alerts/2005/jun/1014327.html" }, { "trust": 0.8, "url": "http://www.gulftech.org/?node=research\u0026article_id=00088-07022005" }, { "trust": 0.8, "url": "http://www.gulftech.org/?node=research\u0026article_id=00087-07012005" }, { "trust": 0.8, "url": "http://www.securityfocus.com/bid/14088" }, { "trust": 0.8, "url": "http://www.frsirt.com/english/advisories/2008/2305" }, { "trust": 0.8, "url": "http://xforce.iss.net/xforce/xfdb/44156" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-2370" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3cdev.tomcat.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3cdev.tomcat.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3cdev.tomcat.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3cdev.tomcat.apache.org%3e" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-2370" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1947" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1232" }, { "trust": 0.4, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1232" }, { "trust": 0.4, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1947" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5342" }, { "trust": 0.3, "url": "http://lists.vmware.com/pipermail/security-announce/2009/000068.html" }, { "trust": 0.3, "url": "http://tomcat.apache.org/" }, { "trust": 0.3, "url": "http://www.redhat.com/docs/en-us/jboss_enterprise_application_platform/4.2.0.cp04/html-single/readme/index.html" }, { "trust": 0.3, "url": "https://sourceforge.net/project/shownotes.php?release_id=626903\u0026group_id=144774" }, { "trust": 0.3, "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-251986-1" }, { "trust": 0.3, "url": "http://download.novell.com/download?buildid=n5vszfht1vs" }, { "trust": 0.3, "url": "/archive/1/495022" }, { "trust": 0.3, "url": "/archive/1/507985" }, { "trust": 0.3, "url": "http://mail-archives.apache.org/mod_mbox/ode-user/200908.mbox/%3cfbdc6a970908072141w20a7a9d9ka1f896ad8073dffb@mail.gmail.com%3e" }, { "trust": 0.3, "url": "http://rhn.redhat.com/errata/rhsa-2008-0648.html" }, { "trust": 0.3, "url": "http://www.novell.com/support/viewcontent.do?externalid=7006398" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-2938" }, { "trust": 0.3, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5342" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6286" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5333" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5461" }, { "trust": 0.2, "url": "http://enigmail.mozdev.org" }, { "trust": 0.2, "url": "http://kb.vmware.com/kb/1055" }, { "trust": 0.2, "url": "http://www.vmware.com/security" }, { "trust": 0.2, "url": "http://www.vmware.com/support/policies/eos.html" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5461" }, { "trust": 0.2, "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce" }, { "trust": 0.2, "url": "http://www.vmware.com/resources/techresources/726" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6286" }, { "trust": 0.2, "url": "http://www.vmware.com/support/policies/security_response.html" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5333" }, { "trust": 0.2, "url": "http://secunia.com/" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2938" }, { "trust": 0.2, "url": "http://lists.grok.org.uk/full-disclosure-charter.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2204" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0002" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3548" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2526" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2902" }, { "trust": 0.2, "url": "http://www.hp.com" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0534" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-5035" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3718" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3190" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2693" }, { "trust": 0.2, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2227" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-5063" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1184" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-5064" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4172" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2481" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-5062" }, { "trust": 0.2, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/" }, { "trust": 0.2, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0013" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1157" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2729" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2901" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/22.html" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3cdev.tomcat.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3cdev.tomcat.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3cdev.tomcat.apache.org%3e" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2008:0877" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.exploit-db.com/exploits/32137/" }, { "trust": 0.1, "url": "http://tomcat.apache.org/security.html" }, { "trust": 0.1, "url": "http://svn.apache.org/viewvc?rev=680949\u0026view=rev" }, { "trust": 0.1, "url": "http://host/page.jsp?blah=/../web-inf/web.xml" }, { "trust": 0.1, "url": "http://svn.apache.org/viewvc?rev=680950\u0026view=rev" }, { "trust": 0.1, "url": "http://software.hp.com" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-2364" }, { "trust": 0.1, "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6420" }, { "trust": 0.1, "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc" }, { "trust": 0.1, "url": "https://www.hp.com/go/swa" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-2939" }, { "trust": 0.1, "url": "http://h30046.www3.hp.com/subsignin.php" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-3658" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1630" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1102" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1099" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1098" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0745" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-5515" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2671" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0675" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2671" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0033" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1096" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2052" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2315" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2416" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1093" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1095" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2718" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1101" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1094" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1099" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2724" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-5031" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0159" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3143" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1439" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2716" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-4864" }, { "trust": 0.1, "url": "http://downloads.vmware.com/download/download.do?downloadgroup=vc40u1" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1895" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3142" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3144" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1093" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2407" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2692" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2673" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1887" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2723" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0778" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2676" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1096" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1721" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2675" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1103" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1097" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0746" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1103" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1385" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2670" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1633" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0747" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1106" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1102" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2414" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4965" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0748" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0834" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/1014842" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2847" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-4307" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1097" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1105" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3528" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2406" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2720" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2625" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2417" }, { "trust": 0.1, "url": "http://www.vmware.com/support/policies/lifecycle/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2670" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1106" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1337" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2722" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1094" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0781" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2698" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0783" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1107" }, { "trust": 0.1, "url": "https://hostupdate.vmware.com/software/vum/offline/release-155-20091116-013169/esxi-4.0.0-update01.zip" }, { "trust": 0.1, "url": "https://hostupdate.vmware.com/software/vum/offline/release-158-20091118-187517/esx-4.0.0-update01.zip" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1101" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1104" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1252" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1100" }, { "trust": 0.1, "url": "http://enigmail.mozdev.org/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0676" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0028" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0696" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1072" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1336" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/1014886" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1104" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2721" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0269" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1098" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1388" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1107" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1192" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1100" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0002" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-5700" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1389" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5966" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0580" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0322" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2672" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1095" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2719" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2625" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0787" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1105" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2848" }, { "trust": 0.1, "url": "http://www.wikidsystems.com" }, { "trust": 0.1, "url": "https://sourceforge.net/project/showfiles.php?group_id=144774" }, { "trust": 0.1, "url": "http://www.wikidsystems.com/downloads/" }, { "trust": 0.1, "url": "http://www.vmware.com/download/download.do?downloadgroup=vc250u4" }, { "trust": 0.1, "url": "http://www.vmware.com/support/policies/eos_vi.html" }, { "trust": 0.1, "url": "http://www.vmware.com/support/vi3/doc/vi3_vc25u4_rel_notes.html" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/advisories" }, { "trust": 0.1, "url": "http://secunia.com/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/product/3699/" }, { "trust": 0.1, "url": "http://sourceforge.net/project/showfiles.php?group_id=66479" }, { "trust": 0.1, "url": "http://secunia.com/secunia_vacancies/" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/about_secunia_advisories/" } ], "sources": [ { "db": "CERT/CC", "id": "VU#442845" }, { "db": "VULMON", "id": "CVE-2008-2370" }, { "db": "BID", "id": "30494" }, { "db": "JVNDB", "id": "JVNDB-2008-001606" }, { "db": "PACKETSTORM", "id": "68743" }, { "db": "PACKETSTORM", "id": "74633" }, { "db": "PACKETSTORM", "id": "82837" }, { "db": "PACKETSTORM", "id": "70055" }, { "db": "PACKETSTORM", "id": "125556" }, { "db": "PACKETSTORM", "id": "75161" }, { "db": "PACKETSTORM", "id": "69700" }, { "db": "PACKETSTORM", "id": "38388" }, { "db": "PACKETSTORM", "id": "125436" }, { "db": "CNNVD", "id": "CNNVD-200808-030" }, { "db": "NVD", "id": "CVE-2008-2370" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#442845" }, { "db": "VULMON", "id": "CVE-2008-2370" }, { "db": "BID", "id": "30494" }, { "db": "JVNDB", "id": "JVNDB-2008-001606" }, { "db": "PACKETSTORM", "id": "68743" }, { "db": "PACKETSTORM", "id": "74633" }, { "db": "PACKETSTORM", "id": "82837" }, { "db": "PACKETSTORM", "id": "70055" }, { "db": "PACKETSTORM", "id": "125556" }, { "db": "PACKETSTORM", "id": "75161" }, { "db": "PACKETSTORM", "id": "69700" }, { "db": "PACKETSTORM", "id": "38388" }, { "db": "PACKETSTORM", "id": "125436" }, { "db": "CNNVD", "id": "CNNVD-200808-030" }, { "db": "NVD", "id": "CVE-2008-2370" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2005-07-06T00:00:00", "db": "CERT/CC", "id": "VU#442845" }, { "date": "2008-08-04T00:00:00", "db": "VULMON", "id": "CVE-2008-2370" }, { "date": "2008-08-01T00:00:00", "db": "BID", "id": "30494" }, { "date": "2008-09-03T00:00:00", "db": "JVNDB", "id": "JVNDB-2008-001606" }, { "date": "2008-08-01T20:26:42", "db": "PACKETSTORM", "id": "68743" }, { "date": "2009-02-04T18:45:10", "db": "PACKETSTORM", "id": "74633" }, { "date": "2009-11-20T22:21:26", "db": "PACKETSTORM", "id": "82837" }, { "date": "2008-09-17T15:13:40", "db": "PACKETSTORM", "id": "70055" }, { "date": "2014-03-06T02:39:08", "db": "PACKETSTORM", "id": "125556" }, { "date": "2009-02-25T00:58:34", "db": "PACKETSTORM", "id": "75161" }, { "date": "2008-09-06T00:23:13", "db": "PACKETSTORM", "id": "69700" }, { "date": "2005-07-01T23:31:00", "db": "PACKETSTORM", "id": "38388" }, { "date": "2014-02-26T22:39:24", "db": "PACKETSTORM", "id": "125436" }, { "date": "2007-05-16T00:00:00", "db": "CNNVD", "id": "CNNVD-200808-030" }, { "date": "2008-08-04T01:41:00", "db": "NVD", "id": "CVE-2008-2370" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2007-03-09T00:00:00", "db": "CERT/CC", "id": "VU#442845" }, { "date": "2019-03-25T00:00:00", "db": "VULMON", "id": "CVE-2008-2370" }, { "date": "2015-05-07T17:17:00", "db": "BID", "id": "30494" }, { "date": "2015-03-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2008-001606" }, { "date": "2023-02-14T00:00:00", "db": "CNNVD", "id": "CNNVD-200808-030" }, { "date": "2024-11-21T00:46:43.897000", "db": "NVD", "id": "CVE-2008-2370" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-200808-030" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Multiple PHP XML-RPC implementations vulnerable to code injection", "sources": [ { "db": "CERT/CC", "id": "VU#442845" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "path traversal", "sources": [ { "db": "CNNVD", "id": "CNNVD-200808-030" } ], "trust": 0.6 } }
var-200706-0666
Vulnerability from variot
Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified. When Hitachi Web Server receives a request that contains malicious scripts, they are inserted into the server-satus page the Server automatically creates. This allows the inserted malicious scripts to be executed on the client machines. The vulnerability does not affect the product if the server-status reporting feature is disabled.An attacker could execute malicious scripts. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. This could lead to a denial of service if using a threaded MPM (CVE-2007-1863). A local attacker with the ability to run scripts on the server could manipulate the scoreboard and cause arbitrary processes to be terminated (CVE-2007-3304).
Updated packages have been patched to prevent the above issues.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304
Updated Packages:
Mandriva Linux 2007.0: 5f906bba3e1195f5ffbc3fcb2a6bde38 2007.0/i586/apache-base-2.2.3-1.1mdv2007.0.i586.rpm 83a4844cd98ef203958796ce280a71b2 2007.0/i586/apache-devel-2.2.3-1.1mdv2007.0.i586.rpm 2a6853cad61ca0548715486c5d4c8a23 2007.0/i586/apache-htcacheclean-2.2.3-1.1mdv2007.0.i586.rpm bebbc850c030be2ef87ce12d420fb825 2007.0/i586/apache-mod_authn_dbd-2.2.3-1.1mdv2007.0.i586.rpm 9e08e4738b304aab4f90f4f18aa5da45 2007.0/i586/apache-mod_cache-2.2.3-1.1mdv2007.0.i586.rpm 989d0538f7882277053f6d4c89ca581c 2007.0/i586/apache-mod_dav-2.2.3-1.1mdv2007.0.i586.rpm c1c0fc53dd811dd6176800226574efbf 2007.0/i586/apache-mod_dbd-2.2.3-1.1mdv2007.0.i586.rpm e68509c01d66b9d42e676e7974360154 2007.0/i586/apache-mod_deflate-2.2.3-1.1mdv2007.0.i586.rpm 5596cb5359b7919125fc10be83598445 2007.0/i586/apache-mod_disk_cache-2.2.3-1.1mdv2007.0.i586.rpm d71b54240667224fd7da7fec4693c30b 2007.0/i586/apache-mod_file_cache-2.2.3-1.1mdv2007.0.i586.rpm 3571cab041e622f9399c57f377ac3fe3 2007.0/i586/apache-mod_ldap-2.2.3-1.1mdv2007.0.i586.rpm 598fdd7aad80fdc557142c5e9fc00677 2007.0/i586/apache-mod_mem_cache-2.2.3-1.1mdv2007.0.i586.rpm f4ec774478f5d198ad2e3d3384a5ad83 2007.0/i586/apache-mod_proxy-2.2.3-1.1mdv2007.0.i586.rpm ab7726290be59f03a5ade2029a2b02f8 2007.0/i586/apache-mod_proxy_ajp-2.2.3-1.1mdv2007.0.i586.rpm d72ab4173d51da4a0c1df63dbb52ccf5 2007.0/i586/apache-mod_ssl-2.2.3-1.1mdv2007.0.i586.rpm fcde0ec8b64d83402b53f926ec7fa835 2007.0/i586/apache-mod_userdir-2.2.3-1.1mdv2007.0.i586.rpm 58a0628d42d23c9aa5df6567789fad40 2007.0/i586/apache-modules-2.2.3-1.1mdv2007.0.i586.rpm 011487e1afdfb400419303182e5320c7 2007.0/i586/apache-mpm-prefork-2.2.3-1.1mdv2007.0.i586.rpm 7a755b22020153b44f8d00ba153d3d97 2007.0/i586/apache-mpm-worker-2.2.3-1.1mdv2007.0.i586.rpm ef6e11f0d26db492bc9fe83a2dbf53d7 2007.0/i586/apache-source-2.2.3-1.1mdv2007.0.i586.rpm 411b90e42ed304f329e9989d64a9dfc5 2007.0/SRPMS/apache-2.2.3-1.1mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64: 7c5408879073413fb27f2d40854813d0 2007.0/x86_64/apache-base-2.2.3-1.1mdv2007.0.x86_64.rpm c720f2a661616b0bf35bc353d14b9b3b 2007.0/x86_64/apache-devel-2.2.3-1.1mdv2007.0.x86_64.rpm 12164d6d70972cb9ed2fb6581e212bf1 2007.0/x86_64/apache-htcacheclean-2.2.3-1.1mdv2007.0.x86_64.rpm 5278f8d03ce9d59ec4929d4362b04bbe 2007.0/x86_64/apache-mod_authn_dbd-2.2.3-1.1mdv2007.0.x86_64.rpm 40c83185db12d04f4953a374b329ebb3 2007.0/x86_64/apache-mod_cache-2.2.3-1.1mdv2007.0.x86_64.rpm fe37fb1d4378c4bbcfd8d63bd57c3d4d 2007.0/x86_64/apache-mod_dav-2.2.3-1.1mdv2007.0.x86_64.rpm 0830bc5d1718a533e3358a45975596ce 2007.0/x86_64/apache-mod_dbd-2.2.3-1.1mdv2007.0.x86_64.rpm e18c3a6a322258e73b87170766aa7882 2007.0/x86_64/apache-mod_deflate-2.2.3-1.1mdv2007.0.x86_64.rpm fc8c27067e6b04bd549fe0b95579ebaa 2007.0/x86_64/apache-mod_disk_cache-2.2.3-1.1mdv2007.0.x86_64.rpm b31385db2199fd33eeb624c80e9d882a 2007.0/x86_64/apache-mod_file_cache-2.2.3-1.1mdv2007.0.x86_64.rpm 08123786649152eab65e123c75db8e66 2007.0/x86_64/apache-mod_ldap-2.2.3-1.1mdv2007.0.x86_64.rpm 7de4b739d93683648209dcdc69dd5473 2007.0/x86_64/apache-mod_mem_cache-2.2.3-1.1mdv2007.0.x86_64.rpm 85fde2923d945f3849d77f806b8bc55d 2007.0/x86_64/apache-mod_proxy-2.2.3-1.1mdv2007.0.x86_64.rpm b68991944f2989b6d3f89f7272239d76 2007.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.1mdv2007.0.x86_64.rpm 19871683773211daa721957dc5dd565d 2007.0/x86_64/apache-mod_ssl-2.2.3-1.1mdv2007.0.x86_64.rpm 5cf2a97219d6789e4572da1ecddedf16 2007.0/x86_64/apache-mod_userdir-2.2.3-1.1mdv2007.0.x86_64.rpm feede872aaf0ca4bbd86ffe24455e9cd 2007.0/x86_64/apache-modules-2.2.3-1.1mdv2007.0.x86_64.rpm a00a35d4eba8f538cea741b2fc4079f4 2007.0/x86_64/apache-mpm-prefork-2.2.3-1.1mdv2007.0.x86_64.rpm da86251e4417f068d2cafed30e380779 2007.0/x86_64/apache-mpm-worker-2.2.3-1.1mdv2007.0.x86_64.rpm ceb7fd32d3ad933ab6a914085f858911 2007.0/x86_64/apache-source-2.2.3-1.1mdv2007.0.x86_64.rpm 411b90e42ed304f329e9989d64a9dfc5 2007.0/SRPMS/apache-2.2.3-1.1mdv2007.0.src.rpm
Mandriva Linux 2007.1: 9daef91724ded29a3c76e74c261f7766 2007.1/i586/apache-base-2.2.4-6.2mdv2007.1.i586.rpm 9288ee938a0853d6e0072f839c68c1c2 2007.1/i586/apache-devel-2.2.4-6.2mdv2007.1.i586.rpm 613a986f9f654f1ce3432ee6f6db2391 2007.1/i586/apache-htcacheclean-2.2.4-6.2mdv2007.1.i586.rpm 8e0eb376d851d1ddba8850d4233fc3d3 2007.1/i586/apache-mod_authn_dbd-2.2.4-6.2mdv2007.1.i586.rpm 24de68668efa15e4abaaffd690837256 2007.1/i586/apache-mod_cache-2.2.4-6.2mdv2007.1.i586.rpm 288866908d43959c4b31c368346ba65d 2007.1/i586/apache-mod_dav-2.2.4-6.2mdv2007.1.i586.rpm d25838ec739d7a0037148f573262f81c 2007.1/i586/apache-mod_dbd-2.2.4-6.2mdv2007.1.i586.rpm ebad14bcccb73c8f8a27e98a6982a6f1 2007.1/i586/apache-mod_deflate-2.2.4-6.2mdv2007.1.i586.rpm 810d445f2146848b582e798e368b32ab 2007.1/i586/apache-mod_disk_cache-2.2.4-6.2mdv2007.1.i586.rpm 307de93279683b5b3e76ee6d971781cc 2007.1/i586/apache-mod_file_cache-2.2.4-6.2mdv2007.1.i586.rpm f59890e1bc38cfa598a4100705cf4cc6 2007.1/i586/apache-mod_ldap-2.2.4-6.2mdv2007.1.i586.rpm 098a05d1cbaa6bfa2d2707896dd6366c 2007.1/i586/apache-mod_mem_cache-2.2.4-6.2mdv2007.1.i586.rpm 6504f5e57440ff07da16de3d928898f6 2007.1/i586/apache-mod_proxy-2.2.4-6.2mdv2007.1.i586.rpm adc3a611a780e23178e93a6cedf135d4 2007.1/i586/apache-mod_proxy_ajp-2.2.4-6.2mdv2007.1.i586.rpm 659508a67fbe28b5dd9f861384ca1cf1 2007.1/i586/apache-mod_ssl-2.2.4-6.2mdv2007.1.i586.rpm 604eb70716d7e7b6bc6e8399cc4d9f5c 2007.1/i586/apache-mod_userdir-2.2.4-6.2mdv2007.1.i586.rpm 750d7cb431356abc88fe7a031f872b04 2007.1/i586/apache-modules-2.2.4-6.2mdv2007.1.i586.rpm 210be718db221db891452f05a001ee4e 2007.1/i586/apache-mpm-event-2.2.4-6.2mdv2007.1.i586.rpm 482e3d3af6756108c3e9a26ec2a8ac56 2007.1/i586/apache-mpm-itk-2.2.4-6.2mdv2007.1.i586.rpm b76ff4578c127ebd248b21a85a31140a 2007.1/i586/apache-mpm-prefork-2.2.4-6.2mdv2007.1.i586.rpm 2484dee8a4d4e7604a69abcd1b443954 2007.1/i586/apache-mpm-worker-2.2.4-6.2mdv2007.1.i586.rpm 9823f9b97e1829df97999494c3a3d453 2007.1/i586/apache-source-2.2.4-6.2mdv2007.1.i586.rpm ccbd9fad2b29ff86d8601f7201f48d72 2007.1/SRPMS/apache-2.2.4-6.2mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64: 4d043339268bff11fa07897ee3dc2988 2007.1/x86_64/apache-base-2.2.4-6.2mdv2007.1.x86_64.rpm afbae73f408fa95c9e4d25e3aa39583d 2007.1/x86_64/apache-devel-2.2.4-6.2mdv2007.1.x86_64.rpm d92c22ff28fcd919b3a8525f753066c3 2007.1/x86_64/apache-htcacheclean-2.2.4-6.2mdv2007.1.x86_64.rpm abe81d2effd6f4975accbdc8d25d089e 2007.1/x86_64/apache-mod_authn_dbd-2.2.4-6.2mdv2007.1.x86_64.rpm 480d5c31af3289f26953a691f92e2a51 2007.1/x86_64/apache-mod_cache-2.2.4-6.2mdv2007.1.x86_64.rpm 3feae93ade4038e67fcbaa691f2a74aa 2007.1/x86_64/apache-mod_dav-2.2.4-6.2mdv2007.1.x86_64.rpm b60eead7fe808fbc5eff6cb34f1de80b 2007.1/x86_64/apache-mod_dbd-2.2.4-6.2mdv2007.1.x86_64.rpm 023afee3221da629fd8e1d34006b7463 2007.1/x86_64/apache-mod_deflate-2.2.4-6.2mdv2007.1.x86_64.rpm 1180446c8cf65c196352006d6da00e17 2007.1/x86_64/apache-mod_disk_cache-2.2.4-6.2mdv2007.1.x86_64.rpm 0e8c2dfc0e42c23b0afbada9f8868bb6 2007.1/x86_64/apache-mod_file_cache-2.2.4-6.2mdv2007.1.x86_64.rpm 32aa45f45b8893d6c23c6892b7ad7e62 2007.1/x86_64/apache-mod_ldap-2.2.4-6.2mdv2007.1.x86_64.rpm 15c20ffb5fdc8ab2a6fa92157c9f0536 2007.1/x86_64/apache-mod_mem_cache-2.2.4-6.2mdv2007.1.x86_64.rpm f91fd6552f480eb36d030bb2e91d30b4 2007.1/x86_64/apache-mod_proxy-2.2.4-6.2mdv2007.1.x86_64.rpm 2c9d1e35af7adebaeb6284bf5da4dd5f 2007.1/x86_64/apache-mod_proxy_ajp-2.2.4-6.2mdv2007.1.x86_64.rpm caa59aaba47c89d20e799a3f02271afd 2007.1/x86_64/apache-mod_ssl-2.2.4-6.2mdv2007.1.x86_64.rpm 8ac44f8c409ea29492a3acdc1eb44c7f 2007.1/x86_64/apache-mod_userdir-2.2.4-6.2mdv2007.1.x86_64.rpm 0f2198ec988390ff3b7843a1e7090517 2007.1/x86_64/apache-modules-2.2.4-6.2mdv2007.1.x86_64.rpm 2548664fde736f25acf59f46c847d1ff 2007.1/x86_64/apache-mpm-event-2.2.4-6.2mdv2007.1.x86_64.rpm 2434c402bae11969ddf5281f2f042d24 2007.1/x86_64/apache-mpm-itk-2.2.4-6.2mdv2007.1.x86_64.rpm 8a06ecd19726db033496a042c6a6be2f 2007.1/x86_64/apache-mpm-prefork-2.2.4-6.2mdv2007.1.x86_64.rpm e8d339c397409391f3fb36f704c38c6c 2007.1/x86_64/apache-mpm-worker-2.2.4-6.2mdv2007.1.x86_64.rpm 8a6f923428242f7aa1b4d489739e241b 2007.1/x86_64/apache-source-2.2.4-6.2mdv2007.1.x86_64.rpm ccbd9fad2b29ff86d8601f7201f48d72 2007.1/SRPMS/apache-2.2.4-6.2mdv2007.1.src.rpm
Corporate 4.0: 74beb8d1579ce5d5f12c8b15981b6e63 corporate/4.0/i586/apache-base-2.2.3-1.1.20060mlcs4.i586.rpm 326a8259b0d99bc2938bfa6cd85743e7 corporate/4.0/i586/apache-devel-2.2.3-1.1.20060mlcs4.i586.rpm ca305d0928255a65814af781b345a056 corporate/4.0/i586/apache-htcacheclean-2.2.3-1.1.20060mlcs4.i586.rpm 48c2b6a5ee11c3f011b1f6dc60a86479 corporate/4.0/i586/apache-mod_authn_dbd-2.2.3-1.1.20060mlcs4.i586.rpm b81a3077cb88a34af43a61ad6f2559ea corporate/4.0/i586/apache-mod_cache-2.2.3-1.1.20060mlcs4.i586.rpm ba5aee0b2a86182560e54f0cf4d360bd corporate/4.0/i586/apache-mod_dav-2.2.3-1.1.20060mlcs4.i586.rpm b696352106c5a0d1697385523455c767 corporate/4.0/i586/apache-mod_dbd-2.2.3-1.1.20060mlcs4.i586.rpm e79f271f000dd7f3a009cca70fd7e4a2 corporate/4.0/i586/apache-mod_deflate-2.2.3-1.1.20060mlcs4.i586.rpm c7bdb987f61099b64e751639ca02dd8a corporate/4.0/i586/apache-mod_disk_cache-2.2.3-1.1.20060mlcs4.i586.rpm b0303fcc2f43bdcf25419dde56df2297 corporate/4.0/i586/apache-mod_file_cache-2.2.3-1.1.20060mlcs4.i586.rpm f818ff0f890abe230c92069f9d256e5c corporate/4.0/i586/apache-mod_ldap-2.2.3-1.1.20060mlcs4.i586.rpm 4247be23e42c368b3880c7ab5ac13c89 corporate/4.0/i586/apache-mod_mem_cache-2.2.3-1.1.20060mlcs4.i586.rpm e50f1749935c96d3364bdce9af5d22bf corporate/4.0/i586/apache-mod_proxy-2.2.3-1.1.20060mlcs4.i586.rpm a619b4e0130d1db7f77a790fee0917a6 corporate/4.0/i586/apache-mod_proxy_ajp-2.2.3-1.1.20060mlcs4.i586.rpm 8170e0e77256f08d07b02119400a19f9 corporate/4.0/i586/apache-mod_ssl-2.2.3-1.1.20060mlcs4.i586.rpm 4a5d94d4f94295efe48266a1d529486e corporate/4.0/i586/apache-mod_userdir-2.2.3-1.1.20060mlcs4.i586.rpm 7c0c27197d6b44115366eac339c424f2 corporate/4.0/i586/apache-modules-2.2.3-1.1.20060mlcs4.i586.rpm 56351aafc723fdea2f2fac22d5046944 corporate/4.0/i586/apache-mpm-prefork-2.2.3-1.1.20060mlcs4.i586.rpm ccbb2f27b762b5dd564dc7a00aac6db0 corporate/4.0/i586/apache-mpm-worker-2.2.3-1.1.20060mlcs4.i586.rpm a65137ff29ed6a1da1f894d19997faec corporate/4.0/i586/apache-source-2.2.3-1.1.20060mlcs4.i586.rpm 8cdf592a822485abba00dfb6591615ea corporate/4.0/SRPMS/apache-2.2.3-1.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64: 7a9b4f5b3fcf2cac67e4c38022ee2441 corporate/4.0/x86_64/apache-base-2.2.3-1.1.20060mlcs4.x86_64.rpm 5604ba341d957fbe6182bd2eb29a8e9d corporate/4.0/x86_64/apache-devel-2.2.3-1.1.20060mlcs4.x86_64.rpm 8983bda4bbe3b58f9c6c317531eb52b7 corporate/4.0/x86_64/apache-htcacheclean-2.2.3-1.1.20060mlcs4.x86_64.rpm 9baf252cbc8ef8a093ed25e7a0daf25d corporate/4.0/x86_64/apache-mod_authn_dbd-2.2.3-1.1.20060mlcs4.x86_64.rpm 26cc58bcbfd25a83c15051c8f590a36d corporate/4.0/x86_64/apache-mod_cache-2.2.3-1.1.20060mlcs4.x86_64.rpm 941a32aea1b1b3bca1ae343d5d925892 corporate/4.0/x86_64/apache-mod_dav-2.2.3-1.1.20060mlcs4.x86_64.rpm 1d79a7b921ce150de88e22ffbaba4b31 corporate/4.0/x86_64/apache-mod_dbd-2.2.3-1.1.20060mlcs4.x86_64.rpm d80b9ffca3dd024e73d069e55ba7fa3e corporate/4.0/x86_64/apache-mod_deflate-2.2.3-1.1.20060mlcs4.x86_64.rpm 7a7a11645680a7bee9cf88b166b0d32f corporate/4.0/x86_64/apache-mod_disk_cache-2.2.3-1.1.20060mlcs4.x86_64.rpm fcc85c0f9faf1fa08a01f3d4ecb68033 corporate/4.0/x86_64/apache-mod_file_cache-2.2.3-1.1.20060mlcs4.x86_64.rpm 55789d16ff565bcd31dfa522435d4d4b corporate/4.0/x86_64/apache-mod_ldap-2.2.3-1.1.20060mlcs4.x86_64.rpm 7ee708824d65878b71ede35e139ac94d corporate/4.0/x86_64/apache-mod_mem_cache-2.2.3-1.1.20060mlcs4.x86_64.rpm e8579835f848cade641da14354196497 corporate/4.0/x86_64/apache-mod_proxy-2.2.3-1.1.20060mlcs4.x86_64.rpm 6a1e70a638aecf603f3bc2485d14bd78 corporate/4.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.1.20060mlcs4.x86_64.rpm 212f40574d0821b909972ebc36fb697a corporate/4.0/x86_64/apache-mod_ssl-2.2.3-1.1.20060mlcs4.x86_64.rpm 32a8dd886e42c8093be05c9ee4d31855 corporate/4.0/x86_64/apache-mod_userdir-2.2.3-1.1.20060mlcs4.x86_64.rpm 265bccd86baa7fca942f1c6d4d694523 corporate/4.0/x86_64/apache-modules-2.2.3-1.1.20060mlcs4.x86_64.rpm babdb585a6c754f23d91c41fc844a5e2 corporate/4.0/x86_64/apache-mpm-prefork-2.2.3-1.1.20060mlcs4.x86_64.rpm 63274f5c5dc3897d0062f621b1c63e0e corporate/4.0/x86_64/apache-mpm-worker-2.2.3-1.1.20060mlcs4.x86_64.rpm 18782a1fcbcb760d36162ce830ac4cdd corporate/4.0/x86_64/apache-source-2.2.3-1.1.20060mlcs4.x86_64.rpm 8cdf592a822485abba00dfb6591615ea corporate/4.0/SRPMS/apache-2.2.3-1.1.20060mlcs4.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFGjD3WmqjQ0CJFipgRAtGoAKCXMGCKCMbkso0ugvF0TpsWNwkPjgCfVakS Re00IyLecNs4MIGgsrv2qJE= =5EEm -----END PGP SIGNATURE-----
.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/apache < 2.2.6 *>= 2.0.59-r5 >= 2.2.6
Description
Multiple cross-site scripting vulnerabilities have been discovered in mod_status and mod_autoindex (CVE-2006-5752, CVE-2007-4465). An error has been discovered in the recall_headers() function in mod_mem_cache (CVE-2007-1862). The mod_cache module does not properly sanitize requests before processing them (CVE-2007-1863). The Prefork module does not properly check PID values before sending signals (CVE-2007-3304). The mod_proxy module does not correctly check headers before processing them (CVE-2007-3847).
Impact
A remote attacker could exploit one of these vulnerabilities to inject arbitrary script or HTML content, obtain sensitive information or cause a Denial of Service.
Workaround
There is no known workaround at this time.
Resolution
All Apache users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-servers/apache-2.0.59-r5"
References
[ 1 ] CVE-2006-5752 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752 [ 2 ] CVE-2007-1862 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1862 [ 3 ] CVE-2007-1863 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863 [ 4 ] CVE-2007-3304 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304 [ 5 ] CVE-2007-3847 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847 [ 6 ] CVE-2007-4465 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4465
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200711-06.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . Summary
Updated VMware Hosted products address security issues in libpng and the Apace HTTP Server.
- Relevant releases
VMware Workstation 6.5.2 and earlier, VMware Player 2.5.2 and earlier, VMware ACE 2.5.2 and earlier
- Problem Description
a. Third Party Library libpng Updated to 1.2.35
Several flaws were discovered in the way third party library libpng
handled uninitialized pointers. An attacker could create a PNG image
file in such a way, that when loaded by an application linked to
libpng, it could cause the application to crash or execute arbitrary
code at the privilege level of the user that runs the application.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2009-0040 to this issue.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
Workstation 6.5.x any 6.5.3 build 185404 or later
Player 2.5.x any 2.5.3 build 185404 or later
ACE 2.5.x any 2.5.3 build 185404 or later
Server 2.x any patch pending
Server 1.x any patch pending
Fusion 2.x Mac OS/X not affected
Fusion 1.x Mac OS/X not affected
ESXi 4.0 ESXi not affected
ESXi 3.5 ESXi not affected
ESX 4.0 ESX not affected
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
ESX 3.0.2 ESX not affected
ESX 2.5.5 ESX not affected *
* The libpng update for the Service Console of ESX 2.5.5 is
documented in VMSA-2009-0007.
b. Apache HTTP Server updated to 2.0.63
The new version of ACE updates the Apache HTTP Server on Windows
hosts to version 2.0.63 which addresses multiple security issues
that existed in the previous versions of this server.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2007-3847, CVE-2007-1863, CVE-2006-5752,
CVE-2007-3304, CVE-2007-6388, CVE-2007-5000, CVE-2008-0005 to the
issues that have been addressed by this update.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
Workstation 6.5.x any not affected
Player 2.5.x any not affected
ACE 2.5.x Windows 2.5.3 build 185404 or later
ACE 2.5.x Linux update Apache on host system *
Server 2.x any not affected
Server 1.x any not affected
Fusion 2.x Mac OS/X not affected
Fusion 1.x Mac OS/X not affected
ESXi 4.0 ESXi not affected
ESXi 3.5 ESXi not affected
ESX 4.0 ESX not affected
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
ESX 3.0.2 ESX not affected
ESX 2.5.5 ESX not affected
* The Apache HTTP Server is not part of an ACE install on a Linux
host. Update the Apache HTTP Server on the host system to version
2.0.63 in order to remediate the vulnerabilities listed above.
- Solution
Please review the patch/release notes for your product and version and verify the md5sum and/or the sha1sum of your downloaded file.
VMware Workstation 6.5.3
http://www.vmware.com/download/ws/ Release notes: http://www.vmware.com/support/ws65/doc/releasenotes_ws653.html
For Windows
Workstation for Windows 32-bit and 64-bit Windows 32-bit and 64-bit .exe md5sum: 7565d16b7d7e0173b90c3b76ca4656bc sha1sum: 9f687afd8b0f39cde40aeceb3213a91be487aad1
For Linux
Workstation for Linux 32-bit Linux 32-bit .rpm md5sum: 4d55c491bd008ded0ea19f373d1d1fd4 sha1sum: 1f43131c960e76a530390d3b6984c78dfc2da23e
Workstation for Linux 32-bit Linux 32-bit .bundle md5sum: d4a721c1918c0e8a87c6fa4bad49ad35 sha1sum: c0c6f9b56e70bd3ffdb5467ee176110e283a69e5
Workstation for Linux 64-bit Linux 64-bit .rpm md5sum: 72adfdb03de4959f044fcb983412ae7c sha1sum: ba16163c8d9b5aa572526b34a7b63dc6e68f9bbb
Workstation for Linux 64-bit Linux 64-bit .bundle md5sum: 83e1f0c94d6974286256c4d3b559e854 sha1sum: 8763f250a3ac5fc4698bd26319b93fecb498d542
VMware Player 2.5.3
http://www.vmware.com/download/player/ Release notes: http://www.vmware.com/support/player25/doc/releasenotes_player253.html
Player for Windows binary
http://download3.vmware.com/software/vmplayer/VMware-player-2.5.3-185404.exe md5sum: fe28f193374c9457752ee16cd6cad4e7 sha1sum: 13bd3ff93c04fa272544d3ef6de5ae746708af04
Player for Linux (.rpm)
http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.i386.rpm md5sum: c99cd65f19fdfc7651bcb7f328b73bc2 sha1sum: a33231b26e2358a72d16e1b4e2656a5873fe637e
Player for Linux (.bundle)
http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.i386.bundle md5sum: 210f4cb5615bd3b2171bc054b9b2bac5 sha1sum: 2f6497890b17b37480165bab9f430e8645edae9b
Player for Linux - 64-bit (.rpm)
http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.x86_64.rpm md5sum: f91576ef90b322d83225117ae9335968 sha1sum: f492fa9cf26ee2818f164aac04cde1680c25d974
Player for Linux - 64-bit (.bundle)
http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.x86_64.bundle md5sum: 595d44d7945c129b1aeb679d2f001b05 sha1sum: acd69fcb0c6bc49fd4af748c65c7fb730ab1e8c4
VMware ACE 2.5.3
http://www.vmware.com/download/ace/ Release notes: http://www.vmware.com/support/ace25/doc/releasenotes_ace253.html
ACE Management Server Virtual Appliance AMS Virtual Appliance .zip md5sum: 44cc7b86353047f02cf6ea0653e38418 sha1sum: 9f44b15e6681a6e58dd20784f829c68091a62cd1
VMware ACE for Windows 32-bit and 64-bit Windows 32-bit and 64-bit .exe md5sum: 0779da73408c5e649e0fd1c62d23820f sha1sum: 2b2e4963adc89f3b642874685f490222523b63ef
ACE Management Server for Windows Windows .exe md5sum: 0779da73408c5e649e0fd1c62d23820f sha1sum: 2b2e4963adc89f3b642874685f490222523b63ef
ACE Management Server for SUSE Enterprise Linux 9 SLES 9 .rpm md5sum: a4fc92d7197f0d569361cdf4b8cca642 sha1sum: af8a135cca398cacaa82c8c3c325011c6cd3ed75
ACE Management Server for Red Hat Enterprise Linux 4 RHEL 4 .rpm md5sum: 841005151338c8b954f08d035815fd58 sha1sum: 67e48624dba20e6be9e41ec9a5aba407dd8cc01e
- Change log
2009-08-20 VMSA-2009-0010 Initial security advisory after release of Workstation 6.5.3, Player 2.5.3, and ACE 2.5.3 on 2009-08-20.
- Contact
E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
- security-announce at lists.vmware.com
- bugtraq at securityfocus.com
- full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055
VMware Security Center http://www.vmware.com/security
VMware security response policy http://www.vmware.com/support/policies/security_response.html
General support life cycle policy http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html
Copyright 2009 VMware Inc. All rights reserved.
2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published
How do you know which Secunia advisories are important to you?
The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively.
Get a free trial of the Secunia Vulnerability Intelligence Solutions: http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv
TITLE: Hitachi Web Server Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA27421
VERIFY ADVISORY: http://secunia.com/advisories/27421/
CRITICAL: Less critical
IMPACT: Security Bypass, Cross Site Scripting
WHERE:
From remote
SOFTWARE: uCosminexus Application Server http://secunia.com/product/13819/ Hitachi Web Server 3.x http://secunia.com/product/13335/ Hitachi Web Server 2.x http://secunia.com/product/13334/ Hitachi Web Server 1.x http://secunia.com/product/13333/
DESCRIPTION: Some vulnerabilities have been reported in the Hitachi Web Server, which can be exploited by malicious people to bypass certain security restrictions or conduct cross-site scripting attacks.
1) An error exists within the handling of SSL requests. This can be exploited to trick a vulnerable server into accepting a forged signature.
PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.
ORIGINAL ADVISORY: http://www.hitachi-support.com/security_e/vuls_e/HS07-034_e/index-e.html http://www.hitachi-support.com/security_e/vuls_e/HS07-035_e/index-e.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01178795 Version: 1
HPSBUX02262 SSRT071447 rev. 1 - HP-UX running Apache, Remote Arbitrary Code Execution, Cross Site Scripting (XSS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2007-10-02 Last Updated: 2007-10-02
Potential Security Impact: Remote arbitrary code execution, cross site scripting (XSS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Apache running on HP-UX.
References: CVE-2005-2090, CVE-2006-5752, CVE-2007-0450, CVE-2007-0774, CVE-2007-1355, CVE-2007-1358, CVE-2007-1860, CVE-2007-1863, CVE-2007-1887, CVE-2007-1900, CVE-2007-2449, CVE-2007-2450, CVE-2007-2756, CVE-2007-2872, CVE-2007-3382, CVE-2007-3385, CVE-2007-3386.
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running Apache
BACKGROUND To determine if a system has an affected version, search the output of "swlist -a revision -l fileset" for an affected fileset. Then determine if the recommended patch or update is installed.
AFFECTED VERSIONS
For IPv4: HP-UX B.11.11 ============= hpuxwsAPACHE action: install revision A.2.0.59.00 or subsequent restart Apache URL: https://www.hp.com/go/softwaredepot/
For IPv6: HP-UX B.11.11 HP-UX B.11.23 HP-UX B.11.31 ============= hpuxwsAPACHE,revision=B.1.0.00.01 hpuxwsAPACHE,revision=B.1.0.07.01 hpuxwsAPACHE,revision=B.1.0.08.01 hpuxwsAPACHE,revision=B.1.0.09.01 hpuxwsAPACHE,revision=B.1.0.10.01 hpuxwsAPACHE,revision=B.2.0.48.00 hpuxwsAPACHE,revision=B.2.0.49.00 hpuxwsAPACHE,revision=B.2.0.50.00 hpuxwsAPACHE,revision=B.2.0.51.00 hpuxwsAPACHE,revision=B.2.0.52.00 hpuxwsAPACHE,revision=B.2.0.53.00 hpuxwsAPACHE,revision=B.2.0.54.00 hpuxwsAPACHE,revision=B.2.0.55.00 hpuxwsAPACHE,revision=B.2.0.56.00 hpuxwsAPACHE,revision=B.2.0.58.00 hpuxwsAPACHE,revision=B.2.0.58.01
action: install revision B.2.0.59.00 or subsequent restart Apache URL: https://www.hp.com/go/softwaredepot/
END AFFECTED VERSIONS
RESOLUTION HP has made the following available to resolve the vulnerability. HP-UX Apache-based Web Server v.2.18 powered by Apache Tomcat Webmin or subsequent.
MANUAL ACTIONS: Yes - Update Install HP-UX Apache-based Web Server v.2.18 powered by Apache Tomcat Webmin or subsequent.
PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all HP-issued Security Bulletins and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
HISTORY Revision: 1 (rev.1) - 02 October 2007 Initial release
Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
- The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
\xa9Copyright 2007 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: PGP 8.1
iQA/AwUBRwVCruAfOvwtKn1ZEQK1YgCfavU7x1Hs59uLdP26lpZFwMxKofIAn3gJ HHoe3AY1sc6hrW3Xk+B1hcbr =+E1W -----END PGP SIGNATURE----- . =========================================================== Ubuntu Security Notice USN-499-1 August 16, 2007 apache2 vulnerabilities CVE-2006-5752, CVE-2007-1863, CVE-2007-3304 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 6.06 LTS: apache2-common 2.0.55-4ubuntu2.2 apache2-mpm-prefork 2.0.55-4ubuntu2.2 apache2-mpm-worker 2.0.55-4ubuntu2.2
Ubuntu 6.10: apache2-common 2.0.55-4ubuntu4.1 apache2-mpm-prefork 2.0.55-4ubuntu4.1 apache2-mpm-worker 2.0.55-4ubuntu4.1
Ubuntu 7.04: apache2-mpm-prefork 2.2.3-3.2ubuntu0.1 apache2-mpm-worker 2.2.3-3.2ubuntu0.1 apache2.2-common 2.2.3-3.2ubuntu0.1
In general, a standard system upgrade is sufficient to effect the necessary changes.
Details follow:
Stefan Esser discovered that mod_status did not force a character set, which could result in browsers becoming vulnerable to XSS attacks when processing the output. If a user were tricked into viewing server status output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. By default, mod_status is disabled in Ubuntu. (CVE-2006-5752)
Niklas Edmundsson discovered that the mod_cache module could be made to crash using a specially crafted request. A remote user could use this to cause a denial of service if Apache was configured to use a threaded worker. By default, mod_cache is disabled in Ubuntu. (CVE-2007-1863)
A flaw was discovered in the signal handling of Apache. A local attacker could trick Apache into sending SIGUSR1 to other processes. The vulnerable code was only present in Ubuntu Feisty. (CVE-2007-3304)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2.diff.gz
Size/MD5: 115882 e94e45574e3b131d3a9a0e07e193f1e5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2.dsc
Size/MD5: 1148 c2bc143625fbf8ca59fea300845c5a42
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz
Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.2_all.deb
Size/MD5: 2124364 9b8ca5d5757c63f5ee6bbd507f0a8357
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.2_amd64.deb
Size/MD5: 833000 be4c7770c725f5f4401ca06d1347211f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.2_amd64.deb
Size/MD5: 227832 41c12dfe84f109e6544a33e4e1d791a8
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.2_amd64.deb
Size/MD5: 222934 7e4d072bad27239e366a6eda94c09190
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.2_amd64.deb
Size/MD5: 227576 8fc59f78a3fa0e5d6dac81e875039bda
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.2_amd64.deb
Size/MD5: 171082 4318f93373b705563251f377ed398614
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.2_amd64.deb
Size/MD5: 171860 257f4183d70be5a00546c39c5a18f108
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.2_amd64.deb
Size/MD5: 93916 695cee55f91ceb9424abe31d8b6ee1dd
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2_amd64.deb
Size/MD5: 35902 00c1082a77ff1d863f72874c4472a26d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.2_amd64.deb
Size/MD5: 285336 0a8510634b21f56f0d9619aa6fc9cec9
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.2_amd64.deb
Size/MD5: 143952 d75f83ac219bce95a15a8f44b82b8ea7
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.2_i386.deb
Size/MD5: 786186 4e78fa0d438867194f66b11b4eb6fc2e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.2_i386.deb
Size/MD5: 202448 74cf60884e18c1fc93f157010a15b12c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.2_i386.deb
Size/MD5: 198456 209a0b92995fec453ed4c2c181e3e555
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.2_i386.deb
Size/MD5: 202038 6cbd437caf993fa2b2b38369cd3d5863
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.2_i386.deb
Size/MD5: 171074 0a5a26aa58af7aa2d51d1cf5d7c543d6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.2_i386.deb
Size/MD5: 171848 af9ca78febc5bc0c7936296dab958349
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.2_i386.deb
Size/MD5: 91884 2857d60b507b28c736f83815c9f3d1b8
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2_i386.deb
Size/MD5: 35906 202b5b233af0d26e29ca7302cf7fd04c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.2_i386.deb
Size/MD5: 261418 c90342706ac26682d15032a5ba5cb51a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.2_i386.deb
Size/MD5: 131850 951a4573901bc2f10d5febf940d57516
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.2_powerpc.deb
Size/MD5: 859126 afdd8642ca447fc9dc70dfed92be0fa6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.2_powerpc.deb
Size/MD5: 219898 6d9c9f924d2356bf9d3438a280870a7d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.2_powerpc.deb
Size/MD5: 215602 dd554132cdea0f860e01cf5d4e0dbc7c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.2_powerpc.deb
Size/MD5: 219378 7a1f4b325dacef287c901fa66680c04e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.2_powerpc.deb
Size/MD5: 171096 a0e2547d38ef1b84dc419d69e42ffa0b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.2_powerpc.deb
Size/MD5: 171864 200ab662b2c13786658486df37fda881
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.2_powerpc.deb
Size/MD5: 103628 ae36642fbd4698bb362fa4bf9417b0e3
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2_powerpc.deb
Size/MD5: 35910 358027282f2f19451d3aa784dc0474dc
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.2_powerpc.deb
Size/MD5: 280950 0d9b56ec076da25e2a03f6d3c6445057
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.2_powerpc.deb
Size/MD5: 141074 f5d3d5e0e5911e0c0156ae55af50f87b
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.2_sparc.deb
Size/MD5: 803440 d66da6a91c08956c3c5062668349ef41
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.2_sparc.deb
Size/MD5: 209970 57f0a8f823a4502ee9a2608e3181cc81
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.2_sparc.deb
Size/MD5: 205582 1dcfb0df796e85c409f614544ea589fe
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.2_sparc.deb
Size/MD5: 209330 6bf7ae824eea35d3487febef384fce91
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.2_sparc.deb
Size/MD5: 171080 1088337f4abcb6c8f65751b6120c2307
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.2_sparc.deb
Size/MD5: 171868 5cda04cd73a9c6d8dfc18abd55c09ebd
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.2_sparc.deb
Size/MD5: 92972 850ab3bb0904e8fe9b6255c42ba7f84c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2_sparc.deb
Size/MD5: 35904 7af260b95c4faa17ef34810fed888caf
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.2_sparc.deb
Size/MD5: 267550 08182a8a2cab00fc0e6bca2cccf5165f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.2_sparc.deb
Size/MD5: 129760 a60606c6d2f12209b0bdae997be4a13f
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1.diff.gz
Size/MD5: 116265 2732761b18dfb3c2cd1aa0b54c2cf623
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1.dsc
Size/MD5: 1148 4b9c4612469c521db0c5fdbe2f6b9b25
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz
Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu4.1_all.deb
Size/MD5: 2124550 8d5c30342b35f9fd595fb09d7659b6fc
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.1_amd64.deb
Size/MD5: 836342 2c4ba483b0b20fdc2d43819109177941
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.1_amd64.deb
Size/MD5: 227390 e61cc1998f5b8f2c44dce587e59d288a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.1_amd64.deb
Size/MD5: 222376 6bdbff7f7f80fd464d1e3ec52d6e7171
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.1_amd64.deb
Size/MD5: 226848 4356b4caf2b40f364c8893c41b9f9355
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.1_amd64.deb
Size/MD5: 171304 c4395af051e876228541ef5b8037d979
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.1_amd64.deb
Size/MD5: 172074 99dadc4ad0f0947f9368d89f4589d95a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.1_amd64.deb
Size/MD5: 94204 30f3bb8c72575fe93940ecc730b8e4b6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1_amd64.deb
Size/MD5: 36152 ea3cbefcbee7e2f6e5555edb44733ad9
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.1_amd64.deb
Size/MD5: 286544 d555931490d44d93bec31c4bfc19ed12
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.1_amd64.deb
Size/MD5: 145014 3e06ceb0a55598d82f9f781c44e210b3
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.1_i386.deb
Size/MD5: 806938 050bb7665332d3761e1a8e47939fa507
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.1_i386.deb
Size/MD5: 209556 ee530b24aba8838001ebb6c901bc90cd
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.1_i386.deb
Size/MD5: 205718 b52a17c63909eae3c49bad0ab1958f4b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.1_i386.deb
Size/MD5: 209158 1844fa5e09224a90944f8b886ddb5a2a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.1_i386.deb
Size/MD5: 171296 9de8aba41f7e3d60f41536ca712adebb
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.1_i386.deb
Size/MD5: 172078 01ccd554177364747b08e2933f121d2c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.1_i386.deb
Size/MD5: 93240 4573597317416869646eb2ea42cd0945
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1_i386.deb
Size/MD5: 36150 77666d65bade6a91bd58826c79f11dc9
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.1_i386.deb
Size/MD5: 266390 a3963d8e76f6865404f7fadb47880c87
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.1_i386.deb
Size/MD5: 137604 387f6bcdaa58dbbe53082241b3231844
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.1_powerpc.deb
Size/MD5: 865372 27d7f1de1fcb2114d3f3b0a774302488
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.1_powerpc.deb
Size/MD5: 221542 1ae8fa5cf4b77f3b2aa054e2886e587e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.1_powerpc.deb
Size/MD5: 217044 9134983c40107f79fcac8d1eacbc7117
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.1_powerpc.deb
Size/MD5: 221324 b435dc09c63ecbcd564a0923a8f07350
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.1_powerpc.deb
Size/MD5: 171296 6d2a0abfb7a1daaeae56559eeb322dcb
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.1_powerpc.deb
Size/MD5: 172064 ecc2037409554ea43c5a6848aa510c76
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.1_powerpc.deb
Size/MD5: 104654 d0957d8df044c4a34437241792ed97d1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1_powerpc.deb
Size/MD5: 36148 34e102e1d2e1c6a6f31801dfb98cb82a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.1_powerpc.deb
Size/MD5: 284548 c8f325ccc42cbe77191d4ddd9abc2a4e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.1_powerpc.deb
Size/MD5: 144238 82cfbfcec5fc4931078145af8947c035
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.1_sparc.deb
Size/MD5: 811594 d8548e537fd81994bbb638e105dfbf8b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.1_sparc.deb
Size/MD5: 212160 81cd0197ff89b79c967c1074ede9f8d7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.1_sparc.deb
Size/MD5: 207870 5d80ed8dc39b0d4d59fccb747624a684
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.1_sparc.deb
Size/MD5: 211578 9407383d85db831dab728b39cce9acc8
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.1_sparc.deb
Size/MD5: 171294 5e4d695a99bdc1fdfb0bfcef8b91d03d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.1_sparc.deb
Size/MD5: 172064 06e3e765d799e281dba7329ff9d9e138
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.1_sparc.deb
Size/MD5: 93796 1048b47b289fb2047fa9ac7ebbe94a57
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1_sparc.deb
Size/MD5: 36150 0d106a177aa4271b1cfc0e96eec1a748
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.1_sparc.deb
Size/MD5: 268444 3912123e7c71cc638132305ca89fe23b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.1_sparc.deb
Size/MD5: 130626 f4444e0239c2da7d3c31e3486606f95a
Updated packages for Ubuntu 7.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu0.1.diff.gz
Size/MD5: 112120 f7b1a17718aed7ca73da3a6d7aad06b0
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu0.1.dsc
Size/MD5: 1128 e82b1bee591fff50d6673ed1a443e543
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3.orig.tar.gz
Size/MD5: 6342475 f72ffb176e2dc7b322be16508c09f63c
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.3-3.2ubuntu0.1_all.deb
Size/MD5: 2199184 c03756f87cb164213428532f70e0c198
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.3-3.2ubuntu0.1_all.deb
Size/MD5: 272064 5be351f491f8d1aae9a270d1214e93e3
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.3-3.2ubuntu0.1_all.deb
Size/MD5: 6674104 bdbabf8f478562f0e003737e977ffc7b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu0.1_all.deb
Size/MD5: 38668 9f0c7c01e8441285c084002eb4619065
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu0.1_amd64.deb
Size/MD5: 449624 1b54a8000c40eaaa0f9e31527b9bb180
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu0.1_amd64.deb
Size/MD5: 445346 d15625641a3247fbf5d9d9b9aed34968
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu0.1_amd64.deb
Size/MD5: 449208 55f39c28a4de98d53f80231aeb7d6c59
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu0.1_amd64.deb
Size/MD5: 403570 0042c75be8a2d128d62b79398deaefa8
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu0.1_amd64.deb
Size/MD5: 404138 929772b95ea67f338ad423a65b2b7011
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu0.1_amd64.deb
Size/MD5: 341312 906819b0de863209575aa65d39a594a5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu0.1_amd64.deb
Size/MD5: 971462 f85e32c5f6437ce149553aee97ffd934
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu0.1_i386.deb
Size/MD5: 432922 c1b81ac7dc7b7a0b2261fd10d9bcf5c6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu0.1_i386.deb
Size/MD5: 428856 f506f2a9dd2dbd5c2d3f72a476cc3537
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu0.1_i386.deb
Size/MD5: 432314 a5a11947ad8cf14604efa7ddcfd20bfe
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu0.1_i386.deb
Size/MD5: 403574 da84a3a99276f14a11ac892ce7eee170
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu0.1_i386.deb
Size/MD5: 404138 0fdd43a53e6957aa3a348a7bd9c876f5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu0.1_i386.deb
Size/MD5: 340396 88a0ddbc58335416d91c9f10adc9d5f5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu0.1_i386.deb
Size/MD5: 929716 138d58487b882e6002e3c5e4a9489add
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu0.1_powerpc.deb
Size/MD5: 451530 ddc437092ef642fcd396713cd1972f4c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu0.1_powerpc.deb
Size/MD5: 446960 af1b667708e062f81bca4e995355394d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu0.1_powerpc.deb
Size/MD5: 450940 ed9f31ec5045a88446115987c6e97655
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu0.1_powerpc.deb
Size/MD5: 403574 65801ab51335a15dc370b9341a0e50dd
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu0.1_powerpc.deb
Size/MD5: 404146 fd35e65fadd836feb0190b209947b466
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu0.1_powerpc.deb
Size/MD5: 360518 b74bc9eead429cd8f0ebecd6a94e5edb
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu0.1_powerpc.deb
Size/MD5: 1073812 376fe5b1ee383a6d870eea5dd3c6a704
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu0.1_sparc.deb
Size/MD5: 434408 c70ef2e9aed191fe53886ceb3725596e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu0.1_sparc.deb
Size/MD5: 430574 7b690896da23a151ee5e106d596c1143
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu0.1_sparc.deb
Size/MD5: 433918 cc01edfcfc673ba9a86c83fcc66e6870
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu0.1_sparc.deb
Size/MD5: 403568 a7660cff70394403c764cf8f30c7298a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu0.1_sparc.deb
Size/MD5: 404136 b8587d5eba0be59a6576d6cf645b2122
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu0.1_sparc.deb
Size/MD5: 343370 1572a001a612add57d23350210ac1736
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu0.1_sparc.deb
Size/MD5: 938586 b74a91fcfbb0503355e94981310bd1ce
Show details on source website
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200706-0666", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "cosminexus server - web edition", "scope": null, "trust": 1.6, "vendor": "hitachi", "version": null }, { "model": "web server", "scope": null, "trust": 1.6, "vendor": "hitachi", "version": null }, { "model": "cosminexus server - standard edition", "scope": null, "trust": 1.6, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server version 5", "scope": null, "trust": 1.6, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer standard", "scope": null, "trust": 1.6, "vendor": "hitachi", "version": null }, { "model": "cosminexus server - standard edition version 4", "scope": null, "trust": 1.6, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer light", "scope": null, "trust": 1.6, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer light version 6", "scope": null, "trust": 1.6, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer version 5", "scope": null, "trust": 1.6, "vendor": "hitachi", "version": null }, { "model": "ucosminexus service platform", "scope": null, "trust": 1.6, "vendor": "hitachi", "version": null }, { "model": "cosminexus server - web edition version 4", "scope": null, "trust": 1.6, "vendor": "hitachi", "version": null }, { "model": "ucosminexus service architect", "scope": null, "trust": 1.6, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise", "scope": null, "trust": 1.6, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer standard version 6", "scope": null, "trust": 1.6, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server standard", "scope": "eq", "trust": 1.6, "vendor": "hitachi", "version": "version 6" }, { "model": "ucosminexus application server standard", "scope": null, "trust": 1.6, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server enterprise", "scope": "eq", "trust": 1.6, "vendor": "hitachi", "version": "version 6" }, { "model": "cosminexus developer professional version 6", "scope": null, "trust": 1.6, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer", "scope": "eq", "trust": 1.6, "vendor": "hitachi", "version": "professional" }, { "model": "cosminexus server - enterprise edition", "scope": null, "trust": 1.6, "vendor": "hitachi", "version": null }, { "model": "http server", "scope": "eq", "trust": 1.1, "vendor": "ibm", "version": "2.0.47" }, { "model": "http server", "scope": "eq", "trust": 1.1, "vendor": "ibm", "version": "1.3.28.1" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "5.0" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "6.06" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "4.0" }, { "model": "http server", "scope": "lt", "trust": 1.0, "vendor": "apache", "version": "1.3.39" }, { "model": "http server", "scope": "lt", "trust": 1.0, "vendor": "apache", "version": "2.2.6" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "3.0" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "6.10" }, { "model": "http server", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "2.2.0" }, { "model": "enterprise linux server", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "5.0" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "7.04" }, { "model": "http server", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "1.3.2" }, { "model": "http server", "scope": "lt", "trust": 1.0, "vendor": "apache", "version": "2.0.61" }, { "model": "http server", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "2.0.0" }, { "model": "enterprise linux server", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "4.0" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "3.0" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "4.0" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "5.0" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "7" }, { "model": "enterprise linux server", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "3.0" }, { "model": "enterprise linux eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "4.5" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "3.0" }, { "model": "http server", "scope": "lte", "trust": 0.8, "vendor": "apache", "version": "2.0.59 and earlier" }, { "model": "rhel desktop workstation", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (client)" }, { "model": "turbolinux fuji", "scope": null, "trust": 0.8, "vendor": "turbo linux", "version": null }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "2.1 (as)" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4 (ws)" }, { "model": "http server", "scope": "lte", "trust": 0.8, "vendor": "apache", "version": "1.3.37 and earlier" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4 (es)" }, { "model": "interstage application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage apworks", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "2.1 (es)" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.23" }, { "model": "http server", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "6.1.0.13" }, { "model": "interstage application framework suite", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "3 (as)" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "9 (sparc)" }, { "model": "systemwalker resource coordinator", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "2.1" }, { "model": "http server", "scope": "lte", "trust": 0.8, "vendor": "apache", "version": "2.2.4 and earlier" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "8 (sparc)" }, { "model": "linux advanced workstation", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "2.1" }, { "model": "interstage job workload server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "http server", "scope": "lt", "trust": 0.8, "vendor": "ibm", "version": "version" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "8 (x86)" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "2.1 (ws)" }, { "model": "http server", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "6.0.2.23" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "10 (x86)" }, { "model": "interstage web server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4 (as)" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4.0" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "9 (x86)" }, { "model": "turbolinux appliance server", "scope": "eq", "trust": 0.8, "vendor": "turbo linux", "version": "2.0" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "3.0" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "3.0 (x86-64)" }, { "model": "interstage business application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage studio", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "3 (es)" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.11" }, { "model": "turbolinux server", "scope": "eq", "trust": 0.8, "vendor": "turbo linux", "version": "10" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "4.0 (x86-64)" }, { "model": "turbolinux server", "scope": "eq", "trust": 0.8, "vendor": "turbo linux", "version": "10 (x64)" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.31" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "2.0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (server)" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "3 (ws)" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5.0 (client)" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "10 (sparc)" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "4.0" }, { "model": "http server", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "10.1.3.5.0" }, { "model": "workstation", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "6.5.2" }, { "model": "workstation", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "6.5.1" }, { "model": "player", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.5.2" }, { "model": "player", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.5.1" }, { "model": "ace", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.5.2" }, { "model": "ace", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.5.1" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "7.04" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "7.04" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "7.04" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "7.04" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.10" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.10" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.10" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.10" }, { "model": "linux lts sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.06" }, { "model": "linux lts powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.06" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.06" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.06" }, { "model": "server", "scope": "eq", "trust": 0.3, "vendor": "turbolinux", "version": "10.0x86" }, { "model": "server", "scope": "eq", "trust": 0.3, "vendor": "turbolinux", "version": "10.0" }, { "model": "server", "scope": "eq", "trust": 0.3, "vendor": "turbolinux", "version": "10.0.0x64" }, { "model": "fuji", "scope": "eq", "trust": 0.3, "vendor": "turbolinux", "version": "0" }, { "model": "appliance server", "scope": "eq", "trust": 0.3, "vendor": "turbolinux", "version": "2.0" }, { "model": "secure linux", "scope": "eq", "trust": 0.3, "vendor": "trustix", "version": "3.0.5" }, { "model": "secure linux", "scope": "eq", "trust": 0.3, "vendor": "trustix", "version": "3.0" }, { "model": "secure linux", "scope": "eq", "trust": 0.3, "vendor": "trustix", "version": "2.2" }, { "model": "operating system enterprise server", "scope": "eq", "trust": 0.3, "vendor": "trustix", "version": "2.0" }, { "model": "linux enterprise server", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "9" }, { "model": "linux enterprise server sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "linux enterprise sdk 10.sp1", "scope": null, "trust": 0.3, "vendor": "suse", "version": null }, { "model": "linux enterprise sdk", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10.3" }, { "model": "solaris 9 x86", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "solaris 9 sparc", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "solaris 8 x86", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "solaris 8 sparc", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "solaris 10 x86", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "propack sp6", "scope": "eq", "trust": 0.3, "vendor": "sgi", "version": "3.0" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.2" }, { "model": "open-enterprise-server", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "0" }, { "model": "novell linux pos", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "9" }, { "model": "novell linux desktop", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "9.0" }, { "model": "linux professional oss", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.0" }, { "model": "linux professional", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.1" }, { "model": "linux personal oss", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.0" }, { "model": "linux personal", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "rpath", "version": "1" }, { "model": "network satellite (for rhel", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4)4.2" }, { "model": "network proxy (for rhel", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "3)4.2" }, { "model": "enterprise linux ws", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "enterprise linux ws", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "3" }, { "model": "enterprise linux ws ia64", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2.1" }, { "model": "enterprise linux ws", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2.1" }, { "model": "enterprise linux es", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "enterprise linux es", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "3" }, { "model": "enterprise linux es ia64", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2.1" }, { "model": "enterprise linux es", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2.1" }, { "model": "enterprise linux desktop workstation client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4.0" }, { "model": "desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "3.0" }, { "model": "certificate server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7.3" }, { "model": "advanced workstation for the itanium processor ia64", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2.1" }, { "model": "advanced workstation for the itanium processor", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2.1" }, { "model": "hat red hat network satellite server", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5.0" }, { "model": "hat network satellite (for rhel", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "3)4.2" }, { "model": "hat network proxy (for rhel", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "4)5.0" }, { "model": "hat network proxy (for rhel", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "4)4.2" }, { "model": "hat enterprise linux desktop client", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "hat enterprise linux as", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "4" }, { "model": "hat enterprise linux as", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "3" }, { "model": "hat enterprise linux as ia64", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "2.1" }, { "model": "hat enterprise linux as", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "2.1" }, { "model": "hat enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2007.1" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2007.1" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2007.0" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2007.0" }, { "model": "multi network firewall", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "2.0" }, { "model": "corporate server x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "4.0" }, { "model": "corporate server x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "3.0" }, { "model": "corporate server", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "3.0" }, { "model": "corporate server", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "4.0" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.2.13" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.47.1" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.42.2" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.42.1" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.42" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.28" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.26.2" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.26.1" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.26" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.19.5" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.19.4" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.19.3" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.19.2" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.19.1" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.19" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.12.7" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.12.6" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.12.5" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.12.4" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.12.3" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.12.2" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.12.1" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.12" }, { "model": "http server win32", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.6" }, { "model": "http server win32", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.6.4" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.6.3" }, { "model": "http server win32", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.6.2" }, { "model": "http server unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.6.2" }, { "model": "http server win32", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.3" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.1" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.2.12" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.58" }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "interstage studio standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage studio standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "interstage studio enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage studio enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "interstage job workload server", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.1" }, { "model": "interstage business application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.0" }, { "model": "interstage apworks standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0" }, { "model": "interstage apworks modelers-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage apworks modelers-j edition 6.0a", "scope": null, "trust": 0.3, "vendor": "fujitsu", "version": null }, { "model": "interstage apworks modelers-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage apworks enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0" }, { "model": "interstage application server web-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "interstage application server standard-j edition a", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.2" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0" }, { "model": "interstage application server standard edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "interstage application server plus developer", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0.1" }, { "model": "interstage application server plus developer", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage application server plus developer", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0.1" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0.1" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server enterprise edition a", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.2" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0.1" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0.1" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage application server enterprise edition 6.0a", "scope": null, "trust": 0.3, "vendor": "fujitsu", "version": null }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "messaging storage server mm3.0", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "message networking", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "interactive response", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.3" }, { "model": "interactive response", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.0" }, { "model": "interactive response", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.4" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.3" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2" }, { "model": "software foundation apache", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": "2.2.6" }, { "model": "software foundation apache 2.3.38-dev", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": null }, { "model": "software foundation apache 2.0.60-dev", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": null } ], "sources": [ { "db": "BID", "id": "24645" }, { "db": "JVNDB", "id": "JVNDB-2007-000478" }, { "db": "JVNDB", "id": "JVNDB-2007-000773" }, { "db": "NVD", "id": "CVE-2006-5752" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:apache:http_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:ibm:http_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:oracle:http_server", "vulnerable": true }, { "cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server", "vulnerable": true }, { "cpe22Uri": "cpe:/o:sun:solaris", "vulnerable": true }, { "cpe22Uri": "cpe:/o:turbolinux:turbolinux_appliance_server", "vulnerable": true }, { "cpe22Uri": "cpe:/o:turbolinux:turbolinux_fuji", "vulnerable": true }, { "cpe22Uri": "cpe:/o:turbolinux:turbolinux_server", "vulnerable": true }, { "cpe22Uri": "cpe:/o:hp:hp-ux", "vulnerable": true }, { "cpe22Uri": "cpe:/o:redhat:enterprise_linux", "vulnerable": true }, { "cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop", "vulnerable": true }, { "cpe22Uri": "cpe:/o:redhat:linux_advanced_workstation", "vulnerable": true }, { "cpe22Uri": "cpe:/o:redhat:rhel_desktop_workstation", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server_enterprise", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server_standard", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server_version_5", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_developer_light_version_6", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_developer_professional_version_6", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_developer_standard_version_6", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_developer_version_5", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_server_-_enterprise_edition", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_server_-_standard_edition", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_server_-_standard_edition_version_4", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_server_-_web_edition", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_server_-_web_edition_version_4", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:hitachi_web_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server_enterprise", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server_standard", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer_light", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer_standard", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_service_architect", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_service_platform", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_framework_suite", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_apworks", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_job_workload_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_studio", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_web_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_resource_coordinator", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2007-000478" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Stefan Esser is credited with the discovery of this vulnerability.", "sources": [ { "db": "BID", "id": "24645" } ], "trust": 0.3 }, "cve": "CVE-2006-5752", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "CVE-2006-5752", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "IPA", "availabilityImpact": "None", "baseScore": 4.3, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2007-000773", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2006-5752", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2006-5752", "trust": 0.8, "value": "Medium" }, { "author": "IPA", "id": "JVNDB-2007-000773", "trust": 0.8, "value": "Medium" }, { "author": "VULMON", "id": "CVE-2006-5752", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2006-5752" }, { "db": "JVNDB", "id": "JVNDB-2007-000478" }, { "db": "JVNDB", "id": "JVNDB-2007-000773" }, { "db": "NVD", "id": "CVE-2006-5752" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform \"charset detection\" when the content-type is not specified. When Hitachi Web Server receives a request that contains malicious scripts, they are inserted into the server-satus page the Server automatically creates. This allows the inserted malicious scripts to be executed on the client machines. The vulnerability does not affect the product if the server-status reporting feature is disabled.An attacker could execute malicious scripts. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. This could lead to a denial of service\n if using a threaded MPM (CVE-2007-1863). A local attacker with the\n ability to run scripts on the server could manipulate the scoreboard\n and cause arbitrary processes to be terminated (CVE-2007-3304). \n \n Updated packages have been patched to prevent the above issues. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2007.0:\n 5f906bba3e1195f5ffbc3fcb2a6bde38 2007.0/i586/apache-base-2.2.3-1.1mdv2007.0.i586.rpm\n 83a4844cd98ef203958796ce280a71b2 2007.0/i586/apache-devel-2.2.3-1.1mdv2007.0.i586.rpm\n 2a6853cad61ca0548715486c5d4c8a23 2007.0/i586/apache-htcacheclean-2.2.3-1.1mdv2007.0.i586.rpm\n bebbc850c030be2ef87ce12d420fb825 2007.0/i586/apache-mod_authn_dbd-2.2.3-1.1mdv2007.0.i586.rpm\n 9e08e4738b304aab4f90f4f18aa5da45 2007.0/i586/apache-mod_cache-2.2.3-1.1mdv2007.0.i586.rpm\n 989d0538f7882277053f6d4c89ca581c 2007.0/i586/apache-mod_dav-2.2.3-1.1mdv2007.0.i586.rpm\n c1c0fc53dd811dd6176800226574efbf 2007.0/i586/apache-mod_dbd-2.2.3-1.1mdv2007.0.i586.rpm\n e68509c01d66b9d42e676e7974360154 2007.0/i586/apache-mod_deflate-2.2.3-1.1mdv2007.0.i586.rpm\n 5596cb5359b7919125fc10be83598445 2007.0/i586/apache-mod_disk_cache-2.2.3-1.1mdv2007.0.i586.rpm\n d71b54240667224fd7da7fec4693c30b 2007.0/i586/apache-mod_file_cache-2.2.3-1.1mdv2007.0.i586.rpm\n 3571cab041e622f9399c57f377ac3fe3 2007.0/i586/apache-mod_ldap-2.2.3-1.1mdv2007.0.i586.rpm\n 598fdd7aad80fdc557142c5e9fc00677 2007.0/i586/apache-mod_mem_cache-2.2.3-1.1mdv2007.0.i586.rpm\n f4ec774478f5d198ad2e3d3384a5ad83 2007.0/i586/apache-mod_proxy-2.2.3-1.1mdv2007.0.i586.rpm\n ab7726290be59f03a5ade2029a2b02f8 2007.0/i586/apache-mod_proxy_ajp-2.2.3-1.1mdv2007.0.i586.rpm\n d72ab4173d51da4a0c1df63dbb52ccf5 2007.0/i586/apache-mod_ssl-2.2.3-1.1mdv2007.0.i586.rpm\n fcde0ec8b64d83402b53f926ec7fa835 2007.0/i586/apache-mod_userdir-2.2.3-1.1mdv2007.0.i586.rpm\n 58a0628d42d23c9aa5df6567789fad40 2007.0/i586/apache-modules-2.2.3-1.1mdv2007.0.i586.rpm\n 011487e1afdfb400419303182e5320c7 2007.0/i586/apache-mpm-prefork-2.2.3-1.1mdv2007.0.i586.rpm\n 7a755b22020153b44f8d00ba153d3d97 2007.0/i586/apache-mpm-worker-2.2.3-1.1mdv2007.0.i586.rpm\n ef6e11f0d26db492bc9fe83a2dbf53d7 2007.0/i586/apache-source-2.2.3-1.1mdv2007.0.i586.rpm \n 411b90e42ed304f329e9989d64a9dfc5 2007.0/SRPMS/apache-2.2.3-1.1mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n 7c5408879073413fb27f2d40854813d0 2007.0/x86_64/apache-base-2.2.3-1.1mdv2007.0.x86_64.rpm\n c720f2a661616b0bf35bc353d14b9b3b 2007.0/x86_64/apache-devel-2.2.3-1.1mdv2007.0.x86_64.rpm\n 12164d6d70972cb9ed2fb6581e212bf1 2007.0/x86_64/apache-htcacheclean-2.2.3-1.1mdv2007.0.x86_64.rpm\n 5278f8d03ce9d59ec4929d4362b04bbe 2007.0/x86_64/apache-mod_authn_dbd-2.2.3-1.1mdv2007.0.x86_64.rpm\n 40c83185db12d04f4953a374b329ebb3 2007.0/x86_64/apache-mod_cache-2.2.3-1.1mdv2007.0.x86_64.rpm\n fe37fb1d4378c4bbcfd8d63bd57c3d4d 2007.0/x86_64/apache-mod_dav-2.2.3-1.1mdv2007.0.x86_64.rpm\n 0830bc5d1718a533e3358a45975596ce 2007.0/x86_64/apache-mod_dbd-2.2.3-1.1mdv2007.0.x86_64.rpm\n e18c3a6a322258e73b87170766aa7882 2007.0/x86_64/apache-mod_deflate-2.2.3-1.1mdv2007.0.x86_64.rpm\n fc8c27067e6b04bd549fe0b95579ebaa 2007.0/x86_64/apache-mod_disk_cache-2.2.3-1.1mdv2007.0.x86_64.rpm\n b31385db2199fd33eeb624c80e9d882a 2007.0/x86_64/apache-mod_file_cache-2.2.3-1.1mdv2007.0.x86_64.rpm\n 08123786649152eab65e123c75db8e66 2007.0/x86_64/apache-mod_ldap-2.2.3-1.1mdv2007.0.x86_64.rpm\n 7de4b739d93683648209dcdc69dd5473 2007.0/x86_64/apache-mod_mem_cache-2.2.3-1.1mdv2007.0.x86_64.rpm\n 85fde2923d945f3849d77f806b8bc55d 2007.0/x86_64/apache-mod_proxy-2.2.3-1.1mdv2007.0.x86_64.rpm\n b68991944f2989b6d3f89f7272239d76 2007.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.1mdv2007.0.x86_64.rpm\n 19871683773211daa721957dc5dd565d 2007.0/x86_64/apache-mod_ssl-2.2.3-1.1mdv2007.0.x86_64.rpm\n 5cf2a97219d6789e4572da1ecddedf16 2007.0/x86_64/apache-mod_userdir-2.2.3-1.1mdv2007.0.x86_64.rpm\n feede872aaf0ca4bbd86ffe24455e9cd 2007.0/x86_64/apache-modules-2.2.3-1.1mdv2007.0.x86_64.rpm\n a00a35d4eba8f538cea741b2fc4079f4 2007.0/x86_64/apache-mpm-prefork-2.2.3-1.1mdv2007.0.x86_64.rpm\n da86251e4417f068d2cafed30e380779 2007.0/x86_64/apache-mpm-worker-2.2.3-1.1mdv2007.0.x86_64.rpm\n ceb7fd32d3ad933ab6a914085f858911 2007.0/x86_64/apache-source-2.2.3-1.1mdv2007.0.x86_64.rpm \n 411b90e42ed304f329e9989d64a9dfc5 2007.0/SRPMS/apache-2.2.3-1.1mdv2007.0.src.rpm\n\n Mandriva Linux 2007.1:\n 9daef91724ded29a3c76e74c261f7766 2007.1/i586/apache-base-2.2.4-6.2mdv2007.1.i586.rpm\n 9288ee938a0853d6e0072f839c68c1c2 2007.1/i586/apache-devel-2.2.4-6.2mdv2007.1.i586.rpm\n 613a986f9f654f1ce3432ee6f6db2391 2007.1/i586/apache-htcacheclean-2.2.4-6.2mdv2007.1.i586.rpm\n 8e0eb376d851d1ddba8850d4233fc3d3 2007.1/i586/apache-mod_authn_dbd-2.2.4-6.2mdv2007.1.i586.rpm\n 24de68668efa15e4abaaffd690837256 2007.1/i586/apache-mod_cache-2.2.4-6.2mdv2007.1.i586.rpm\n 288866908d43959c4b31c368346ba65d 2007.1/i586/apache-mod_dav-2.2.4-6.2mdv2007.1.i586.rpm\n d25838ec739d7a0037148f573262f81c 2007.1/i586/apache-mod_dbd-2.2.4-6.2mdv2007.1.i586.rpm\n ebad14bcccb73c8f8a27e98a6982a6f1 2007.1/i586/apache-mod_deflate-2.2.4-6.2mdv2007.1.i586.rpm\n 810d445f2146848b582e798e368b32ab 2007.1/i586/apache-mod_disk_cache-2.2.4-6.2mdv2007.1.i586.rpm\n 307de93279683b5b3e76ee6d971781cc 2007.1/i586/apache-mod_file_cache-2.2.4-6.2mdv2007.1.i586.rpm\n f59890e1bc38cfa598a4100705cf4cc6 2007.1/i586/apache-mod_ldap-2.2.4-6.2mdv2007.1.i586.rpm\n 098a05d1cbaa6bfa2d2707896dd6366c 2007.1/i586/apache-mod_mem_cache-2.2.4-6.2mdv2007.1.i586.rpm\n 6504f5e57440ff07da16de3d928898f6 2007.1/i586/apache-mod_proxy-2.2.4-6.2mdv2007.1.i586.rpm\n adc3a611a780e23178e93a6cedf135d4 2007.1/i586/apache-mod_proxy_ajp-2.2.4-6.2mdv2007.1.i586.rpm\n 659508a67fbe28b5dd9f861384ca1cf1 2007.1/i586/apache-mod_ssl-2.2.4-6.2mdv2007.1.i586.rpm\n 604eb70716d7e7b6bc6e8399cc4d9f5c 2007.1/i586/apache-mod_userdir-2.2.4-6.2mdv2007.1.i586.rpm\n 750d7cb431356abc88fe7a031f872b04 2007.1/i586/apache-modules-2.2.4-6.2mdv2007.1.i586.rpm\n 210be718db221db891452f05a001ee4e 2007.1/i586/apache-mpm-event-2.2.4-6.2mdv2007.1.i586.rpm\n 482e3d3af6756108c3e9a26ec2a8ac56 2007.1/i586/apache-mpm-itk-2.2.4-6.2mdv2007.1.i586.rpm\n b76ff4578c127ebd248b21a85a31140a 2007.1/i586/apache-mpm-prefork-2.2.4-6.2mdv2007.1.i586.rpm\n 2484dee8a4d4e7604a69abcd1b443954 2007.1/i586/apache-mpm-worker-2.2.4-6.2mdv2007.1.i586.rpm\n 9823f9b97e1829df97999494c3a3d453 2007.1/i586/apache-source-2.2.4-6.2mdv2007.1.i586.rpm \n ccbd9fad2b29ff86d8601f7201f48d72 2007.1/SRPMS/apache-2.2.4-6.2mdv2007.1.src.rpm\n\n Mandriva Linux 2007.1/X86_64:\n 4d043339268bff11fa07897ee3dc2988 2007.1/x86_64/apache-base-2.2.4-6.2mdv2007.1.x86_64.rpm\n afbae73f408fa95c9e4d25e3aa39583d 2007.1/x86_64/apache-devel-2.2.4-6.2mdv2007.1.x86_64.rpm\n d92c22ff28fcd919b3a8525f753066c3 2007.1/x86_64/apache-htcacheclean-2.2.4-6.2mdv2007.1.x86_64.rpm\n abe81d2effd6f4975accbdc8d25d089e 2007.1/x86_64/apache-mod_authn_dbd-2.2.4-6.2mdv2007.1.x86_64.rpm\n 480d5c31af3289f26953a691f92e2a51 2007.1/x86_64/apache-mod_cache-2.2.4-6.2mdv2007.1.x86_64.rpm\n 3feae93ade4038e67fcbaa691f2a74aa 2007.1/x86_64/apache-mod_dav-2.2.4-6.2mdv2007.1.x86_64.rpm\n b60eead7fe808fbc5eff6cb34f1de80b 2007.1/x86_64/apache-mod_dbd-2.2.4-6.2mdv2007.1.x86_64.rpm\n 023afee3221da629fd8e1d34006b7463 2007.1/x86_64/apache-mod_deflate-2.2.4-6.2mdv2007.1.x86_64.rpm\n 1180446c8cf65c196352006d6da00e17 2007.1/x86_64/apache-mod_disk_cache-2.2.4-6.2mdv2007.1.x86_64.rpm\n 0e8c2dfc0e42c23b0afbada9f8868bb6 2007.1/x86_64/apache-mod_file_cache-2.2.4-6.2mdv2007.1.x86_64.rpm\n 32aa45f45b8893d6c23c6892b7ad7e62 2007.1/x86_64/apache-mod_ldap-2.2.4-6.2mdv2007.1.x86_64.rpm\n 15c20ffb5fdc8ab2a6fa92157c9f0536 2007.1/x86_64/apache-mod_mem_cache-2.2.4-6.2mdv2007.1.x86_64.rpm\n f91fd6552f480eb36d030bb2e91d30b4 2007.1/x86_64/apache-mod_proxy-2.2.4-6.2mdv2007.1.x86_64.rpm\n 2c9d1e35af7adebaeb6284bf5da4dd5f 2007.1/x86_64/apache-mod_proxy_ajp-2.2.4-6.2mdv2007.1.x86_64.rpm\n caa59aaba47c89d20e799a3f02271afd 2007.1/x86_64/apache-mod_ssl-2.2.4-6.2mdv2007.1.x86_64.rpm\n 8ac44f8c409ea29492a3acdc1eb44c7f 2007.1/x86_64/apache-mod_userdir-2.2.4-6.2mdv2007.1.x86_64.rpm\n 0f2198ec988390ff3b7843a1e7090517 2007.1/x86_64/apache-modules-2.2.4-6.2mdv2007.1.x86_64.rpm\n 2548664fde736f25acf59f46c847d1ff 2007.1/x86_64/apache-mpm-event-2.2.4-6.2mdv2007.1.x86_64.rpm\n 2434c402bae11969ddf5281f2f042d24 2007.1/x86_64/apache-mpm-itk-2.2.4-6.2mdv2007.1.x86_64.rpm\n 8a06ecd19726db033496a042c6a6be2f 2007.1/x86_64/apache-mpm-prefork-2.2.4-6.2mdv2007.1.x86_64.rpm\n e8d339c397409391f3fb36f704c38c6c 2007.1/x86_64/apache-mpm-worker-2.2.4-6.2mdv2007.1.x86_64.rpm\n 8a6f923428242f7aa1b4d489739e241b 2007.1/x86_64/apache-source-2.2.4-6.2mdv2007.1.x86_64.rpm \n ccbd9fad2b29ff86d8601f7201f48d72 2007.1/SRPMS/apache-2.2.4-6.2mdv2007.1.src.rpm\n\n Corporate 4.0:\n 74beb8d1579ce5d5f12c8b15981b6e63 corporate/4.0/i586/apache-base-2.2.3-1.1.20060mlcs4.i586.rpm\n 326a8259b0d99bc2938bfa6cd85743e7 corporate/4.0/i586/apache-devel-2.2.3-1.1.20060mlcs4.i586.rpm\n ca305d0928255a65814af781b345a056 corporate/4.0/i586/apache-htcacheclean-2.2.3-1.1.20060mlcs4.i586.rpm\n 48c2b6a5ee11c3f011b1f6dc60a86479 corporate/4.0/i586/apache-mod_authn_dbd-2.2.3-1.1.20060mlcs4.i586.rpm\n b81a3077cb88a34af43a61ad6f2559ea corporate/4.0/i586/apache-mod_cache-2.2.3-1.1.20060mlcs4.i586.rpm\n ba5aee0b2a86182560e54f0cf4d360bd corporate/4.0/i586/apache-mod_dav-2.2.3-1.1.20060mlcs4.i586.rpm\n b696352106c5a0d1697385523455c767 corporate/4.0/i586/apache-mod_dbd-2.2.3-1.1.20060mlcs4.i586.rpm\n e79f271f000dd7f3a009cca70fd7e4a2 corporate/4.0/i586/apache-mod_deflate-2.2.3-1.1.20060mlcs4.i586.rpm\n c7bdb987f61099b64e751639ca02dd8a corporate/4.0/i586/apache-mod_disk_cache-2.2.3-1.1.20060mlcs4.i586.rpm\n b0303fcc2f43bdcf25419dde56df2297 corporate/4.0/i586/apache-mod_file_cache-2.2.3-1.1.20060mlcs4.i586.rpm\n f818ff0f890abe230c92069f9d256e5c corporate/4.0/i586/apache-mod_ldap-2.2.3-1.1.20060mlcs4.i586.rpm\n 4247be23e42c368b3880c7ab5ac13c89 corporate/4.0/i586/apache-mod_mem_cache-2.2.3-1.1.20060mlcs4.i586.rpm\n e50f1749935c96d3364bdce9af5d22bf corporate/4.0/i586/apache-mod_proxy-2.2.3-1.1.20060mlcs4.i586.rpm\n a619b4e0130d1db7f77a790fee0917a6 corporate/4.0/i586/apache-mod_proxy_ajp-2.2.3-1.1.20060mlcs4.i586.rpm\n 8170e0e77256f08d07b02119400a19f9 corporate/4.0/i586/apache-mod_ssl-2.2.3-1.1.20060mlcs4.i586.rpm\n 4a5d94d4f94295efe48266a1d529486e corporate/4.0/i586/apache-mod_userdir-2.2.3-1.1.20060mlcs4.i586.rpm\n 7c0c27197d6b44115366eac339c424f2 corporate/4.0/i586/apache-modules-2.2.3-1.1.20060mlcs4.i586.rpm\n 56351aafc723fdea2f2fac22d5046944 corporate/4.0/i586/apache-mpm-prefork-2.2.3-1.1.20060mlcs4.i586.rpm\n ccbb2f27b762b5dd564dc7a00aac6db0 corporate/4.0/i586/apache-mpm-worker-2.2.3-1.1.20060mlcs4.i586.rpm\n a65137ff29ed6a1da1f894d19997faec corporate/4.0/i586/apache-source-2.2.3-1.1.20060mlcs4.i586.rpm \n 8cdf592a822485abba00dfb6591615ea corporate/4.0/SRPMS/apache-2.2.3-1.1.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n 7a9b4f5b3fcf2cac67e4c38022ee2441 corporate/4.0/x86_64/apache-base-2.2.3-1.1.20060mlcs4.x86_64.rpm\n 5604ba341d957fbe6182bd2eb29a8e9d corporate/4.0/x86_64/apache-devel-2.2.3-1.1.20060mlcs4.x86_64.rpm\n 8983bda4bbe3b58f9c6c317531eb52b7 corporate/4.0/x86_64/apache-htcacheclean-2.2.3-1.1.20060mlcs4.x86_64.rpm\n 9baf252cbc8ef8a093ed25e7a0daf25d corporate/4.0/x86_64/apache-mod_authn_dbd-2.2.3-1.1.20060mlcs4.x86_64.rpm\n 26cc58bcbfd25a83c15051c8f590a36d corporate/4.0/x86_64/apache-mod_cache-2.2.3-1.1.20060mlcs4.x86_64.rpm\n 941a32aea1b1b3bca1ae343d5d925892 corporate/4.0/x86_64/apache-mod_dav-2.2.3-1.1.20060mlcs4.x86_64.rpm\n 1d79a7b921ce150de88e22ffbaba4b31 corporate/4.0/x86_64/apache-mod_dbd-2.2.3-1.1.20060mlcs4.x86_64.rpm\n d80b9ffca3dd024e73d069e55ba7fa3e corporate/4.0/x86_64/apache-mod_deflate-2.2.3-1.1.20060mlcs4.x86_64.rpm\n 7a7a11645680a7bee9cf88b166b0d32f corporate/4.0/x86_64/apache-mod_disk_cache-2.2.3-1.1.20060mlcs4.x86_64.rpm\n fcc85c0f9faf1fa08a01f3d4ecb68033 corporate/4.0/x86_64/apache-mod_file_cache-2.2.3-1.1.20060mlcs4.x86_64.rpm\n 55789d16ff565bcd31dfa522435d4d4b corporate/4.0/x86_64/apache-mod_ldap-2.2.3-1.1.20060mlcs4.x86_64.rpm\n 7ee708824d65878b71ede35e139ac94d corporate/4.0/x86_64/apache-mod_mem_cache-2.2.3-1.1.20060mlcs4.x86_64.rpm\n e8579835f848cade641da14354196497 corporate/4.0/x86_64/apache-mod_proxy-2.2.3-1.1.20060mlcs4.x86_64.rpm\n 6a1e70a638aecf603f3bc2485d14bd78 corporate/4.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.1.20060mlcs4.x86_64.rpm\n 212f40574d0821b909972ebc36fb697a corporate/4.0/x86_64/apache-mod_ssl-2.2.3-1.1.20060mlcs4.x86_64.rpm\n 32a8dd886e42c8093be05c9ee4d31855 corporate/4.0/x86_64/apache-mod_userdir-2.2.3-1.1.20060mlcs4.x86_64.rpm\n 265bccd86baa7fca942f1c6d4d694523 corporate/4.0/x86_64/apache-modules-2.2.3-1.1.20060mlcs4.x86_64.rpm\n babdb585a6c754f23d91c41fc844a5e2 corporate/4.0/x86_64/apache-mpm-prefork-2.2.3-1.1.20060mlcs4.x86_64.rpm\n 63274f5c5dc3897d0062f621b1c63e0e corporate/4.0/x86_64/apache-mpm-worker-2.2.3-1.1.20060mlcs4.x86_64.rpm\n 18782a1fcbcb760d36162ce830ac4cdd corporate/4.0/x86_64/apache-source-2.2.3-1.1.20060mlcs4.x86_64.rpm \n 8cdf592a822485abba00dfb6591615ea corporate/4.0/SRPMS/apache-2.2.3-1.1.20060mlcs4.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (GNU/Linux)\n\niD8DBQFGjD3WmqjQ0CJFipgRAtGoAKCXMGCKCMbkso0ugvF0TpsWNwkPjgCfVakS\nRe00IyLecNs4MIGgsrv2qJE=\n=5EEm\n-----END PGP SIGNATURE-----\n\n. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/apache \u003c 2.2.6 *\u003e= 2.0.59-r5\n \u003e= 2.2.6\n\nDescription\n===========\n\nMultiple cross-site scripting vulnerabilities have been discovered in\nmod_status and mod_autoindex (CVE-2006-5752, CVE-2007-4465). An error\nhas been discovered in the recall_headers() function in mod_mem_cache\n(CVE-2007-1862). The mod_cache module does not properly sanitize\nrequests before processing them (CVE-2007-1863). The Prefork module\ndoes not properly check PID values before sending signals\n(CVE-2007-3304). The mod_proxy module does not correctly check headers\nbefore processing them (CVE-2007-3847). \n\nImpact\n======\n\nA remote attacker could exploit one of these vulnerabilities to inject\narbitrary script or HTML content, obtain sensitive information or cause\na Denial of Service. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Apache users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/apache-2.0.59-r5\"\n\nReferences\n==========\n\n [ 1 ] CVE-2006-5752\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752\n [ 2 ] CVE-2007-1862\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1862\n [ 3 ] CVE-2007-1863\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863\n [ 4 ] CVE-2007-3304\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304\n [ 5 ] CVE-2007-3847\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847\n [ 6 ] CVE-2007-4465\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4465\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-200711-06.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2007 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. Summary\n\n Updated VMware Hosted products address security issues in libpng and\n the Apace HTTP Server. \n\n2. Relevant releases\n\n VMware Workstation 6.5.2 and earlier,\n VMware Player 2.5.2 and earlier,\n VMware ACE 2.5.2 and earlier\n\n3. Problem Description\n\n a. Third Party Library libpng Updated to 1.2.35\n\n Several flaws were discovered in the way third party library libpng\n handled uninitialized pointers. An attacker could create a PNG image\n file in such a way, that when loaded by an application linked to\n libpng, it could cause the application to crash or execute arbitrary\n code at the privilege level of the user that runs the application. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2009-0040 to this issue. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n VirtualCenter any Windows not affected\n\n Workstation 6.5.x any 6.5.3 build 185404 or later\n\n Player 2.5.x any 2.5.3 build 185404 or later\n\n ACE 2.5.x any 2.5.3 build 185404 or later\n\n Server 2.x any patch pending\n Server 1.x any patch pending\n\n Fusion 2.x Mac OS/X not affected\n Fusion 1.x Mac OS/X not affected\n\n ESXi 4.0 ESXi not affected\n ESXi 3.5 ESXi not affected\n\n ESX 4.0 ESX not affected\n ESX 3.5 ESX not affected\n ESX 3.0.3 ESX not affected\n ESX 3.0.2 ESX not affected\n ESX 2.5.5 ESX not affected *\n\n * The libpng update for the Service Console of ESX 2.5.5 is\n documented in VMSA-2009-0007. \n\n b. Apache HTTP Server updated to 2.0.63\n\n The new version of ACE updates the Apache HTTP Server on Windows\n hosts to version 2.0.63 which addresses multiple security issues\n that existed in the previous versions of this server. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2007-3847, CVE-2007-1863, CVE-2006-5752,\n CVE-2007-3304, CVE-2007-6388, CVE-2007-5000, CVE-2008-0005 to the\n issues that have been addressed by this update. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n VirtualCenter any Windows not affected\n\n Workstation 6.5.x any not affected\n\n Player 2.5.x any not affected\n\n ACE 2.5.x Windows 2.5.3 build 185404 or later\n ACE 2.5.x Linux update Apache on host system *\n\n Server 2.x any not affected\n Server 1.x any not affected\n\n Fusion 2.x Mac OS/X not affected\n Fusion 1.x Mac OS/X not affected\n\n ESXi 4.0 ESXi not affected\n ESXi 3.5 ESXi not affected\n\n ESX 4.0 ESX not affected\n ESX 3.5 ESX not affected\n ESX 3.0.3 ESX not affected\n ESX 3.0.2 ESX not affected\n ESX 2.5.5 ESX not affected\n\n * The Apache HTTP Server is not part of an ACE install on a Linux\n host. Update the Apache HTTP Server on the host system to version\n 2.0.63 in order to remediate the vulnerabilities listed above. \n\n4. Solution\n\n Please review the patch/release notes for your product and version\n and verify the md5sum and/or the sha1sum of your downloaded file. \n\n VMware Workstation 6.5.3\n ------------------------\n http://www.vmware.com/download/ws/\n Release notes:\n http://www.vmware.com/support/ws65/doc/releasenotes_ws653.html\n\n For Windows\n\n Workstation for Windows 32-bit and 64-bit\n Windows 32-bit and 64-bit .exe\n md5sum: 7565d16b7d7e0173b90c3b76ca4656bc\n sha1sum: 9f687afd8b0f39cde40aeceb3213a91be487aad1\n\n For Linux\n\n Workstation for Linux 32-bit\n Linux 32-bit .rpm\n md5sum: 4d55c491bd008ded0ea19f373d1d1fd4\n sha1sum: 1f43131c960e76a530390d3b6984c78dfc2da23e\n\n Workstation for Linux 32-bit\n Linux 32-bit .bundle\n md5sum: d4a721c1918c0e8a87c6fa4bad49ad35\n sha1sum: c0c6f9b56e70bd3ffdb5467ee176110e283a69e5\n\n Workstation for Linux 64-bit\n Linux 64-bit .rpm\n md5sum: 72adfdb03de4959f044fcb983412ae7c\n sha1sum: ba16163c8d9b5aa572526b34a7b63dc6e68f9bbb\n\n Workstation for Linux 64-bit\n Linux 64-bit .bundle\n md5sum: 83e1f0c94d6974286256c4d3b559e854\n sha1sum: 8763f250a3ac5fc4698bd26319b93fecb498d542\n\n\n VMware Player 2.5.3\n -------------------\n http://www.vmware.com/download/player/\n Release notes:\n http://www.vmware.com/support/player25/doc/releasenotes_player253.html\n\n Player for Windows binary\n\nhttp://download3.vmware.com/software/vmplayer/VMware-player-2.5.3-185404.exe\n md5sum: fe28f193374c9457752ee16cd6cad4e7\n sha1sum: 13bd3ff93c04fa272544d3ef6de5ae746708af04\n\n Player for Linux (.rpm)\n\nhttp://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.i386.rpm\n md5sum: c99cd65f19fdfc7651bcb7f328b73bc2\n sha1sum: a33231b26e2358a72d16e1b4e2656a5873fe637e\n\n Player for Linux (.bundle)\n\nhttp://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.i386.bundle\n md5sum: 210f4cb5615bd3b2171bc054b9b2bac5\n sha1sum: 2f6497890b17b37480165bab9f430e8645edae9b\n\n Player for Linux - 64-bit (.rpm)\n\nhttp://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.x86_64.rpm\n md5sum: f91576ef90b322d83225117ae9335968\n sha1sum: f492fa9cf26ee2818f164aac04cde1680c25d974\n\n Player for Linux - 64-bit (.bundle)\n\nhttp://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.x86_64.bundle\n md5sum: 595d44d7945c129b1aeb679d2f001b05\n sha1sum: acd69fcb0c6bc49fd4af748c65c7fb730ab1e8c4\n\n\n VMware ACE 2.5.3\n ----------------\n http://www.vmware.com/download/ace/\n Release notes:\n http://www.vmware.com/support/ace25/doc/releasenotes_ace253.html\n\n ACE Management Server Virtual Appliance\n AMS Virtual Appliance .zip\n md5sum: 44cc7b86353047f02cf6ea0653e38418\n sha1sum: 9f44b15e6681a6e58dd20784f829c68091a62cd1\n\n VMware ACE for Windows 32-bit and 64-bit\n Windows 32-bit and 64-bit .exe\n md5sum: 0779da73408c5e649e0fd1c62d23820f\n sha1sum: 2b2e4963adc89f3b642874685f490222523b63ef\n\n ACE Management Server for Windows\n Windows .exe\n md5sum: 0779da73408c5e649e0fd1c62d23820f\n sha1sum: 2b2e4963adc89f3b642874685f490222523b63ef\n\n ACE Management Server for SUSE Enterprise Linux 9\n SLES 9 .rpm\n md5sum: a4fc92d7197f0d569361cdf4b8cca642\n sha1sum: af8a135cca398cacaa82c8c3c325011c6cd3ed75\n\n ACE Management Server for Red Hat Enterprise Linux 4\n RHEL 4 .rpm\n md5sum: 841005151338c8b954f08d035815fd58\n sha1sum: 67e48624dba20e6be9e41ec9a5aba407dd8cc01e\n\n\n5. Change log\n\n2009-08-20 VMSA-2009-0010\nInitial security advisory after release of Workstation 6.5.3,\nPlayer 2.5.3, and ACE 2.5.3 on 2009-08-20. \n\n\n- ------------------------------------------------------------------------\n7. Contact\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n * security-announce at lists.vmware.com\n * bugtraq at securityfocus.com\n * full-disclosure at lists.grok.org.uk\n\nE-mail: security at vmware.com\nPGP key at: http://kb.vmware.com/kb/1055\n\nVMware Security Center\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2009 VMware Inc. All rights reserved. \n\n----------------------------------------------------------------------\n\n2003: 2,700 advisories published\n2004: 3,100 advisories published\n2005: 4,600 advisories published\n2006: 5,300 advisories published\n\nHow do you know which Secunia advisories are important to you?\n\nThe Secunia Vulnerability Intelligence Solutions allows you to filter\nand structure all the information you need, so you can address issues\neffectively. \n\nGet a free trial of the Secunia Vulnerability Intelligence Solutions:\nhttp://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv\n\n----------------------------------------------------------------------\n\nTITLE:\nHitachi Web Server Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA27421\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/27421/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nSecurity Bypass, Cross Site Scripting\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nuCosminexus Application Server\nhttp://secunia.com/product/13819/\nHitachi Web Server 3.x\nhttp://secunia.com/product/13335/\nHitachi Web Server 2.x\nhttp://secunia.com/product/13334/\nHitachi Web Server 1.x\nhttp://secunia.com/product/13333/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in the Hitachi Web Server,\nwhich can be exploited by malicious people to bypass certain security\nrestrictions or conduct cross-site scripting attacks. \n\n1) An error exists within the handling of SSL requests. This can be\nexploited to trick a vulnerable server into accepting a forged\nsignature. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nhttp://www.hitachi-support.com/security_e/vuls_e/HS07-034_e/index-e.html\nhttp://www.hitachi-support.com/security_e/vuls_e/HS07-035_e/index-e.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c01178795\nVersion: 1\n\nHPSBUX02262 SSRT071447 rev. 1 - HP-UX running Apache, Remote Arbitrary Code Execution, Cross Site Scripting (XSS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2007-10-02\nLast Updated: 2007-10-02\n\nPotential Security Impact: Remote arbitrary code execution, cross site scripting (XSS)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with Apache running on HP-UX. \n\nReferences: CVE-2005-2090, CVE-2006-5752, CVE-2007-0450, CVE-2007-0774, CVE-2007-1355, CVE-2007-1358, CVE-2007-1860, CVE-2007-1863, CVE-2007-1887, CVE-2007-1900, CVE-2007-2449, CVE-2007-2450, CVE-2007-2756, CVE-2007-2872, CVE-2007-3382, CVE-2007-3385, CVE-2007-3386. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, B.11.31 running Apache\n\nBACKGROUND\nTo determine if a system has an affected version, search the output of \"swlist -a revision -l fileset\" for an affected fileset. Then determine if the recommended patch or update is installed. \n\nAFFECTED VERSIONS \n\nFor IPv4: \nHP-UX B.11.11 \n============= \nhpuxwsAPACHE \naction: install revision A.2.0.59.00 or subsequent \nrestart Apache \nURL: https://www.hp.com/go/softwaredepot/ \n\nFor IPv6: \nHP-UX B.11.11 \nHP-UX B.11.23 \nHP-UX B.11.31 \n============= \nhpuxwsAPACHE,revision=B.1.0.00.01 \nhpuxwsAPACHE,revision=B.1.0.07.01 \nhpuxwsAPACHE,revision=B.1.0.08.01 \nhpuxwsAPACHE,revision=B.1.0.09.01 \nhpuxwsAPACHE,revision=B.1.0.10.01 \nhpuxwsAPACHE,revision=B.2.0.48.00 \nhpuxwsAPACHE,revision=B.2.0.49.00 \nhpuxwsAPACHE,revision=B.2.0.50.00 \nhpuxwsAPACHE,revision=B.2.0.51.00 \nhpuxwsAPACHE,revision=B.2.0.52.00 \nhpuxwsAPACHE,revision=B.2.0.53.00 \nhpuxwsAPACHE,revision=B.2.0.54.00 \nhpuxwsAPACHE,revision=B.2.0.55.00 \nhpuxwsAPACHE,revision=B.2.0.56.00 \nhpuxwsAPACHE,revision=B.2.0.58.00 \nhpuxwsAPACHE,revision=B.2.0.58.01 \n\naction: install revision B.2.0.59.00 or subsequent \nrestart Apache \nURL: https://www.hp.com/go/softwaredepot/ \n\nEND AFFECTED VERSIONS \n\n\nRESOLUTION\nHP has made the following available to resolve the vulnerability. \nHP-UX Apache-based Web Server v.2.18 powered by Apache Tomcat Webmin or subsequent. \n\nMANUAL ACTIONS: Yes - Update \nInstall HP-UX Apache-based Web Server v.2.18 powered by Apache Tomcat Webmin or subsequent. \n\nPRODUCT SPECIFIC INFORMATION \nHP-UX Software Assistant: \nHP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all HP-issued Security Bulletins and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. \nFor more information see: https://www.hp.com/go/swa \n\nHISTORY \nRevision: 1 (rev.1) - 02 October 2007 Initial release \n\nThird Party Security Patches: \nThird party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com \nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n To: security-alert@hp.com \n Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email: \nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC \nOn the web page: ITRC security bulletins and patch sign-up \nUnder Step1: your ITRC security bulletins and patches \n - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems \n - verify your operating system selections are checked and save. \n\n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php \nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do \n\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: \n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 8.1\n\niQA/AwUBRwVCruAfOvwtKn1ZEQK1YgCfavU7x1Hs59uLdP26lpZFwMxKofIAn3gJ\nHHoe3AY1sc6hrW3Xk+B1hcbr\n=+E1W\n-----END PGP SIGNATURE-----\n. =========================================================== \nUbuntu Security Notice USN-499-1 August 16, 2007\napache2 vulnerabilities\nCVE-2006-5752, CVE-2007-1863, CVE-2007-3304\n===========================================================\n\nA security issue affects the following Ubuntu releases:\n\nUbuntu 6.06 LTS\nUbuntu 6.10\nUbuntu 7.04\n\nThis advisory also applies to the corresponding versions of\nKubuntu, Edubuntu, and Xubuntu. \n\nThe problem can be corrected by upgrading your system to the\nfollowing package versions:\n\nUbuntu 6.06 LTS:\n apache2-common 2.0.55-4ubuntu2.2\n apache2-mpm-prefork 2.0.55-4ubuntu2.2\n apache2-mpm-worker 2.0.55-4ubuntu2.2\n\nUbuntu 6.10:\n apache2-common 2.0.55-4ubuntu4.1\n apache2-mpm-prefork 2.0.55-4ubuntu4.1\n apache2-mpm-worker 2.0.55-4ubuntu4.1\n\nUbuntu 7.04:\n apache2-mpm-prefork 2.2.3-3.2ubuntu0.1\n apache2-mpm-worker 2.2.3-3.2ubuntu0.1\n apache2.2-common 2.2.3-3.2ubuntu0.1\n\nIn general, a standard system upgrade is sufficient to effect the\nnecessary changes. \n\nDetails follow:\n\nStefan Esser discovered that mod_status did not force a character set,\nwhich could result in browsers becoming vulnerable to XSS attacks when\nprocessing the output. If a user were tricked into viewing server\nstatus output during a crafted server request, a remote attacker could\nexploit this to modify the contents, or steal confidential data (such as\npasswords), within the same domain. By default, mod_status is disabled\nin Ubuntu. (CVE-2006-5752)\n\nNiklas Edmundsson discovered that the mod_cache module could be made to\ncrash using a specially crafted request. A remote user could use this\nto cause a denial of service if Apache was configured to use a threaded\nworker. By default, mod_cache is disabled in Ubuntu. (CVE-2007-1863)\n\nA flaw was discovered in the signal handling of Apache. A local\nattacker could trick Apache into sending SIGUSR1 to other processes. \nThe vulnerable code was only present in Ubuntu Feisty. (CVE-2007-3304)\n\n\nUpdated packages for Ubuntu 6.06 LTS:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2.diff.gz\n Size/MD5: 115882 e94e45574e3b131d3a9a0e07e193f1e5\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2.dsc\n Size/MD5: 1148 c2bc143625fbf8ca59fea300845c5a42\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz\n Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.2_all.deb\n Size/MD5: 2124364 9b8ca5d5757c63f5ee6bbd507f0a8357\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon)\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.2_amd64.deb\n Size/MD5: 833000 be4c7770c725f5f4401ca06d1347211f\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.2_amd64.deb\n Size/MD5: 227832 41c12dfe84f109e6544a33e4e1d791a8\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.2_amd64.deb\n Size/MD5: 222934 7e4d072bad27239e366a6eda94c09190\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.2_amd64.deb\n Size/MD5: 227576 8fc59f78a3fa0e5d6dac81e875039bda\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.2_amd64.deb\n Size/MD5: 171082 4318f93373b705563251f377ed398614\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.2_amd64.deb\n Size/MD5: 171860 257f4183d70be5a00546c39c5a18f108\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.2_amd64.deb\n Size/MD5: 93916 695cee55f91ceb9424abe31d8b6ee1dd\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2_amd64.deb\n Size/MD5: 35902 00c1082a77ff1d863f72874c4472a26d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.2_amd64.deb\n Size/MD5: 285336 0a8510634b21f56f0d9619aa6fc9cec9\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.2_amd64.deb\n Size/MD5: 143952 d75f83ac219bce95a15a8f44b82b8ea7\n\n i386 architecture (x86 compatible Intel/AMD)\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.2_i386.deb\n Size/MD5: 786186 4e78fa0d438867194f66b11b4eb6fc2e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.2_i386.deb\n Size/MD5: 202448 74cf60884e18c1fc93f157010a15b12c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.2_i386.deb\n Size/MD5: 198456 209a0b92995fec453ed4c2c181e3e555\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.2_i386.deb\n Size/MD5: 202038 6cbd437caf993fa2b2b38369cd3d5863\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.2_i386.deb\n Size/MD5: 171074 0a5a26aa58af7aa2d51d1cf5d7c543d6\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.2_i386.deb\n Size/MD5: 171848 af9ca78febc5bc0c7936296dab958349\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.2_i386.deb\n Size/MD5: 91884 2857d60b507b28c736f83815c9f3d1b8\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2_i386.deb\n Size/MD5: 35906 202b5b233af0d26e29ca7302cf7fd04c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.2_i386.deb\n Size/MD5: 261418 c90342706ac26682d15032a5ba5cb51a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.2_i386.deb\n Size/MD5: 131850 951a4573901bc2f10d5febf940d57516\n\n powerpc architecture (Apple Macintosh G3/G4/G5)\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.2_powerpc.deb\n Size/MD5: 859126 afdd8642ca447fc9dc70dfed92be0fa6\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.2_powerpc.deb\n Size/MD5: 219898 6d9c9f924d2356bf9d3438a280870a7d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.2_powerpc.deb\n Size/MD5: 215602 dd554132cdea0f860e01cf5d4e0dbc7c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.2_powerpc.deb\n Size/MD5: 219378 7a1f4b325dacef287c901fa66680c04e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.2_powerpc.deb\n Size/MD5: 171096 a0e2547d38ef1b84dc419d69e42ffa0b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.2_powerpc.deb\n Size/MD5: 171864 200ab662b2c13786658486df37fda881\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.2_powerpc.deb\n Size/MD5: 103628 ae36642fbd4698bb362fa4bf9417b0e3\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2_powerpc.deb\n Size/MD5: 35910 358027282f2f19451d3aa784dc0474dc\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.2_powerpc.deb\n Size/MD5: 280950 0d9b56ec076da25e2a03f6d3c6445057\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.2_powerpc.deb\n Size/MD5: 141074 f5d3d5e0e5911e0c0156ae55af50f87b\n\n sparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.2_sparc.deb\n Size/MD5: 803440 d66da6a91c08956c3c5062668349ef41\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.2_sparc.deb\n Size/MD5: 209970 57f0a8f823a4502ee9a2608e3181cc81\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.2_sparc.deb\n Size/MD5: 205582 1dcfb0df796e85c409f614544ea589fe\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.2_sparc.deb\n Size/MD5: 209330 6bf7ae824eea35d3487febef384fce91\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.2_sparc.deb\n Size/MD5: 171080 1088337f4abcb6c8f65751b6120c2307\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.2_sparc.deb\n Size/MD5: 171868 5cda04cd73a9c6d8dfc18abd55c09ebd\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.2_sparc.deb\n Size/MD5: 92972 850ab3bb0904e8fe9b6255c42ba7f84c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2_sparc.deb\n Size/MD5: 35904 7af260b95c4faa17ef34810fed888caf\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.2_sparc.deb\n Size/MD5: 267550 08182a8a2cab00fc0e6bca2cccf5165f\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.2_sparc.deb\n Size/MD5: 129760 a60606c6d2f12209b0bdae997be4a13f\n\nUpdated packages for Ubuntu 6.10:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1.diff.gz\n Size/MD5: 116265 2732761b18dfb3c2cd1aa0b54c2cf623\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1.dsc\n Size/MD5: 1148 4b9c4612469c521db0c5fdbe2f6b9b25\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz\n Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu4.1_all.deb\n Size/MD5: 2124550 8d5c30342b35f9fd595fb09d7659b6fc\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon)\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.1_amd64.deb\n Size/MD5: 836342 2c4ba483b0b20fdc2d43819109177941\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.1_amd64.deb\n Size/MD5: 227390 e61cc1998f5b8f2c44dce587e59d288a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.1_amd64.deb\n Size/MD5: 222376 6bdbff7f7f80fd464d1e3ec52d6e7171\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.1_amd64.deb\n Size/MD5: 226848 4356b4caf2b40f364c8893c41b9f9355\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.1_amd64.deb\n Size/MD5: 171304 c4395af051e876228541ef5b8037d979\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.1_amd64.deb\n Size/MD5: 172074 99dadc4ad0f0947f9368d89f4589d95a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.1_amd64.deb\n Size/MD5: 94204 30f3bb8c72575fe93940ecc730b8e4b6\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1_amd64.deb\n Size/MD5: 36152 ea3cbefcbee7e2f6e5555edb44733ad9\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.1_amd64.deb\n Size/MD5: 286544 d555931490d44d93bec31c4bfc19ed12\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.1_amd64.deb\n Size/MD5: 145014 3e06ceb0a55598d82f9f781c44e210b3\n\n i386 architecture (x86 compatible Intel/AMD)\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.1_i386.deb\n Size/MD5: 806938 050bb7665332d3761e1a8e47939fa507\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.1_i386.deb\n Size/MD5: 209556 ee530b24aba8838001ebb6c901bc90cd\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.1_i386.deb\n Size/MD5: 205718 b52a17c63909eae3c49bad0ab1958f4b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.1_i386.deb\n Size/MD5: 209158 1844fa5e09224a90944f8b886ddb5a2a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.1_i386.deb\n Size/MD5: 171296 9de8aba41f7e3d60f41536ca712adebb\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.1_i386.deb\n Size/MD5: 172078 01ccd554177364747b08e2933f121d2c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.1_i386.deb\n Size/MD5: 93240 4573597317416869646eb2ea42cd0945\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1_i386.deb\n Size/MD5: 36150 77666d65bade6a91bd58826c79f11dc9\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.1_i386.deb\n Size/MD5: 266390 a3963d8e76f6865404f7fadb47880c87\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.1_i386.deb\n Size/MD5: 137604 387f6bcdaa58dbbe53082241b3231844\n\n powerpc architecture (Apple Macintosh G3/G4/G5)\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.1_powerpc.deb\n Size/MD5: 865372 27d7f1de1fcb2114d3f3b0a774302488\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.1_powerpc.deb\n Size/MD5: 221542 1ae8fa5cf4b77f3b2aa054e2886e587e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.1_powerpc.deb\n Size/MD5: 217044 9134983c40107f79fcac8d1eacbc7117\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.1_powerpc.deb\n Size/MD5: 221324 b435dc09c63ecbcd564a0923a8f07350\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.1_powerpc.deb\n Size/MD5: 171296 6d2a0abfb7a1daaeae56559eeb322dcb\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.1_powerpc.deb\n Size/MD5: 172064 ecc2037409554ea43c5a6848aa510c76\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.1_powerpc.deb\n Size/MD5: 104654 d0957d8df044c4a34437241792ed97d1\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1_powerpc.deb\n Size/MD5: 36148 34e102e1d2e1c6a6f31801dfb98cb82a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.1_powerpc.deb\n Size/MD5: 284548 c8f325ccc42cbe77191d4ddd9abc2a4e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.1_powerpc.deb\n Size/MD5: 144238 82cfbfcec5fc4931078145af8947c035\n\n sparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.1_sparc.deb\n Size/MD5: 811594 d8548e537fd81994bbb638e105dfbf8b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.1_sparc.deb\n Size/MD5: 212160 81cd0197ff89b79c967c1074ede9f8d7\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.1_sparc.deb\n Size/MD5: 207870 5d80ed8dc39b0d4d59fccb747624a684\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.1_sparc.deb\n Size/MD5: 211578 9407383d85db831dab728b39cce9acc8\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.1_sparc.deb\n Size/MD5: 171294 5e4d695a99bdc1fdfb0bfcef8b91d03d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.1_sparc.deb\n Size/MD5: 172064 06e3e765d799e281dba7329ff9d9e138\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.1_sparc.deb\n Size/MD5: 93796 1048b47b289fb2047fa9ac7ebbe94a57\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1_sparc.deb\n Size/MD5: 36150 0d106a177aa4271b1cfc0e96eec1a748\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.1_sparc.deb\n Size/MD5: 268444 3912123e7c71cc638132305ca89fe23b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.1_sparc.deb\n Size/MD5: 130626 f4444e0239c2da7d3c31e3486606f95a\n\nUpdated packages for Ubuntu 7.04:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu0.1.diff.gz\n Size/MD5: 112120 f7b1a17718aed7ca73da3a6d7aad06b0\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu0.1.dsc\n Size/MD5: 1128 e82b1bee591fff50d6673ed1a443e543\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3.orig.tar.gz\n Size/MD5: 6342475 f72ffb176e2dc7b322be16508c09f63c\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.3-3.2ubuntu0.1_all.deb\n Size/MD5: 2199184 c03756f87cb164213428532f70e0c198\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.3-3.2ubuntu0.1_all.deb\n Size/MD5: 272064 5be351f491f8d1aae9a270d1214e93e3\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.3-3.2ubuntu0.1_all.deb\n Size/MD5: 6674104 bdbabf8f478562f0e003737e977ffc7b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu0.1_all.deb\n Size/MD5: 38668 9f0c7c01e8441285c084002eb4619065\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon)\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu0.1_amd64.deb\n Size/MD5: 449624 1b54a8000c40eaaa0f9e31527b9bb180\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu0.1_amd64.deb\n Size/MD5: 445346 d15625641a3247fbf5d9d9b9aed34968\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu0.1_amd64.deb\n Size/MD5: 449208 55f39c28a4de98d53f80231aeb7d6c59\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu0.1_amd64.deb\n Size/MD5: 403570 0042c75be8a2d128d62b79398deaefa8\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu0.1_amd64.deb\n Size/MD5: 404138 929772b95ea67f338ad423a65b2b7011\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu0.1_amd64.deb\n Size/MD5: 341312 906819b0de863209575aa65d39a594a5\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu0.1_amd64.deb\n Size/MD5: 971462 f85e32c5f6437ce149553aee97ffd934\n\n i386 architecture (x86 compatible Intel/AMD)\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu0.1_i386.deb\n Size/MD5: 432922 c1b81ac7dc7b7a0b2261fd10d9bcf5c6\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu0.1_i386.deb\n Size/MD5: 428856 f506f2a9dd2dbd5c2d3f72a476cc3537\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu0.1_i386.deb\n Size/MD5: 432314 a5a11947ad8cf14604efa7ddcfd20bfe\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu0.1_i386.deb\n Size/MD5: 403574 da84a3a99276f14a11ac892ce7eee170\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu0.1_i386.deb\n Size/MD5: 404138 0fdd43a53e6957aa3a348a7bd9c876f5\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu0.1_i386.deb\n Size/MD5: 340396 88a0ddbc58335416d91c9f10adc9d5f5\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu0.1_i386.deb\n Size/MD5: 929716 138d58487b882e6002e3c5e4a9489add\n\n powerpc architecture (Apple Macintosh G3/G4/G5)\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu0.1_powerpc.deb\n Size/MD5: 451530 ddc437092ef642fcd396713cd1972f4c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu0.1_powerpc.deb\n Size/MD5: 446960 af1b667708e062f81bca4e995355394d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu0.1_powerpc.deb\n Size/MD5: 450940 ed9f31ec5045a88446115987c6e97655\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu0.1_powerpc.deb\n Size/MD5: 403574 65801ab51335a15dc370b9341a0e50dd\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu0.1_powerpc.deb\n Size/MD5: 404146 fd35e65fadd836feb0190b209947b466\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu0.1_powerpc.deb\n Size/MD5: 360518 b74bc9eead429cd8f0ebecd6a94e5edb\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu0.1_powerpc.deb\n Size/MD5: 1073812 376fe5b1ee383a6d870eea5dd3c6a704\n\n sparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu0.1_sparc.deb\n Size/MD5: 434408 c70ef2e9aed191fe53886ceb3725596e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu0.1_sparc.deb\n Size/MD5: 430574 7b690896da23a151ee5e106d596c1143\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu0.1_sparc.deb\n Size/MD5: 433918 cc01edfcfc673ba9a86c83fcc66e6870\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu0.1_sparc.deb\n Size/MD5: 403568 a7660cff70394403c764cf8f30c7298a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu0.1_sparc.deb\n Size/MD5: 404136 b8587d5eba0be59a6576d6cf645b2122\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu0.1_sparc.deb\n Size/MD5: 343370 1572a001a612add57d23350210ac1736\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu0.1_sparc.deb\n Size/MD5: 938586 b74a91fcfbb0503355e94981310bd1ce\n\n", "sources": [ { "db": "NVD", "id": "CVE-2006-5752" }, { "db": "JVNDB", "id": "JVNDB-2007-000478" }, { "db": "JVNDB", "id": "JVNDB-2007-000773" }, { "db": "BID", "id": "24645" }, { "db": "VULMON", "id": "CVE-2006-5752" }, { "db": "PACKETSTORM", "id": "57506" }, { "db": "PACKETSTORM", "id": "57505" }, { "db": "PACKETSTORM", "id": "60759" }, { "db": "PACKETSTORM", "id": "80533" }, { "db": "PACKETSTORM", "id": "60585" }, { "db": "PACKETSTORM", "id": "59939" }, { "db": "PACKETSTORM", "id": "58667" } ], "trust": 3.33 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2006-5752", "trust": 3.6 }, { "db": "BID", "id": "24645", "trust": 2.2 }, { "db": "SECUNIA", "id": "26458", "trust": 1.9 }, { "db": "VUPEN", "id": "ADV-2007-2727", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2007-3283", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2007-3386", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2007-4305", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2008-0233", "trust": 1.1 }, { "db": "SECUNIA", "id": "27732", "trust": 1.1 }, { "db": "SECUNIA", "id": "25920", "trust": 1.1 }, { "db": "SECUNIA", "id": "26993", "trust": 1.1 }, { "db": "SECUNIA", "id": "28212", "trust": 1.1 }, { "db": "SECUNIA", "id": "28606", "trust": 1.1 }, { "db": "SECUNIA", "id": "28224", "trust": 1.1 }, { "db": "SECUNIA", "id": "26842", "trust": 1.1 }, { "db": "SECUNIA", "id": "27563", "trust": 1.1 }, { "db": "SECUNIA", "id": "27037", "trust": 1.1 }, { "db": "SECUNIA", "id": "25873", "trust": 1.1 }, { "db": "SECUNIA", "id": "26508", "trust": 1.1 }, { "db": "SECUNIA", "id": "26822", "trust": 1.1 }, { "db": "SECUNIA", "id": "26273", "trust": 1.1 }, { "db": "SECUNIA", "id": "26443", "trust": 1.1 }, { "db": "SECUNIA", "id": "25827", "trust": 1.1 }, { "db": "SECUNIA", "id": "25830", "trust": 1.1 }, { "db": "OSVDB", "id": "37052", "trust": 1.1 }, { "db": "SECTRACK", "id": "1018302", "trust": 1.1 }, { "db": "SECUNIA", "id": "27421", "trust": 1.0 }, { "db": "JVNDB", "id": "JVNDB-2007-000478", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2007-000773", "trust": 0.8 }, { "db": "VULMON", "id": "CVE-2006-5752", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "57506", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "57505", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "60759", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "80533", "trust": 0.1 }, { "db": "HITACHI", "id": "HS07-035", "trust": 0.1 }, { "db": "HITACHI", "id": "HS07-034", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "60585", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "59939", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "58667", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2006-5752" }, { "db": "BID", "id": "24645" }, { "db": "JVNDB", "id": "JVNDB-2007-000478" }, { "db": "JVNDB", "id": "JVNDB-2007-000773" }, { "db": "PACKETSTORM", "id": "57506" }, { "db": "PACKETSTORM", "id": "57505" }, { "db": "PACKETSTORM", "id": "60759" }, { "db": "PACKETSTORM", "id": "80533" }, { "db": "PACKETSTORM", "id": "60585" }, { "db": "PACKETSTORM", "id": "59939" }, { "db": "PACKETSTORM", "id": "58667" }, { "db": "NVD", "id": "CVE-2006-5752" } ] }, "id": "VAR-200706-0666", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.16519225 }, "last_update_date": "2024-11-28T20:05:25.831000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "httpd (V4.0)", "trust": 1.6, "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=1073" }, { "title": "Fixed in Apache httpd 1.3.39-dev", "trust": 0.8, "url": "http://httpd.apache.org/security/vulnerabilities_13.html#1.3.39-dev" }, { "title": "Fixed in Apache httpd 2.0.61-dev", "trust": 0.8, "url": "http://httpd.apache.org/security/vulnerabilities_20.html#2.0.61-dev" }, { "title": "Fixed in Apache httpd 2.2.6-dev", "trust": 0.8, "url": "http://httpd.apache.org/security/vulnerabilities_22.html#2.2.6-dev" }, { "title": "Revision 549159", "trust": 0.8, "url": "http://svn.apache.org/viewvc?view=rev\u0026revision=549159" }, { "title": "HS07-035", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS07-035/index.html" }, { "title": "HPSBUX02262", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01178795" }, { "title": "HPSBUX02262", "trust": 0.8, "url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/HP-UX/HPSBUX02262.html" }, { "title": "PK55141", "trust": 0.8, "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK55141" }, { "title": "4017303", "trust": 0.8, "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24017303" }, { "title": "Fix Pack 13 (6.1.0.13)", "trust": 0.8, "url": "http://www-1.ibm.com/support/docview.wss?uid=swg27007951#61013" }, { "title": "PK49295", "trust": 0.8, "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK49295" }, { "title": "4017141", "trust": 0.8, "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24017141" }, { "title": "httpd (V2.x)", "trust": 0.8, "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=1078" }, { "title": "Oracle Critical Patch Update Advisory - July 2013", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html" }, { "title": "Text Form of Oracle Critical Patch Update - July 2013 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013verbose-1899830.html" }, { "title": "245112", "trust": 0.8, "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245112" }, { "title": "RHSA-2007:0534", "trust": 0.8, "url": "https://rhn.redhat.com/errata/RHSA-2007-0534.html" }, { "title": "RHSA-2007:0532", "trust": 0.8, "url": "https://rhn.redhat.com/errata/RHSA-2007-0532.html" }, { "title": "RHSA-2007:0556", "trust": 0.8, "url": "https://rhn.redhat.com/errata/RHSA-2007-0556.html" }, { "title": "RHSA-2007:0533", "trust": 0.8, "url": "https://rhn.redhat.com/errata/RHSA-2007-0533.html" }, { "title": "July 2013 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/july_2013_critical_patch_update" }, { "title": "103179", "trust": 0.8, "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103179-1" }, { "title": "TLSA-2007-41", "trust": 0.8, "url": "http://www.turbolinux.com/security/2007/TLSA-2007-41.txt" }, { "title": "HS07-035", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS07-035/index.html" }, { "title": "RHSA-2007:0532", "trust": 0.8, "url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2007-0532J.html" }, { "title": "RHSA-2007:0556", "trust": 0.8, "url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2007-0556J.html" }, { "title": "RHSA-2007:0533", "trust": 0.8, "url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2007-0533J.html" }, { "title": "RHSA-2007:0534", "trust": 0.8, "url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2007-0534J.html" }, { "title": "TLSA-2007-41", "trust": 0.8, "url": "http://www.turbolinux.co.jp/security/2007/TLSA-2007-41j.txt" }, { "title": "interstage_as_200802", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_200802.html" }, { "title": "HS07-035", "trust": 0.8, "url": "http://www.hitachi-support.com/security_e/vuls_e/HS07-035_e/index-e.html" }, { "title": "Ubuntu Security Notice: apache2 vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-499-1" }, { "title": "", "trust": 0.1, "url": "https://github.com/Live-Hack-CVE/CVE-2006-5752 " }, { "title": "", "trust": 0.1, "url": "https://github.com/kasem545/vulnsearch " }, { "title": "", "trust": 0.1, "url": "https://github.com/SecureAxom/strike " } ], "sources": [ { "db": "VULMON", "id": "CVE-2006-5752" }, { "db": "JVNDB", "id": "JVNDB-2007-000478" }, { "db": "JVNDB", "id": "JVNDB-2007-000773" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-Other", "trust": 1.0 }, { "problemtype": "CWE-79", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2007-000773" }, { "db": "NVD", "id": "CVE-2006-5752" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "http://www.securityfocus.com/bid/24645" }, { "trust": 2.0, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5752" }, { "trust": 1.6, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-5752" }, { "trust": 1.4, "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245112" }, { "trust": 1.4, "url": "http://rhn.redhat.com/errata/rhsa-2007-0534.html" }, { "trust": 1.4, "url": "http://rhn.redhat.com/errata/rhsa-2007-0556.html" }, { "trust": 1.4, "url": "http://httpd.apache.org/security/vulnerabilities_13.html" }, { "trust": 1.4, "url": "http://httpd.apache.org/security/vulnerabilities_20.html" }, { "trust": 1.4, "url": "http://support.avaya.com/elmodocs2/security/asa-2007-353.htm" }, { "trust": 1.4, "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1pk52702" }, { "trust": 1.4, "url": "https://rhn.redhat.com/errata/rhsa-2007-0533.html" }, { "trust": 1.4, "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103179-1" }, { "trust": 1.4, "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.html" }, { "trust": 1.2, "url": "http://security.gentoo.org/glsa/glsa-200711-06.xml" }, { "trust": 1.1, "url": "http://svn.apache.org/viewvc?view=rev\u0026revision=549159" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2007-0532.html" }, { "trust": 1.1, "url": "https://issues.rpath.com/browse/rpl-1500" }, { "trust": 1.1, "url": "http://httpd.apache.org/security/vulnerabilities_22.html" }, { "trust": 1.1, "url": "http://bugs.gentoo.org/show_bug.cgi?id=186219" }, { "trust": 1.1, "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=pk49295\u0026apar=only" }, { "trust": 1.1, "url": "http://www.redhat.com/archives/fedora-package-announce/2007-september/msg00320.html" }, { "trust": 1.1, "url": "http://www.mandriva.com/security/advisories?name=mdksa-2007:140" }, { "trust": 1.1, "url": "http://www.mandriva.com/security/advisories?name=mdksa-2007:141" }, { "trust": 1.1, "url": "http://www.mandriva.com/security/advisories?name=mdksa-2007:142" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2007-0557.html" }, { "trust": 1.1, "url": "http://www.novell.com/linux/security/advisories/2007_61_apache2.html" }, { "trust": 1.1, "url": "http://www.trustix.org/errata/2007/0026/" }, { "trust": 1.1, "url": "http://www.ubuntu.com/usn/usn-499-1" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id?1018302" }, { "trust": 1.1, "url": "http://secunia.com/advisories/25827" }, { "trust": 1.1, "url": "http://secunia.com/advisories/25830" }, { "trust": 1.1, "url": "http://secunia.com/advisories/25873" }, { "trust": 1.1, "url": "http://secunia.com/advisories/25920" }, { "trust": 1.1, "url": "http://secunia.com/advisories/26273" }, { "trust": 1.1, "url": "http://secunia.com/advisories/26443" }, { "trust": 1.1, "url": "http://secunia.com/advisories/26458" }, { "trust": 1.1, "url": "http://secunia.com/advisories/26508" }, { "trust": 1.1, "url": "http://secunia.com/advisories/26822" }, { "trust": 1.1, "url": "http://secunia.com/advisories/26842" }, { "trust": 1.1, "url": "http://secunia.com/advisories/26993" }, { "trust": 1.1, "url": "http://secunia.com/advisories/27037" }, { "trust": 1.1, "url": "http://secunia.com/advisories/27563" }, { "trust": 1.1, "url": "http://secunia.com/advisories/27732" }, { "trust": 1.1, "url": "http://secunia.com/advisories/28212" }, { "trust": 1.1, "url": "http://secunia.com/advisories/28224" }, { "trust": 1.1, "url": "http://secunia.com/advisories/28606" }, { "trust": 1.1, "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200032-1" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2008-0261.html" }, { "trust": 1.1, "url": "http://lists.vmware.com/pipermail/security-announce/2009/000062.html" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2008/0233" }, { "trust": 1.1, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01178795" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2007/4305" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2007/2727" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2007/3283" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2007/3386" }, { "trust": 1.1, "url": "http://osvdb.org/37052" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html" }, { "trust": 1.1, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35097" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10154" }, { "trust": 1.1, "url": "http://www.securityfocus.com/archive/1/505990/100/0/threaded" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3ccvs.httpd.apache.org%3e" }, { "trust": 0.8, "url": "http://secunia.com/advisories/26458/" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5809" }, { "trust": 0.8, "url": "http://www.frsirt.com/english/advisories/2007/3666" }, { "trust": 0.8, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-5809" }, { "trust": 0.8, "url": "http://secunia.com/advisories/27421" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2006-5752" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-1863" }, { "trust": 0.4, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1863" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-3304" }, { "trust": 0.3, "url": "http://httpd.apache.org/" }, { "trust": 0.3, "url": "http://support.avaya.com/elmodocs2/security/asa-2008-012.htm" }, { "trust": 0.3, "url": "http://www.apache.org/dist/httpd/changes_2.2.6" }, { "trust": 0.3, "url": "/archive/1/481830" }, { "trust": 0.3, "url": "/archive/1/479708" }, { "trust": 0.3, "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1pk49295" }, { "trust": 0.3, "url": "http://rhn.redhat.com/errata/rhsa-2007-0532.html" }, { "trust": 0.3, "url": "http://rhn.redhat.com/errata/rhsa-2008-0261.html" }, { "trust": 0.3, "url": "http://rhn.redhat.com/errata/rhsa-2008-0263.html" }, { "trust": 0.3, "url": "http://rhn.redhat.com/errata/rhsa-2008-0523.html" }, { "trust": 0.3, "url": "http://rhn.redhat.com/errata/rhsa-2008-0524.html" }, { "trust": 0.3, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3304" }, { "trust": 0.2, "url": "http://www.mandriva.com/security/" }, { "trust": 0.2, "url": "http://www.mandriva.com/security/advisories" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-3847" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3847" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/.html" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2006-5752" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/499-1/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1862" }, { "trust": 0.1, "url": "http://secunia.com/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4465" }, { "trust": 0.1, "url": "http://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://enigmail.mozdev.org" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-1862" }, { "trust": 0.1, "url": "http://lists.grok.org.uk/full-disclosure-charter.html" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-4465" }, { "trust": 0.1, "url": "http://download3.vmware.com/software/vmplayer/vmware-player-2.5.3-185404.i386.rpm" }, { "trust": 0.1, "url": "http://www.vmware.com/support/ace25/doc/releasenotes_ace253.html" }, { "trust": 0.1, "url": "http://www.vmware.com/support/player25/doc/releasenotes_player253.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5000" }, { "trust": 0.1, "url": "http://www.vmware.com/download/ace/" }, { "trust": 0.1, "url": "http://www.vmware.com/download/player/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6388" }, { "trust": 0.1, "url": "http://www.vmware.com/security" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0005" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/1055" }, { "trust": 0.1, "url": "http://www.vmware.com/support/ws65/doc/releasenotes_ws653.html" }, { "trust": 0.1, "url": "http://www.vmware.com/download/ws/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0040" }, { "trust": 0.1, "url": "http://www.vmware.com/support/policies/security_response.html" }, { "trust": 0.1, "url": "http://download3.vmware.com/software/vmplayer/vmware-player-2.5.3-185404.x86_64.rpm" }, { "trust": 0.1, "url": "http://www.vmware.com/support/policies/eos.html" }, { "trust": 0.1, "url": "http://download3.vmware.com/software/vmplayer/vmware-player-2.5.3-185404.exe" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5000" }, { "trust": 0.1, "url": "http://download3.vmware.com/software/vmplayer/vmware-player-2.5.3-185404.i386.bundle" }, { "trust": 0.1, "url": "http://download3.vmware.com/software/vmplayer/vmware-player-2.5.3-185404.x86_64.bundle" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0040" }, { "trust": 0.1, "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6388" }, { "trust": 0.1, "url": "http://www.vmware.com/support/policies/eos_vi.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0005" }, { "trust": 0.1, "url": "http://secunia.com/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/product/13335/" }, { "trust": 0.1, "url": "http://www.hitachi-support.com/security_e/vuls_e/hs07-034_e/index-e.html" }, { "trust": 0.1, "url": "http://secunia.com/advisories/27421/" }, { "trust": 0.1, "url": "http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/product/13333/" }, { "trust": 0.1, "url": "http://secunia.com/about_secunia_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/product/13819/" }, { "trust": 0.1, "url": "http://www.hitachi-support.com/security_e/vuls_e/hs07-035_e/index-e.html" }, { "trust": 0.1, "url": "http://secunia.com/product/13334/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0450" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-1860" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-1358" }, { "trust": 0.1, "url": "https://www.hp.com/go/softwaredepot/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-1900" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-1355" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0774" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-3386" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-2450" }, { "trust": 0.1, "url": "http://h30046.www3.hp.com/subsignin.php" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-2872" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-3382" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-2756" }, { "trust": 0.1, "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-3385" }, { "trust": 0.1, "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc" }, { "trust": 0.1, "url": "https://www.hp.com/go/swa" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-1887" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2090" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-2449" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu0.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu0.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu0.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu0.1.dsc" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu0.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu0.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu0.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu0.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu0.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3.orig.tar.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu0.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu0.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu0.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.2_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu0.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1.diff.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu0.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu0.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu0.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu0.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.3-3.2ubuntu0.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu0.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.3-3.2ubuntu0.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.3-3.2ubuntu0.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu0.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu0.1.diff.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu4.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2.dsc" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu0.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu0.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1.dsc" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu0.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2.diff.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu0.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu0.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu0.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu0.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu0.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu0.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu0.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu0.1_i386.deb" } ], "sources": [ { "db": "VULMON", "id": "CVE-2006-5752" }, { "db": "BID", "id": "24645" }, { "db": "JVNDB", "id": "JVNDB-2007-000478" }, { "db": "JVNDB", "id": "JVNDB-2007-000773" }, { "db": "PACKETSTORM", "id": "57506" }, { "db": "PACKETSTORM", "id": "57505" }, { "db": "PACKETSTORM", "id": "60759" }, { "db": "PACKETSTORM", "id": "80533" }, { "db": "PACKETSTORM", "id": "60585" }, { "db": "PACKETSTORM", "id": "59939" }, { "db": "PACKETSTORM", "id": "58667" }, { "db": "NVD", "id": "CVE-2006-5752" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2006-5752" }, { "db": "BID", "id": "24645" }, { "db": "JVNDB", "id": "JVNDB-2007-000478" }, { "db": "JVNDB", "id": "JVNDB-2007-000773" }, { "db": "PACKETSTORM", "id": "57506" }, { "db": "PACKETSTORM", "id": "57505" }, { "db": "PACKETSTORM", "id": "60759" }, { "db": "PACKETSTORM", "id": "80533" }, { "db": "PACKETSTORM", "id": "60585" }, { "db": "PACKETSTORM", "id": "59939" }, { "db": "PACKETSTORM", "id": "58667" }, { "db": "NVD", "id": "CVE-2006-5752" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2007-06-27T00:00:00", "db": "VULMON", "id": "CVE-2006-5752" }, { "date": "2007-06-26T00:00:00", "db": "BID", "id": "24645" }, { "date": "2007-07-02T00:00:00", "db": "JVNDB", "id": "JVNDB-2007-000478" }, { "date": "2008-05-21T00:00:00", "db": "JVNDB", "id": "JVNDB-2007-000773" }, { "date": "2007-07-07T04:30:58", "db": "PACKETSTORM", "id": "57506" }, { "date": "2007-07-07T04:29:41", "db": "PACKETSTORM", "id": "57505" }, { "date": "2007-11-07T20:27:55", "db": "PACKETSTORM", "id": "60759" }, { "date": "2009-08-23T16:31:17", "db": "PACKETSTORM", "id": "80533" }, { "date": "2007-11-01T02:12:35", "db": "PACKETSTORM", "id": "60585" }, { "date": "2007-10-10T05:27:27", "db": "PACKETSTORM", "id": "59939" }, { "date": "2007-08-17T06:30:14", "db": "PACKETSTORM", "id": "58667" }, { "date": "2007-06-27T17:30:00", "db": "NVD", "id": "CVE-2006-5752" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-09-21T00:00:00", "db": "VULMON", "id": "CVE-2006-5752" }, { "date": "2010-08-05T21:15:00", "db": "BID", "id": "24645" }, { "date": "2014-05-21T00:00:00", "db": "JVNDB", "id": "JVNDB-2007-000478" }, { "date": "2014-05-21T00:00:00", "db": "JVNDB", "id": "JVNDB-2007-000773" }, { "date": "2024-11-21T00:20:24.483000", "db": "NVD", "id": "CVE-2006-5752" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "network", "sources": [ { "db": "BID", "id": "24645" } ], "trust": 0.3 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache HTTP Server of mod_status Module cross-site scripting vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2007-000478" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Input Validation Error", "sources": [ { "db": "BID", "id": "24645" } ], "trust": 0.3 } }
var-201102-0280
Vulnerability from variot
The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. IBM WebSphere Application Server (WAS) contains a denial-of-service (DoS) vulnerability. IBM WebSphere Application Server contains a denial-of-service (DoS) vulnerability due to an issue in Java Runtime Environment (JRE). According to the developer: " For other IBM software products that contain an affected version of WAS, require an update. Specifically, WebSphere Process Server (WPS), WebSphere Enterprise Service Bus (WESB), WebSphere Virtual Enterprise (WVE), WebSphere Commerce and others are applicable. Also, IBM HTTP Server is not affected by this vulnerability."A remote attacker may cause a denial-of-service (DoS). plural Oracle Product Java Runtime Environment Components include Java language and APIs There are vulnerabilities that affect availability due to flaws in the handling of.Service disruption by a third party (DoS) An attack may be carried out. A wide range of products are affected. Oracle Java is prone to a remote denial-of-service vulnerability. Successful attacks will cause applications written in Java to hang, creating a denial-of-service condition. HP OpenVMS running J2SE 1.42 on Alpha platforms: v 1.42-9 and earlier. HP OpenVMS running J2SE 1.42 on I64 platforms: v 1.42-6 and earlier. HP OpenVMS running J2SE 5.0 on Alpha platforms: v 1.50-7 and earlier. HP OpenVMS running J2SE 5.0 on I64 platforms: v 1.50-6 and earlier. HP OpenVMS running Java SE 6 on Alpha and I64 platforms: v 6.0-2 and earlier. The updates are available from: http://www.hp.com/go/java
These issues are addressed in the following versions of the HP Java:
HP-UX B.11.11 / SDK and JRE v1.4.2.28 or subsequent
HP-UX B.11.23 / SDK and JRE v1.4.2.28 or subsequent
HP-UX B.11.31 / SDK and JRE v1.4.2.28 or subsequent
MANUAL ACTIONS: Yes - Update
For Java v1.4.2.27 and earlier, update to Java v1.4.2.28 or subsequent. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Mandriva Linux Security Advisory MDVSA-2011:054 http://www.mandriva.com/security/
Package : java-1.6.0-openjdk Date : March 27, 2011 Affected: 2009.0, 2010.0, 2010.1, Enterprise Server 5.0
Problem Description:
Multiple vulnerabilities has been identified and fixed in java-1.6.0-openjdk:
The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security policy by creating instances of ClassLoader (CVE-2010-4351). NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves DNS cache poisoning by untrusted applets. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is an untrusted search path vulnerability involving an empty LD_LIBRARY_PATH environment variable (CVE-2010-4450). NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the lack of framework support by AWT event dispatch, and/or clipboard access in Applets. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is heap corruption related to the Verifier and backward jsrs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to Features set on SchemaFactory not inherited by Validator. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the exposure of system properties via vectors related to Font.createFont and exception text (CVE-2010-4471). NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves the replacement of the XML DSig Transform or C14N algorithm implementations.
IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does not properly verify signatures for JAR files that (1) are partially signed or (2) signed by multiple entities, which allows remote attackers to trick users into executing code that appears to come from a trusted source (CVE-2011-0025).
The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of an inappropriate security descriptor. (CVE-2011-0706)
Additionally the java-1.5.0-gcj packages were not rebuilt with the shipped version on GCC for 2009.0 and Enterprise Server 5 which caused problems while building the java-1.6.0-openjdk updates, therefore rebuilt java-1.5.0-gcj packages are being provided with this advisory as well.
Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct this issue.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4351 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4448 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4450 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4465 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4469 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4470 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4471 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4472 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0025 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0706
Updated Packages:
Mandriva Linux 2009.0: cfea90f1f20d28bf5a2f628e0a910eaa 2009.0/i586/java-1.5.0-gcj-1.5.0.0-17.1.7.1mdv2009.0.i586.rpm d3188bf2f1da126b4d04e920e331d831 2009.0/i586/java-1.5.0-gcj-devel-1.5.0.0-17.1.7.1mdv2009.0.i586.rpm 1b4994018478f335d49531d9d5e60642 2009.0/i586/java-1.5.0-gcj-javadoc-1.5.0.0-17.1.7.1mdv2009.0.i586.rpm 078af1b826c27ea3c7befc88ace7ebd5 2009.0/i586/java-1.5.0-gcj-src-1.5.0.0-17.1.7.1mdv2009.0.i586.rpm d1c6cba2035f8eada4e351310ebf7be2 2009.0/i586/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2009.0.i586.rpm 8b53c26f88092819346654a339b44622 2009.0/i586/java-1.6.0-openjdk-demo-1.6.0.0-7.b18.5mdv2009.0.i586.rpm fc8af257ef8db0d37f3bfff954740c0b 2009.0/i586/java-1.6.0-openjdk-devel-1.6.0.0-7.b18.5mdv2009.0.i586.rpm 6cd5f5cdb27e4c8936292aef0aa5010c 2009.0/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-7.b18.5mdv2009.0.i586.rpm 03fdab84535710ac263c08b3870cb062 2009.0/i586/java-1.6.0-openjdk-plugin-1.6.0.0-7.b18.5mdv2009.0.i586.rpm 0232ce60d1d6e1072e50a13f2b416fcc 2009.0/i586/java-1.6.0-openjdk-src-1.6.0.0-7.b18.5mdv2009.0.i586.rpm fc94465e0b7e5fe50095c15726d38699 2009.0/SRPMS/java-1.5.0-gcj-1.5.0.0-17.1.7.1mdv2009.0.src.rpm 79aa73d85fe13e803173a9c520ac1bd8 2009.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64: 5728fe31661213beab52fe97f9af91ad 2009.0/x86_64/java-1.5.0-gcj-1.5.0.0-17.1.7.1mdv2009.0.x86_64.rpm bd5a2a20d168ddcebe29bb109fea38c2 2009.0/x86_64/java-1.5.0-gcj-devel-1.5.0.0-17.1.7.1mdv2009.0.x86_64.rpm a37818a53a8dbfa85d82bcf3bf83e08f 2009.0/x86_64/java-1.5.0-gcj-javadoc-1.5.0.0-17.1.7.1mdv2009.0.x86_64.rpm ed9d1baa365606c512783863da3e0bd8 2009.0/x86_64/java-1.5.0-gcj-src-1.5.0.0-17.1.7.1mdv2009.0.x86_64.rpm b5e70c75ecc67f8f1f7f22ca55059a8b 2009.0/x86_64/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2009.0.x86_64.rpm 071df613e884a9faf3525661280b19d6 2009.0/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-7.b18.5mdv2009.0.x86_64.rpm 81b79e0a8ae29c5bcff3fa6872ad52e9 2009.0/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-7.b18.5mdv2009.0.x86_64.rpm b5818cbad798514f02ee26c346d1e077 2009.0/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-7.b18.5mdv2009.0.x86_64.rpm d80e3970d9279df1f9dddd46bcb01380 2009.0/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-7.b18.5mdv2009.0.x86_64.rpm d72298b296819ab6791e28449d3cf475 2009.0/x86_64/java-1.6.0-openjdk-src-1.6.0.0-7.b18.5mdv2009.0.x86_64.rpm fc94465e0b7e5fe50095c15726d38699 2009.0/SRPMS/java-1.5.0-gcj-1.5.0.0-17.1.7.1mdv2009.0.src.rpm 79aa73d85fe13e803173a9c520ac1bd8 2009.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2009.0.src.rpm
Mandriva Linux 2010.0: bbe3a5e4538edd269e8e8c846d02ec50 2010.0/i586/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2010.0.i586.rpm 825fa39b02a627993df166acad99e002 2010.0/i586/java-1.6.0-openjdk-demo-1.6.0.0-7.b18.5mdv2010.0.i586.rpm b30390e1d4457964f60630c95b36e768 2010.0/i586/java-1.6.0-openjdk-devel-1.6.0.0-7.b18.5mdv2010.0.i586.rpm f6123d9a0852fabdf596850979b58e4d 2010.0/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-7.b18.5mdv2010.0.i586.rpm f2ec2f80944f1f401154d2fb2c2ad64d 2010.0/i586/java-1.6.0-openjdk-plugin-1.6.0.0-7.b18.5mdv2010.0.i586.rpm 68ed360de6ee490d80906fd561459faa 2010.0/i586/java-1.6.0-openjdk-src-1.6.0.0-7.b18.5mdv2010.0.i586.rpm f7cb05087b53d464084c1d9975f914b1 2010.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64: 11e65a4c18288572327dd4c4f8841f94 2010.0/x86_64/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2010.0.x86_64.rpm 58bdac45685c3146adb44cb2c006811f 2010.0/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-7.b18.5mdv2010.0.x86_64.rpm e9dfc0bd42192c92b2a788809226ff27 2010.0/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-7.b18.5mdv2010.0.x86_64.rpm afcef69bfa7804c70df2684b2ed19634 2010.0/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-7.b18.5mdv2010.0.x86_64.rpm 64ea6c5ab1b71b8a0f163aa1f7581c69 2010.0/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-7.b18.5mdv2010.0.x86_64.rpm beb768b3e0714331050baf31a8e88bc9 2010.0/x86_64/java-1.6.0-openjdk-src-1.6.0.0-7.b18.5mdv2010.0.x86_64.rpm f7cb05087b53d464084c1d9975f914b1 2010.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2010.0.src.rpm
Mandriva Linux 2010.1: c2736e4b08921bb5de8dbad3e13bb988 2010.1/i586/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2010.2.i586.rpm 884207fa52ea3e168710dfb3988229d5 2010.1/i586/java-1.6.0-openjdk-demo-1.6.0.0-7.b18.5mdv2010.2.i586.rpm a0d0a86bbc5dcc9d2eff2dc2e14ae083 2010.1/i586/java-1.6.0-openjdk-devel-1.6.0.0-7.b18.5mdv2010.2.i586.rpm dc1dd774b5eb1efb1a785b0ff4bc8f94 2010.1/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-7.b18.5mdv2010.2.i586.rpm 41cffbd28ed3d467e465328d8369116a 2010.1/i586/java-1.6.0-openjdk-plugin-1.6.0.0-7.b18.5mdv2010.2.i586.rpm ae4064b170d4e2fcd0b4949cd53af79e 2010.1/i586/java-1.6.0-openjdk-src-1.6.0.0-7.b18.5mdv2010.2.i586.rpm f44cc336bcd85dbfd7c589b1b34e1907 2010.1/SRPMS/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64: 556d72a8cf60df24274bb49938a2791c 2010.1/x86_64/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2010.2.x86_64.rpm e7e183d456383ad562cdb9da84e0f899 2010.1/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-7.b18.5mdv2010.2.x86_64.rpm 035fccb2950b8a87cd4b597c866d5831 2010.1/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-7.b18.5mdv2010.2.x86_64.rpm a76c326c10b87a62be32100d0eddd75f 2010.1/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-7.b18.5mdv2010.2.x86_64.rpm 09ad2b77e3c48b3e16010c8c93fa8f9b 2010.1/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-7.b18.5mdv2010.2.x86_64.rpm 042beb49ddd872902a8faea3e425b792 2010.1/x86_64/java-1.6.0-openjdk-src-1.6.0.0-7.b18.5mdv2010.2.x86_64.rpm f44cc336bcd85dbfd7c589b1b34e1907 2010.1/SRPMS/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2010.2.src.rpm
Mandriva Enterprise Server 5: 2bf537286d1406c491061e07a73c96ec mes5/i586/java-1.5.0-gcj-1.5.0.0-17.1.7.1mdvmes5.2.i586.rpm fb125806cc547d2c69cf13ae67c835d5 mes5/i586/java-1.5.0-gcj-devel-1.5.0.0-17.1.7.1mdvmes5.2.i586.rpm 657a9fb9b644be8f8a49442a8210d56a mes5/i586/java-1.5.0-gcj-javadoc-1.5.0.0-17.1.7.1mdvmes5.2.i586.rpm fff64cbf465a2a701c248ad5cc4c89c6 mes5/i586/java-1.5.0-gcj-src-1.5.0.0-17.1.7.1mdvmes5.2.i586.rpm 8ba9fe5adad781d341ba764b661c8c92 mes5/i586/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdvmes5.2.i586.rpm 75de95d6064fe9d552795deb0768dfca mes5/i586/java-1.6.0-openjdk-demo-1.6.0.0-7.b18.5mdvmes5.2.i586.rpm 9f5ccbfff9afb405baadfc67f8173617 mes5/i586/java-1.6.0-openjdk-devel-1.6.0.0-7.b18.5mdvmes5.2.i586.rpm 70de70d7adaccff5397814d31bd51a96 mes5/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-7.b18.5mdvmes5.2.i586.rpm 94b138e8a423f2f8c2ad137577bb4d42 mes5/i586/java-1.6.0-openjdk-plugin-1.6.0.0-7.b18.5mdvmes5.2.i586.rpm fd7dc4b050b6e07ea7686a72c2704ccd mes5/i586/java-1.6.0-openjdk-src-1.6.0.0-7.b18.5mdvmes5.2.i586.rpm 2899dfa5a7491a13e85736bf588913d9 mes5/SRPMS/java-1.5.0-gcj-1.5.0.0-17.1.7.1mdv2009.0.src.rpm 4fc6e8041b5a93a3a71082fb1cbead26 mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64: 11c7cdc078dcd9cf30e818f4fb4c4e1f mes5/x86_64/java-1.5.0-gcj-1.5.0.0-17.1.7.1mdvmes5.2.x86_64.rpm 6c6185f429a1672255e30cf00c2af065 mes5/x86_64/java-1.5.0-gcj-devel-1.5.0.0-17.1.7.1mdvmes5.2.x86_64.rpm f194361aa7a5cfeec17745f0ee158962 mes5/x86_64/java-1.5.0-gcj-javadoc-1.5.0.0-17.1.7.1mdvmes5.2.x86_64.rpm 7d2679d156a618d7ba847ba2ebcede4b mes5/x86_64/java-1.5.0-gcj-src-1.5.0.0-17.1.7.1mdvmes5.2.x86_64.rpm 8ae3d0065764f69d1546a61b895a4244 mes5/x86_64/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdvmes5.2.x86_64.rpm 8ef4ab6f5f8f421c1b36dfae807350a5 mes5/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-7.b18.5mdvmes5.2.x86_64.rpm d504a7493fc86d5750c849f738bb6167 mes5/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-7.b18.5mdvmes5.2.x86_64.rpm 3c044a087cc5225fd9ad138dcea5fa7d mes5/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-7.b18.5mdvmes5.2.x86_64.rpm b89fa5785567340525aa5b57c8b9440c mes5/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-7.b18.5mdvmes5.2.x86_64.rpm 3dc504dbf7161b1026bf41298118a819 mes5/x86_64/java-1.6.0-openjdk-src-1.6.0.0-7.b18.5mdvmes5.2.x86_64.rpm 2899dfa5a7491a13e85736bf588913d9 mes5/SRPMS/java-1.5.0-gcj-1.5.0.0-17.1.7.1mdv2009.0.src.rpm 4fc6e8041b5a93a3a71082fb1cbead26 mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdvmes5.2.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFNj4A1mqjQ0CJFipgRAqd9AKDH+zN9xFfcPlQmGWMRSOqb+xjI4QCfbvvt DHgr6vgcxh6XXAElZkDBIws= =7L47 -----END PGP SIGNATURE----- . ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial: http://secunia.com/products/corporate/vim/
TITLE: Apache Tomcat Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA43198
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43198/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43198
RELEASE DATE: 2011-02-07
DISCUSS ADVISORY: http://secunia.com/advisories/43198/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/43198/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=43198
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in Apache Tomcat, which can be exploited by malicious, local users to bypass certain security restrictions and by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service).
1) An error due to the "ServletContect" attribute improperly being restricted to read-only when running under a SecurityManager can be exploited by a malicious web application to use an arbitrary working directory with read-write privileges.
2) Certain input (e.g. display names) is not properly sanitised in the HTML Manager interface before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
3) An error within the JVM when accessing a page that calls "javax.servlet.ServletRequest.getLocale()" or "javax.servlet.ServletRequest.getLocales()" functions can be exploited to cause the process to hang via a web request containing specially crafted headers (e.g. "Accept-Language").
This vulnerability is reported in versions prior to 5.5.33.
PROVIDED AND/OR DISCOVERED BY: 1, 2) Reported by the vendor. 3) Konstantin Preiber
ORIGINAL ADVISORY: Apache Tomcat: http://tomcat.apache.org/security-5.html http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0075.html
Konstantin Preiber: http://www.exploringbinary.com/why-volatile-fixes-the-2-2250738585072011e-308-bug/comment-page-1/#comment-4645
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. Such input strings represent valid numbers and can be contained in data supplied by an attacker over the network, leading to a denial-of-service attack.
For the old stable distribution (lenny), this problem has been fixed in version 6b18-1.8.3-2~lenny1.
Note that this update introduces an OpenJDK package based on the IcedTea release 1.8.3 into the old stable distribution. This addresses several dozen security vulnerabilities, most of which are only exploitable by malicious mobile code. A notable exception is CVE-2009-3555, the TLS renegotiation vulnerability. This update implements the protocol extension described in RFC 5746, addressing this issue.
This update also includes a new version of Hotspot, the Java virtual machine, which increases the default heap size on machines with several GB of RAM. If you run several JVMs on the same machine, you might have to reduce the heap size by specifying a suitable -Xmx argument in the invocation of the "java" command. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02729756 Version: 1
HPSBUX02633 SSRT100387 rev.1 - HP-UX running Java, Remote Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2011-02-23 Last Updated: 2011-02-23
Potential Security Impact: Remote Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY A potential vulnerability has been identified with HP-UX running Java. The vulnerability could be remotely exploited to create a Denial of Service (DoS).
References: CVE-2010-4476
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. Any version of Java running on HP-UX 11.11, HP-UX 11.23, or HP-UX 11.31.
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2010-4476 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has made the following software tool available to resolve the vulnerability. This tool can be used to update all versions of HP-UX Java.
To download the FPUpdater tool, go to https://www.hp.com/go/java then click on the link for the FPUpdater tool
An HP Passport user ID is required to download the FPUpdater tool and its Readme file. For information on registering for an HP Passport user ID, refer to: https://passport2.hp.com
MANUAL ACTIONS: Yes - Update
Update using FPUpdater
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11 HP-UX B.11.23 HP-UX B.11.31 =========== action: update using FPUpdater if Java is installed
END AFFECTED VERSIONS
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
HISTORY Version:1 (rev.1) - 23 February 2011 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
- The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2011 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk1sQl4ACgkQ4B86/C0qfVkZoACg+A0Nrllhsgj+ZNVRWBJtSGg0 +McAoLe5aV6VZ16dYIp6IG59vPG8unq8 =sL4p -----END PGP SIGNATURE----- . Customers should open a support case to request the following hotfixes.
NNMi Version / Operating System Required Patch Hotfix
9.1x HP-UX Patch 4 Hotfix-NNMi-9.1xP4-HP-UX-JDK-20120710.zip
9.1x Linux Patch 4 Hotfix-NNMi-9.1xP4-Linux-JDK-20120523.zip
9.1x Solaris Patch 4 Hotfix-NNMi-9.1xP4-Solaris-JDK-20120523.zip
9.1x Windows Patch 4 Hotfix-NNMi-9.1xP4-Windows-JDK-20120523.zip
Note: The hotfix must be installed after the required patch. The hotfix must be reinstalled if the required patch is reinstalled.
MANUAL ACTIONS: Yes - Update
Install the applicable patch and hotfix. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201111-02
http://security.gentoo.org/
Severity: Normal Title: Oracle JRE/JDK: Multiple vulnerabilities Date: November 05, 2011 Bugs: #340421, #354213, #370559, #387851 ID: 201111-02
Synopsis
Multiple vulnerabilities have been found in the Oracle JRE/JDK, allowing attackers to cause unspecified impact.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-java/sun-jre-bin < 1.6.0.29 >= 1.6.0.29 * 2 app-emulation/emul-linux-x86-java < 1.6.0.29 >= 1.6.0.29 * 3 dev-java/sun-jdk < 1.6.0.29 >= 1.6.0.29 * ------------------------------------------------------------------- NOTE: Packages marked with asterisks require manual intervention! ------------------------------------------------------------------- 3 affected packages -------------------------------------------------------------------
Description
Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below and the associated Oracle Critical Patch Update Advisory for details.
Workaround
There is no known workaround at this time.
Resolution
All Oracle JDK 1.6 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.6.0.29"
All Oracle JRE 1.6 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.6.0.29"
All users of the precompiled 32-bit Oracle JRE 1.6 should upgrade to the latest version:
# emerge --sync # emerge -a -1 -v ">=app-emulation/emul-linux-x86-java-1.6.0.29"
NOTE: As Oracle has revoked the DLJ license for its Java implementation, the packages can no longer be updated automatically. This limitation is not present on a non-fetch restricted implementation such as dev-java/icedtea-bin.
References
[ 1 ] CVE-2010-3541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541 [ 2 ] CVE-2010-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548 [ 3 ] CVE-2010-3549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549 [ 4 ] CVE-2010-3550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3550 [ 5 ] CVE-2010-3551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551 [ 6 ] CVE-2010-3552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3552 [ 7 ] CVE-2010-3553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553 [ 8 ] CVE-2010-3554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554 [ 9 ] CVE-2010-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3555 [ 10 ] CVE-2010-3556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3556 [ 11 ] CVE-2010-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557 [ 12 ] CVE-2010-3558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3558 [ 13 ] CVE-2010-3559 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3559 [ 14 ] CVE-2010-3560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3560 [ 15 ] CVE-2010-3561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561 [ 16 ] CVE-2010-3562 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562 [ 17 ] CVE-2010-3563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3563 [ 18 ] CVE-2010-3565 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565 [ 19 ] CVE-2010-3566 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566 [ 20 ] CVE-2010-3567 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567 [ 21 ] CVE-2010-3568 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568 [ 22 ] CVE-2010-3569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569 [ 23 ] CVE-2010-3570 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3570 [ 24 ] CVE-2010-3571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3571 [ 25 ] CVE-2010-3572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3572 [ 26 ] CVE-2010-3573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573 [ 27 ] CVE-2010-3574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574 [ 28 ] CVE-2010-4422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4422 [ 29 ] CVE-2010-4447 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4447 [ 30 ] CVE-2010-4448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4448 [ 31 ] CVE-2010-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4450 [ 32 ] CVE-2010-4451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4451 [ 33 ] CVE-2010-4452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4452 [ 34 ] CVE-2010-4454 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4454 [ 35 ] CVE-2010-4462 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4462 [ 36 ] CVE-2010-4463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4463 [ 37 ] CVE-2010-4465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4465 [ 38 ] CVE-2010-4466 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4466 [ 39 ] CVE-2010-4467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4467 [ 40 ] CVE-2010-4468 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4468 [ 41 ] CVE-2010-4469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4469 [ 42 ] CVE-2010-4470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4470 [ 43 ] CVE-2010-4471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4471 [ 44 ] CVE-2010-4472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4472 [ 45 ] CVE-2010-4473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4473 [ 46 ] CVE-2010-4474 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4474 [ 47 ] CVE-2010-4475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4475 [ 48 ] CVE-2010-4476 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4476 [ 49 ] CVE-2011-0802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0802 [ 50 ] CVE-2011-0814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0814 [ 51 ] CVE-2011-0815 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0815 [ 52 ] CVE-2011-0862 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0862 [ 53 ] CVE-2011-0863 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0863 [ 54 ] CVE-2011-0864 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0864 [ 55 ] CVE-2011-0865 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0865 [ 56 ] CVE-2011-0867 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0867 [ 57 ] CVE-2011-0868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0868 [ 58 ] CVE-2011-0869 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0869 [ 59 ] CVE-2011-0871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0871 [ 60 ] CVE-2011-0872 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0872 [ 61 ] CVE-2011-0873 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0873 [ 62 ] CVE-2011-3389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389 [ 63 ] CVE-2011-3516 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3516 [ 64 ] CVE-2011-3521 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521 [ 65 ] CVE-2011-3544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544 [ 66 ] CVE-2011-3545 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3545 [ 67 ] CVE-2011-3546 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3546 [ 68 ] CVE-2011-3547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547 [ 69 ] CVE-2011-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548 [ 70 ] CVE-2011-3549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3549 [ 71 ] CVE-2011-3550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3550 [ 72 ] CVE-2011-3551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551 [ 73 ] CVE-2011-3552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552 [ 74 ] CVE-2011-3553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553 [ 75 ] CVE-2011-3554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554 [ 76 ] CVE-2011-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3555 [ 77 ] CVE-2011-3556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556 [ 78 ] CVE-2011-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557 [ 79 ] CVE-2011-3558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558 [ 80 ] CVE-2011-3560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560 [ 81 ] CVE-2011-3561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3561
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201111-02.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . =========================================================== Ubuntu Security Notice USN-1079-3 March 17, 2011 openjdk-6b18 vulnerabilities CVE-2010-4448, CVE-2010-4450, CVE-2010-4465, CVE-2010-4469, CVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2010-4476, CVE-2011-0706 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 10.10
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 10.10: icedtea6-plugin 6b18-1.8.7-0ubuntu2.1 openjdk-6-jre 6b18-1.8.7-0ubuntu2.1 openjdk-6-jre-headless 6b18-1.8.7-0ubuntu2.1
After a standard system update you need to restart any Java services, applications or applets to make all the necessary changes.
Details follow:
USN-1079-2 fixed vulnerabilities in OpenJDK 6 for armel (ARM) architectures in Ubuntu 9.10 and Ubuntu 10.04 LTS. This update fixes vulnerabilities in OpenJDK 6 for armel (ARM) architectures for Ubuntu 10.10.
Original advisory details:
It was discovered that untrusted Java applets could create domain name resolution cache entries, allowing an attacker to manipulate name resolution within the JVM. (CVE-2010-4448)
It was discovered that the Java launcher did not did not properly setup the LD_LIBRARY_PATH environment variable. (CVE-2010-4450)
It was discovered that within the Swing library, forged timer events could allow bypass of SecurityManager checks. This could allow an attacker to access restricted resources. (CVE-2010-4465)
It was discovered that certain bytecode combinations confused memory management within the HotSpot JVM. This could allow an attacker to cause a denial of service through an application crash or possibly inject code. (CVE-2010-4469)
It was discovered that the way JAXP components were handled allowed them to be manipulated by untrusted applets. An attacker could use this to bypass XML processing restrictions and elevate privileges. (CVE-2010-4470)
It was discovered that the Java2D subcomponent, when processing broken CFF fonts could leak system properties. (CVE-2010-4471)
It was discovered that a flaw in the XML Digital Signature component could allow an attacker to cause untrusted code to replace the XML Digital Signature Transform or C14N algorithm implementations. (CVE-2010-4472)
Konstantin Prei\xdfer and others discovered that specific double literals were improperly handled, allowing a remote attacker to cause a denial of service. (CVE-2011-0706)
Updated packages for Ubuntu 10.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.7-0ubuntu2.1.diff.gz
Size/MD5: 149561 b35ae7a82db49282379d36e7ece58484
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.7-0ubuntu2.1.dsc
Size/MD5: 3015 04cb459aeaab6c228e722caf07a44de9
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.7.orig.tar.gz
Size/MD5: 71430490 b2811b2e53cd9abaad6959d33fe10d19
armel architecture (ARM Architecture):
http://ports.ubuntu.com/pool/main/o/openjdk-6b18/icedtea-6-jre-cacao_6b18-1.8.7-0ubuntu2.1_armel.deb
Size/MD5: 377802 d4439da20492eafbccb33e2fe979e8c9
http://ports.ubuntu.com/pool/main/o/openjdk-6b18/icedtea6-plugin_6b18-1.8.7-0ubuntu2.1_armel.deb
Size/MD5: 78338 7bdf93e00fd81dc82fd0d9a8b4e905c7
http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-dbg_6b18-1.8.7-0ubuntu2.1_armel.deb
Size/MD5: 85497146 1512e0d6563dd5120729cf5b993c618c
http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-demo_6b18-1.8.7-0ubuntu2.1_armel.deb
Size/MD5: 1545620 544c54891d44bdac534c81318a7f2bcb
http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-jdk_6b18-1.8.7-0ubuntu2.1_armel.deb
Size/MD5: 9140042 0a2d6ed937081800baeb6fc55326a754
http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-jre-headless_6b18-1.8.7-0ubuntu2.1_armel.deb
Size/MD5: 30092886 4cc5ad7c54638278e55ee7d2acaab413
http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-jre_6b18-1.8.7-0ubuntu2.1_armel.deb
Size/MD5: 266102 4278c2c06387cf883325356efda3c4d4
http://ports.ubuntu.com/pool/universe/o/openjdk-6b18/openjdk-6-jre-zero_6b18-1.8.7-0ubuntu2.1_armel.deb
Size/MD5: 1959296 6becfb4d5a2ecbe7aee622b84df57f12
Show details on source website
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201102-0280", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "hp systems insight manager", "scope": "eq", "trust": 3.2, "vendor": "hewlett packard l p", "version": "prior to v7.0" }, { "model": "cosminexus application server enterprise 06-50-/a", "scope": null, "trust": 2.1, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server enterprise 06-00-/a", "scope": null, "trust": 2.1, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server standard 06-50-/b", "scope": null, "trust": 2.1, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise 06-70-/b", "scope": null, "trust": 2.1, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server standard 06-50-/a", "scope": null, "trust": 2.1, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise 06-70-/c", "scope": null, "trust": 2.1, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard 06-70-/b", "scope": null, "trust": 2.1, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard 06-70-/c", "scope": null, "trust": 2.1, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server enterprise 06-50-/b", "scope": null, "trust": 2.1, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server standard 06-00-/a", "scope": null, "trust": 2.1, "vendor": "hitachi", "version": null }, { "model": "jre", "scope": "eq", "trust": 1.9, "vendor": "sun", "version": "1.4.2" }, { "model": "sdk", "scope": "eq", "trust": 1.9, "vendor": "sun", "version": "1.4.2" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 1.8, "vendor": "hitachi", "version": "08-00-01" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 1.8, "vendor": "hitachi", "version": "08-00-01" }, { "model": "cosminexus application server standard 06-50-/c", "scope": null, "trust": 1.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 1.8, "vendor": "hitachi", "version": "08-00-01" }, { "model": "ucosminexus application server standard 06-70-/a", "scope": null, "trust": 1.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise 06-70-/f", "scope": null, "trust": 1.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server enterprise 06-00-/b", "scope": null, "trust": 1.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 1.8, "vendor": "hitachi", "version": "07-10" }, { "model": "cosminexus application server standard 06-00-/b", "scope": null, "trust": 1.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus client", "scope": "eq", "trust": 1.8, "vendor": "hitachi", "version": "08-00-01" }, { "model": "cosminexus application server enterprise 06-50-/c", "scope": null, "trust": 1.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise 06-70-/a", "scope": null, "trust": 1.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard 06-70-/f", "scope": null, "trust": 1.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 1.8, "vendor": "hitachi", "version": "08-00-01" }, { "model": "cosminexus application server standard", "scope": "eq", "trust": 1.5, "vendor": "hitachi", "version": "06-50" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 1.5, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus application server standard 06-70-/d", "scope": null, "trust": 1.5, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard 06-70-/g", "scope": null, "trust": 1.5, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 1.5, "vendor": "hitachi", "version": "06-70" }, { "model": "cosminexus application server enterprise 06-00-/c", "scope": null, "trust": 1.5, "vendor": "hitachi", "version": null }, { "model": "jre 011", "scope": "eq", "trust": 1.5, "vendor": "sun", "version": "1.2.2" }, { "model": "cosminexus application server standard 06-00-/e", "scope": null, "trust": 1.5, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server enterprise", "scope": "eq", "trust": 1.5, "vendor": "hitachi", "version": "06-00" }, { "model": "ucosminexus application server standard 06-70-/e", "scope": null, "trust": 1.5, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server standard 06-00-/d", "scope": null, "trust": 1.5, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server standard 06-50-/e", "scope": null, "trust": 1.5, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server enterprise 06-00-/e", "scope": null, "trust": 1.5, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server enterprise 06-50-/e", "scope": null, "trust": 1.5, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server standard", "scope": "eq", "trust": 1.5, "vendor": "hitachi", "version": "06-00" }, { "model": "ucosminexus application server enterprise 06-70-/e", "scope": null, "trust": 1.5, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server standard 06-00-/c", "scope": null, "trust": 1.5, "vendor": "hitachi", "version": null }, { "model": "jre 010", "scope": "eq", "trust": 1.5, "vendor": "sun", "version": "1.2.2" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 1.5, "vendor": "hitachi", "version": "06-70" }, { "model": "cosminexus application server enterprise", "scope": "eq", "trust": 1.5, "vendor": "hitachi", "version": "06-50" }, { "model": "ucosminexus application server enterprise 06-70-/d", "scope": null, "trust": 1.5, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server enterprise 06-00-/d", "scope": null, "trust": 1.5, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "07-00" }, { "model": "cosminexus application server 05-05-/i", "scope": null, "trust": 1.2, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "05-05" }, { "model": "ucosminexus client", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "07-00-06" }, { "model": "cosminexus application server 05-05-/d", "scope": null, "trust": 1.2, "vendor": "hitachi", "version": null }, { "model": "jre 013", "scope": "eq", "trust": 1.2, "vendor": "sun", "version": "1.2.2" }, { "model": "cosminexus application server 05-05-/h", "scope": null, "trust": 1.2, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "07-00-06" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "07-60" }, { "model": "jp1/cm2/network node manager starter edition", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "25008-10-01" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "07-00-06" }, { "model": "ucosminexus application server enterprise 06-70-/g", "scope": null, "trust": 1.2, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "07-00-06" }, { "model": "cosminexus application server 05-05-/f", "scope": null, "trust": 1.2, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server standard 06-50-/d", "scope": null, "trust": 1.2, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "08-00" }, { "model": "cosminexus application server 05-05-/a", "scope": null, "trust": 1.2, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server 05-05-/e", "scope": null, "trust": 1.2, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "07-00-06" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "07-00-06" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "07-60" }, { "model": "cosminexus application server 05-05-/g", "scope": null, "trust": 1.2, "vendor": "hitachi", "version": null }, { "model": "ucosminexus operator", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "07-00-06" }, { "model": "jre 014", "scope": "eq", "trust": 1.2, "vendor": "sun", "version": "1.2.2" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "07-00-06" }, { "model": "jre", "scope": "eq", "trust": 1.2, "vendor": "sun", "version": "1.2.2" }, { "model": "cosminexus application server 05-05-/b", "scope": null, "trust": 1.2, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server 05-05-/c", "scope": null, "trust": 1.2, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server enterprise 06-50-/d", "scope": null, "trust": 1.2, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "07-00" }, { "model": "esx", "scope": "eq", "trust": 1.1, "vendor": "vmware", "version": "4.0" }, { "model": "esx", "scope": "eq", "trust": 1.1, "vendor": "vmware", "version": "4.1" }, { "model": "esx", "scope": "eq", "trust": 1.1, "vendor": "vmware", "version": "3.5" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_20" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_4" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_21" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_3" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_27" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_6" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_19" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_9" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_2" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_25" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_23" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_17" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_15" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.5.0" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_3" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_4" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_6" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_5" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_14" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.6.0" }, { "model": "jdk", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.6.0" }, { "model": "jdk", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.5.0" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_24" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_9" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_8" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_26" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_11" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_23" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_18" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_22" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_16" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_15" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_17" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_10" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_5" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_14" }, { "model": "sdk", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.4.2_29" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_28" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_24" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_7" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_12" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_8" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_26" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_1" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_13" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_19" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_20" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_02" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_18" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_21" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_11" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_16" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_22" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_27" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_10" }, { "model": "jre", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.6.0" }, { "model": "jre", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.5.0" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.6.0" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.5.0" }, { "model": "jre", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.4.2_29" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_28" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_7" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_25" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_12" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_1" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_13" }, { "model": "jre 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "sdk 08", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.3.1 22", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jp1/cm2/network node manager starter ed enterprise", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "08-00-02" }, { "model": "jdk 14", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3.1" }, { "model": "cosminexus application server enterprise )", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "06-00" }, { "model": "jdk 1.5.0 16", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "sdk 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 14", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.1.8" }, { "model": "sdk 1.4.2 25", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 25", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3.1" }, { "model": "ucosminexus application server enterprise 06-71-/b", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "jre 015", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.2.2" }, { "model": "jre 01", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.1" }, { "model": "cosminexus application server standard 06-02-/a", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "jre 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3.1" }, { "model": "jre 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.6.0 03", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 11", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "cosminexus application server standard 06-51-/a", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "jre 14", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3.1" }, { "model": "sdk 03", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.1" }, { "model": "jre 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.2.1" }, { "model": "jdk", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 01", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 09", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 27", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3.1" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00-03" }, { "model": "jre 1.5.0 11", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "cosminexus application server enterprise 06-02-/d", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "jdk 007", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.1.6" }, { "model": "jre 1.4.2 12", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 09", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 14", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.2" }, { "model": "sdk 24", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 01a", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3.1" }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3.1" }, { "model": "jre 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.4.2 22", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 23", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "sdk 1.4.2 27", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 15", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "sdk 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-60" }, { "model": "jre .0 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4" }, { "model": "processing kit for xml", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "01-05" }, { "model": "jdk 1.5.0 25", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "cosminexus application server enterprise 06-02-/c", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4" }, { "model": "jre 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3.1" }, { "model": "jre 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 11", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3.1" }, { "model": "jre 03", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.1" }, { "model": "jre 1.6.0 11", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.1" }, { "model": "jre 01", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre .0 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-50-01" }, { "model": "jre 1.5.0 17", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 17", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 01", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.1" }, { "model": "jre 24", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.5.0 27", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.3.1 23", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk b 005", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.1.7" }, { "model": "jre 1.6.0 03", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "processing kit for xml 02-05-/a", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "jdk 01", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "cosminexus application server standard )", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "06-00" }, { "model": "cosminexus application server enterprise 06-50-/f", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "sdk 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 08", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "cosminexus application server enterprise 06-51-/a", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise 06-71-/c", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "jre 1.4.2 13", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.5.0 23", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.1.8" }, { "model": "jre 1.3.1 25", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3.1" }, { "model": "jdk 1.5.0 26", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jp1/cm2/network node manager starter ed enterprise", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "08-10-01" }, { "model": "sdk 1.4.2 16", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "processing kit for xml 02-05-/b", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-50" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-10" }, { "model": "jre 16", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.5.0 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.3.1 26", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 18", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 01", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3.1" }, { "model": "jdk 11", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre .0 03", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4" }, { "model": "sdk .0 03", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4" }, { "model": "jre 1.4.2 11", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.1" }, { "model": "cosminexus application server standard 06-02-/d", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "jdk 0 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.5.0 10", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "cosminexus application server enterprise 06-02-/a", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "jdk 1.5.0 27", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 03", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "sdk 1.4.2 29", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.1" }, { "model": "sdk 1.4.2 14", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 14", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "ucosminexus application server standard )", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "06-70" }, { "model": "jdk 1.5.0 24", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 18", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3.1" }, { "model": "jre 1.5.0 25", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk .0 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3.1" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00-03" }, { "model": "jre 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "cosminexus application server standard 06-02-/c", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "jdk 1.5.0 13", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jp1/cm2/network node manager", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-10" }, { "model": "jre 1.4.2 16", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 17", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 15", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "05-00" }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.1" }, { "model": "jre 03", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3.1" }, { "model": "jre 1.6.0 21", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 15", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.6.0 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.1" }, { "model": "jre 1.6.0 22", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jp1/cm2/network node manager starter edition", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "25008-00-02" }, { "model": "jdk 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.1" }, { "model": "sdk .0 4", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4" }, { "model": "sdk 1.4.2 28", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 21", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "cosminexus application server standard 06-02-/b", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "jdk 1.6.0 15", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 01", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3.1" }, { "model": "sdk .0 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4" }, { "model": "sdk 1.4.2 12", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 14", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "processing kit for xml", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "02-00" }, { "model": "jre 1.6.0 02", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "cosminexus application server standard 06-50-/f", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.2.1" }, { "model": "jre 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.4.2 15", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "cosminexus application server enterprise 06-02-/b", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "jre 15", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3.1" }, { "model": "sdk 1.4.2 26", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jp1/cm2/network node manager starter ed enterprise", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "08-00-01" }, { "model": "jre 1.4.2 29", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 01", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.1" }, { "model": "jdk 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00-03" }, { "model": "jre .0 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4" }, { "model": "jre 13", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3.1" }, { "model": "sdk 09", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 13", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "cosminexus application server 05-05-/m", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "jre 1.5.0 26", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "cosminexus server web edition", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "-04-01" }, { "model": "jdk 008", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.1.8" }, { "model": "jdk 08", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.3.1 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 18", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "sdk 1.4.2 22", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk", "scope": "eq", "trust": 0.9, "vendor": "oracle", "version": "1.7" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00-01" }, { "model": "jre 08", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3.1" }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.2" }, { "model": "jdk 1.6.0 02", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 12", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3.1" }, { "model": "jre 1.6.0 01", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 12", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00-03" }, { "model": "jdk 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "sdk 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-50" }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "06-70" }, { "model": "jdk 14", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "sdk 03", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 03", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.3.1 21", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 12", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4" }, { "model": "jdk 13", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.5.0 13", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 22", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.4.2 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre .0 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3" }, { "model": "jre 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3.1" }, { "model": "jdk 1.6.0 23", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "sdk 1.4.2 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-50" }, { "model": "jdk 1.5.0 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.1" }, { "model": "jre 1.5.0 23", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 09", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3.1" }, { "model": "cosminexus application server standard 06-51-/b", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-50-01" }, { "model": "jdk 1.6.0 22", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "sdk 1.4.2 13", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 09", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.1.6" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00-01" }, { "model": "jdk 1.6.0 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "cosminexus application server enterprise 06-51-/b", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "jre 007", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.2.2" }, { "model": "jre 1.6.0 14", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 22", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 009", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.1.8" }, { "model": "forms", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "4.0, 3.5" }, { "model": "lotus expeditor", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "6.2" }, { "model": "lotus quickr", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "for websphere portal 8.5, 8.1, 8.0" }, { "model": "mashup center", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "3.0, 2.0, 1.1, 1.0" }, { "model": "websphere dashboard framework", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "6.1, 6.0" }, { "model": "lotus activeinsight", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "6.1, 6.0" }, { "model": "lotus connections", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "3.0, 2.5, 2.0, 1.0" }, { "model": "lotus mashups", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "3.0, 2.0, 1.1, 1.0" }, { "model": "lotus sametime advanced", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "8.0" }, { "model": "lotus sametime standard", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "8.5" }, { "model": "lotus sametime unified telephony", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "8.5.1, 8.0" }, { "model": "lotus web content management", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "7.0, 6.1" }, { "model": "lotus workforce management", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "6.1" }, { "model": "websphere portlet factory", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "7.0, 6.1" }, { "model": "workplace web content management", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "6.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "to v6.0 to v6.0.2.43" }, { "model": "websphere application server", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "to v6.1 to v6.1.0.35" }, { "model": "websphere application server", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "to v7.0 to v7.0.0.13" }, { "model": "db2", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "for linux, unix, and windows version 9.1 fp0 to fp10" }, { "model": "db2", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "for linux, unix, and windows version 9.5 fp0 to fp7" }, { "model": "db2", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "for linux, unix, and windows version 9.7 fp0 to fp3a" }, { "model": "websphere application server", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "v6.0 to v6.0.2.43" }, { "model": "websphere application server", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "v6.1 to v6.1.0.35" }, { "model": "websphere application server", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "v7.0 to v7.0.0.13" }, { "model": "esx", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "3.0.3" }, { "model": "esxi", "scope": null, "trust": 0.8, "vendor": "vmware", "version": null }, { "model": "vcenter", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "4.0 (windows)" }, { "model": "vcenter", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "4.1 (windows)" }, { "model": "vcenter", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "5.0 (windows)" }, { "model": "virtualcenter", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "2.5 (windows)" }, { "model": "vsphere update manager", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "4.0 (windows)" }, { "model": "vsphere update manager", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "4.1 (windows)" }, { "model": "vsphere update manager", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "5.0 (windows)" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.5.8" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6.6" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.5.8" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6.6" }, { "model": "iplanet web server", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "6.1" }, { "model": "iplanet web server", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "7.0" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "3 (x86)" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "3 (x86-64)" }, { "model": "jdk", "scope": "lte", "trust": 0.8, "vendor": "sun microsystems", "version": "5.0 update 27" }, { "model": "jdk", "scope": "lte", "trust": 0.8, "vendor": "sun microsystems", "version": "6 update 23" }, { "model": "jre", "scope": "lte", "trust": 0.8, "vendor": "sun microsystems", "version": "1.4.2_29" }, { "model": "jre", "scope": "lte", "trust": 0.8, "vendor": "sun microsystems", "version": "5.0 update 27" }, { "model": "jre", "scope": "lte", "trust": 0.8, "vendor": "sun microsystems", "version": "6 update 23" }, { "model": "sdk", "scope": "lte", "trust": 0.8, "vendor": "sun microsystems", "version": "1.4.2_29" }, { "model": "hp systems insight manager", "scope": "lt", "trust": 0.8, "vendor": "hewlett packard", "version": "7.0" }, { "model": "hp tru64 unix", "scope": "lte", "trust": 0.8, "vendor": "hewlett packard", "version": "running j2se v 1.42-9" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.11" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.23" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.23 (ia)" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.23 (pa)" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.31" }, { "model": "hp-ux tomcat-based servlet engine", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "5.5.30.04" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (server)" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5.0 (client)" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4 extras" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4.8.z extras" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux hpc node supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (client)" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel desktop workstation", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (client)" }, { "model": "rhel supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (server)" }, { "model": "systemdirector enterprise", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "enterprise version 6" }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard version 6" }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 5" }, { "model": "cosminexus client", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 6" }, { "model": "cosminexus collaboration", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- server" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "light version 6" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional version 6" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard version 6" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 5" }, { "model": "cosminexus server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- standard edition version 4" }, { "model": "cosminexus server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- web edition version 4" }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- standard edition version 4" }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- web edition version 4" }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 5" }, { "model": "groupmax collaboration", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- server" }, { "model": "hirdb realtime monitor", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "developer\u0027s kit for java", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "device manager", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "software" }, { "model": "global link manager", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "software" }, { "model": "it operations analyzer", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "it operations director", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "provisioning manager", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "software" }, { "model": "replication manager", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "software" }, { "model": "tiered storage manager", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "software" }, { "model": "tuning manager", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "software" }, { "model": "job management partner 1/automatic job management system 2", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- web operation assistant( english edition )" }, { "model": "job management partner 1/automatic job management system 2", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- web operation assistant/ex( english edition )" }, { "model": "job management partner 1/automatic job management system 3", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- web operation assistant( english edition )" }, { "model": "job management partner 1/performance management - web console", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "( overseas edition )" }, { "model": "jp1/automatic job management system 2", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- web operation assistant" }, { "model": "jp1/automatic job management system 3", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- web operation assistant" }, { "model": "jp1/cm2/network node manager", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "none" }, { "model": "jp1/cm2/network node manager", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "i" }, { "model": "jp1/cm2/network node manager", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "i advanced" }, { "model": "jp1/cm2/network node manager", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "starter edition 250" }, { "model": "jp1/cm2/network node manager", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "starter edition enterprise" }, { "model": "jp1/cm2/snmp system observer", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "jp1/hicommand device manager", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "jp1/hicommand global link availability manager", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "jp1/hicommand provisioning manager", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "jp1/hicommand replication monitor", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "jp1/hicommand tiered storage manager", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "jp1/hicommand tuning manager", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "jp1/integrated management", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- service support" }, { "model": "jp1/it resource management", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- manager" }, { "model": "jp1/performance management", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- web console" }, { "model": "jp1/performance management", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- web console( overseas edition )" }, { "model": "jp1/serverconductor/control manager", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "processing kit for xml", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "enterprise" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard-r" }, { "model": "ucosminexus client", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus collaboration", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- server" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "light" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard" }, { "model": "ucosminexus navigation", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "developer" }, { "model": "ucosminexus navigation", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "platform" }, { "model": "ucosminexus navigation", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "platform - authoring license" }, { "model": "ucosminexus navigation", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "platform - user license" }, { "model": "ucosminexus operator", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus portal framework", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "entry set" }, { "model": "ucosminexus reporting base", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus service", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "architect" }, { "model": "ucosminexus service", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "platform" }, { "model": "ucosminexus stream data platform", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "none" }, { "model": "ucosminexus stream data platform", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- application framework" }, { "model": "electronic form workflow", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard set" }, { "model": "electronic form workflow", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "set" }, { "model": "electronic form workflow", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "developer client set" }, { "model": "electronic form workflow", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "developer set" }, { "model": "electronic form workflow", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional library set" }, { "model": "internet navigware server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage application development cycle manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage application framework suite", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage apworks", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "server operation package" }, { "model": "interstage business application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage job workload server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage list works", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage service integrator", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage web server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage xml business activity recorder", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker availability view", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker centric manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker it change manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker it process master", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker resource coordinator", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker service quality coordinator", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "jdk", "scope": null, "trust": 0.8, "vendor": "sun microsystems", "version": null }, { "model": "jre", "scope": null, "trust": 0.8, "vendor": "sun microsystems", "version": null }, { "model": "sdk", "scope": null, "trust": 0.8, "vendor": "sun microsystems", "version": null }, { "model": "jre 005", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.2.2" }, { "model": "ucosminexus application server enterprise 06-71-/d", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard 06-71-/b", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "device manager software", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.1.1-03" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-03-02" }, { "model": "tiered storage manager software", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.1.1-00" }, { "model": "device manager software", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.2-01" }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-60" }, { "model": "ucosminexus application server standard )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-10" }, { "model": "device manager software )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.1.1-00" }, { "model": "cosminexus application server enterprise )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-51" }, { "model": "jre .0 01", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.4" }, { "model": "jp1/integrated management service support", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "-08-50-04" }, { "model": "cosminexus application server 05-00-/i", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "jdk 01-b06", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.6" }, { "model": "tiered storage manager software", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.2-00" }, { "model": "jp1/integrated management service support", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "-08-11" }, { "model": "jdk 003", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.2.1" }, { "model": "ucosminexus application server standard 06-72-/b", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-00-02" }, { "model": "device manager software )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.1.1-04" }, { "model": "ucosminexus application server enterprise 06-70-/n", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "jp1/integrated management service support", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "-08-10-05" }, { "model": "tiered storage manager software )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.1.1-01" }, { "model": "jre 12", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.4.2" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-00" }, { "model": "cosminexus application server enterprise 06-00-/f", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "jp1/cm2/network node manager starter ed enterprise", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-10" }, { "model": "jdk", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.1.8" }, { "model": "device manager software", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.0-06" }, { "model": "cosminexus application server 05-00-/a", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "jre 1.5.0.0 09", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "device manager software", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.0-00" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus application server standard 06-71-/g", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "jp1/integrated management service support", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "-08-11-03" }, { "model": "jp1/cm2/network node manager starter edition", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "25008-00" }, { "model": "ucosminexus application server enterprise 06-71-/h", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "jp1/integrated management service support", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "-08-50-03" }, { "model": "ucosminexus application server standard 06-71-/c", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard 06-71-/a", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "tiered storage manager software", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.2-01" }, { "model": "jdk 06", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.2.2" }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-10" }, { "model": "device manager software )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.1-02" }, { "model": "device manager software", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.1.1-04" }, { "model": "cosminexus application server 05-05-/l", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server standard )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-51" }, { "model": "jre 1.4.2 28", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "device manager software )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.2-01" }, { "model": "cosminexus application server 05-00-/b", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard 06-71-/h", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "processing kit for xml 01-05-/c", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "jre 007", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.1.8" }, { "model": "jre 1.3.1 16", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-00-09" }, { "model": "jdk .0 04", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-00-09" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-00-10" }, { "model": "ucosminexus application server standard )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-00" }, { "model": "jre 1.3.1 28", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-00-10" }, { "model": "cosminexus application server 05-05-/j", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "jdk 005", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.1.8" }, { "model": "cosminexus application server enterprise 06-51-/e", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-03-02" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-03-02" }, { "model": "jre", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.3" }, { "model": "cosminexus application server standard", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-51" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-00-02" }, { "model": "replication manager software )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.2-00" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-10-01" }, { "model": "cosminexus application server 05-00-/c", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-00-09" }, { "model": "jre 1.3.1 15", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "replication manager software )", "scope": "ne", "trust": 0.6, "vendor": "hitachi", "version": "7.3-00" }, { "model": "ucosminexus application server standard 06-70-/n", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "device manager software", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.1.1-00" }, { "model": "ucosminexus application server standard 06-72-/d", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "device manager software", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.2-02" }, { "model": "cosminexus application server standard 06-51-/d", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "jdk 1.5.0.0 08", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre .0 04", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.3" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-00-10" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-71" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-00-10" }, { "model": "device manager software )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.1-00" }, { "model": "cosminexus application server standard", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-02" }, { "model": "jdk 006", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.2.2" }, { "model": "processing kit for xml 02-00-/d", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "device manager software", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.2-00" }, { "model": "ucosminexus service platform )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-00" }, { "model": "jp1/integrated management service support", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "-08-51" }, { "model": "processing kit for xml )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "02-05" }, { "model": "jp1/cm2/snmp system observer", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-00" }, { "model": "jdk 05", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.2.2" }, { "model": "cosminexus application server enterprise 06-51-/c", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "jdk 007", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.1.8" }, { "model": "device manager software", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.1-02" }, { "model": "ucosminexus application server standard 06-70-/h", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server enterprise", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-02" }, { "model": "jre b 07", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.1.7" }, { "model": "jdk .0 03", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.5.0 12", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "replication manager software )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.1-01" }, { "model": "ucosminexus application server enterprise 06-71-/g", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server standard 06-00-/i", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "replication manager software )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.1-00" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-00-02" }, { "model": "jdk 10", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.3.1 17", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 12", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.2.2" }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-00-09" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-03-02" }, { "model": "jre 1.6.0 2", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "tiered storage manager software", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.1-01" }, { "model": "cosminexus application server standard 06-51-/c", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server standard 06-00-/h", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server enterprise 06-00-/g", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-00-09" }, { "model": "cosminexus application server enterprise 06-51-/d", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "jre 1.4.2 27", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 11", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 07-b03", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "tiered storage manager software )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.1.1-00" }, { "model": "jdk 06", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-71" }, { "model": "jre b 007", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.1.7" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-00-10" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-03-02" }, { "model": "jre 01", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.3" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-00-02" }, { "model": "cosminexus application server standard 06-02-/f", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server 05-05-/o", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "device manager software", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.1-03" }, { "model": "device manager software", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.1-00" }, { "model": "jp1/cm2/network node manager starter edition", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "25008-10" }, { "model": "jre 1.5.0.0 08", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "cosminexus application server enterprise 06-02-/e", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "jdk 002", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.1.8" }, { "model": "jre 1.3.1 19", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 008", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.1.8" }, { "model": "processing kit for xml", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "02-05" }, { "model": "tiered storage manager software )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.2-00" }, { "model": "jp1/cm2/network node manager starter ed enterprise", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-00" }, { "model": "jdk 1.5.0.0 12", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-00-10" }, { "model": "jre 1.3.1 18", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "ucosminexus application server standard 06-71-/d", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "jdk 004", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.2.2" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-10-01" }, { "model": "cosminexus application server enterprise", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-51" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-03-02" }, { "model": "tiered storage manager software", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.1-00" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-03-02" }, { "model": "jdk 009", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.1.6" }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-00" }, { "model": "cosminexus application server enterprise 06-02-/f", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise 06-70-/b )", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "jdk 004", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.2.1" }, { "model": "ucosminexus application server standard )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-60" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-10-06" }, { "model": "ucosminexus application server enterprise 06-71-/a", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server enterprise 06-00-/h", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "jdk b 007", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.1.7" }, { "model": "jdk 1.5.0.0 09", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "cosminexus application server standard 06-00-/g", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server standard 06-00-/f", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "tiered storage manager software )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.1-00" }, { "model": "tiered storage manager software", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.1.1-01" }, { "model": "jp1/integrated management service support", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "-08-50" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-03-02" }, { "model": "jp1/integrated management service support", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "-08-10-06" }, { "model": "jp1/integrated management service support", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "-08-10" }, { "model": "device manager software )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.2-02" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-00-09" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-00-09" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-00-02" }, { "model": "cosminexus application server enterprise 06-00-/i", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "device manager software )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.2-00" }, { "model": "jdk 1.5.0.0 11", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 11-b03", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-00-09" }, { "model": "jp1/integrated management service support", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "-08-11-04" }, { "model": "tiered storage manager software )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.1-01" }, { "model": "jre 012", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.2.2" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-00-10" }, { "model": "jre 005", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.1.8" }, { "model": "cosminexus application server enterprise )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-50" }, { "model": "cosminexus application server standard )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-50" }, { "model": "cosminexus application server standard 06-02-/e", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server 05-05-/k", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "tiered storage manager software )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.2-01" }, { "model": "cosminexus application server standard 06-51-/e", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "jre 1.5.0.0 07", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 01", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 009", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.1.8" }, { "model": "jre 1.6.0 20", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "tivoli dynamic workload broker", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0" }, { "model": "virtual i/o server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "cosminexus developer professional 06-02-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jboss enterprise web server for rhel es", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "41.0" }, { "model": "tiered storage manager software", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-08" }, { "model": "cosminexus application server 05-00-/m", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6" }, { "model": "ucosminexus application server standard )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "processing kit for xml 01-07-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "jp1/hicommand tiered storage manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-50" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0.1" }, { "model": "cognos business intelligence fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "88.4.1" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.4" }, { "model": "cosminexus developer light 06-50-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "device manager software (linux(sles", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "7.1.0-00" }, { "model": "processing kit for xml 01-07-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli netcool omnibus web gui", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.0" }, { "model": "device manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.0.1-02" }, { "model": "cosminexus application server 05-02-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise 06-72-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "enterprise linux as extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "replication manager software (linux(rhel", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.0.1-01" }, { "model": "cognos workforce performance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "ucosminexus developer professional 06-70-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/integrated management service support", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-08-50-02" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20-02" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.17" }, { "model": "cosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-02" }, { "model": "network node manager i", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.1" }, { "model": "cosminexus developer 05-05-/h", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "db2 fixpack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.55" }, { "model": "ucosminexus developer standard 06-70-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer light 06-00-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cognos customer performance analytics", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "cosminexus developer 05-05-/j", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.19" }, { "model": "ucosminexus application server enterprise 06-70-/h", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/integrated management service support", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-08-50-01" }, { "model": "cosminexus server web edition 04-00-/a", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer light 06-00-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server standard 06-50-/c (solari", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/cm2/network node manager starter ed enterprise (hp-ux(pa-r", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00-02" }, { "model": "cosminexus developer light 06-02-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-03-03" }, { "model": "tivoli workload scheduler", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1" }, { "model": "provisioning manager software (solaris(sp", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.0.0-00" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.2" }, { "model": "systemwalker availability view enterprise edition 13.3.0a", "scope": null, "trust": 0.3, "vendor": "fujitsu", "version": null }, { "model": "os/400 v5r4m0", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "device manager software (linux(sles", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-08" }, { "model": "cosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-50" }, { "model": "cosminexus developer standard 06-51-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jdk 01", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.1" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.107" }, { "model": "cosminexus application server enterprise 06-02-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server 05-00-/r", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-02" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "7.0.5" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-01" }, { "model": "tivoli netcool performance manager for wireless", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.2" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-72" }, { "model": "tiered storage manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.0.0-00" }, { "model": "tiered storage manager software (solaris(sp", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.0.0-00" }, { "model": "cosminexus developer professional 06-51-/h", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/hicommand replication monitor", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-50-01" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.1" }, { "model": "cognos mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "tivoli foundations for application manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1" }, { "model": "cosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-50" }, { "model": "cosminexus application server standard 06-51-/h", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "hp-ux web server suite", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "3.14" }, { "model": "linux enterprise sdk sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "cosminexus developer 05-05-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.18" }, { "model": "openvms secure web server", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.2" }, { "model": "cosminexus application server 05-01-/k", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer light 06-50-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jboss enterprise soa platform", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5.0.2" }, { "model": "jboss enterprise portal platform", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5.1.0" }, { "model": "cosminexus developer standard 06-51-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.35" }, { "model": "tivoli composite application manager for websphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "jre b", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.1.7" }, { "model": "ucosminexus developer standard 06-71-/h", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.14" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "7.0.3" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.0" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-03" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-03" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20" }, { "model": "jp1/hicommand tiered storage manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-30" }, { "model": "cosminexus developer light 06-51-/k", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2009.0" }, { "model": "tivoli workload scheduler", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.3" }, { "model": "websphere application server community edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.1.4" }, { "model": "jre .0 01", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3" }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-01" }, { "model": "linux armel", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "jp1/hicommand provisioning manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "02-30" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.22" }, { "model": "ucosminexus developer light 06-71-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli enterprise console", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "jdk 1.5.0 11", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "cosminexus developer professional 06-00-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.128" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-10" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-01" }, { "model": "jdk 09", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.1.8" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.6" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5" }, { "model": "it operations director", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "02-50-06" }, { "model": "cosminexus application server enterprise 06-50-c (solaris", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "jrockit r28.0.0", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.2" }, { "model": "ucosminexus client 06-70-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jre 12", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.1.8" }, { "model": "infosphere information server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "cosminexus application server standard 06-51-/k", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli netcool performance manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.1" }, { "model": "cognos impromptu web reports", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-02" }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-10" }, { "model": "jdk 1.5.0.0 06", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.3" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.1" }, { "model": "cosminexus developer standard 06-00-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer standard 06-02-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/cm2/network node manager starter edition enterprise hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-10-02" }, { "model": "reflection for secure it unix server sp1", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "7.0" }, { "model": "cosminexus developer professional 06-00-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/hicommand tiered storage manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "04-00" }, { "model": "interstage application server standard-j edition 9.1.0b", "scope": null, "trust": 0.3, "vendor": "fujitsu", "version": null }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50" }, { "model": "device manager software (solaris", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.1-00(x64))" }, { "model": "cosminexus developer light 06-02-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "conferencing standard edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "openvms secure web server", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3-2" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.18" }, { "model": "tru64 unix 5.1b-4", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.2" }, { "model": "vcenter update manager update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.11" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.2" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "9.10" }, { "model": "ucosminexus developer standard 06-70-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1.11" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1.5" }, { "model": "cosminexus developer professional 06-51-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "7.0.1" }, { "model": "vcenter update manager", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.0" }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "cognos express", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "tuning manager software", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "7.1.0-00" }, { "model": "jrockit r28.1.1", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "tivoli dynamic workload console", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "identity manager remote loader", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "3.6.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.5" }, { "model": "cosminexus application server standard 06-51-/j", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/hicommand global link availability manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-30" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-03-03" }, { "model": "jp1/hicommand tuning manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "processing kit for xml )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "02-00" }, { "model": "jp1/hicommand global link availability manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-02" }, { "model": "tivoli workload scehdule z/os connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "cosminexus studio web edition 04-01-/a", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tuning manager software )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.401" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.126" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "cosminexus developer 05-05-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer professional 06-70-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10-01" }, { "model": "ucosminexus client 06-70-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.5" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.018" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.019" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" }, { "model": "enterprise linux hpc node optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "cosminexus developer professional 06-00-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.6" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.22" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-02" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-01" }, { "model": "identity manager roles based provisioning module", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "3.6.1" }, { "model": "systems insight manager sp2", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.2" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.23" }, { "model": "cosminexus developer professional 06-00-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jdk 1.5.0 11-b03", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "tivoli network manager ip edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.8" }, { "model": "cosminexus developer light 06-00-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server standard 06-02-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "nonstop server", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6" }, { "model": "provisioning manager software (solaris(sp", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-07" }, { "model": "cosminexus developer 05-05-/o", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "reflection for secure it windows server sp1", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "7.0" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10-06" }, { "model": "jre 007", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.1.6" }, { "model": "replication manager software -00 )", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "7.3" }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "cosminexus developer professional 06-02-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server enterprise 06-50-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer professional 06-70-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.25" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.0" }, { "model": "systems insight manager sp3", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-60" }, { "model": "ucosminexus client 06-70-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "ucosminexus developer standard 06-71-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-03" }, { "model": "jre 15", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.1" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2009.0" }, { "model": "tiered storage manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-07" }, { "model": "cosminexus developer light 06-51-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "openvms secure web server", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3-1" }, { "model": "jp1/hicommand replication monitor", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "jboss enterprise web platform for rhel server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "55" }, { "model": "jp1/hicommand global link availability manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-40" }, { "model": "tiered storage manager software (solaris(sp", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-07" }, { "model": "cosminexus developer light 06-00-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer light 06-50-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jboss enterprise web platform for rhel 4as", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "cosminexus developer professional 06-51-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/hicommand global link availability manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-10" }, { "model": "jdk 04", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3" }, { "model": "ucosminexus service platform )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "tiered storage manager software (linux(rhel", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "7.1.0-00" }, { "model": "ucosminexus developer light 06-70-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus client 06-51-/k", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "device manager software (solaris", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.0-00(x64))" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "9.10" }, { "model": "global link manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.1-01" }, { "model": "ewas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.138" }, { "model": "cosminexus developer 05-01-/h", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "db2 fixpack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.18" }, { "model": "cosminexus developer 05-01-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli management framework", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.1" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.3.1" }, { "model": "cosminexus application server enterprise 06-51-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-60" }, { "model": "cosminexus developer light 06-51-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "hp-ux web server suite", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "2.33" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.4" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-05" }, { "model": "cosminexus application server enterprise 06-51-/k", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli federated identity manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.1" }, { "model": "jp1/cm2/network node manager starter ed enterprise hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00-03" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0.14" }, { "model": "jre 07", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.1" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-09" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0.30" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.3" }, { "model": "tuning manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.2-00" }, { "model": "cosminexus developer 05-01-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/hicommand global link availability manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-01" }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-80" }, { "model": "reflection for secure it unix client", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "7.2" }, { "model": "cosminexus developer light 06-51-/j", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tiered storage manager software (linux(rhel", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-08" }, { "model": "jp1/cm2/network node manager starter edition (hp-ux(pa-risc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "25008-10" }, { "model": "cosminexus developer 05-01-/k", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10-01" }, { "model": "cosminexus developer professional 06-00-/h", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "linux enterprise java sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "jre 009", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.1.6" }, { "model": "jre 1.5.0 08", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "cosminexus developer light 06-51-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-02" }, { "model": "jp1/hicommand global link availability manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-03" }, { "model": "jp1/hicommand provisioning manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-90" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.2" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0.13" }, { "model": "cognos planning", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.15" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "5" }, { "model": "desktop extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "ucosminexus application server enterprise 06-70-/a (windows(ip", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-02" }, { "model": "jp1/hicommand global link availability manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-05" }, { "model": "jre b 005", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.1.7" }, { "model": "tiered storage manager software (linux(sles", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "7.1.0-00" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.29" }, { "model": "jboss enterprise application platform for rhel 4as", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "websphere application server community edition", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "2.1.1.5" }, { "model": "tuning manager software )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.2-00" }, { "model": "tivoli application dependency discovery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "tivoli configuration manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.3" }, { "model": "cognos business intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "cosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-50" }, { "model": "jdk update21", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20-01" }, { "model": "systems insight manager sp1", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.2" }, { "model": "jre 11", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.2.2" }, { "model": "device manager software (linux(rhel", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.0.1-02" }, { "model": "replication manager software (linux(rhel", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.0.0-00" }, { "model": "network node manager i", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.1" }, { "model": "esx patch esx400-201", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.0" }, { "model": "tiered storage manager software (linux(rhel", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.2.0-00" }, { "model": "netcool/omnibus fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.020" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.8" }, { "model": "cosminexus application server 05-01-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer professional 06-51-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.20" }, { "model": "cosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-51" }, { "model": "conferencing standard edition", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "identity manager designer", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "4.0" }, { "model": "cosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-00" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50" }, { "model": "cosminexus developer 05-05-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jre 21", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.2" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.7" }, { "model": "linux enterprise java sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-05" }, { "model": "tivoli directory server 6.1.0.5-tiv-itds-if0", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "virtualcenter update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.56" }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-09" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.115" }, { "model": "ewas", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6.139" }, { "model": "tomcat beta", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "7.0" }, { "model": "tivoli workload scheduler", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "cosminexus developer professional 06-50-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.102" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "systemwalker availability view enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "13.3" }, { "model": "websphere mq file transfer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.2" }, { "model": "cosminexus studio 05-00-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server 05-00-/l", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer professional 06-71-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-09" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.15" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "device manager software (linux(sles", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.3.0-00" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "systemwalker it process master standard edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "13.3.1" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.103" }, { "model": "device manager software )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.1-03" }, { "model": "ucosminexus developer professional 06-71-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-02" }, { "model": "linux m68k", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "tiered storage manager software (linux(rhel", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-07" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10-01" }, { "model": "db2 fixpack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.56" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "cosminexus developer standard 06-50-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-05" }, { "model": "jrockit r27.6.0-50", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.5.015" }, { "model": "jp1/hicommand tuning manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-50" }, { "model": "cosminexus application server 05-02-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-50" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "virtualcenter update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.55" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.3" }, { "model": "jdk 01", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6" }, { "model": "reflection suite for", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "x2011" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.7" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "cosminexus studio 05-01-/l", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "hp-ux web server suite", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.32" }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.6" }, { "model": "ucosminexus application server enterprise 06-70-/a linux )", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jrockit r27.6.5", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "sdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.222" }, { "model": "jdk 03", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3" }, { "model": "device manager software", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-08" }, { "model": "cics transaction gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20-02" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.5" }, { "model": "ucosminexus developer professional 06-70-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "systems insight manager sp1", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "jboss enterprise application platform el4", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4.3" }, { "model": "processing kit for xml 02-00-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.4" }, { "model": "ucosminexus application server enterprise 06-71-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer light 06-71-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer professional 06-71-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.21" }, { "model": "linux enterprise server sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.3.1" }, { "model": "cosminexus application server standard 06-50-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server enterprise 06-51-/h", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.6" }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "vcenter update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.03" }, { "model": "global link manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.5-00" }, { "model": "rational clearcase", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.2" }, { "model": "cosminexus application server enterprise 06-50-/c (hp-ux(", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard 06-70-/l", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer professional 06-00-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jdk 14", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.1.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.4" }, { "model": "cosminexus application server 05-02-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.2" }, { "model": "device manager software (linux(rhel", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-07" }, { "model": "cosminexus developer standard 06-50-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cognos supply chain performance analytics", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.27" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.105" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-09" }, { "model": "global link manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "tomcat", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": "7.0.8" }, { "model": "ucosminexus application server enterprise 06-70-/m", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cognos mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "network satellite server (for rhel", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5)5.4" }, { "model": "tivoli federated identity manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2" }, { "model": "systems insight manager sp5", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "jre 10", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.1.8" }, { "model": "tuning manager software )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.001" }, { "model": "tivoli composite application manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.3" }, { "model": "jdk update24", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "cosminexus application server 05-02-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jdk 02", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3" }, { "model": "tru64 unix pk6", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.1.0" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.5" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0.9" }, { "model": "jp1/hicommand provisioning manager )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-10" }, { "model": "tiered storage manager software", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "7.1.0-00" }, { "model": "device manager software (linux(sles", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-07" }, { "model": "enterprise linux desktop supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "jp1/cm2/network node manager starter edition enterprise hp-ux pa-ri", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-10-02" }, { "model": "cosminexus application server 05-01-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/hicommand replication monitor", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-50-02" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.3" }, { "model": "replication manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.0.0-00" }, { "model": "jre 21", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.1" }, { "model": "db2 fixpack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.19" }, { "model": "cosminexus developer standard 06-51-/h", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "os/400 v6r1m0", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "cosminexus developer standard 06-02-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer professional 06-50-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "replication manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.2-00" }, { "model": "jdk 1.5.0.0 04", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "interstage business application server standard edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-71" }, { "model": "tivoli foundations for application manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2" }, { "model": "db2 fix pack 3a", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "tivoli monitoring", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "db2 fixpack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.110" }, { "model": "jp1/hicommand tiered storage manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-20" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0.6" }, { "model": "cognos business viewpoint", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "jboss enterprise application platform for rhel server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "55" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20-02" }, { "model": "cosminexus developer 05-01-/j", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-05" }, { "model": "cosminexus developer light 06-51-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli federated identity manager", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6.2.0.9" }, { "model": "cognos business intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "88.4.1" }, { "model": "hp-ux web server suite", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.13" }, { "model": "tuning manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.1-00" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.04" }, { "model": "processing kit for xml", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "01-07" }, { "model": "cosminexus developer 05-01-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/hicommand tuning manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "04-00" }, { "model": "ucosminexus client 06-71-/h", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-10" }, { "model": "tuning manager software (solaris(sp", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-03" }, { "model": "enterprise linux for sap server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "jp1/hicommand tiered storage manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-50-02" }, { "model": "jp1/hicommand replication monitor", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-30" }, { "model": "tru64 unix b-3", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.1.0" }, { "model": "processing kit for xml 02-00-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer standard 06-00-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "runtimes for java technology", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.2" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0.5" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.013" }, { "model": "jdk 1.3.1 20", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "tiered storage manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.0.0-00" }, { "model": "cosminexus developer 05-05-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer light 06-00-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tiered storage manager software (solaris(sp", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.0.0-00" }, { "model": "cosminexus developer light 06-51-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "enterprise server x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "jdk 07", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "vcenter update manager", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.1" }, { "model": "cosminexus studio 05-05-/q", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "access manager", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "3.1" }, { "model": "jp1/integrated management service support", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-08-10-04" }, { "model": "cosminexus developer professional 06-00-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server 05-00-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "replication manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.0.1-01" }, { "model": "cosminexus developer light 06-00-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10-01" }, { "model": "jre 07", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.2.2" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.1" }, { "model": "virtualcenter update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.52" }, { "model": "tuning manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "jp1/cm2/network node manager starter edition hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "25008-00-03" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1" }, { "model": "cosminexus application server 05-00-/p", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer 05-05-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/hicommand global link availability manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-20" }, { "model": "tivoli monitoring", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.2" }, { "model": "provisioning manager software (linux(sles", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.3.0-00" }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-01" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1.4" }, { "model": "jdk update13", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.5" }, { "model": "tivoli netcool portal", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.1" }, { "model": "jp1/hicommand replication monitor", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "04-00" }, { "model": "ucosminexus application server standard 06-70-/a (windows(ip", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.12" }, { "model": "jp1/cm2/network node manager starter ed enterprise (hp-ux(pa-r", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00-01" }, { "model": "tivoli directory server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3" }, { "model": "tivoli workload scheduler", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4" }, { "model": "cognos metrics", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "jrockit r28.0.1", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "tivoli netview for z/os", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.4.0" }, { "model": "jdk update19", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0.1" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "processing kit for xml 01-05-/b (windows(en", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.21" }, { "model": "cosminexus developer light 06-02-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli federated identity manager business gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.1" }, { "model": "linux enterprise desktop sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-02" }, { "model": "jp1/hicommand replication monitor", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-40" }, { "model": "cosminexus developer 05-05-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-51" }, { "model": "jp1/hicommand replication monitor", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-10" }, { "model": "cosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-00" }, { "model": "jp1/hicommand global link availability manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-60-01" }, { "model": "jp1/hicommand provisioning manager (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "02-30" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.30" }, { "model": "reflection", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "x2011" }, { "model": "ucosminexus developer light 06-71-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli netcool portal", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.2" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.16" }, { "model": "totalstorage ds8300", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.1" }, { "model": "cosminexus developer standard 06-50-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/hicommand global link availability manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-00" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.31" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0.3" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0.31" }, { "model": "virtualcenter 2.5.update build", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "31" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-02" }, { "model": "cosminexus developer light 06-50-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jboss enterprise web server for rhel as", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "41.0" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.30" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.14" }, { "model": "cosminexus developer professional 06-02-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-71" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.19" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.117" }, { "model": "cics transaction gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "9.10" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "virtualcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.5" }, { "model": "jrockit r27.6.7", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "device manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-07" }, { "model": "jdk b", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.1.7" }, { "model": "jp1/cm2/network node manager starter ed enterprise (hp-ux(pa-risc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-10" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-10" }, { "model": "vcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.0" }, { "model": "ucosminexus developer standard 06-71-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jre 10-b03", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.2" }, { "model": "jrockit r27.6.0", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jp1/integrated management service support", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-08-10-02" }, { "model": "cosminexus developer professional 06-51-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tru64 unix b-4", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.1.0" }, { "model": "jre 07", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "jp1/hicommand tiered storage manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-40" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.8" }, { "model": "cosminexus developer professional 06-02-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.23" }, { "model": "jp1/hicommand tiered storage manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-10" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.1" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0.4" }, { "model": "cosminexus developer light 06-00-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1.1" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.10" }, { "model": "replication manager software", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "7.3.0-00" }, { "model": "cosminexus application server 05-01-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.11" }, { "model": "jp1/cm2/network node manager starter ed enterprise )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-10" }, { "model": "jp1/integrated management service support", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-08-10-03" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.13" }, { "model": "cosminexus application server 05-01-/j", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tuning manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.0" }, { "model": "tivoli storage manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "cosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-51" }, { "model": "cognos planning", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "jp1/cm2/network node manager starter edition (hp-ux(pa-risc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "25008-00" }, { "model": "aura conferencing sp1 standard", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.17" }, { "model": "provisioning manager software (linux(sles", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-07" }, { "model": "jp1/cm2/network node manager starter edition hp-ux(pa-ri", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "25008-10-12" }, { "model": "ucosminexus client 06-71-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-00" }, { "model": "tivoli netcool reporter", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.1" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-02" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20" }, { "model": "cics transaction gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-12" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10-08" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.2" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.2" }, { "model": "processing kit for xml", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "01-00" }, { "model": "linux enterprise desktop sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "tiered storage manager software (linux(rhel", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.0.0-00" }, { "model": "jp1/performance management web console", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-0" }, { "model": "tuning manager software", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-03" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-03" }, { "model": "jre 04", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3" }, { "model": "ucosminexus developer professional 06-71-/h", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus client 06-71-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.2" }, { "model": "provisioning manager software (linux(rhel", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-07" }, { "model": "jdk 02", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.2" }, { "model": "reflection for secure it unix client", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "6.0" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50" }, { "model": "rational clearquest", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.2" }, { "model": "provisioning manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-07" }, { "model": "ucosminexus developer professional 06-71-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "enterprise linux desktop optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux hpc node supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux desktop supplementary client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "ucosminexus developer standard 06-70-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "it operations analyzer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "02-51" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "tuning manager software )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.0" }, { "model": "jdk update17", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "ucosminexus developer professional 06-70-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/cm2/network node manager i", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.26" }, { "model": "cosminexus developer 05-05-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-10" }, { "model": "runtimes for java technology sr12 fp", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.04" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.119" }, { "model": "sdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.221" }, { "model": "sdk 02", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.2" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.8" }, { "model": "cosminexus application server standard 06-51-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-72(*1)" }, { "model": "tivoli composite application manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0.1" }, { "model": "hp-ux web server suite", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.12" }, { "model": "cosminexus developer standard 06-50-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jdk 0 03", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "cognos query", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.4" }, { "model": "cosminexus developer professional 06-50-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "jdk update20", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "jp1/cm2/snmp system observer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "jp1/serverconductor/control manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "7.0.2" }, { "model": "openvms secure web server", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.1-1" }, { "model": "cosminexus developer professional 06-51-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "aura conferencing standard", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "tiered storage manager software (solaris(sp", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-08" }, { "model": "cognos finance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0.1" }, { "model": "jp1/cm2/network node manager starter edition windows", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "25008-00-03" }, { "model": "ucosminexus application server standard 06-70-/m", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus client 06-00-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server 05-00-/s", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "ucosminexus application server enterprise 06-72-/b )", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "linux enterprise for sap applications sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "device manager software (solaris(sp", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-07" }, { "model": "linux hppa", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-02" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.3" }, { "model": "replication manager software (solaris(sp", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.0.0-00" }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-60" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.0.4" }, { "model": "global link manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.2-00" }, { "model": "processing kit for xml", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "jdk 20", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.1" }, { "model": "jp1/hicommand replication monitor", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-50-03" }, { "model": "cosminexus developer light 06-50-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "device manager software (linux(rhel", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.0.0-00" }, { "model": "vcenter update", "scope": "ne", "trust": 0.3, "vendor": "vmware", "version": "4.12" }, { "model": "cosminexus developer 05-05-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise 06-70-/o", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer 05-01-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer professional 06-02-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer standard 06-00-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jboss enterprise soa platform cp04", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4.3" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.04" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.06" }, { "model": "tivoli workload scheduler for applications", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "cosminexus developer 05-05-/l", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cognos powerplay", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "sdk 01", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.2" }, { "model": "processing kit for xml (windows(engli", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "01-05" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20-01" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "tivoli netcool performance manager technology pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "jp1/hicommand provisioning manager (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-90" }, { "model": "jre 1.5.0 09-b03", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "systems insight manager sp2", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.2" }, { "model": "job management partner 1/performance management web console", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.1" }, { "model": "device manager software (linux(sles", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.0.0-00" }, { "model": "device manager software )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.0-06" }, { "model": "tivoli federated identity manager business gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2" }, { "model": "cosminexus developer standard 06-51-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "cosminexus developer light 06-02-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3" }, { "model": "cosminexus developer light 06-02-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli configuration manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.1" }, { "model": "device manager software (solaris", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.1.1-04(x64))" }, { "model": "linux enterprise sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "rational clearcase", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.5" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-03-03" }, { "model": "device manager software (linux(rhel", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-08" }, { "model": "jboss enterprise web server for rhel server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "51.0" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.1" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20-01" }, { "model": "jdk 13", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.1.8" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.12" }, { "model": "cosminexus application server 05-01-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "provisioning manager software (linux(rhel", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-08" }, { "model": "tuning manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.2-01" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "9.10" }, { "model": "jdk 08", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.1" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-02" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20" }, { "model": "identity manager analyzer", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "1.2" }, { "model": "openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-05" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.27" }, { "model": "reflection for secure it unix server sp1", "scope": "ne", "trust": 0.3, "vendor": "attachmate", "version": "7.2" }, { "model": "virtualcenter update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.54" }, { "model": "systems insight manager sp1", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.2" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-70" }, { "model": "tivoli federated identity manager business gateway", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6.2.0.9" }, { "model": "identity manager designer", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "3.5.1" }, { "model": "openvms secure web server", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0" }, { "model": "jrockit r27.1.0", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "application manager for smart business", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.1" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-03-03" }, { "model": "ucosminexus application server standard 06-70-/k", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer standard 06-71-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "enterprise linux supplementary server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.18" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1.4" }, { "model": "device manager software )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.0-00" }, { "model": "cosminexus application server standard 06-51-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/hicommand tiered storage manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-90" }, { "model": "device manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "jboss enterprise application platform el5", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4.3" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-60" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.127" }, { "model": "jre 18", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.1" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.111" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.31" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.118" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "cosminexus studio 05-05-/p", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "provisioning manager software (linux(rhel", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.0.0-00" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.124" }, { "model": "enterprise linux desktop client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "interstage software quality analyzer", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "10.0" }, { "model": "device manager software", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "7.1.0-00" }, { "model": "jrockit r27.6.6", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0.96" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.012" }, { "model": "jp1/hicommand tuning manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-20" }, { "model": "jre 05a", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.2.2" }, { "model": "it operations analyzer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "02-51-01" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.16" }, { "model": "tuning manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.402" }, { "model": "jrockit r27.6.8", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "cosminexus developer light 06-51-/h", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "netcool/omnibus fix pack", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.3.120" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0.19" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.33" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.5" }, { "model": "tiered storage manager software (linux(sles", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.0.1-02" }, { "model": "tomcat", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": "6.0.32" }, { "model": "jre 003", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.2.2" }, { "model": "jdk 15", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.1.8" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20-02" }, { "model": "tivoli monitoring", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2" }, { "model": "ucosminexus application server enterprise hp-ux )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "cosminexus developer professional 06-51-/j", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server 05-01-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jboss enterprise application platform for rhel 4es", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "ucosminexus developer light 06-70-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5" }, { "model": "linux alpha", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "ucosminexus developer light 06-70-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "linux enterprise server sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "reflection for secure it windows server sp1", "scope": "ne", "trust": 0.3, "vendor": "attachmate", "version": "7.2" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.17" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-71" }, { "model": "jp1/integrated management service support", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-08-11-02" }, { "model": "ucosminexus application server enterprise hp-ux )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "jre 099", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.1.8" }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.12" }, { "model": "jp1/cm2/network node manager starter edition enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-10-02" }, { "model": "tiered storage manager software (linux(sles", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.3.0-00" }, { "model": "jre beta", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-01" }, { "model": "jp1/integrated management service support", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-08-51-01" }, { "model": "jp1/hicommand global link availability manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-70" }, { "model": "cognos visualizer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.11" }, { "model": "cosminexus developer light 06-02-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer light 06-02-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "it operations director", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "02-50-01" }, { "model": "jrockit r27.6.4", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "cognos financial performance analytics", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "tivoli storage productivity center fix pack", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "4.2.14" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.2" }, { "model": "cosminexus developer 05-01-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.015" }, { "model": "jp1/hicommand replication monitor", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-20" }, { "model": "cosminexus developer standard 06-00-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer light 06-51-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer 05-01-/l", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.106" }, { "model": "cosminexus studio web edition 04-00-/a", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cognos powerplay", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "cosminexus developer 05-05-/q", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/cm2/network node manager starter edition )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "25008-10" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.1" }, { "model": "sdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.219" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "cosminexus application server 05-01-/h", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cognos noticecast", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.125" }, { "model": "sentinel support pack", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "6.12" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.0" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-01" }, { "model": "cosminexus developer standard 06-51-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli storage manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2" }, { "model": "cosminexus application server standard 06-50-/c (hp-ux(", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "7.0.4" }, { "model": "hp-ux b.11.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "db2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.7" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20-01" }, { "model": "systems insight manager", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.0" }, { "model": "cosminexus application server 05-00-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jre", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.1.6" }, { "model": "device manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.0.0-00" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.5" }, { "model": "jdk 1.4.2 11", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "jp1/hicommand tuning manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-30" }, { "model": "jp1/hicommand replication monitor", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-60-01" }, { "model": "jre 14", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.1.8" }, { "model": "ucosminexus developer light 06-70-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/cm2/network node manager starter edition solaris", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "25008-00-03" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1.2" }, { "model": "jre 13", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.1.8" }, { "model": "ucosminexus application server enterprise 06-70-/g )", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/automatic job management system web operation assistant", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "3-0" }, { "model": "jdk 12", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.1.8" }, { "model": "tivoli directory server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2" }, { "model": "enterprise linux workstation optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "cognos metrics", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-03-03" }, { "model": "jp1/it resource management-manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "ucosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-70" }, { "model": "cosminexus developer professional 06-51-/k", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/hicommand replication monitor", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-00" }, { "model": "reflection for secure it windows server", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "7.2" }, { "model": "jdk 11", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.1.8" }, { "model": "jp1/cm2/network node manager starter ed enterprise )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "jp1/cm2/network node manager starter edition (hp-ux(pa-r", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "25008-00-02" }, { "model": "provisioning manager software", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-08" }, { "model": "jdk update23", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "linux enterprise server sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0.12" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.03" }, { "model": "cognos web services", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0.16" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.6" }, { "model": "jre 28", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.2" }, { "model": "device manager software (solaris(sp", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "7.1.0-00" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-72" }, { "model": "cosminexus studio standard edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "4" }, { "model": "db2 fixpak", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.55" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.4" }, { "model": "db2 fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.51" }, { "model": "cosminexus developer standard 06-50-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-01" }, { "model": "tiered storage manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.9" }, { "model": "cosminexus application server 05-00-/q", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/cm2/network node manager starter ed enterprise (hp-ux(pa-r", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-10-01" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "reflection for secure it unix server", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "6.0" }, { "model": "global link manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.1-00" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.24" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "cosminexus developer professional 06-00-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "sentinel support pack h", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "6.12" }, { "model": "replication manager software (linux(sles", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.0.0-00" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus application server standard 06-70-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli netcool performance manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3" }, { "model": "cosminexus client 06-50-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tiered storage manager software (linux(sles", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-07" }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-01" }, { "model": "ucosminexus developer light 06-70-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer light 06-71-/h", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer light 06-70-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "device manager software (solaris", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.1-02(x64))" }, { "model": "cosminexus developer 05-05-/p", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0" }, { "model": "jdk 01a", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.1" }, { "model": "linux mipsel", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux enterprise teradata sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "jp1/hicommand tuning manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-40" }, { "model": "jndi", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.2.1" }, { "model": "jdk 0 09", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "device manager software (solaris(sp", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-08" }, { "model": "jp1/cm2/network node manager starter ed enterprise pa-risc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00-03" }, { "model": "jp1/hicommand tuning manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-10" }, { "model": "jp1/hicommand tiered storage manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-00" }, { "model": "ucosminexus developer standard 06-70-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-05" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.19" }, { "model": "cosminexus developer standard 06-00-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "interstage job workload server", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.1" }, { "model": "provisioning manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.0.0-00" }, { "model": "cosminexus developer standard 06-51-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "vcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.1" }, { "model": "cognos business intelligence fp2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "88.4.1" }, { "model": "jre 04", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.1" }, { "model": "ucosminexus developer standard 06-70-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jdk 099", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.1.8" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.021" }, { "model": "jre 006", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.2.2" }, { "model": "enterprise linux server optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.29" }, { "model": "jp1/hicommand global link availability manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-60" }, { "model": "tuning manager software )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.1-00" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "tivoli enterprise console", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.9" }, { "model": "linux enterprise java sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-05" }, { "model": "cognos now!", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "processing kit for xml 01-05-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer 05-05-/n", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "db2 fixpack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.73" }, { "model": "cosminexus application server 05-00-/n", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer professional 06-71-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli netview for z/os", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.0" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.1.6" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-01" }, { "model": "db2 fixpak", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.52" }, { "model": "hp-ux web server suite", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.31" }, { "model": "cosminexus developer 05-01-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli storage productivity center", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "4.2.1.185" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.07" }, { "model": "reflection for secure it unix server", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "7.2" }, { "model": "jdk update25", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "cosminexus developer standard 06-00-/h", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "virtualcenter update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.51" }, { "model": "jdk 04", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.1" }, { "model": "replication manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "tivoli application dependency discovery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "replication manager software (linux(sles", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.0.1-01" }, { "model": "job management partner 1/automatic job management system web", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "2-0" }, { "model": "jdk 1.6.0 01-b06", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "cosminexus application server 05-00-/j", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "rational clearquest", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.5" }, { "model": "linux lpia", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "9.10" }, { "model": "device manager software (solaris(sp", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.0.0-00" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "jp1/integrated management service support", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-08-10-01" }, { "model": "ucosminexus client 06-71-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer light 06-51-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-01" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.017" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "7.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.32" }, { "model": "provisioning manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "jdk 1.5.0.0 03", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-10" }, { "model": "cosminexus developer standard 06-50-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "sdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.227" }, { "model": "cosminexus application server standard 06-50-/g (aix", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "vcenter update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.11" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.1" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.13" }, { "model": "cosminexus developer standard 06-51-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0.11" }, { "model": "jp1/hicommand global link availability manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-50" }, { "model": "sdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.224" }, { "model": "infosphere information server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1" }, { "model": "cosminexus developer standard 06-02-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "novell linux pos", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "9" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.27" }, { "model": "tivoli integrated portal", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.1.115" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0.8" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-71" }, { "model": "cosminexus studio web edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-04-01" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.15" }, { "model": "jdk 10", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.1.8" }, { "model": "ucosminexus developer light 06-71-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jdk update18", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "tiered storage manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.0.1-02" }, { "model": "ucosminexus application server standard 06-72-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "device manager software (solaris", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.1.1-00(x64))" }, { "model": "interstage application server enterprise edition 9.1.0b", "scope": null, "trust": 0.3, "vendor": "fujitsu", "version": null }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10-1" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.28" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.20" }, { "model": "identity manager roles based provisioning module", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "3.7" }, { "model": "cosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.0" }, { "model": "tivoli federated identity manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.1.2" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-10" }, { "model": "tivoli monitoring", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "interstage application server enterprise edition b", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0.1" }, { "model": "tivoli composite application manager for websphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "tivoli federated identity manager", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "ucosminexus developer professional 06-71-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jre", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.0" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.20" }, { "model": "cognos controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "job management partner 1/automatic job management system web", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "3-0" }, { "model": "ucosminexus developer standard 06-70-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "identity manager", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "3.6.1" }, { "model": "jp1/hicommand tiered storage manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-50-01" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "5.0" }, { "model": "it operations director", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "02-50-07" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.112" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0" }, { "model": "vcenter update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.01" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.6" }, { "model": "tuning manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.401" }, { "model": "cosminexus developer standard 06-00-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer standard 06-02-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "linux enterprise sdk sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "ucosminexus developer professional 06-70-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli netview for z/os", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.0" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.122" }, { "model": "tivoli application dependency discovery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2" }, { "model": "hp-ux web server suite", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.10" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.7" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.4" }, { "model": "device manager software (solaris", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.0-06(x64))" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.32" }, { "model": "ucosminexus developer standard 06-71-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-02" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.6" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.24" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "jndi/ldap", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.2.2" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.2" }, { "model": "db2 fix pack 6a", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "jrockit r27.6.2", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-60" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2" }, { "model": "cosminexus developer professional 06-02-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus studio web edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "4" }, { "model": "db2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "tru64 unix 5.1b-5", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0.7" }, { "model": "cognos powerplay", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "jp1/hicommand provisioning manager )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-90" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4" }, { "model": "cosminexus developer standard 06-51-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.25" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-72(*1)" }, { "model": "ucosminexus application server enterprise 06-70-/l", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jre 003", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.2.1" }, { "model": "cosminexus application server enterprise 06-51-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server 05-01-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-02" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.10" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.9" }, { "model": "cognos executive viewer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.13" }, { "model": "cognos real-time monitoring", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "cosminexus server web edition 04-01-/a", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "reflection for secure it windows server sp2", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "7.0" }, { "model": "ucosminexus developer light 06-71-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/integrated management service support", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-08-11-01" }, { "model": "interstage service integrator enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "tivoli access manager for e-business", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.1" }, { "model": "jre 27", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.2" }, { "model": "cosminexus developer light 06-00-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli monitoring", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.1" }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20" }, { "model": "jp1/hicommand global link availability manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-08" }, { "model": "tivoli directory server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.014" }, { "model": "openvms secure web server", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1-1" }, { "model": "cosminexus developer professional 06-02-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6" }, { "model": "open-enterprise-server", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "0" }, { "model": "tiered storage manager software (solaris(sp", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "7.1.0-00" }, { "model": "cosminexus application server enterprise 06-50-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.011" }, { "model": "global link manager software", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "6.6-00" }, { "model": "jrockit r27.6.3", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "cosminexus developer light 06-51-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jdk update14", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "cosminexus application server 05-02-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.5" }, { "model": "tivoli directory server 6.2.0.3-tiv-itds-if0", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "reflection for secure it unix client sp1", "scope": "ne", "trust": 0.3, "vendor": "attachmate", "version": "7.2" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.121" }, { "model": "processing kit for xml 02-05-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "processing kit for xml 02-00-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "cosminexus developer professional 06-51-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard 06-70-/o", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard 06-72-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50" }, { "model": "device manager software )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.1.1-03" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.28" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20-01" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "replication manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.1-00" }, { "model": "device manager software (solaris", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.1.1-03(x64))" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-02" }, { "model": "jp1/hicommand global link availability manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-06" }, { "model": "cosminexus developer standard 06-51-/j", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "it operations analyzer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "02-53" }, { "model": "jp1/hicommand tuning manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-90" }, { "model": "cognos banking risk performance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10-01" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-12" }, { "model": "reflection for secure it unix client sp1", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "7.0" }, { "model": "ucosminexus developer standard 06-71-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cics transaction gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "openvms secure web server", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "jre 004", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.2.2" }, { "model": "cosminexus developer standard 06-51-/k", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "virtualcenter update 6a", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.5" }, { "model": "websphere datapower xc10 appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.0.0" }, { "model": "cosminexus application server enterprise )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-02" }, { "model": "cosminexus developer 05-00-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer professional 06-00-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-10" }, { "model": "tivoli storage productivity center for replication", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "4.2.1.4" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-70" }, { "model": "tiered storage manager software (linux(rhel", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.0.1-02" }, { "model": "device manager software (linux(rhel", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "7.1.0-00" }, { "model": "cics transaction gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "reflection for the web r3 build", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "2008527" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10-01" }, { "model": "processing kit for xml 02-05-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jre 17", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.3" }, { "model": "cosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6" }, { "model": "tivoli federated identity manager", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6.2.14" }, { "model": "jre 1.5.0 09", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "jp1/hicommand tuning manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "03-50" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0.10" }, { "model": "enterprise linux ws extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "jp1/cm2/snmp system observer )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "business availability center", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.55" }, { "model": "jp1/hicommand tiered storage manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "linux enterprise server", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "9" }, { "model": "esx server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "3.0.3" }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20" }, { "model": "enterprise linux es extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "tivoli netcool performance manager for wireless", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.2" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.010" }, { "model": "jp1/hicommand replication monitor", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-90" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-05" }, { "model": "jp1/cm2/network node manager i advanced", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.7" }, { "model": "systems insight manager update", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.31" }, { "model": "cosminexus application server 05-00-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer standard 06-71-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.26" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus application server standard 06-70-/b )", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer 05-05-/m", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "global link manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.2-01" }, { "model": "sdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.223" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.123" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-09" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0.1" }, { "model": "ucosminexus application server enterprise 06-72-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-05" }, { "model": "cosminexus application server standard 06-50-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jre 003", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.1.8" }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20-01" }, { "model": "db2 fixpack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.72" }, { "model": "provisioning manager software (linux(sles", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-08" }, { "model": "vcenter update manager update", "scope": "ne", "trust": 0.3, "vendor": "vmware", "version": "4.12" }, { "model": "jdk 05", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3" }, { "model": "enterprise server", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "ucosminexus application server standard 06-71-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "processing kit for xml 01-05-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/hicommand global link availability manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-09" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-03-03" }, { "model": "cosminexus developer standard 06-00-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer professional 06-51-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.116" }, { "model": "jp1/cm2/network node manager starter ed enterprise solaris", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00-03" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20-01" }, { "model": "ucosminexus application server enterprise hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10-01" }, { "model": "cosminexus client 06-02-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jdk update16", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "jp1/cm2/network node manager starter edition )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "25008-00" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-09" }, { "model": "tiered storage manager software (linux(sles", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.0.0-00" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-09" }, { "model": "tiered storage manager software (linux(sles", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-08" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.3" }, { "model": "sdk .0 01", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4" }, { "model": "cosminexus developer professional 06-50-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-00" }, { "model": "device manager software (linux(sles", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.0.1-02" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.4" }, { "model": "tuning manager software )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.2-01" }, { "model": "cosminexus developer light 06-00-/h", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli netcool performance manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.020" }, { "model": "enterprise linux as for sap", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "5" }, { "model": "db2 fixpak", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.54" }, { "model": "cosminexus developer standard 06-02-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "device manager software (solaris", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.1-03(x64))" }, { "model": "cosminexus developer standard 06-51-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-51" }, { "model": "tivoli composite application manager for websphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2" }, { "model": "system storage ds8700", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-10" }, { "model": "cosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-00" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.33" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20-02" }, { "model": "cosminexus studio web edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-04-00" }, { "model": "interstage service integrator enterprise edition 9.0.0a", "scope": null, "trust": 0.3, "vendor": "fujitsu", "version": null }, { "model": "cosminexus application server standard 06-51-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli directory server 6.3.0.0-tiv-itds-if0", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.05" }, { "model": "jp1/hicommand global link availability manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-00" }, { "model": "jre .0 03", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3" }, { "model": "tuning manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.0" }, { "model": "cosminexus developer standard 06-00-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cognos business viewpoint", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.113" }, { "model": "websphere datapower xc10 appliance", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.0.0.5" }, { "model": "cosminexus application server enterprise 06-51-/b (linux(", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-03-03" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.14" }, { "model": "tivoli integrated portal", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.114" }, { "model": "systems insight manager sp2", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "jdk 19", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.1" }, { "model": "cosminexus developer professional 06-50-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server 05-01-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "interstage software quality analyzer 10.0.0a", "scope": null, "trust": 0.3, "vendor": "fujitsu", "version": null }, { "model": "cosminexus application server standard )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-02" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20-02" }, { "model": "cognos tm1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-05" }, { "model": "cosminexus application server 05-00-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "it operations analyzer", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "02-53-01" }, { "model": "cosminexus developer professional 06-50-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/integrated management service support", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-0" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0.15" }, { "model": "jdk 003", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.1.8" }, { "model": "cosminexus application server 05-01-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cognos decisionstream", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10-01" }, { "model": "jp1/hicommand replication monitor", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-60" }, { "model": "jp1/hicommand tuning manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-00" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.34" }, { "model": "jp1/automatic job management system web operation assistant", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "2-0" }, { "model": "cosminexus application server 05-01-/l", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "infosphere information server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.25" }, { "model": "jre 19", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.1" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.1" }, { "model": "ucosminexus application server standard 06-70-/j", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "reflection for secure it windows server", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "6.0" }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-02" }, { "model": "tuning manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.001" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.13" }, { "model": "cics transaction gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "cosminexus application server 05-00-/o", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server 05-00-/h", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tuning manager software )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.402" }, { "model": "tuning manager software )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.0" }, { "model": "systems insight manager sp6", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20-01" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.016" }, { "model": "cognos business intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "network node manager i", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.00" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-03-03" }, { "model": "ucosminexus developer light 06-71-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server enterprise 06-51-/j", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/cm2/network node manager starter edition pa-risc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "25008-00-03" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.1" }, { "model": "jdk 1.5.0 07-b03", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "cosminexus application server standard 06-51-/b (linux(", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server standard 06-50-/b )", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.2" }, { "model": "jre 16", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.1" }, { "model": "jp1/cm2/network node manager starter ed enterprise (hp-ux(pa-risc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "cosminexus application server 05-05-/n", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.8" }, { "model": "jp1/hicommand global link availability manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-07" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "7.0.6" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "jboss enterprise portal platform 4.3.cp06", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-70" }, { "model": "enterprise linux sap", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3" }, { "model": "jp1/hicommand provisioning manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "cosminexus developer standard 06-02-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server 05-05-/p", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/hicommand replication monitor", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-50" }, { "model": "jre 03", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3" }, { "model": "tivoli netview", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.5" }, { "model": "cosminexus developer professional 06-51-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "openvms secure web server", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2-2" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "cosminexus application server enterprise 06-51-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server 05-00-/k", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "replication manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.1-01" }, { "model": "cosminexus developer 05-05-/k", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus server web edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-04-00" }, { "model": "jp1/hicommand global link availability manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-04" }, { "model": "cosminexus developer light 06-50-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.1" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.29" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.2.1" }, { "model": "jdk update22", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.4" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-09" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.109" }, { "model": "jdk update15", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "cosminexus developer 05-01-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.11" }, { "model": "jboss enterprise web platform for rhel 4es", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "cosminexus developer 05-01-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.110" }, { "model": "enterprise linux desktop workstation client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "provisioning manager software (solaris(sp", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-08" }, { "model": "jdk 1.4.2 10", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "cosminexus developer standard 06-02-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "esx update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.11" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0.28" }, { "model": "device manager software (solaris", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.2-00(x64))" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.10" }, { "model": "db2 fixpack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.57" }, { "model": "it operations analyzer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "02-01" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "9.10" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-01" } ], "sources": [ { "db": "BID", "id": "46091" }, { "db": "JVNDB", "id": "JVNDB-2011-000018" }, { "db": "JVNDB", "id": "JVNDB-2011-000017" }, { "db": "JVNDB", "id": "JVNDB-2011-000016" }, { "db": "JVNDB", "id": "JVNDB-2011-001185" }, { "db": "JVNDB", "id": "JVNDB-2011-000020" }, { "db": "NVD", "id": "CVE-2010-4476" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:hp:systems_insight_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:ibm:ibm_forms", "vulnerable": true }, { "cpe22Uri": "cpe:/a:ibm:lotus_expeditor", "vulnerable": true }, { "cpe22Uri": "cpe:/a:ibm:lotus_quickr", "vulnerable": true }, { "cpe22Uri": "cpe:/a:ibm:ibm_mashup_center", "vulnerable": true }, { "cpe22Uri": "cpe:/a:ibm:websphere_dashboard_framework", "vulnerable": true }, { "cpe22Uri": "cpe:/a:ibm:lotus_activeinsight", "vulnerable": true }, { "cpe22Uri": "cpe:/a:ibm:lotus_connections", "vulnerable": true }, { "cpe22Uri": "cpe:/a:ibm:lotus_mashups", "vulnerable": true }, { "cpe22Uri": "cpe:/a:ibm:lotus_sametime_advanced", "vulnerable": true }, { "cpe22Uri": "cpe:/a:ibm:lotus_sametime_standard", "vulnerable": true }, { "cpe22Uri": "cpe:/a:ibm:lotus_sametime_unified_telephony", "vulnerable": true }, { "cpe22Uri": "cpe:/a:ibm:lotus_web_content_management", "vulnerable": true }, { "cpe22Uri": "cpe:/a:ibm:lotus_workforce_management", "vulnerable": true }, { "cpe22Uri": "cpe:/a:ibm:websphere_portlet_factory", "vulnerable": true }, { "cpe22Uri": "cpe:/a:ibm:workplace_web_content_management", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-000018" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "HP", "sources": [ { "db": "PACKETSTORM", "id": "114812" }, { "db": "PACKETSTORM", "id": "98801" }, { "db": "PACKETSTORM", "id": "101246" }, { "db": "PACKETSTORM", "id": "101245" }, { "db": "PACKETSTORM", "id": "112826" }, { "db": "PACKETSTORM", "id": "111920" } ], "trust": 0.6 }, "cve": "CVE-2010-4476", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2010-4476", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "IPA", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2011-000018", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "IPA", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2011-000017", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "Single", "author": "IPA", "availabilityImpact": "Partial", "baseScore": 4.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2011-000016", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "IPA", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2011-000020", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2010-4476", "trust": 1.0, "value": "MEDIUM" }, { "author": "IPA", "id": "JVNDB-2011-000018", "trust": 0.8, "value": "Medium" }, { "author": "IPA", "id": "JVNDB-2011-000017", "trust": 0.8, "value": "Medium" }, { "author": "IPA", "id": "JVNDB-2011-000016", "trust": 0.8, "value": "Medium" }, { "author": "NVD", "id": "CVE-2010-4476", "trust": 0.8, "value": "Medium" }, { "author": "IPA", "id": "JVNDB-2011-000020", "trust": 0.8, "value": "Medium" }, { "author": "VULMON", "id": "CVE-2010-4476", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2010-4476" }, { "db": "JVNDB", "id": "JVNDB-2011-000018" }, { "db": "JVNDB", "id": "JVNDB-2011-000017" }, { "db": "JVNDB", "id": "JVNDB-2011-000016" }, { "db": "JVNDB", "id": "JVNDB-2011-001185" }, { "db": "JVNDB", "id": "JVNDB-2011-000020" }, { "db": "NVD", "id": "CVE-2010-4476" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. IBM WebSphere Application Server (WAS) contains a denial-of-service (DoS) vulnerability. IBM WebSphere Application Server contains a denial-of-service (DoS) vulnerability due to an issue in Java Runtime Environment (JRE). According to the developer: \" For other IBM software products that contain an affected version of WAS, require an update. Specifically, WebSphere Process Server (WPS), WebSphere Enterprise Service Bus (WESB), WebSphere Virtual Enterprise (WVE), WebSphere Commerce and others are applicable. Also, IBM HTTP Server is not affected by this vulnerability.\"A remote attacker may cause a denial-of-service (DoS). plural Oracle Product Java Runtime Environment Components include Java language and APIs There are vulnerabilities that affect availability due to flaws in the handling of.Service disruption by a third party (DoS) An attack may be carried out. A wide range of products are affected. Oracle Java is prone to a remote denial-of-service vulnerability. \nSuccessful attacks will cause applications written in Java to hang, creating a denial-of-service condition. \nHP OpenVMS running J2SE 1.42 on Alpha platforms: v 1.42-9 and earlier. \nHP OpenVMS running J2SE 1.42 on I64 platforms: v 1.42-6 and earlier. \nHP OpenVMS running J2SE 5.0 on Alpha platforms: v 1.50-7 and earlier. \nHP OpenVMS running J2SE 5.0 on I64 platforms: v 1.50-6 and earlier. \nHP OpenVMS running Java SE 6 on Alpha and I64 platforms: v 6.0-2 and earlier. \nThe updates are available from: http://www.hp.com/go/java\n\nThese issues are addressed in the following versions of the HP Java:\n\nHP-UX B.11.11 / SDK and JRE v1.4.2.28 or subsequent\n\nHP-UX B.11.23 / SDK and JRE v1.4.2.28 or subsequent\n\nHP-UX B.11.31 / SDK and JRE v1.4.2.28 or subsequent\n\nMANUAL ACTIONS: Yes - Update\n\nFor Java v1.4.2.27 and earlier, update to Java v1.4.2.28 or subsequent. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n\n Mandriva Linux Security Advisory MDVSA-2011:054\n http://www.mandriva.com/security/\n _______________________________________________________________________\n\n Package : java-1.6.0-openjdk\n Date : March 27, 2011\n Affected: 2009.0, 2010.0, 2010.1, Enterprise Server 5.0\n _______________________________________________________________________\n\n Problem Description:\n\n Multiple vulnerabilities has been identified and fixed in\n java-1.6.0-openjdk:\n \n The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7,\n 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from\n the checkPermission method instead of throwing an exception in certain\n circumstances, which might allow context-dependent attackers to bypass\n the intended security policy by creating instances of ClassLoader\n (CVE-2010-4351). NOTE: the\n previous information was obtained from the February 2011 CPU. Oracle\n has not commented on claims from a downstream vendor that this issue\n involves DNS cache poisoning by untrusted applets. NOTE: the previous information was\n obtained from the February 2011 CPU. Oracle has not commented on claims\n from a downstream vendor that this issue is an untrusted search path\n vulnerability involving an empty LD_LIBRARY_PATH environment variable\n (CVE-2010-4450). NOTE: the previous information was obtained from the\n February 2011 CPU. Oracle has not commented on claims from a downstream\n vendor that this issue is related to the lack of framework support by\n AWT event dispatch, and/or clipboard access in Applets. NOTE: the previous information was obtained from\n the February 2011 CPU. Oracle has not commented on claims from a\n downstream vendor that this issue is heap corruption related to the\n Verifier and backward jsrs. NOTE: the previous information\n was obtained from the February 2011 CPU. Oracle has not commented on\n claims from a downstream vendor that this issue is related to Features\n set on SchemaFactory not inherited by Validator. NOTE: the previous information\n was obtained from the February 2011 CPU. Oracle has not commented\n on claims from a downstream vendor that this issue is related to the\n exposure of system properties via vectors related to Font.createFont\n and exception text (CVE-2010-4471). NOTE: the previous\n information was obtained from the February 2011 CPU. Oracle has\n not commented on claims from a downstream vendor that this issue\n involves the replacement of the XML DSig Transform or C14N algorithm\n implementations. \n \n IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5\n does not properly verify signatures for JAR files that (1) are\n partially signed or (2) signed by multiple entities, which allows\n remote attackers to trick users into executing code that appears to\n come from a trusted source (CVE-2011-0025). \n \n The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in\n OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain\n privileges via unknown vectors related to multiple signers and the\n assignment of an inappropriate security descriptor. (CVE-2011-0706)\n \n Additionally the java-1.5.0-gcj packages were not rebuilt with the\n shipped version on GCC for 2009.0 and Enterprise Server 5 which\n caused problems while building the java-1.6.0-openjdk updates,\n therefore rebuilt java-1.5.0-gcj packages are being provided with\n this advisory as well. \n \n Packages for 2009.0 are provided as of the Extended Maintenance\n Program. Please visit this link to learn more:\n http://store.mandriva.com/product_info.php?cPath=149\u0026amp;products_id=490\n \n The updated packages have been patched to correct this issue. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4351\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4448\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4450\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4465\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4469\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4470\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4471\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4472\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0025\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0706\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2009.0:\n cfea90f1f20d28bf5a2f628e0a910eaa 2009.0/i586/java-1.5.0-gcj-1.5.0.0-17.1.7.1mdv2009.0.i586.rpm\n d3188bf2f1da126b4d04e920e331d831 2009.0/i586/java-1.5.0-gcj-devel-1.5.0.0-17.1.7.1mdv2009.0.i586.rpm\n 1b4994018478f335d49531d9d5e60642 2009.0/i586/java-1.5.0-gcj-javadoc-1.5.0.0-17.1.7.1mdv2009.0.i586.rpm\n 078af1b826c27ea3c7befc88ace7ebd5 2009.0/i586/java-1.5.0-gcj-src-1.5.0.0-17.1.7.1mdv2009.0.i586.rpm\n d1c6cba2035f8eada4e351310ebf7be2 2009.0/i586/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2009.0.i586.rpm\n 8b53c26f88092819346654a339b44622 2009.0/i586/java-1.6.0-openjdk-demo-1.6.0.0-7.b18.5mdv2009.0.i586.rpm\n fc8af257ef8db0d37f3bfff954740c0b 2009.0/i586/java-1.6.0-openjdk-devel-1.6.0.0-7.b18.5mdv2009.0.i586.rpm\n 6cd5f5cdb27e4c8936292aef0aa5010c 2009.0/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-7.b18.5mdv2009.0.i586.rpm\n 03fdab84535710ac263c08b3870cb062 2009.0/i586/java-1.6.0-openjdk-plugin-1.6.0.0-7.b18.5mdv2009.0.i586.rpm\n 0232ce60d1d6e1072e50a13f2b416fcc 2009.0/i586/java-1.6.0-openjdk-src-1.6.0.0-7.b18.5mdv2009.0.i586.rpm \n fc94465e0b7e5fe50095c15726d38699 2009.0/SRPMS/java-1.5.0-gcj-1.5.0.0-17.1.7.1mdv2009.0.src.rpm\n 79aa73d85fe13e803173a9c520ac1bd8 2009.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2009.0.src.rpm\n\n Mandriva Linux 2009.0/X86_64:\n 5728fe31661213beab52fe97f9af91ad 2009.0/x86_64/java-1.5.0-gcj-1.5.0.0-17.1.7.1mdv2009.0.x86_64.rpm\n bd5a2a20d168ddcebe29bb109fea38c2 2009.0/x86_64/java-1.5.0-gcj-devel-1.5.0.0-17.1.7.1mdv2009.0.x86_64.rpm\n a37818a53a8dbfa85d82bcf3bf83e08f 2009.0/x86_64/java-1.5.0-gcj-javadoc-1.5.0.0-17.1.7.1mdv2009.0.x86_64.rpm\n ed9d1baa365606c512783863da3e0bd8 2009.0/x86_64/java-1.5.0-gcj-src-1.5.0.0-17.1.7.1mdv2009.0.x86_64.rpm\n b5e70c75ecc67f8f1f7f22ca55059a8b 2009.0/x86_64/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2009.0.x86_64.rpm\n 071df613e884a9faf3525661280b19d6 2009.0/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-7.b18.5mdv2009.0.x86_64.rpm\n 81b79e0a8ae29c5bcff3fa6872ad52e9 2009.0/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-7.b18.5mdv2009.0.x86_64.rpm\n b5818cbad798514f02ee26c346d1e077 2009.0/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-7.b18.5mdv2009.0.x86_64.rpm\n d80e3970d9279df1f9dddd46bcb01380 2009.0/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-7.b18.5mdv2009.0.x86_64.rpm\n d72298b296819ab6791e28449d3cf475 2009.0/x86_64/java-1.6.0-openjdk-src-1.6.0.0-7.b18.5mdv2009.0.x86_64.rpm \n fc94465e0b7e5fe50095c15726d38699 2009.0/SRPMS/java-1.5.0-gcj-1.5.0.0-17.1.7.1mdv2009.0.src.rpm\n 79aa73d85fe13e803173a9c520ac1bd8 2009.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2009.0.src.rpm\n\n Mandriva Linux 2010.0:\n bbe3a5e4538edd269e8e8c846d02ec50 2010.0/i586/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2010.0.i586.rpm\n 825fa39b02a627993df166acad99e002 2010.0/i586/java-1.6.0-openjdk-demo-1.6.0.0-7.b18.5mdv2010.0.i586.rpm\n b30390e1d4457964f60630c95b36e768 2010.0/i586/java-1.6.0-openjdk-devel-1.6.0.0-7.b18.5mdv2010.0.i586.rpm\n f6123d9a0852fabdf596850979b58e4d 2010.0/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-7.b18.5mdv2010.0.i586.rpm\n f2ec2f80944f1f401154d2fb2c2ad64d 2010.0/i586/java-1.6.0-openjdk-plugin-1.6.0.0-7.b18.5mdv2010.0.i586.rpm\n 68ed360de6ee490d80906fd561459faa 2010.0/i586/java-1.6.0-openjdk-src-1.6.0.0-7.b18.5mdv2010.0.i586.rpm \n f7cb05087b53d464084c1d9975f914b1 2010.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2010.0.src.rpm\n\n Mandriva Linux 2010.0/X86_64:\n 11e65a4c18288572327dd4c4f8841f94 2010.0/x86_64/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2010.0.x86_64.rpm\n 58bdac45685c3146adb44cb2c006811f 2010.0/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-7.b18.5mdv2010.0.x86_64.rpm\n e9dfc0bd42192c92b2a788809226ff27 2010.0/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-7.b18.5mdv2010.0.x86_64.rpm\n afcef69bfa7804c70df2684b2ed19634 2010.0/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-7.b18.5mdv2010.0.x86_64.rpm\n 64ea6c5ab1b71b8a0f163aa1f7581c69 2010.0/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-7.b18.5mdv2010.0.x86_64.rpm\n beb768b3e0714331050baf31a8e88bc9 2010.0/x86_64/java-1.6.0-openjdk-src-1.6.0.0-7.b18.5mdv2010.0.x86_64.rpm \n f7cb05087b53d464084c1d9975f914b1 2010.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2010.0.src.rpm\n\n Mandriva Linux 2010.1:\n c2736e4b08921bb5de8dbad3e13bb988 2010.1/i586/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2010.2.i586.rpm\n 884207fa52ea3e168710dfb3988229d5 2010.1/i586/java-1.6.0-openjdk-demo-1.6.0.0-7.b18.5mdv2010.2.i586.rpm\n a0d0a86bbc5dcc9d2eff2dc2e14ae083 2010.1/i586/java-1.6.0-openjdk-devel-1.6.0.0-7.b18.5mdv2010.2.i586.rpm\n dc1dd774b5eb1efb1a785b0ff4bc8f94 2010.1/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-7.b18.5mdv2010.2.i586.rpm\n 41cffbd28ed3d467e465328d8369116a 2010.1/i586/java-1.6.0-openjdk-plugin-1.6.0.0-7.b18.5mdv2010.2.i586.rpm\n ae4064b170d4e2fcd0b4949cd53af79e 2010.1/i586/java-1.6.0-openjdk-src-1.6.0.0-7.b18.5mdv2010.2.i586.rpm \n f44cc336bcd85dbfd7c589b1b34e1907 2010.1/SRPMS/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2010.2.src.rpm\n\n Mandriva Linux 2010.1/X86_64:\n 556d72a8cf60df24274bb49938a2791c 2010.1/x86_64/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2010.2.x86_64.rpm\n e7e183d456383ad562cdb9da84e0f899 2010.1/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-7.b18.5mdv2010.2.x86_64.rpm\n 035fccb2950b8a87cd4b597c866d5831 2010.1/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-7.b18.5mdv2010.2.x86_64.rpm\n a76c326c10b87a62be32100d0eddd75f 2010.1/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-7.b18.5mdv2010.2.x86_64.rpm\n 09ad2b77e3c48b3e16010c8c93fa8f9b 2010.1/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-7.b18.5mdv2010.2.x86_64.rpm\n 042beb49ddd872902a8faea3e425b792 2010.1/x86_64/java-1.6.0-openjdk-src-1.6.0.0-7.b18.5mdv2010.2.x86_64.rpm \n f44cc336bcd85dbfd7c589b1b34e1907 2010.1/SRPMS/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2010.2.src.rpm\n\n Mandriva Enterprise Server 5:\n 2bf537286d1406c491061e07a73c96ec mes5/i586/java-1.5.0-gcj-1.5.0.0-17.1.7.1mdvmes5.2.i586.rpm\n fb125806cc547d2c69cf13ae67c835d5 mes5/i586/java-1.5.0-gcj-devel-1.5.0.0-17.1.7.1mdvmes5.2.i586.rpm\n 657a9fb9b644be8f8a49442a8210d56a mes5/i586/java-1.5.0-gcj-javadoc-1.5.0.0-17.1.7.1mdvmes5.2.i586.rpm\n fff64cbf465a2a701c248ad5cc4c89c6 mes5/i586/java-1.5.0-gcj-src-1.5.0.0-17.1.7.1mdvmes5.2.i586.rpm\n 8ba9fe5adad781d341ba764b661c8c92 mes5/i586/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdvmes5.2.i586.rpm\n 75de95d6064fe9d552795deb0768dfca mes5/i586/java-1.6.0-openjdk-demo-1.6.0.0-7.b18.5mdvmes5.2.i586.rpm\n 9f5ccbfff9afb405baadfc67f8173617 mes5/i586/java-1.6.0-openjdk-devel-1.6.0.0-7.b18.5mdvmes5.2.i586.rpm\n 70de70d7adaccff5397814d31bd51a96 mes5/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-7.b18.5mdvmes5.2.i586.rpm\n 94b138e8a423f2f8c2ad137577bb4d42 mes5/i586/java-1.6.0-openjdk-plugin-1.6.0.0-7.b18.5mdvmes5.2.i586.rpm\n fd7dc4b050b6e07ea7686a72c2704ccd mes5/i586/java-1.6.0-openjdk-src-1.6.0.0-7.b18.5mdvmes5.2.i586.rpm \n 2899dfa5a7491a13e85736bf588913d9 mes5/SRPMS/java-1.5.0-gcj-1.5.0.0-17.1.7.1mdv2009.0.src.rpm\n 4fc6e8041b5a93a3a71082fb1cbead26 mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdvmes5.2.src.rpm\n\n Mandriva Enterprise Server 5/X86_64:\n 11c7cdc078dcd9cf30e818f4fb4c4e1f mes5/x86_64/java-1.5.0-gcj-1.5.0.0-17.1.7.1mdvmes5.2.x86_64.rpm\n 6c6185f429a1672255e30cf00c2af065 mes5/x86_64/java-1.5.0-gcj-devel-1.5.0.0-17.1.7.1mdvmes5.2.x86_64.rpm\n f194361aa7a5cfeec17745f0ee158962 mes5/x86_64/java-1.5.0-gcj-javadoc-1.5.0.0-17.1.7.1mdvmes5.2.x86_64.rpm\n 7d2679d156a618d7ba847ba2ebcede4b mes5/x86_64/java-1.5.0-gcj-src-1.5.0.0-17.1.7.1mdvmes5.2.x86_64.rpm\n 8ae3d0065764f69d1546a61b895a4244 mes5/x86_64/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdvmes5.2.x86_64.rpm\n 8ef4ab6f5f8f421c1b36dfae807350a5 mes5/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-7.b18.5mdvmes5.2.x86_64.rpm\n d504a7493fc86d5750c849f738bb6167 mes5/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-7.b18.5mdvmes5.2.x86_64.rpm\n 3c044a087cc5225fd9ad138dcea5fa7d mes5/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-7.b18.5mdvmes5.2.x86_64.rpm\n b89fa5785567340525aa5b57c8b9440c mes5/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-7.b18.5mdvmes5.2.x86_64.rpm\n 3dc504dbf7161b1026bf41298118a819 mes5/x86_64/java-1.6.0-openjdk-src-1.6.0.0-7.b18.5mdvmes5.2.x86_64.rpm \n 2899dfa5a7491a13e85736bf588913d9 mes5/SRPMS/java-1.5.0-gcj-1.5.0.0-17.1.7.1mdv2009.0.src.rpm\n 4fc6e8041b5a93a3a71082fb1cbead26 mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdvmes5.2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niD8DBQFNj4A1mqjQ0CJFipgRAqd9AKDH+zN9xFfcPlQmGWMRSOqb+xjI4QCfbvvt\nDHgr6vgcxh6XXAElZkDBIws=\n=7L47\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\n\nSecure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). \n\nRequest a free trial: \nhttp://secunia.com/products/corporate/vim/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nApache Tomcat Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA43198\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/43198/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43198\n\nRELEASE DATE:\n2011-02-07\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/43198/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/43198/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43198\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Apache Tomcat, which\ncan be exploited by malicious, local users to bypass certain security\nrestrictions and by malicious people to conduct cross-site scripting\nattacks and cause a DoS (Denial of Service). \n\n1) An error due to the \"ServletContect\" attribute improperly being\nrestricted to read-only when running under a SecurityManager can be\nexploited by a malicious web application to use an arbitrary working\ndirectory with read-write privileges. \n\n2) Certain input (e.g. display names) is not properly sanitised in\nthe HTML Manager interface before being returned to the user. This\ncan be exploited to execute arbitrary HTML and script code in a\nuser\u0027s browser session in context of an affected site. \n\n3) An error within the JVM when accessing a page that calls\n\"javax.servlet.ServletRequest.getLocale()\" or\n\"javax.servlet.ServletRequest.getLocales()\" functions can be\nexploited to cause the process to hang via a web request containing\nspecially crafted headers (e.g. \"Accept-Language\"). \n\nThis vulnerability is reported in versions prior to 5.5.33. \n\nPROVIDED AND/OR DISCOVERED BY:\n1, 2) Reported by the vendor. \n3) Konstantin Preiber\n\nORIGINAL ADVISORY:\nApache Tomcat:\nhttp://tomcat.apache.org/security-5.html\nhttp://archives.neohapsis.com/archives/fulldisclosure/2011-02/0075.html\n\nKonstantin Preiber:\nhttp://www.exploringbinary.com/why-volatile-fixes-the-2-2250738585072011e-308-bug/comment-page-1/#comment-4645\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. Such input strings represent valid\nnumbers and can be contained in data supplied by an attacker over the\nnetwork, leading to a denial-of-service attack. \n\nFor the old stable distribution (lenny), this problem has been fixed\nin version 6b18-1.8.3-2~lenny1. \n\nNote that this update introduces an OpenJDK package based on the\nIcedTea release 1.8.3 into the old stable distribution. This\naddresses several dozen security vulnerabilities, most of which are\nonly exploitable by malicious mobile code. A notable exception is\nCVE-2009-3555, the TLS renegotiation vulnerability. This update\nimplements the protocol extension described in RFC 5746, addressing\nthis issue. \n\nThis update also includes a new version of Hotspot, the Java virtual\nmachine, which increases the default heap size on machines with\nseveral GB of RAM. If you run several JVMs on the same machine, you\nmight have to reduce the heap size by specifying a suitable -Xmx\nargument in the invocation of the \"java\" command. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c02729756\nVersion: 1\n\nHPSBUX02633 SSRT100387 rev.1 - HP-UX running Java, Remote Denial of Service (DoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2011-02-23\nLast Updated: 2011-02-23\n\n ------------------------------------------------------------------------------\n\nPotential Security Impact: Remote Denial of Service (DoS)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nA potential vulnerability has been identified with HP-UX running Java. The vulnerability could be remotely exploited to create a Denial of Service (DoS). \n\nReferences: CVE-2010-4476\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nAny version of Java running on HP-UX 11.11, HP-UX 11.23, or HP-UX 11.31. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2010-4476 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software tool available to resolve the vulnerability. This tool can be used to update all versions of HP-UX Java. \n\nTo download the FPUpdater tool, go to https://www.hp.com/go/java then click on the link for the FPUpdater tool\n\nAn HP Passport user ID is required to download the FPUpdater tool and its Readme file. For information on registering for an HP Passport user ID, refer to: https://passport2.hp.com\n\nMANUAL ACTIONS: Yes - Update\n\nUpdate using FPUpdater\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.11\nHP-UX B.11.23\nHP-UX B.11.31\n===========\naction: update using FPUpdater if Java is installed\n\nEND AFFECTED VERSIONS\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa\n\nHISTORY\nVersion:1 (rev.1) - 23 February 2011 Initial release\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n To: security-alert@hp.com\n Subject: get key\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n -check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n -verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin\nrelates to is represented by the 5th and 6th characters\nof the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\nCopyright 2011 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.10 (GNU/Linux)\n\niEYEARECAAYFAk1sQl4ACgkQ4B86/C0qfVkZoACg+A0Nrllhsgj+ZNVRWBJtSGg0\n+McAoLe5aV6VZ16dYIp6IG59vPG8unq8\n=sL4p\n-----END PGP SIGNATURE-----\n. Customers should open a support case to request the\nfollowing hotfixes. \n\nNNMi Version / Operating System\n Required Patch\n Hotfix\n\n9.1x HP-UX\n Patch 4\n Hotfix-NNMi-9.1xP4-HP-UX-JDK-20120710.zip\n\n9.1x Linux\n Patch 4\n Hotfix-NNMi-9.1xP4-Linux-JDK-20120523.zip\n\n9.1x Solaris\n Patch 4\n Hotfix-NNMi-9.1xP4-Solaris-JDK-20120523.zip\n\n9.1x Windows\n Patch 4\n Hotfix-NNMi-9.1xP4-Windows-JDK-20120523.zip\n\nNote: The hotfix must be installed after the required patch. The hotfix must\nbe reinstalled if the required patch is reinstalled. \n\nMANUAL ACTIONS: Yes - Update\n\nInstall the applicable patch and hotfix. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201111-02\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Oracle JRE/JDK: Multiple vulnerabilities\n Date: November 05, 2011\n Bugs: #340421, #354213, #370559, #387851\n ID: 201111-02\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in the Oracle JRE/JDK,\nallowing attackers to cause unspecified impact. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-java/sun-jre-bin \u003c 1.6.0.29 \u003e= 1.6.0.29 *\n 2 app-emulation/emul-linux-x86-java\n \u003c 1.6.0.29 \u003e= 1.6.0.29 *\n 3 dev-java/sun-jdk \u003c 1.6.0.29 \u003e= 1.6.0.29 *\n -------------------------------------------------------------------\n NOTE: Packages marked with asterisks require manual intervention!\n -------------------------------------------------------------------\n 3 affected packages\n -------------------------------------------------------------------\n\nDescription\n===========\n\nMultiple vulnerabilities have been reported in the Oracle Java\nimplementation. Please review the CVE identifiers referenced below and\nthe associated Oracle Critical Patch Update Advisory for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Oracle JDK 1.6 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-java/sun-jdk-1.6.0.29\"\n\nAll Oracle JRE 1.6 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-java/sun-jre-bin-1.6.0.29\"\n\nAll users of the precompiled 32-bit Oracle JRE 1.6 should upgrade to\nthe latest version:\n\n # emerge --sync\n # emerge -a -1 -v \"\u003e=app-emulation/emul-linux-x86-java-1.6.0.29\"\n\nNOTE: As Oracle has revoked the DLJ license for its Java\nimplementation, the packages can no longer be updated automatically. \nThis limitation is not present on a non-fetch restricted implementation\nsuch as dev-java/icedtea-bin. \n\nReferences\n==========\n\n[ 1 ] CVE-2010-3541\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541\n[ 2 ] CVE-2010-3548\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548\n[ 3 ] CVE-2010-3549\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549\n[ 4 ] CVE-2010-3550\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3550\n[ 5 ] CVE-2010-3551\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551\n[ 6 ] CVE-2010-3552\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3552\n[ 7 ] CVE-2010-3553\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553\n[ 8 ] CVE-2010-3554\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554\n[ 9 ] CVE-2010-3555\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3555\n[ 10 ] CVE-2010-3556\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3556\n[ 11 ] CVE-2010-3557\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557\n[ 12 ] CVE-2010-3558\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3558\n[ 13 ] CVE-2010-3559\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3559\n[ 14 ] CVE-2010-3560\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3560\n[ 15 ] CVE-2010-3561\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561\n[ 16 ] CVE-2010-3562\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562\n[ 17 ] CVE-2010-3563\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3563\n[ 18 ] CVE-2010-3565\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565\n[ 19 ] CVE-2010-3566\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566\n[ 20 ] CVE-2010-3567\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567\n[ 21 ] CVE-2010-3568\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568\n[ 22 ] CVE-2010-3569\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569\n[ 23 ] CVE-2010-3570\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3570\n[ 24 ] CVE-2010-3571\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3571\n[ 25 ] CVE-2010-3572\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3572\n[ 26 ] CVE-2010-3573\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573\n[ 27 ] CVE-2010-3574\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574\n[ 28 ] CVE-2010-4422\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4422\n[ 29 ] CVE-2010-4447\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4447\n[ 30 ] CVE-2010-4448\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4448\n[ 31 ] CVE-2010-4450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4450\n[ 32 ] CVE-2010-4451\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4451\n[ 33 ] CVE-2010-4452\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4452\n[ 34 ] CVE-2010-4454\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4454\n[ 35 ] CVE-2010-4462\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4462\n[ 36 ] CVE-2010-4463\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4463\n[ 37 ] CVE-2010-4465\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4465\n[ 38 ] CVE-2010-4466\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4466\n[ 39 ] CVE-2010-4467\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4467\n[ 40 ] CVE-2010-4468\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4468\n[ 41 ] CVE-2010-4469\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4469\n[ 42 ] CVE-2010-4470\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4470\n[ 43 ] CVE-2010-4471\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4471\n[ 44 ] CVE-2010-4472\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4472\n[ 45 ] CVE-2010-4473\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4473\n[ 46 ] CVE-2010-4474\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4474\n[ 47 ] CVE-2010-4475\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4475\n[ 48 ] CVE-2010-4476\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4476\n[ 49 ] CVE-2011-0802\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0802\n[ 50 ] CVE-2011-0814\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0814\n[ 51 ] CVE-2011-0815\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0815\n[ 52 ] CVE-2011-0862\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0862\n[ 53 ] CVE-2011-0863\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0863\n[ 54 ] CVE-2011-0864\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0864\n[ 55 ] CVE-2011-0865\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0865\n[ 56 ] CVE-2011-0867\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0867\n[ 57 ] CVE-2011-0868\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0868\n[ 58 ] CVE-2011-0869\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0869\n[ 59 ] CVE-2011-0871\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0871\n[ 60 ] CVE-2011-0872\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0872\n[ 61 ] CVE-2011-0873\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0873\n[ 62 ] CVE-2011-3389\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389\n[ 63 ] CVE-2011-3516\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3516\n[ 64 ] CVE-2011-3521\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521\n[ 65 ] CVE-2011-3544\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544\n[ 66 ] CVE-2011-3545\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3545\n[ 67 ] CVE-2011-3546\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3546\n[ 68 ] CVE-2011-3547\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547\n[ 69 ] CVE-2011-3548\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548\n[ 70 ] CVE-2011-3549\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3549\n[ 71 ] CVE-2011-3550\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3550\n[ 72 ] CVE-2011-3551\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551\n[ 73 ] CVE-2011-3552\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552\n[ 74 ] CVE-2011-3553\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553\n[ 75 ] CVE-2011-3554\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554\n[ 76 ] CVE-2011-3555\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3555\n[ 77 ] CVE-2011-3556\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556\n[ 78 ] CVE-2011-3557\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557\n[ 79 ] CVE-2011-3558\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558\n[ 80 ] CVE-2011-3560\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560\n[ 81 ] CVE-2011-3561\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3561\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201111-02.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2011 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ===========================================================\nUbuntu Security Notice USN-1079-3 March 17, 2011\nopenjdk-6b18 vulnerabilities\nCVE-2010-4448, CVE-2010-4450, CVE-2010-4465, CVE-2010-4469,\nCVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2010-4476,\nCVE-2011-0706\n===========================================================\n\nA security issue affects the following Ubuntu releases:\n\nUbuntu 10.10\n\nThis advisory also applies to the corresponding versions of\nKubuntu, Edubuntu, and Xubuntu. \n\nThe problem can be corrected by upgrading your system to the\nfollowing package versions:\n\nUbuntu 10.10:\n icedtea6-plugin 6b18-1.8.7-0ubuntu2.1\n openjdk-6-jre 6b18-1.8.7-0ubuntu2.1\n openjdk-6-jre-headless 6b18-1.8.7-0ubuntu2.1\n\nAfter a standard system update you need to restart any Java services,\napplications or applets to make all the necessary changes. \n\nDetails follow:\n\nUSN-1079-2 fixed vulnerabilities in OpenJDK 6 for armel (ARM)\narchitectures in Ubuntu 9.10 and Ubuntu 10.04 LTS. This update fixes\nvulnerabilities in OpenJDK 6 for armel (ARM) architectures for Ubuntu\n10.10. \n\nOriginal advisory details:\n\n It was discovered that untrusted Java applets could create domain\n name resolution cache entries, allowing an attacker to manipulate\n name resolution within the JVM. (CVE-2010-4448)\n \n It was discovered that the Java launcher did not did not properly\n setup the LD_LIBRARY_PATH environment variable. (CVE-2010-4450)\n \n It was discovered that within the Swing library, forged timer events\n could allow bypass of SecurityManager checks. This could allow an\n attacker to access restricted resources. (CVE-2010-4465)\n \n It was discovered that certain bytecode combinations confused memory\n management within the HotSpot JVM. This could allow an attacker to\n cause a denial of service through an application crash or possibly\n inject code. (CVE-2010-4469)\n \n It was discovered that the way JAXP components were handled\n allowed them to be manipulated by untrusted applets. An attacker\n could use this to bypass XML processing restrictions and elevate\n privileges. (CVE-2010-4470)\n \n It was discovered that the Java2D subcomponent, when processing broken\n CFF fonts could leak system properties. (CVE-2010-4471)\n \n It was discovered that a flaw in the XML Digital Signature\n component could allow an attacker to cause untrusted code to\n replace the XML Digital Signature Transform or C14N algorithm\n implementations. (CVE-2010-4472)\n \n Konstantin Prei\\xdfer and others discovered that specific double literals\n were improperly handled, allowing a remote attacker to cause a denial\n of service. (CVE-2011-0706)\n\n\nUpdated packages for Ubuntu 10.10:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.7-0ubuntu2.1.diff.gz\n Size/MD5: 149561 b35ae7a82db49282379d36e7ece58484\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.7-0ubuntu2.1.dsc\n Size/MD5: 3015 04cb459aeaab6c228e722caf07a44de9\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.7.orig.tar.gz\n Size/MD5: 71430490 b2811b2e53cd9abaad6959d33fe10d19\n\n armel architecture (ARM Architecture):\n\n http://ports.ubuntu.com/pool/main/o/openjdk-6b18/icedtea-6-jre-cacao_6b18-1.8.7-0ubuntu2.1_armel.deb\n Size/MD5: 377802 d4439da20492eafbccb33e2fe979e8c9\n http://ports.ubuntu.com/pool/main/o/openjdk-6b18/icedtea6-plugin_6b18-1.8.7-0ubuntu2.1_armel.deb\n Size/MD5: 78338 7bdf93e00fd81dc82fd0d9a8b4e905c7\n http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-dbg_6b18-1.8.7-0ubuntu2.1_armel.deb\n Size/MD5: 85497146 1512e0d6563dd5120729cf5b993c618c\n http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-demo_6b18-1.8.7-0ubuntu2.1_armel.deb\n Size/MD5: 1545620 544c54891d44bdac534c81318a7f2bcb\n http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-jdk_6b18-1.8.7-0ubuntu2.1_armel.deb\n Size/MD5: 9140042 0a2d6ed937081800baeb6fc55326a754\n http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-jre-headless_6b18-1.8.7-0ubuntu2.1_armel.deb\n Size/MD5: 30092886 4cc5ad7c54638278e55ee7d2acaab413\n http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-jre_6b18-1.8.7-0ubuntu2.1_armel.deb\n Size/MD5: 266102 4278c2c06387cf883325356efda3c4d4\n http://ports.ubuntu.com/pool/universe/o/openjdk-6b18/openjdk-6-jre-zero_6b18-1.8.7-0ubuntu2.1_armel.deb\n Size/MD5: 1959296 6becfb4d5a2ecbe7aee622b84df57f12\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2010-4476" }, { "db": "JVNDB", "id": "JVNDB-2011-000018" }, { "db": "JVNDB", "id": "JVNDB-2011-000017" }, { "db": "JVNDB", "id": "JVNDB-2011-000016" }, { "db": "JVNDB", "id": "JVNDB-2011-001185" }, { "db": "JVNDB", "id": "JVNDB-2011-000020" }, { "db": "BID", "id": "46091" }, { "db": "PACKETSTORM", "id": "101245" }, { "db": "PACKETSTORM", "id": "111920" }, { "db": "PACKETSTORM", "id": "112826" }, { "db": "PACKETSTORM", "id": "99798" }, { "db": "PACKETSTORM", "id": "98186" }, { "db": "VULMON", "id": "CVE-2010-4476" }, { "db": "PACKETSTORM", "id": "98469" }, { "db": "PACKETSTORM", "id": "101246" }, { "db": "PACKETSTORM", "id": "98801" }, { "db": "PACKETSTORM", "id": "114812" }, { "db": "PACKETSTORM", "id": "106640" }, { "db": "PACKETSTORM", "id": "99459" } ], "trust": 5.85 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=35304", "trust": 0.1, "type": "exploit" } ], "sources": [ { "db": "VULMON", "id": "CVE-2010-4476" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2010-4476", "trust": 6.4 }, { "db": "SECUNIA", "id": "43295", "trust": 4.3 }, { "db": "SECTRACK", "id": "1025062", "trust": 4.3 }, { "db": "SECUNIA", "id": "43304", "trust": 1.9 }, { "db": "SECUNIA", "id": "43280", "trust": 1.9 }, { "db": "JVN", "id": "JVN97334690", "trust": 1.6 }, { "db": "JVN", "id": "JVN26301278", "trust": 1.6 }, { "db": "JVN", "id": "JVN16308183", "trust": 1.6 }, { "db": "HITACHI", "id": "HS11-003", "trust": 1.4 }, { "db": "BID", "id": "46091", "trust": 1.2 }, { "db": "SECUNIA", "id": "43400", "trust": 1.1 }, { "db": "SECUNIA", "id": "45022", "trust": 1.1 }, { "db": "SECUNIA", "id": "43333", "trust": 1.1 }, { "db": "SECUNIA", "id": "43048", "trust": 1.1 }, { "db": "SECUNIA", "id": "44954", "trust": 1.1 }, { "db": "SECUNIA", "id": "45555", "trust": 1.1 }, { "db": "SECUNIA", "id": "43659", "trust": 1.1 }, { "db": "SECUNIA", "id": "43378", "trust": 1.1 }, { "db": "SECUNIA", "id": "49198", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2011-0605", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2011-0422", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2011-0434", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2011-0365", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2011-0377", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2011-0379", "trust": 1.1 }, { "db": "SECUNIA", "id": "43198", "trust": 0.9 }, { "db": "JVNDB", "id": "JVNDB-2011-000018", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2011-000017", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2011-000016", "trust": 0.8 }, { "db": "SECUNIA", "id": "44303", "trust": 0.8 }, { "db": "SECUNIA", "id": "43262", "trust": 0.8 }, { "db": "SECUNIA", "id": "43194", "trust": 0.8 }, { "db": "VUPEN", "id": "ADV-2011-0405", "trust": 0.8 }, { "db": "VUPEN", "id": "ADV-2011-0339", "trust": 0.8 }, { "db": "VUPEN", "id": "ADV-2011-1051", "trust": 0.8 }, { "db": "VUPEN", "id": "ADV-2011-0294", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2011-001185", "trust": 0.8 }, { "db": "JVN", "id": "JVN81294135", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2011-000020", "trust": 0.8 }, { "db": "HITACHI", "id": "HS11-009", "trust": 0.3 }, { "db": "HITACHI", "id": "HS11-010", "trust": 0.3 }, { "db": "HITACHI", "id": "HS11-008", "trust": 0.3 }, { "db": "EXPLOIT-DB", "id": "35304", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2010-4476", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106640", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "114812", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "99459", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "98801", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "101246", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "98469", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "101245", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "98186", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "99798", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "112826", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "111920", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2010-4476" }, { "db": "BID", "id": "46091" }, { "db": "JVNDB", "id": "JVNDB-2011-000018" }, { "db": "JVNDB", "id": "JVNDB-2011-000017" }, { "db": "JVNDB", "id": "JVNDB-2011-000016" }, { "db": "JVNDB", "id": "JVNDB-2011-001185" }, { "db": "JVNDB", "id": "JVNDB-2011-000020" }, { "db": "PACKETSTORM", "id": "106640" }, { "db": "PACKETSTORM", "id": "114812" }, { "db": "PACKETSTORM", "id": "99459" }, { "db": "PACKETSTORM", "id": "98801" }, { "db": "PACKETSTORM", "id": "101246" }, { "db": "PACKETSTORM", "id": "98469" }, { "db": "PACKETSTORM", "id": "101245" }, { "db": "PACKETSTORM", "id": "98186" }, { "db": "PACKETSTORM", "id": "99798" }, { "db": "PACKETSTORM", "id": "112826" }, { "db": "PACKETSTORM", "id": "111920" }, { "db": "NVD", "id": "CVE-2010-4476" } ] }, "id": "VAR-201102-0280", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.28625434666666666 }, "last_update_date": "2024-11-29T19:42:50.109000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "HPSBMU02769 SSRT100846", "trust": 4.0, "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03298151" }, { "title": "NV18-002", "trust": 4.0, "url": "http://jpn.nec.com/security-info/secinfo/nv18-002.html" }, { "title": "1462019", "trust": 1.6, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21462019" }, { "title": "1462146", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21462146" }, { "title": "1462136", "trust": 0.8, "url": "http://www.ibm.com/support/docview.wss?uid=swg21462136" }, { "title": "PM31983", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM31983" }, { "title": "IZ94423", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ94423" }, { "title": "cve-2010-4476", "trust": 0.8, "url": "http://www.ibm.com/developerworks/java/jdk/alerts/cve-2010-4476.html" }, { "title": "1469029", "trust": 0.8, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21469029" }, { "title": "security-5.html#Not_a_vulnerability_in_Tomcat", "trust": 0.8, "url": "http://tomcat.apache.org/security-5.html#Not_a_vulnerability_in_Tomcat" }, { "title": "security-6.html#Not_a_vulnerability_in_Tomcat", "trust": 0.8, "url": "http://tomcat.apache.org/security-6.html#Not_a_vulnerability_in_Tomcat" }, { "title": "security-7.html#Not_a_vulnerability_in_Tomcat", "trust": 0.8, "url": "http://tomcat.apache.org/security-7.html#Not_a_vulnerability_in_Tomcat" }, { "title": "1066244", "trust": 0.8, "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1066244" }, { "title": "1066315", "trust": 0.8, "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1066315" }, { "title": "1066318", "trust": 0.8, "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1066318" }, { "title": "HT4562", "trust": 0.8, "url": "http://support.apple.com/kb/HT4562" }, { "title": "HT4563", "trust": 0.8, "url": "http://support.apple.com/kb/HT4563" }, { "title": "HT4562", "trust": 0.8, "url": "http://support.apple.com/kb/HT4562?viewlocale=ja_JP" }, { "title": "HT4563", "trust": 0.8, "url": "http://support.apple.com/kb/HT4563?viewlocale=ja_JP" }, { "title": "tomcat5-5.5.23-0jpp.17.0.1.AXS3", "trust": 0.8, "url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=1382" }, { "title": "HPUXWSATW233", "trust": 0.8, "url": "https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPUXWSATW233" }, { "title": "HPUXWSATW315", "trust": 0.8, "url": "https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPUXWSATW315" }, { "title": "HS11-008", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-008/index.html" }, { "title": "HS11-009", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-009/index.html" }, { "title": "HS11-010", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-010/index.html" }, { "title": "HS11-003", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-003/index.html" }, { "title": "HPSBUX02685", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02775276" }, { "title": "HPSBUX02642", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02746026" }, { "title": "HPSBUX02633", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02729756" }, { "title": "HPSBUX02641", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02738573" }, { "title": "HPSBUX02645", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02752210" }, { "title": "HPSBTU02684", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02826781" }, { "title": "1469482", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21469482" }, { "title": "1468197", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21468197" }, { "title": "javacpufeb2011-304611", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html" }, { "title": "cpuapr2011-301950", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html" }, { "title": "alert-cve-2010-4476-305811", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html" }, { "title": "RHSA-2011:0336", "trust": 0.8, "url": "https://rhn.redhat.com/errata/RHSA-2011-0336.html" }, { "title": "RHSA-2011:0214", "trust": 0.8, "url": "https://rhn.redhat.com/errata/RHSA-2011-0214.html" }, { "title": "RHSA-2011:0282", "trust": 0.8, "url": "https://rhn.redhat.com/errata/RHSA-2011-0282.html" }, { "title": "RHSA-2011:0335", "trust": 0.8, "url": "https://rhn.redhat.com/errata/RHSA-2011-0335.html" }, { "title": "security_alert_for_cve-2010-44", "trust": 0.8, "url": "http://blogs.oracle.com/security/2011/02/security_alert_for_cve-2010-44.html" }, { "title": "april_2011_critical_patch_upda", "trust": 0.8, "url": "http://blogs.oracle.com/security/2011/04/april_2011_critical_patch_upda.html" }, { "title": "VMSA-2011-0013", "trust": 0.8, "url": "http://www.vmware.com/jp/support/support-resources/advisories/VMSA-2011-0013.html" }, { "title": "HS11-008", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-008/index.html" }, { "title": "HS11-009", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-009/index.html" }, { "title": "HS11-010", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-010/index.html" }, { "title": "HS11-003", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-003/index.html" }, { "title": "interstage_as_201101", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_201101.html" }, { "title": "Denial of Service Security Exposure", "trust": 0.8, "url": "https://www-304.ibm.com/support/docview.wss?uid=wws11f1aa50037313ea7852578450082883b" }, { "title": "Debian Security Advisories: DSA-2161-1 openjdk-6 -- denial of service", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=8a0fbd8ef02c50b965cd7461fe7f588d" }, { "title": "Ubuntu Security Notice: openjdk-6b18 vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1079-3" }, { "title": "Ubuntu Security Notice: openjdk-6 vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1079-1" }, { "title": "Ubuntu Security Notice: openjdk-6b18 vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1079-2" }, { "title": "VMware Security Advisories: VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=31eb28d4d81f5dda33b13bdc58dfe8fb" } ], "sources": [ { "db": "VULMON", "id": "CVE-2010-4476" }, { "db": "JVNDB", "id": "JVNDB-2011-000018" }, { "db": "JVNDB", "id": "JVNDB-2011-000017" }, { "db": "JVNDB", "id": "JVNDB-2011-000016" }, { "db": "JVNDB", "id": "JVNDB-2011-001185" }, { "db": "JVNDB", "id": "JVNDB-2011-000020" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-189", "trust": 3.2 }, { "problemtype": "NVD-CWE-Other", "trust": 1.0 }, { "problemtype": "CWE-DesignError", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-000018" }, { "db": "JVNDB", "id": "JVNDB-2011-000017" }, { "db": "JVNDB", "id": "JVNDB-2011-000016" }, { "db": "JVNDB", "id": "JVNDB-2011-001185" }, { "db": "JVNDB", "id": "JVNDB-2011-000020" }, { "db": "NVD", "id": "CVE-2010-4476" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 4.3, "url": "http://secunia.com/advisories/43295" }, { "trust": 4.3, "url": "http://www.securitytracker.com/id?1025062" }, { "trust": 4.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4476" }, { "trust": 4.0, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-4476" }, { "trust": 1.9, "url": "http://secunia.com/advisories/43280" }, { "trust": 1.9, "url": "http://secunia.com/advisories/43304" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html" }, { "trust": 1.4, "url": "http://www.exploringbinary.com/java-hangs-when-converting-2-2250738585072012e-308/" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html" }, { "trust": 1.4, "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs11-003/index.html" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2011-0214.html" }, { "trust": 1.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pm31983" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-february/053926.html" }, { "trust": 1.1, "url": "http://www.debian.org/security/2011/dsa-2161" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2011-0282.html" }, { "trust": 1.1, "url": "http://secunia.com/advisories/43400" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2011/0422" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2011-0211.html" }, { "trust": 1.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1iz94423" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2011/0434" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2011-0213.html" }, { "trust": 1.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21468358" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-february/053934.html" }, { "trust": 1.1, "url": "http://www13.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02720715\u0026admit=109447627+1298159618320+28353475" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2011/0365" }, { "trust": 1.1, "url": "http://secunia.com/advisories/43378" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2011/0379" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2011-0212.html" }, { "trust": 1.1, "url": "http://blogs.oracle.com/security/2011/02/security_alert_for_cve-2010-44.html" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2011/0377" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2011-0210.html" }, { "trust": 1.1, "url": "http://blog.fortify.com/blog/2011/02/08/double-trouble" }, { "trust": 1.1, "url": "http://secunia.com/advisories/43048" }, { "trust": 1.1, "url": "http://secunia.com/advisories/43333" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2011-0334.html" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2011-0333.html" }, { "trust": 1.1, "url": "http://secunia.com/advisories/45555" }, { "trust": 1.1, "url": "http://www.ibm.com/support/docview.wss?uid=swg24029498" }, { "trust": 1.1, "url": "http://www.ibm.com/support/docview.wss?uid=swg24029497" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2011-0880.html" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=130514352726432\u0026w=2" }, { "trust": 1.1, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2011:054" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=131041767210772\u0026w=2" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2011/0605" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=129960314701922\u0026w=2" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00004.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00010.html" }, { "trust": 1.1, "url": "http://secunia.com/advisories/43659" }, { "trust": 1.1, "url": "http://secunia.com/advisories/44954" }, { "trust": 1.1, "url": "http://secunia.com/advisories/45022" }, { "trust": 1.1, "url": "http://support.novell.com/docs/readmes/infodocument/patchbuilder/readme_5098550.html" }, { "trust": 1.1, "url": "http://secunia.com/advisories/49198" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=132215163318824\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2" }, { "trust": 1.1, "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=130270785502599\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=130497185606818\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=130497132406206\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=129899347607632\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=133728004526190\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=130168502603566\u0026w=2" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a19493" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a14589" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a14328" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a12745" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a12662" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2" }, { "trust": 0.9, "url": "http://www.securityfocus.com/bid/46091" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4476" }, { "trust": 0.8, "url": "http://jvn.jp/en/jp/jvn97334690/index.html" }, { "trust": 0.8, "url": "http://jvn.jp/en/jp/jvn26301278/index.html" }, { "trust": 0.8, "url": "http://jvn.jp/en/jp/jvn16308183/index.html" }, { "trust": 0.8, "url": "http://jvn.jp/jp/jvn97334690/index.html" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu584356/index.html" }, { "trust": 0.8, "url": "http://jvn.jp/jp/jvn16308183/index.html" }, { "trust": 0.8, "url": "http://jvn.jp/jp/jvn26301278/index.html" }, { "trust": 0.8, "url": "http://jvn.jp/tr/jvntr-2011-02" }, { "trust": 0.8, "url": "http://secunia.com/advisories/43198" }, { "trust": 0.8, "url": "http://secunia.com/advisories/43262" }, { "trust": 0.8, "url": "http://secunia.com/advisories/44303" }, { "trust": 0.8, "url": "http://secunia.com/advisories/43194" }, { "trust": 0.8, "url": "http://www.vupen.com/english/advisories/2011/0294" }, { "trust": 0.8, "url": "http://www.vupen.com/english/advisories/2011/0339" }, { "trust": 0.8, "url": "http://www.vupen.com/english/advisories/2011/1051" }, { "trust": 0.8, "url": "http://www.vupen.com/english/advisories/2011/0405" }, { "trust": 0.8, "url": "http://jvn.jp/en/jp/jvn81294135/index.html" }, { "trust": 0.6, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21468884" }, { "trust": 0.6, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21469222" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4469" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4448" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4465" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg24030795" }, { "trust": 0.3, "url": "http://www.novell.com/support/viewcontent.do?externalid=7008129" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21509635" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21468287" }, { "trust": 0.3, "url": "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber=hpuxfpupdater" }, { "trust": 0.3, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c02752210" }, { "trust": 0.3, "url": "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03090723\u0026ac.admitted=1321942068127.876444892.492883150" }, { "trust": 0.3, "url": "http://www.novell.com/support/viewcontent.do?externalid=7009249" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21469285" }, { "trust": 0.3, "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-201101e.html" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=ssg1s1003877" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg1oa35932" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24029090" }, { "trust": 0.3, "url": "http://support.attachmate.com/techdocs/1704.html" }, { "trust": 0.3, "url": "http://java.sun.com" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21468728" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24032592" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21474615" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg24029498" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg24029497" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg24029827" }, { "trust": 0.3, "url": "/archive/1/516213" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21469074" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100127618" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100128342" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100131812" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21469482" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21469001" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21469261" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21468267" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21508061" }, { "trust": 0.3, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c02906075" }, { "trust": 0.3, "url": "http://www11.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02720715" }, { "trust": 0.3, "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02738573" }, { "trust": 0.3, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03358587" }, { "trust": 0.3, "url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs11-008/index.html" }, { "trust": 0.3, "url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs11-009/index.html" }, { "trust": 0.3, "url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs11-010/index.html" }, { "trust": 0.3, "url": "http://www.ibm.com/developerworks/java/jdk/alerts/cve-2010-4476.html" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas2a5e8722f285b693586257837004234f7" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas239097234bdef0f0086257837004234ff" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas2e3651fd2836659b88625783700423505" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas2bbd9eef75e33a6ec862578370042350b" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas24394745ae41518b88625783700423513" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas274b0e6114eba807a8625783700423519" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas22c04013ef2a6aba98625783700423520" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21468291" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1iz94331" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21469266" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21469046" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21469229" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21468927" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg24029823" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21468987" }, { "trust": 0.3, "url": "https://rhn.redhat.com/errata/rhsa-2011-0334.html" }, { "trust": 0.3, "url": "https://rhn.redhat.com/errata/rhsa-2011-0333.html" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21468915" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21468912" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21469042" }, { "trust": 0.3, "url": "http://support.attachmate.com/techdocs/2566.html" }, { "trust": 0.3, "url": "http://support.attachmate.com/techdocs/2564.html" }, { "trust": 0.3, "url": "http://support.attachmate.com/techdocs/2560.html" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21468521" }, { "trust": 0.3, "url": "http://www.novell.com/support/viewcontent.do?externalid=7008485" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21468705" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=isg400000547" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24033364" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24032885" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg24029766" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg24029768" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24029502" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4470" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4450" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4471" }, { "trust": 0.3, "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.3, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.3, "url": "https://www.hp.com/go/swa" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4472" }, { "trust": 0.3, "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do" }, { "trust": 0.3, "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc" }, { "trust": 0.3, "url": "http://h30046.www3.hp.com/subsignin.php" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4422" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4454" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0815" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0814" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4462" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0862" }, { "trust": 0.2, "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4475" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4473" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4447" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0802" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0706" }, { "trust": 0.2, "url": "https://www.hp.com/go/java" }, { "trust": 0.2, "url": "http://h18012.www1.hp.com/java/alpha/fpupdater_index.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/.html" }, { "trust": 0.1, "url": "https://www.debian.org/security/./dsa-2161" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.exploit-db.com/exploits/35304/" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/1079-3/" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=22468" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4474" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3574" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3548" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3565" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0814" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3563" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3570" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0864" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3553" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3555" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4451" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3560" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3516" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3557" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4450" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3550" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0865" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4471" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3550" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3557" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3562" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3567" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3556" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3550" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4447" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4476" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3549" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3554" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3563" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0862" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4466" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3568" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3561" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4467" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3567" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4465" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4472" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3556" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0863" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3568" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3548" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3558" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3541" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3566" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3549" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3562" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3555" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3556" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3573" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3552" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4462" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4469" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3572" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4448" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3521" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3571" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3546" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3569" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3559" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0871" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0815" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3571" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3561" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3554" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3558" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4475" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3569" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3559" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3573" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3548" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3541" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3549" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3565" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0872" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3552" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3554" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3574" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3552" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4470" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3553" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0867" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4468" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3551" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4463" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3560" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3544" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3570" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3545" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3547" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3560" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0869" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3555" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3566" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4452" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0802" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3551" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4422" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3553" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4473" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3558" }, { "trust": 0.1, "url": "http://security.gentoo.org/glsa/glsa-201111-02.xml" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3572" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0873" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3561" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0868" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4454" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3389" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3551" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3557" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4474" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4467" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4452" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0817" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4468" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4466" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0786" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4463" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0788" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4451" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/o/openjdk-6b18/icedtea-6-jre-cacao_6b18-1.8.7-0ubuntu2.1_armel.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.7-0ubuntu2.1.diff.gz" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-jdk_6b18-1.8.7-0ubuntu2.1_armel.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.7.orig.tar.gz" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-demo_6b18-1.8.7-0ubuntu2.1_armel.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-jre-headless_6b18-1.8.7-0ubuntu2.1_armel.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.7-0ubuntu2.1.dsc" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-dbg_6b18-1.8.7-0ubuntu2.1_armel.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/o/openjdk-6b18/icedtea6-plugin_6b18-1.8.7-0ubuntu2.1_armel.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/universe/o/openjdk-6b18/openjdk-6-jre-zero_6b18-1.8.7-0ubuntu2.1_armel.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-jre_6b18-1.8.7-0ubuntu2.1_armel.deb" }, { "trust": 0.1, "url": "https://passport2.hp.com" }, { "trust": 0.1, "url": "http://secunia.com/" }, { "trust": 0.1, "url": "http://www.debian.org/security/faq" }, { "trust": 0.1, "url": "http://www.debian.org/security/" }, { "trust": 0.1, "url": "http://lists.grok.org.uk/full-disclosure-charter.html" }, { "trust": 0.1, "url": "http://secunia.com/products/corporate/evm/" }, { "trust": 0.1, "url": "http://www.exploringbinary.com/why-volatile-fixes-the-2-2250738585072011e-308-bug/comment-page-1/#comment-4645" }, { "trust": 0.1, "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0075.html" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43198" }, { "trust": 0.1, "url": "http://secunia.com/advisories/43198/#comments" }, { "trust": 0.1, "url": "http://secunia.com/products/corporate/vim/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.1, "url": "http://tomcat.apache.org/security-5.html" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/advisories/43198/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0025" }, { "trust": 0.1, "url": "http://store.mandriva.com/product_info.php?cpath=149\u0026amp;products_id=490" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4448" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0025" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4465" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4470" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4472" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4469" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4450" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4471" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4351" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/advisories" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0706" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4351" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3549" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0865" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3563" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0864" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3545" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3560" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3552" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0499" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3389" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3556" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3557" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3548" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0867" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0871" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3547" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2204" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0033" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3548" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2526" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2902" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3190" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0580" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2693" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0781" }, { "trust": 0.1, "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws_java.html" }, { "trust": 0.1, "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02964430" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1184" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1157" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2729" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2901" } ], "sources": [ { "db": "VULMON", "id": "CVE-2010-4476" }, { "db": "BID", "id": "46091" }, { "db": "JVNDB", "id": "JVNDB-2011-000018" }, { "db": "JVNDB", "id": "JVNDB-2011-000017" }, { "db": "JVNDB", "id": "JVNDB-2011-000016" }, { "db": "JVNDB", "id": "JVNDB-2011-001185" }, { "db": "JVNDB", "id": "JVNDB-2011-000020" }, { "db": "PACKETSTORM", "id": "106640" }, { "db": "PACKETSTORM", "id": "114812" }, { "db": "PACKETSTORM", "id": "99459" }, { "db": "PACKETSTORM", "id": "98801" }, { "db": "PACKETSTORM", "id": "101246" }, { "db": "PACKETSTORM", "id": "98469" }, { "db": "PACKETSTORM", "id": "101245" }, { "db": "PACKETSTORM", "id": "98186" }, { "db": "PACKETSTORM", "id": "99798" }, { "db": "PACKETSTORM", "id": "112826" }, { "db": "PACKETSTORM", "id": "111920" }, { "db": "NVD", "id": "CVE-2010-4476" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2010-4476" }, { "db": "BID", "id": "46091" }, { "db": "JVNDB", "id": "JVNDB-2011-000018" }, { "db": "JVNDB", "id": "JVNDB-2011-000017" }, { "db": "JVNDB", "id": "JVNDB-2011-000016" }, { "db": "JVNDB", "id": "JVNDB-2011-001185" }, { "db": "JVNDB", "id": "JVNDB-2011-000020" }, { "db": "PACKETSTORM", "id": "106640" }, { "db": "PACKETSTORM", "id": "114812" }, { "db": "PACKETSTORM", "id": "99459" }, { "db": "PACKETSTORM", "id": "98801" }, { "db": "PACKETSTORM", "id": "101246" }, { "db": "PACKETSTORM", "id": "98469" }, { "db": "PACKETSTORM", "id": "101245" }, { "db": "PACKETSTORM", "id": "98186" }, { "db": "PACKETSTORM", "id": "99798" }, { "db": "PACKETSTORM", "id": "112826" }, { "db": "PACKETSTORM", "id": "111920" }, { "db": "NVD", "id": "CVE-2010-4476" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2011-02-17T00:00:00", "db": "VULMON", "id": "CVE-2010-4476" }, { "date": "2011-02-01T00:00:00", "db": "BID", "id": "46091" }, { "date": "2011-03-04T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-000018" }, { "date": "2011-03-04T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-000017" }, { "date": "2011-03-04T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-000016" }, { "date": "2011-03-08T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-001185" }, { "date": "2011-03-10T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-000020" }, { "date": "2011-11-06T01:01:42", "db": "PACKETSTORM", "id": "106640" }, { "date": "2012-07-17T21:49:22", "db": "PACKETSTORM", "id": "114812" }, { "date": "2011-03-18T21:57:10", "db": "PACKETSTORM", "id": "99459" }, { "date": "2011-03-01T22:06:12", "db": "PACKETSTORM", "id": "98801" }, { "date": "2011-05-09T22:49:19", "db": "PACKETSTORM", "id": "101246" }, { "date": "2011-02-14T21:33:52", "db": "PACKETSTORM", "id": "98469" }, { "date": "2011-05-09T22:46:47", "db": "PACKETSTORM", "id": "101245" }, { "date": "2011-02-07T01:36:02", "db": "PACKETSTORM", "id": "98186" }, { "date": "2011-03-28T18:56:27", "db": "PACKETSTORM", "id": "99798" }, { "date": "2012-05-17T21:16:37", "db": "PACKETSTORM", "id": "112826" }, { "date": "2012-04-17T20:41:11", "db": "PACKETSTORM", "id": "111920" }, { "date": "2011-02-17T19:00:01.900000", "db": "NVD", "id": "CVE-2010-4476" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-10-30T00:00:00", "db": "VULMON", "id": "CVE-2010-4476" }, { "date": "2015-04-13T21:31:00", "db": "BID", "id": "46091" }, { "date": "2018-02-07T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-000018" }, { "date": "2018-02-07T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-000017" }, { "date": "2018-02-07T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-000016" }, { "date": "2018-02-07T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-001185" }, { "date": "2018-02-07T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-000020" }, { "date": "2024-11-21T01:21:01.770000", "db": "NVD", "id": "CVE-2010-4476" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "network", "sources": [ { "db": "BID", "id": "46091" } ], "trust": 0.3 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM Lotus vulnerable to denial-of-service (DoS)", "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-000018" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Boundary Condition Error", "sources": [ { "db": "BID", "id": "46091" } ], "trust": 0.3 } }
var-200709-0495
Vulnerability from variot
Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection. The mod_autoindex.c module in Apache HTTP Server is vulnerable to a cross-site scripting attack. This issue stems from a lack of a defined charset on certain generated pages. Web pages generated by the affected source code may be prone to a cross-site scripting issue. Versions prior to Apache 2.2.6 are affected. NOTE: Reports indicate that this issue does not occur when the application is running on Windows operating systems. =========================================================== Ubuntu Security Notice USN-575-1 February 04, 2008 apache2 vulnerabilities CVE-2006-3918, CVE-2007-3847, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388, CVE-2007-6421, CVE-2007-6422, CVE-2008-0005 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 6.06 LTS: apache2-mpm-perchild 2.0.55-4ubuntu2.3 apache2-mpm-prefork 2.0.55-4ubuntu2.3 apache2-mpm-worker 2.0.55-4ubuntu2.3
Ubuntu 6.10: apache2-mpm-perchild 2.0.55-4ubuntu4.2 apache2-mpm-prefork 2.0.55-4ubuntu4.2 apache2-mpm-worker 2.0.55-4ubuntu4.2
Ubuntu 7.04: apache2-mpm-event 2.2.3-3.2ubuntu2.1 apache2-mpm-perchild 2.2.3-3.2ubuntu2.1 apache2-mpm-prefork 2.2.3-3.2ubuntu2.1 apache2-mpm-worker 2.2.3-3.2ubuntu2.1
Ubuntu 7.10: apache2-mpm-event 2.2.4-3ubuntu0.1 apache2-mpm-perchild 2.2.4-3ubuntu0.1 apache2-mpm-prefork 2.2.4-3ubuntu0.1 apache2-mpm-worker 2.2.4-3ubuntu0.1
In general, a standard system upgrade is sufficient to effect the necessary changes.
Details follow:
It was discovered that Apache did not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. This was only vulnerable in Ubuntu 6.06. (CVE-2006-3918)
It was discovered that when configured as a proxy server and using a threaded MPM, Apache did not properly sanitize its input. A remote attacker could send Apache crafted date headers and cause a denial of service via application crash. By default, mod_proxy is disabled in Ubuntu. (CVE-2007-3847)
It was discovered that mod_autoindex did not force a character set, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. (CVE-2007-4465)
It was discovered that mod_imap/mod_imagemap did not force a character set, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. By default, mod_imap/mod_imagemap is disabled in Ubuntu. By default, mod_status is disabled in Ubuntu. (CVE-2007-6388)
It was discovered that mod_proxy_balancer did not sanitize its input, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. By default, mod_proxy_balancer is disabled in Ubuntu. This was only vulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-6421)
It was discovered that mod_proxy_balancer could be made to dereference a NULL pointer. By default, mod_proxy_balancer is disabled in Ubuntu. This was only vulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-6422)
It was discovered that mod_proxy_ftp did not force a character set, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. By default, mod_proxy_ftp is disabled in Ubuntu. (CVE-2008-0005)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3.diff.gz
Size/MD5: 121305 10359a467847b63f8d6603081450fece
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3.dsc
Size/MD5: 1148 923d0e3dcb5afba32a130aed96ac7214
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz
Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.3_all.deb
Size/MD5: 2124588 2befe634f0a889cc2241772f2a7d7164
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 832842 032c077cfeb6ffbc3989c54c27cb729a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 228206 771457a0b555eef325be270e1c22c0c2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 223236 77988570570b779ebf92fcc3dc7dc198
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 227904 945d30797a27c7ac28a96d9c1793b80d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 171402 3b7567107864cf36953e7911a4851738
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 172186 85a591ea061cbc727fc261b046781502
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 94240 b80027348754c493312269f7410b38fe
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 36228 2821ca9410c9cd287e756f05b0f6930c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 285664 76f4879738a0a788414316581ac2010b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 144250 3cd8327429958569a306257da57e8be0
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 786052 7bdddb451607eeb2abb9706641675397
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 202862 a88456a5949fe1da4ad3f6c969d3a886
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 198746 aa72459cae4f5765ccd1b58d275961bc
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 202338 13bbe75f89aeedb6dec9be929528df48
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 171408 34209e19f6ef01cb08aa75c1b3045495
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 172176 4521336ea6f4d87391ee96d70b79f887
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 92182 d8a3310073c017cdc7d3ffd1046a50cf
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 36220 0ae71bd4efdd0fb325864f46ba4f16e7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 261736 476e8d909e279fac698baf9cf0d62300
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 132160 3efb3c11dd844fbc429eff5818dcdae2
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 859014 a8c42d748bfd616f6a6f1bbbf2224205
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 220254 84f7c2678fbab6b303361d32f1a741a8
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 215932 bee4a6e00371117203647fd3a311658a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 219800 aaf4968deba24912e4981f35a367a086
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 171410 a15c13c0a2ec49e805f9ae83e5db4ae7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 172198 4e411b4b16daab9a0ddc9ea3651f448d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 103940 dca02b7f5bc6848fa1dc8aa530f04910
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 36222 619ee3ea1064d11a02de092690bfb1e1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 281280 9325dbc26f57d76254ceca78bee4cff2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 141398 668d7fb9dd196e82601ca6d43a326813
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 803242 120feec10c0dcc370894e2a3bdcd399b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 210668 062841f2fd30c07ff1f5b101a7c1e196
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 206266 35b3b9d4b34844b01576ca7963b5edda
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 209954 4f99e4d02fc93222cb541edb09358b79
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 171404 bd728a86c1a8984d60caeee35da0c451
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 172184 1794886b8aca59cf28cbe28d853f42ae
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 93282 1ae6def788c74750d79055784c0d8006
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 36230 5f1d8e4d19324674a1f5748601431758
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 267832 96c149638daeb993250b18c9f4285abf
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 130082 7a62f71e679a233ca118cb9813ffd3e3
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2.diff.gz
Size/MD5: 121671 775c3b2d53630ddfb4386cbfdb954861
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2.dsc
Size/MD5: 1148 a5dd357e0bef2dc308656c6c0af5ca1c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz
Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu4.2_all.deb
Size/MD5: 2124902 baf4147b4e4d939a08f20c8ac987abf7
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 836086 e04fced4fc1efd4a192a4016f679bc38
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 227790 27c558402837f9d4c85315dcdde2f4e1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 222698 a33ef1566dcd4793b0aa633435e8ee44
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 227296 4b3c5e771574d858dd655a9e0a7a5d8c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 171640 bd8fbcd40f5431e6688156ba4b17e960
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 172412 0520836bca78eb64bc97d4a8cc481487
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 94518 8b35759996e50046eca8154ebc63fc1f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 36530 1b08b4418ff0f7ba90940433116cf6d8
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 286876 1426b92819b56ff892483acedfdea4c6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 145340 109c93408c5197be50960cce80c23b7c
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 806640 81e91910683454a4b2444e0ce8e929bc
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 209996 27440ecbe836673f63ae1773e238eb65
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 206098 e77a4b69c1c456f4ca6c03d9105d8552
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 209552 8a23207211e54b138d5a87c15c097908
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 171636 07616e459905bad152a8669c8f670436
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 172408 69300678b2f8b908f90a91de325c7ee2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 93558 d47cdad1593a7332507c7d0388effbf4
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 36532 47800e58ec26a1389005b8120ad3ca3e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 266728 65cd78808f959d9e73a4d5e348bf3e20
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 137934 1493ea26165b34a841da777ed801ca7a
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 865216 a635390e5772dd30dac70f7aba5e620d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 222022 e37ef7d710800e568d838242d3129725
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 217630 53127602a5df28a5d66fdd11e396c346
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 221782 d3e43cef5b90a7e3aa405a5d167ddfb6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 171632 d9f1c242ffeab1b90850a6ffc78f0148
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 172404 51b40f3e6a486ce372844ad24b83ecf5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 104970 0f281f65023f52f0bea2dc54136b6c57
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 36530 c8c4a7e645fe938da23737602589d08c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 284866 ba3e1b09a14d8e5485561118f6eeefb7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 144554 66d17552fd2385cfdf44c5d55ea583c9
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 811380 c2578ed2a96363e7c5fb268933487ccb
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 212602 aab797ade503fec11a36dbf640e1ef08
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 208354 0a571678c269d1da06787dac56567f1c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 212052 90754ccdcd95e652413426376078d223
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 171634 00fbac613f13f1d1e20470ce42703018
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 172414 65e31d4a009a9663212f8cfcfa492c53
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 94100 95bd6b71a6bc1fceeccbc51d2b913bd2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 36532 b4a7ccf0ba37c70b78a950bacbc4a650
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 268776 5b157a4dd55f533a610bc6c111e9d414
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 131000 dda2d34f2e90e0468b02e261ae2c6afe
Updated packages for Ubuntu 7.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1.diff.gz
Size/MD5: 115896 cbb8201fa61844fe02dcc7c2e1e35cf5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1.dsc
Size/MD5: 1128 77143d282e5fc16d3f1dc327b7a4fd87
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3.orig.tar.gz
Size/MD5: 6342475 f72ffb176e2dc7b322be16508c09f63c
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.3-3.2ubuntu2.1_all.deb
Size/MD5: 2199570 be1a62334680ed00d5f5a4c74113d524
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.3-3.2ubuntu2.1_all.deb
Size/MD5: 272460 eb0d9dce34ef9dd4b940fb98c38e529c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.3-3.2ubuntu2.1_all.deb
Size/MD5: 6672646 b3d11c9f4451f75e4ff17e663999a579
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1_all.deb
Size/MD5: 39090 d2db3ef69d13b4ed76493e189174c304
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_amd64.deb
Size/MD5: 450016 f2726571f028c6f228a73faa1b620f63
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_amd64.deb
Size/MD5: 445732 2f791f5e207e2ed047c4ed36572cea6d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_amd64.deb
Size/MD5: 449602 a67b291ea2270e9c46f8eaecef65f7c6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_amd64.deb
Size/MD5: 403950 bc7a8419daa6c451decbb5640241df32
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_amd64.deb
Size/MD5: 404518 099bb7f53ae885bd7e8157c781c5b50b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_amd64.deb
Size/MD5: 341726 0aed173b3eb2db83ddd6ddb49bab7c4e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_amd64.deb
Size/MD5: 971426 30db1106dfea5106da54d2287c02a380
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_i386.deb
Size/MD5: 433320 03d3aa003bf777f1f1ae9d8f814caac1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_i386.deb
Size/MD5: 429248 e49f5accb8764204a2a759ea8b2dea55
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_i386.deb
Size/MD5: 432706 a3c32680004d3e0b460513d426006bb0
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_i386.deb
Size/MD5: 403964 63c77d5009e715094d21c273b57c04d0
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_i386.deb
Size/MD5: 404530 f4b9eb26fa058eaec8f75ae956cbc852
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_i386.deb
Size/MD5: 340810 e5d63edb8c0f2baccf9a2b072d1c3d74
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_i386.deb
Size/MD5: 929546 828b8224e2540d7bc4e462d5b2b1f8af
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_powerpc.deb
Size/MD5: 451914 b1057076382cb22727fa0bcd202c57dd
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_powerpc.deb
Size/MD5: 447340 44e26684bd3a09f2ed6969d2c540f5ae
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_powerpc.deb
Size/MD5: 451324 2c029a48b2242e1fdf137a6cec3af09d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_powerpc.deb
Size/MD5: 403974 65a11cfaee921517445cf74ed04df701
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_powerpc.deb
Size/MD5: 404538 d27226fdeac7d193651a2cb2bd4b61e8
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_powerpc.deb
Size/MD5: 360936 058bbb5e05afc0ca08805ca71a713a42
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_powerpc.deb
Size/MD5: 1073822 0f9dda867e9131cc5418dd40ec579d38
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_sparc.deb
Size/MD5: 434804 ff6361811108a9be8b45dd255b84c376
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_sparc.deb
Size/MD5: 430968 367e708f82317b657439fc9e70dfb3eb
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_sparc.deb
Size/MD5: 434308 2073137bb138dc52bbace666714f4e14
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_sparc.deb
Size/MD5: 403952 f0ed9c92b917d1749825e64be61d8822
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_sparc.deb
Size/MD5: 404520 fa7ce800de2eb5719c479a7506798b88
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_sparc.deb
Size/MD5: 343774 880faca3543426734431c29de77c3048
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_sparc.deb
Size/MD5: 938534 3e9075d30b9cedd73a936a14b8b84374
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1.diff.gz
Size/MD5: 121669 dd7399c1dacd25d2153af25d3e9c3ea5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1.dsc
Size/MD5: 1241 9b9bd27a1cfe3fc33d63b0b13d345e98
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4.orig.tar.gz
Size/MD5: 6365535 3add41e0b924d4bb53c2dee55a38c09e
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.4-3ubuntu0.1_all.deb
Size/MD5: 2211118 6da81663b251e862bb665d9627271b9f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.4-3ubuntu0.1_all.deb
Size/MD5: 278032 4f8270cff0a532bd059741b366047da9
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.4-3ubuntu0.1_all.deb
Size/MD5: 6700348 b133a1244f39b3f64fdd47cdd4a64480
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1_all.deb
Size/MD5: 42192 3f0351337b9c5d21ceea4b92a3911040
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_amd64.deb
Size/MD5: 456628 d85a3cbc0eef82e845a8327180136469
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_amd64.deb
Size/MD5: 452408 8dd9341af4b538e6c9f8f70faf5fd2f2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_amd64.deb
Size/MD5: 456134 f6bcb10663b0c13cdf68c6d0e83c6342
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_amd64.deb
Size/MD5: 410020 036c44117688999e0eaa7a6cfc1b5a11
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_amd64.deb
Size/MD5: 410604 cbb1e906a74fb2a34f41a3243ffa8010
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_amd64.deb
Size/MD5: 347444 63413a914cb4546704032ab8f7f16a80
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_amd64.deb
Size/MD5: 989366 b0c2d84f421fcb331efcec2a7b0711d1
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_i386.deb
Size/MD5: 439730 46888aaf742cdcc30bcf7983d31c0158
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_i386.deb
Size/MD5: 435354 f3557e1a87154424e9144cf672110e93
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_i386.deb
Size/MD5: 439062 3469e523d93cfc20b71271b1f24daea1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_i386.deb
Size/MD5: 410026 fafeb6f9433f595e1a634505f78d2bd1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_i386.deb
Size/MD5: 410606 29b01db3883e5d12a5992c22cadfbe7a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_i386.deb
Size/MD5: 346490 6581362eebd73d91d1f74ebd9941c890
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_i386.deb
Size/MD5: 944816 a1f598ad168bf49f12f8b0cf08ab7908
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_powerpc.deb
Size/MD5: 458126 f08b8b1f2673fdfcbd849bc913006408
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_powerpc.deb
Size/MD5: 453546 f52c55b92d5b1c42cb4cfcfee774b1bd
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_powerpc.deb
Size/MD5: 457466 f7b948be666100a7f5631cbafe2255dd
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_powerpc.deb
Size/MD5: 410024 3bba352e3a2d8730a23d04fdcea5abd9
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_powerpc.deb
Size/MD5: 410606 b95af66f260d1291e92986790b7d2f0f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_powerpc.deb
Size/MD5: 366550 c2f8906ce78396a240e37c08aa2cc197
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_powerpc.deb
Size/MD5: 1091688 f214016a736f7743a28dfd03e09753e2
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_sparc.deb
Size/MD5: 440954 f1a98acdf576d3e7c9576501f7886d30
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_sparc.deb
Size/MD5: 437166 36b4878e0e9593b5d28c743eb093784a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_sparc.deb
Size/MD5: 440446 46d56f1a8d1b10cc937c8252648a583e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_sparc.deb
Size/MD5: 410028 0c28e9654530a4ecf363d998b78e1fd5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_sparc.deb
Size/MD5: 410608 8e22b403b2315b190263f8ba2c8f98dd
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_sparc.deb
Size/MD5: 349678 fe7ce515de30be0ef1ddf865cae5dd49
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_sparc.deb
Size/MD5: 956316 009e48ea5e94d39830b3e9ba21aa55c8
. Likewise, a similar crash could occur on sites with a forward proxy configured if a user could be persuaded to visit a malicious site using the proxy (CVE-2007-3847).
A flaw in the Apache mod_autoindex module was found. On sites where directory listings are used and the AddDefaultCharset directive was removed from the configuration, a cross-site-scripting attack could be possible against browsers that to not correctly derive the response character set according to the rules in RGC 2616 (CVE-2007-4465).
The updated packages have been patched to correct this issue.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4465
Updated Packages:
Mandriva Linux 2007.0: 9bb73822e8ae92ba87aa8baa21d467d1 2007.0/i586/apache-base-2.2.3-1.2mdv2007.0.i586.rpm 1949631d7fc0f87c91ba5dd9e738e036 2007.0/i586/apache-devel-2.2.3-1.2mdv2007.0.i586.rpm 3fed692d7b2eefe64bdd5f557fb0d838 2007.0/i586/apache-htcacheclean-2.2.3-1.2mdv2007.0.i586.rpm 86b32442b40c9e8ee9ba4bc1def61157 2007.0/i586/apache-mod_authn_dbd-2.2.3-1.2mdv2007.0.i586.rpm a6ca98077bee65a270a7777f6a3f3b60 2007.0/i586/apache-mod_cache-2.2.3-1.2mdv2007.0.i586.rpm 3bf50ab09740de6e718dc38e5320a3f7 2007.0/i586/apache-mod_dav-2.2.3-1.2mdv2007.0.i586.rpm 11e3dde4beab554a1523261979852fee 2007.0/i586/apache-mod_dbd-2.2.3-1.2mdv2007.0.i586.rpm 993926a12a2b5192059961a8bcbf4e2c 2007.0/i586/apache-mod_deflate-2.2.3-1.2mdv2007.0.i586.rpm 8553d309d0b537732375fbf0ab6c3187 2007.0/i586/apache-mod_disk_cache-2.2.3-1.2mdv2007.0.i586.rpm 83a1fce76091ea660989b5b310d545ab 2007.0/i586/apache-mod_file_cache-2.2.3-1.2mdv2007.0.i586.rpm c7799b98922ee0e2f5bd114a3b2f3816 2007.0/i586/apache-mod_ldap-2.2.3-1.2mdv2007.0.i586.rpm b3e79d78c26282b39322910be91cd410 2007.0/i586/apache-mod_mem_cache-2.2.3-1.2mdv2007.0.i586.rpm 6c72e3c58cb10447304328c2f863651a 2007.0/i586/apache-mod_proxy-2.2.3-1.2mdv2007.0.i586.rpm a6d09de71a6b7bf7bb1cafc187777be7 2007.0/i586/apache-mod_proxy_ajp-2.2.3-1.2mdv2007.0.i586.rpm 05eee18af88226fb76766a9b88d843a8 2007.0/i586/apache-mod_ssl-2.2.3-1.2mdv2007.0.i586.rpm c499609426acef2255940cab04a28b5c 2007.0/i586/apache-mod_userdir-2.2.3-1.2mdv2007.0.i586.rpm bcd0563b948d8958de5a8da12e5ecd85 2007.0/i586/apache-modules-2.2.3-1.2mdv2007.0.i586.rpm 5c4777a2db7fd28b233d1bcc1d570a70 2007.0/i586/apache-mpm-prefork-2.2.3-1.2mdv2007.0.i586.rpm fa38945281388cfd4d37d2f98187a0b0 2007.0/i586/apache-mpm-worker-2.2.3-1.2mdv2007.0.i586.rpm 30e14fac38a58a8ab4bf59a6ecb59f9a 2007.0/i586/apache-source-2.2.3-1.2mdv2007.0.i586.rpm 9bf612bc66eff80fe93f34151959eede 2007.0/SRPMS/apache-2.2.3-1.2mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64: 3301ff7aa05c7cb14eecfc82d1d7fe33 2007.0/x86_64/apache-base-2.2.3-1.2mdv2007.0.x86_64.rpm f0f6cc2cc841959558ab0222d975a9cc 2007.0/x86_64/apache-devel-2.2.3-1.2mdv2007.0.x86_64.rpm 7bf4dbf62cd08717fc3704798d0c839d 2007.0/x86_64/apache-htcacheclean-2.2.3-1.2mdv2007.0.x86_64.rpm ecb3772fac317f54303d1d67c2b1c7a2 2007.0/x86_64/apache-mod_authn_dbd-2.2.3-1.2mdv2007.0.x86_64.rpm c6cb91541e0f7a24b337da09ee7eb248 2007.0/x86_64/apache-mod_cache-2.2.3-1.2mdv2007.0.x86_64.rpm f39c5879ff62c5d8dcc41ae73d1ca0cd 2007.0/x86_64/apache-mod_dav-2.2.3-1.2mdv2007.0.x86_64.rpm 562dc2a4e6246fa7dde9986af40ec847 2007.0/x86_64/apache-mod_dbd-2.2.3-1.2mdv2007.0.x86_64.rpm 7be58654d28b2fc0207c3e44370cd118 2007.0/x86_64/apache-mod_deflate-2.2.3-1.2mdv2007.0.x86_64.rpm 6e4314853613d0d9fdd048c8ee96a510 2007.0/x86_64/apache-mod_disk_cache-2.2.3-1.2mdv2007.0.x86_64.rpm 5fd5dc78b84bb5579291d27f626cb660 2007.0/x86_64/apache-mod_file_cache-2.2.3-1.2mdv2007.0.x86_64.rpm d5eecb080611220807820106c24b1e22 2007.0/x86_64/apache-mod_ldap-2.2.3-1.2mdv2007.0.x86_64.rpm bed61f6dcb6311d99fb97225a0b48849 2007.0/x86_64/apache-mod_mem_cache-2.2.3-1.2mdv2007.0.x86_64.rpm f0d3bb15ba884824380ef1cf0bd129b8 2007.0/x86_64/apache-mod_proxy-2.2.3-1.2mdv2007.0.x86_64.rpm 8f8969581110089a51cf506b8566315e 2007.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.2mdv2007.0.x86_64.rpm 1a40d73c8fbbae8868f09ef947407dad 2007.0/x86_64/apache-mod_ssl-2.2.3-1.2mdv2007.0.x86_64.rpm 0cd432c837a9ba4795bda96b1d3cc98c 2007.0/x86_64/apache-mod_userdir-2.2.3-1.2mdv2007.0.x86_64.rpm f05d88bc8f9c163ca787c30e7bd84e52 2007.0/x86_64/apache-modules-2.2.3-1.2mdv2007.0.x86_64.rpm f5431063918c470fa1ccd6e23db4c70d 2007.0/x86_64/apache-mpm-prefork-2.2.3-1.2mdv2007.0.x86_64.rpm 0db10b3a236c2f59a93eb2bc6ee6c35d 2007.0/x86_64/apache-mpm-worker-2.2.3-1.2mdv2007.0.x86_64.rpm 71f52e6e3afba9d1d923cc64291eb98f 2007.0/x86_64/apache-source-2.2.3-1.2mdv2007.0.x86_64.rpm 9bf612bc66eff80fe93f34151959eede 2007.0/SRPMS/apache-2.2.3-1.2mdv2007.0.src.rpm
Mandriva Linux 2007.1: e443a21ce0b058aede2aaf82d12d22f7 2007.1/i586/apache-base-2.2.4-6.3mdv2007.1.i586.rpm 6d17234fb69995d52c012bb22f52bab3 2007.1/i586/apache-devel-2.2.4-6.3mdv2007.1.i586.rpm 6a44621592a2320b6d0e9549eceea6a9 2007.1/i586/apache-htcacheclean-2.2.4-6.3mdv2007.1.i586.rpm d0405211b42d562933cd2f802a4276bc 2007.1/i586/apache-mod_authn_dbd-2.2.4-6.3mdv2007.1.i586.rpm 3fd09fafa06eb4e08ad975f9972f28f8 2007.1/i586/apache-mod_cache-2.2.4-6.3mdv2007.1.i586.rpm d61498465662a9c4a7f77f2dcc9438a7 2007.1/i586/apache-mod_dav-2.2.4-6.3mdv2007.1.i586.rpm fbb6c3ccfd793a8f2b9889ed399d5aad 2007.1/i586/apache-mod_dbd-2.2.4-6.3mdv2007.1.i586.rpm 0e67be9eaacb5f8686acdd95d26b8b47 2007.1/i586/apache-mod_deflate-2.2.4-6.3mdv2007.1.i586.rpm f1a050f23e3bc518b8aecd3c6cd5fd91 2007.1/i586/apache-mod_disk_cache-2.2.4-6.3mdv2007.1.i586.rpm d95079c4a7627fe47d529dbe99549023 2007.1/i586/apache-mod_file_cache-2.2.4-6.3mdv2007.1.i586.rpm b24dcaec7dc26c107ff0962d46c7b3a1 2007.1/i586/apache-mod_ldap-2.2.4-6.3mdv2007.1.i586.rpm 98e97b3bd11ca7939aef2bae47c2c497 2007.1/i586/apache-mod_mem_cache-2.2.4-6.3mdv2007.1.i586.rpm bffefef1346635e79f04d0ae56169ab1 2007.1/i586/apache-mod_proxy-2.2.4-6.3mdv2007.1.i586.rpm 0c5881d9e76e9ae20470a954200465ae 2007.1/i586/apache-mod_proxy_ajp-2.2.4-6.3mdv2007.1.i586.rpm 21f665113f11b4b88330b887254023f8 2007.1/i586/apache-mod_ssl-2.2.4-6.3mdv2007.1.i586.rpm 192801a60a254a58b57e2f1377ce42c4 2007.1/i586/apache-mod_userdir-2.2.4-6.3mdv2007.1.i586.rpm 51fc25858a4ee79d2fd2cfe460c90708 2007.1/i586/apache-modules-2.2.4-6.3mdv2007.1.i586.rpm d6256083a3df248847340d3c14ecb9ff 2007.1/i586/apache-mpm-event-2.2.4-6.3mdv2007.1.i586.rpm 1359ad128d2d7a24d9211cf7f0276e15 2007.1/i586/apache-mpm-itk-2.2.4-6.3mdv2007.1.i586.rpm d65ac7009e90022455c79debf48cdbdb 2007.1/i586/apache-mpm-prefork-2.2.4-6.3mdv2007.1.i586.rpm f1d8883b5e633cbb6e3832e7b3c4a4cb 2007.1/i586/apache-mpm-worker-2.2.4-6.3mdv2007.1.i586.rpm 947251a0ac81cb912bc4c900bb80e6e7 2007.1/i586/apache-source-2.2.4-6.3mdv2007.1.i586.rpm 299d821f2388c0b4eb49992472225564 2007.1/SRPMS/apache-2.2.4-6.3mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64: 444c86d0a5711e30534400781c0cbcf1 2007.1/x86_64/apache-base-2.2.4-6.3mdv2007.1.x86_64.rpm 02514acbf20766b1486389ce4d3e1ed0 2007.1/x86_64/apache-devel-2.2.4-6.3mdv2007.1.x86_64.rpm f6f4126d5a414d7ca686395173aaa3b4 2007.1/x86_64/apache-htcacheclean-2.2.4-6.3mdv2007.1.x86_64.rpm 1a45be10e44347c913d6493a0d3ad25f 2007.1/x86_64/apache-mod_authn_dbd-2.2.4-6.3mdv2007.1.x86_64.rpm 5e6df108e6fb0083ffe96810f41bc9ea 2007.1/x86_64/apache-mod_cache-2.2.4-6.3mdv2007.1.x86_64.rpm 31877eb202cbc9cf0869a3d7bc51b47a 2007.1/x86_64/apache-mod_dav-2.2.4-6.3mdv2007.1.x86_64.rpm 33a4ce4f105fbed60b2cdfc73fd524c6 2007.1/x86_64/apache-mod_dbd-2.2.4-6.3mdv2007.1.x86_64.rpm e093528141ed7cd178ae27743ed4ea69 2007.1/x86_64/apache-mod_deflate-2.2.4-6.3mdv2007.1.x86_64.rpm 697a3930734d4570db3aeadc0aac2032 2007.1/x86_64/apache-mod_disk_cache-2.2.4-6.3mdv2007.1.x86_64.rpm c8a20e21d7b07363c8efc8b23078a5e8 2007.1/x86_64/apache-mod_file_cache-2.2.4-6.3mdv2007.1.x86_64.rpm d42e4f3cc5ca6ac006d3e4bb7a750273 2007.1/x86_64/apache-mod_ldap-2.2.4-6.3mdv2007.1.x86_64.rpm e8fc195d18dbb431257dd816bdfa7845 2007.1/x86_64/apache-mod_mem_cache-2.2.4-6.3mdv2007.1.x86_64.rpm ce7184cd8abf4aa7c98d47a64133c19f 2007.1/x86_64/apache-mod_proxy-2.2.4-6.3mdv2007.1.x86_64.rpm 98957b99a54cb32d6ba055d5f059b7ec 2007.1/x86_64/apache-mod_proxy_ajp-2.2.4-6.3mdv2007.1.x86_64.rpm 17b824837cf63210790e6201154cb94a 2007.1/x86_64/apache-mod_ssl-2.2.4-6.3mdv2007.1.x86_64.rpm 5a2d9f93603eebdde04f8967a07b063d 2007.1/x86_64/apache-mod_userdir-2.2.4-6.3mdv2007.1.x86_64.rpm 44f0ad99c93ae8905a2d32b799dc1520 2007.1/x86_64/apache-modules-2.2.4-6.3mdv2007.1.x86_64.rpm c5c469771e2f25683ddba3f694e28968 2007.1/x86_64/apache-mpm-event-2.2.4-6.3mdv2007.1.x86_64.rpm b691f2e760bdd30c797e46269842a437 2007.1/x86_64/apache-mpm-itk-2.2.4-6.3mdv2007.1.x86_64.rpm fa3551d06a7af5a31a040f90dd215a1d 2007.1/x86_64/apache-mpm-prefork-2.2.4-6.3mdv2007.1.x86_64.rpm 8d2a09ba2b175cd36bbc0dc6dc4c18ea 2007.1/x86_64/apache-mpm-worker-2.2.4-6.3mdv2007.1.x86_64.rpm 7037cb86ca137f40364749a0933b432c 2007.1/x86_64/apache-source-2.2.4-6.3mdv2007.1.x86_64.rpm 299d821f2388c0b4eb49992472225564 2007.1/SRPMS/apache-2.2.4-6.3mdv2007.1.src.rpm
Corporate 3.0: 5bbdb8ac0d8133c1b09d373cbe35f5ea corporate/3.0/i586/apache2-2.0.48-6.15.C30mdk.i586.rpm e14dfcec88913b5245d683502ff684d1 corporate/3.0/i586/apache2-common-2.0.48-6.15.C30mdk.i586.rpm 642b4136b2e2915db59801888b41d1e6 corporate/3.0/i586/apache2-devel-2.0.48-6.15.C30mdk.i586.rpm c8824d8aa09e4917f9b35b1c659b5181 corporate/3.0/i586/apache2-manual-2.0.48-6.15.C30mdk.i586.rpm 09af9e7945caec7163a12be1a14302ee corporate/3.0/i586/apache2-mod_cache-2.0.48-6.15.C30mdk.i586.rpm 374a782a9211ee321f31a4e716d6bb97 corporate/3.0/i586/apache2-mod_dav-2.0.48-6.15.C30mdk.i586.rpm 88a31c94bc077aa0a91f000b839d4b69 corporate/3.0/i586/apache2-mod_deflate-2.0.48-6.15.C30mdk.i586.rpm 8e55a5d1949805b0a6a4f84d571ab4ff corporate/3.0/i586/apache2-mod_disk_cache-2.0.48-6.15.C30mdk.i586.rpm 16b573b8a914ab130ac660cce8bddfdb corporate/3.0/i586/apache2-mod_file_cache-2.0.48-6.15.C30mdk.i586.rpm 68fdee10fc216a354849a6fc5d89e7cf corporate/3.0/i586/apache2-mod_ldap-2.0.48-6.15.C30mdk.i586.rpm 9e75fe104df971a7a707efb0d6735288 corporate/3.0/i586/apache2-mod_mem_cache-2.0.48-6.15.C30mdk.i586.rpm 006f66a419a5f81085bc6fd74e4c1235 corporate/3.0/i586/apache2-mod_proxy-2.0.48-6.15.C30mdk.i586.rpm f0910407a4042202cec58ebdb74127d3 corporate/3.0/i586/apache2-mod_ssl-2.0.48-6.15.C30mdk.i586.rpm 43578ffa09c88aa636c6df329cebe81a corporate/3.0/i586/apache2-modules-2.0.48-6.15.C30mdk.i586.rpm c5c8b21b0bbc8e57f81baa317ccba3f3 corporate/3.0/i586/apache2-source-2.0.48-6.15.C30mdk.i586.rpm f38fcbb77b956304d63d36ad7b003b05 corporate/3.0/i586/libapr0-2.0.48-6.15.C30mdk.i586.rpm aab66cf8d305132c45dfa6b8b5fced4d corporate/3.0/SRPMS/apache2-2.0.48-6.15.C30mdk.src.rpm
Corporate 3.0/X86_64: 52f3a65b7c0e82d517e66d4b176aa33e corporate/3.0/x86_64/apache2-2.0.48-6.15.C30mdk.x86_64.rpm b54119aca1142e9e9a848cbc18f2a5d0 corporate/3.0/x86_64/apache2-common-2.0.48-6.15.C30mdk.x86_64.rpm e5ac1fdacf86a8214105cc13d3c439aa corporate/3.0/x86_64/apache2-devel-2.0.48-6.15.C30mdk.x86_64.rpm 1bc73ab39962a806585f1c669b8c1f7e corporate/3.0/x86_64/apache2-manual-2.0.48-6.15.C30mdk.x86_64.rpm 87af39a3721856a710383cd51815fbaf corporate/3.0/x86_64/apache2-mod_cache-2.0.48-6.15.C30mdk.x86_64.rpm c03c3c1774c1baafaf44a4bb17ca74c6 corporate/3.0/x86_64/apache2-mod_dav-2.0.48-6.15.C30mdk.x86_64.rpm 0ef802c1187c979d48db6ae4672fb21b corporate/3.0/x86_64/apache2-mod_deflate-2.0.48-6.15.C30mdk.x86_64.rpm c7d6772332baffc85fd1472e018f5546 corporate/3.0/x86_64/apache2-mod_disk_cache-2.0.48-6.15.C30mdk.x86_64.rpm 45965308167632623ff93de397d4041d corporate/3.0/x86_64/apache2-mod_file_cache-2.0.48-6.15.C30mdk.x86_64.rpm 17e2a48cc23d7983351706745c7cd553 corporate/3.0/x86_64/apache2-mod_ldap-2.0.48-6.15.C30mdk.x86_64.rpm 5b047d484852dd9a2000028d8dcfb7e6 corporate/3.0/x86_64/apache2-mod_mem_cache-2.0.48-6.15.C30mdk.x86_64.rpm a5f32074ec310263bc03648b81d44173 corporate/3.0/x86_64/apache2-mod_proxy-2.0.48-6.15.C30mdk.x86_64.rpm 79c4a90fa0ab3bfa8dbe9b12daeff4cd corporate/3.0/x86_64/apache2-mod_ssl-2.0.48-6.15.C30mdk.x86_64.rpm 15af8e5591d5ff99f5c157a0c01d4174 corporate/3.0/x86_64/apache2-modules-2.0.48-6.15.C30mdk.x86_64.rpm 462316c74fff690d2e98116ddf614d54 corporate/3.0/x86_64/apache2-source-2.0.48-6.15.C30mdk.x86_64.rpm 20553b85bf243e5986af1a3551549ed8 corporate/3.0/x86_64/lib64apr0-2.0.48-6.15.C30mdk.x86_64.rpm aab66cf8d305132c45dfa6b8b5fced4d corporate/3.0/SRPMS/apache2-2.0.48-6.15.C30mdk.src.rpm
Corporate 4.0: 7d50fe1ac32dec6c4d57dd850950bdb1 corporate/4.0/i586/apache-base-2.2.3-1.2.20060mlcs4.i586.rpm 775785cf1a22f45a64d800fdfcc4a8bc corporate/4.0/i586/apache-devel-2.2.3-1.2.20060mlcs4.i586.rpm 79b64bb1793933f1c8b83e7eee2d4cfa corporate/4.0/i586/apache-htcacheclean-2.2.3-1.2.20060mlcs4.i586.rpm eac03081a34897376d542b7032dd03c2 corporate/4.0/i586/apache-mod_authn_dbd-2.2.3-1.2.20060mlcs4.i586.rpm 2c223bb1645aadfba8e6d1d6a2c8756c corporate/4.0/i586/apache-mod_cache-2.2.3-1.2.20060mlcs4.i586.rpm e4c4c07473f9644fc146e2f4d9ce95c8 corporate/4.0/i586/apache-mod_dav-2.2.3-1.2.20060mlcs4.i586.rpm 13f85bc068b14e497873c6028520580a corporate/4.0/i586/apache-mod_dbd-2.2.3-1.2.20060mlcs4.i586.rpm aaa52a86e4a6d3e5322fa140edc5535a corporate/4.0/i586/apache-mod_deflate-2.2.3-1.2.20060mlcs4.i586.rpm 574e07826a89f78883f2cfb3ca224e8c corporate/4.0/i586/apache-mod_disk_cache-2.2.3-1.2.20060mlcs4.i586.rpm 451efb60480fd0680b6c4f955c46ccf4 corporate/4.0/i586/apache-mod_file_cache-2.2.3-1.2.20060mlcs4.i586.rpm 73fa350b85ea63a5b3f69d8d387474aa corporate/4.0/i586/apache-mod_ldap-2.2.3-1.2.20060mlcs4.i586.rpm d2364f995210cdbbe324df10d49bef98 corporate/4.0/i586/apache-mod_mem_cache-2.2.3-1.2.20060mlcs4.i586.rpm 145b17e675a42bed7b3a8c5ee883cf45 corporate/4.0/i586/apache-mod_proxy-2.2.3-1.2.20060mlcs4.i586.rpm 92b82835be476736295c15954f2a9eb6 corporate/4.0/i586/apache-mod_proxy_ajp-2.2.3-1.2.20060mlcs4.i586.rpm 0dd6c7df0e3ea475b6b2d50ef4aa5ac0 corporate/4.0/i586/apache-mod_ssl-2.2.3-1.2.20060mlcs4.i586.rpm d579208689ec9a72a599bf3510bdf942 corporate/4.0/i586/apache-mod_userdir-2.2.3-1.2.20060mlcs4.i586.rpm 6fd43dfcfc649c8bcd4692ba9ebeee07 corporate/4.0/i586/apache-modules-2.2.3-1.2.20060mlcs4.i586.rpm 9fbf1dde58f17e3f0f29a8c3f1e1b6b6 corporate/4.0/i586/apache-mpm-prefork-2.2.3-1.2.20060mlcs4.i586.rpm 72f26a52381b68a8bbc6e2fcc9c0ac8c corporate/4.0/i586/apache-mpm-worker-2.2.3-1.2.20060mlcs4.i586.rpm 99a935e7047a27043159b6555d3444c7 corporate/4.0/i586/apache-source-2.2.3-1.2.20060mlcs4.i586.rpm 07d86b59ebeb3596997f6c3a64242d45 corporate/4.0/SRPMS/apache-2.2.3-1.2.20060mlcs4.src.rpm
Corporate 4.0/X86_64: 35a789ac173ed3cc0dda52270a194bad corporate/4.0/x86_64/apache-base-2.2.3-1.2.20060mlcs4.x86_64.rpm e9df753a94dfb136780651ac743e50eb corporate/4.0/x86_64/apache-devel-2.2.3-1.2.20060mlcs4.x86_64.rpm 3964c83541baaf5af0ccc828282a1954 corporate/4.0/x86_64/apache-htcacheclean-2.2.3-1.2.20060mlcs4.x86_64.rpm 554ea610010d5f361bcc87d75d8d0f6f corporate/4.0/x86_64/apache-mod_authn_dbd-2.2.3-1.2.20060mlcs4.x86_64.rpm 051c20e0f062d50a01c51ebad7dcb96d corporate/4.0/x86_64/apache-mod_cache-2.2.3-1.2.20060mlcs4.x86_64.rpm 59a05bd258ba6b4729238885d2fc0273 corporate/4.0/x86_64/apache-mod_dav-2.2.3-1.2.20060mlcs4.x86_64.rpm ceb391b54796f3ea763b81c5085da16c corporate/4.0/x86_64/apache-mod_dbd-2.2.3-1.2.20060mlcs4.x86_64.rpm 307726e1c4dfcca90093c19e3d17f504 corporate/4.0/x86_64/apache-mod_deflate-2.2.3-1.2.20060mlcs4.x86_64.rpm 1500f6520843c6604192e4a621d5b9f1 corporate/4.0/x86_64/apache-mod_disk_cache-2.2.3-1.2.20060mlcs4.x86_64.rpm e0ac5eb68e21253d33928fa28f0acb25 corporate/4.0/x86_64/apache-mod_file_cache-2.2.3-1.2.20060mlcs4.x86_64.rpm 21c68fdaf26b13ed2177bf458979df1e corporate/4.0/x86_64/apache-mod_ldap-2.2.3-1.2.20060mlcs4.x86_64.rpm 28ef0171caf2d11cca8fe4f0bf2473db corporate/4.0/x86_64/apache-mod_mem_cache-2.2.3-1.2.20060mlcs4.x86_64.rpm 019893e83acbfb730f79a8eb364ea042 corporate/4.0/x86_64/apache-mod_proxy-2.2.3-1.2.20060mlcs4.x86_64.rpm 202b1fc0dd2d9364530abbbb13f799b0 corporate/4.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.2.20060mlcs4.x86_64.rpm 5cd3084106482b3f01b41cd716c702b8 corporate/4.0/x86_64/apache-mod_ssl-2.2.3-1.2.20060mlcs4.x86_64.rpm 6a18ec0935144ead6f037f41e852a892 corporate/4.0/x86_64/apache-mod_userdir-2.2.3-1.2.20060mlcs4.x86_64.rpm 622bb60b53fb48aef1b5a7fc94be3298 corporate/4.0/x86_64/apache-modules-2.2.3-1.2.20060mlcs4.x86_64.rpm f573d1aef5f29f14f8764fce5ea31a1d corporate/4.0/x86_64/apache-mpm-prefork-2.2.3-1.2.20060mlcs4.x86_64.rpm 842d5d6ef1c73fcb0b41b9ff18a75960 corporate/4.0/x86_64/apache-mpm-worker-2.2.3-1.2.20060mlcs4.x86_64.rpm 1cae994b8a6fb2d2aa9a803d7bb3178d corporate/4.0/x86_64/apache-source-2.2.3-1.2.20060mlcs4.x86_64.rpm 07d86b59ebeb3596997f6c3a64242d45 corporate/4.0/SRPMS/apache-2.2.3-1.2.20060mlcs4.src.rpm
Multi Network Firewall 2.0: 463f2a0de557bfcf7ae0655e5381b22f mnf/2.0/i586/apache2-2.0.48-6.16.M20mdk.i586.rpm 56117551a5480c85920263bcefb32c09 mnf/2.0/i586/apache2-common-2.0.48-6.16.M20mdk.i586.rpm c7496b0bb82f802cd8d17819ee1308bc mnf/2.0/i586/apache2-devel-2.0.48-6.16.M20mdk.i586.rpm 6be15ca61d9a7cc4cc4c7e4e55c4ffd1 mnf/2.0/i586/apache2-manual-2.0.48-6.16.M20mdk.i586.rpm 766a15298990769f14e5ad00745b9c7f mnf/2.0/i586/apache2-mod_cache-2.0.48-6.16.M20mdk.i586.rpm 21d7b83f3e1b80874c5c007c6659c470 mnf/2.0/i586/apache2-mod_dav-2.0.48-6.16.M20mdk.i586.rpm 417055a9758a47db50fcd7ec0a7d4047 mnf/2.0/i586/apache2-mod_deflate-2.0.48-6.16.M20mdk.i586.rpm 90d4aa462e8edf12c52216fa4eeac6a1 mnf/2.0/i586/apache2-mod_disk_cache-2.0.48-6.16.M20mdk.i586.rpm fbeb5bc02ada67198541cb4e1c2b1b27 mnf/2.0/i586/apache2-mod_file_cache-2.0.48-6.16.M20mdk.i586.rpm 0f2e617217d9f418182ca89bab9703f0 mnf/2.0/i586/apache2-mod_ldap-2.0.48-6.16.M20mdk.i586.rpm 50e9dc2b73be1f0f3a45ca7da1adbcbf mnf/2.0/i586/apache2-mod_mem_cache-2.0.48-6.16.M20mdk.i586.rpm 8352541a45d2c76ab840ca6f4b070ffb mnf/2.0/i586/apache2-mod_proxy-2.0.48-6.16.M20mdk.i586.rpm 5744f88c6e59f26418f1f3f531f30734 mnf/2.0/i586/apache2-mod_ssl-2.0.48-6.16.M20mdk.i586.rpm 874dc6a00a02630401f7efeadc93935e mnf/2.0/i586/apache2-modules-2.0.48-6.16.M20mdk.i586.rpm efbd0f5ac6f292474d29f83d36bf86eb mnf/2.0/i586/apache2-source-2.0.48-6.16.M20mdk.i586.rpm 15bd1fcd65bd487b6fd5bba0a8ec530d mnf/2.0/i586/libapr0-2.0.48-6.16.M20mdk.i586.rpm 0e6b7bac08407b02457479763d27e885 mnf/2.0/SRPMS/apache2-2.0.48-6.16.M20mdk.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01756421 Version: 1
HPSBUX02431 SSRT090085 rev.1 - HP-UX Running Apache Web Server Suite, Remote Denial of Service (DoS), Execution of Arbitrary Code
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2009-06-29 Last Updated: 2009-06-25
Potential Security Impact: Remote Denial of Service (DoS), execution of arbitrary code
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX running Apache-based Web Server or Tomcat-based Servelet Engine. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS), or execution of arbitrary code.
References: CVE-2007-4465, CVE-2008-0005, CVE-2008-0599, CVE-2008-2168, CVE-2008-2371, CVE-2008-2665, CVE-2008-2666, CVE-2008-2829, CVE-2008-3659, CVE-2008-3660, CVE-2008-5498, CVE-2008-5557, CVE-2008-5624, CVE-2008-5625, CVE-2008-5658. HP-UX B.11.23 and B.11.31 running Apache-based Web Server v2.2.8.03 or v2.0.59.09 or earlier or Tomcat-based Servelet Engine v5.5.27.01 or earlier HP-UX B.11.11 running Apache-based Web Server v2.0.59.09 or earlier or Tomcat-based Servelet Engine v5.5.27.01 or earlier
BACKGROUND
=============================================== Reference Base Vector Base Score CVE-nnnn-nnnn (AV:x/AC:x/Au:x/C:x/I:x/A:x) x.x =============================================== CVE-2007-4465 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-0005 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-0599 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2008-2168 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-2371 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2008-2665 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2008-2666 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2008-2829 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2008-3659 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4 CVE-2008-3660 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2008-5498 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2008-5557 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2008-5624 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2008-5625 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2008-5658 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 ===============================================
Information on CVSS is documented in HP Customer Notice: HPSN-2008-002.
RESOLUTION
HP has provided the following upgrades to resolve these vulnerabilities. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
For Web Server v3.05 HP-UX B.11.23 ================== hpuxws22APCH32.APACHE hpuxws22APCH32.APACHE2 hpuxws22APCH32.AUTH_LDAP hpuxws22APCH32.AUTH_LDAP2 hpuxws22APCH32.MOD_JK hpuxws22APCH32.MOD_JK2 hpuxws22APCH32.MOD_PERL hpuxws22APCH32.MOD_PERL2 hpuxws22APCH32.PHP hpuxws22APCH32.PHP2 hpuxws22APCH32.WEBPROXY hpuxws22APCH32.WEBPROXY2 hpuxws22TOMCAT.TOMCAT action: install revision B.2.2.8.04 or subsequent URL: http://software.hp.com
HP-UX B.11.31
hpuxws22APACHE.APACHE hpuxws22APACHE.APACHE2 hpuxws22APACHE.AUTH_LDAP hpuxws22APACHE.AUTH_LDAP2 hpuxws22APACHE.MOD_JK hpuxws22APACHE.MOD_JK2 hpuxws22APACHE.MOD_PERL hpuxws22APACHE.MOD_PERL2 hpuxws22APACHE.PHP hpuxws22APACHE.PHP2 hpuxws22APACHE.WEBPROXY hpuxws22APACHE.WEBPROXY2 hpuxws22TOMCAT.TOMCAT action: install revision B.2.2.8.04 or subsequent URL: http://software.hp.com
Web Server v2.25 HP-UX B.11.11 ================== hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY hpuxwsTOMCAT.TOMCAT action: install revision B.2.0.59.10 or subsequent URL: http://software.hp.com
HP-UX B.11.23
hpuxwsAPCH32.APACHE hpuxwsAPCH32.APACHE2 hpuxwsAPCH32.AUTH_LDAP hpuxwsAPCH32.AUTH_LDAP2 hpuxwsAPCH32.MOD_JK hpuxwsAPCH32.MOD_JK2 hpuxwsAPCH32.MOD_PERL hpuxwsAPCH32.MOD_PERL2 hpuxwsAPCH32.PHP hpuxwsAPCH32.PHP2 hpuxwsAPCH32.WEBPROXY hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE .WEBPROXY hpuxwsTOMCAT.TOMCAT action: install revision B.2.0.59.10 or subsequent URL: http://software.hp.com
HP-UX B.11.31
hpuxwsAPCH32.APACHE hpuxwsAPCH32.APACHE2 hpuxwsAPCH32.AUTH_LDAP hpuxwsAPCH32.AUTH_LDAP2 hpuxwsAPCH32.MOD_JK hpuxwsAPCH32.MOD_JK2 hpuxwsAPCH32.MOD_PERL hpuxwsAPCH32.MOD_PERL2 hpuxwsAPCH32.PHP hpuxwsAPCH32.PHP2 hpuxwsAPCH32.WEBPROXY hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY hpuxwsTOMCAT.TOMCAT action: install revision B.2.0.59.10 or subsequent URL: http://software.hp.com
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) 29 June 2009 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
- The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
\xa9Copyright 2009 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
[Apache2 Undefined Charset UTF-7 XSS Vulnerability ]
Author: SecurityReason Maksymilian Arciemowicz (cXIb8O3)
Date: - - Written: 08.08.2007 - - Public: 11.09.2007
SecurityReason Research SecurityAlert Id: 46
CVE: CVE-2007-4465 SecurityRisk: Low
Affected Software: Apache 2.x (mod_autoindex) Advisory URL: http://securityreason.com/achievement_securityalert/46 Vendor: http://httpd.apache.org
- --- 0.Description ---
The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT. The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards.
Apache has been the most popular web server on the Internet since April 1996. The November 2005 Netcraft Web Server Survey found that more than 70% of the web sites on the Internet are using Apache, thus making it more widely used than all other web servers combined.
- --- 1. Apache2 XSS Undefined Charset UTF-7 XSS Vulnerability ---
The XSS(UTF7) exist in mod_autoindex.c . Charset is not defined and we can provide XSS attack using "P" option available in apache 2.2.4 by setting Charset to UTF-7.
"P=pattern lists only files matching the given pattern"
More : http://httpd.apache.org/docs/2.0/mod/mod_autoindex.html
- -Source code from mod_autoindex.c--------------
if APR_HAS_UNICODE_FS
ap_set_content_type(r, "text/html;charset=utf-8");
else
ap_set_content_type(r, "text/html");
endif
- -Source code from mod_autoindex.c--------------
if APR_HAS_UNICODE_FS is set to 1 then we have defined charset and this is present on Windows systems . But on on unix , linux systems the charset is not definded.
- --- EXAMPLE 1 ---
telnet localhost 80
Trying 127.0.0.1... Connected to localhost. Escape character is '^]'
GET /icons/ http/1.1 Host: localhost Content-type: text/html Keep-Alive: 300 Connection: keep-alive
HTTP/1.1 200 OK Date: Thu, 09 Aug 2007 01:01:48 GMT Server: Apache/1.3.29 (Unix) PHP/5.1.6 with Suhosin-Patch mod_ssl/2.8.16 OpenSSL/0.9.7j Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html
Index of /icons
... - --- EXAMPLE 1 --- - --- EXAMPLE 2 --- # telnet httpd.apache.org 80 Trying 140.211.11.130... Connected to httpd.apache.org. Escape character is '^]'. GET /icons/ http/1.1 Host: httpd.apache.org Content-type: text/html Keep-Alive: 300 Connection: keep-alive HTTP/1.1 200 OK Date: Wed, 08 Aug 2007 23:06:26 GMT Server: Apache/2.3.0-dev (Unix) Vary: Accept-Encoding Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/htmlIndex of /icons
... - --- EXAMPLE 2 --- Any request to folder /icons don't give charset in main header and in section. In requests like 400 404 etc charset is defined (standard UTF8). For example : - --- EXAMPLE 3 (400) --- # telnet 127.0.0.1 80 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. GET /%0 HTTP/1.1 Host: localhost HTTP/1.1 400 Bad Request Date: Thu, 09 Aug 2007 13:13:32 GMT Server: Apache/1.3.29 (Unix) PHP/5.1.6 with Suhosin-Patch mod_ssl/2.8.16 OpenSSL/0.9.7j Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1 ... - --- EXAMPLE 3 --- - --- EXAMPLE 4 (404) --- # telnet 127.0.0.1 80 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. GET /noex HTTP/1.1 Host: localhost HTTP/1.1 404 Not Found Date: Thu, 09 Aug 2007 13:14:48 GMT Server: Apache/1.3.29 (Unix) PHP/5.1.6 with Suhosin-Patch mod_ssl/2.8.16 OpenSSL/0.9.7j Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1 ... - --- EXAMPLE 4 --- Any request from family 4xx is defined with charset. Because it is possible put the text to site (like wrong patch) in 404. Main idea was that, anybody can't put any text to this site with folder. And it was good idea, but in apache 2.x exist option "P". Like: http://localhost/icons/?P=[Filter] Any value gived to this variable is displayed in html text. For example : http://localhost/icons/?P=Hallo - --- HTML --------Name - ----------------- - --- 2. Exploit --- SecurityReason is not going to release a exploit to the general public. Exploit was provided and tested for Apache Team . - --- 3. How to fix --- Update to Apache 2.2.6 http://www.apache.org/dist/httpd/CHANGES_2.2.6 - --- mod_autoindex: Add in Type and Charset options to IndexOptions directive. This allows the admin to explicitly set the content-type and charset of the generated page and is therefore a viable workaround for buggy browsers affected by CVE-2007-4465 (cve.mitre.org). [Jim Jagielski] - --- - --- 4. Greets --- For: sp3x, Infospec, p_e_a - --- 5. Contact --- Author: SecurityReason [ Maksymilian Arciemowicz ( cXIb8O3 ) ] Email: cxib [at] securityreason [dot] com GPG: http://securityreason.pl/key/Arciemowicz.Maksymilian.gpg http://securityreason.com http://securityreason.pl -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (OpenBSD) iD8DBQFG6F0A3Ke13X/fTO4RAg49AJ9ZYTCR02BWOxInIA0qybXBagnu4wCdFvlo MGWmxpeZzSTbVKnHIP5M+2o= =BrVf -----END PGP SIGNATURE----- Show details on source website
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200709-0495", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "server", "scope": "eq", "trust": 1.1, "vendor": "turbolinux", "version": "11" }, { "model": "personal", "scope": null, "trust": 1.1, "vendor": "turbolinux", "version": null }, { "model": "appliance server", "scope": "eq", "trust": 1.1, "vendor": "turbolinux", "version": "2.0" }, { "model": "multimedia", "scope": null, "trust": 1.1, "vendor": "turbolinux", "version": null }, { "model": "http server", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "2.2.0" }, { "model": "http server", "scope": "lt", "trust": 1.0, "vendor": "apache", "version": "2.2.6" }, { "model": "http server", "scope": "lt", "trust": 1.0, "vendor": "apache", "version": "2.0.61" }, { "model": "http server", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "2.0.0" }, { "model": "http server", "scope": "lte", "trust": 0.8, "vendor": "apache", "version": "2.0.60" }, { "model": "http server", "scope": "lte", "trust": 0.8, "vendor": "apache", "version": "2.2.5" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.4.11" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "2.0" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "2.1" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "3 (x86)" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "3 (x86-64)" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "3.0" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "3.0 (x86-64)" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "4.0" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "4.0 (x86-64)" }, { "model": "interstage application framework suite", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage apworks", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage business application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage job workload server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage studio", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage web server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker resource coordinator", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard l p", "version": "11.11" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard l p", "version": "11.23" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard l p", "version": "11.31" }, { "model": "web server", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "enterprise" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard" }, { "model": "ucosminexus service", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "platform" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "2.1 (as)" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "2.1 (es)" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "2.1 (ws)" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "3 (as)" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "3 (es)" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "3 (ws)" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4 (as)" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4 (es)" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4 (ws)" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (server)" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "3.0" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4.0" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5.0 (client)" }, { "model": "linux advanced workstation", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "2.1" }, { "model": "rhel desktop workstation", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (client)" }, { "model": "appliance server", "scope": "eq", "trust": 0.8, "vendor": "turbolinux", "version": "1.0 (hosting)" }, { "model": "appliance server", "scope": "eq", "trust": 0.8, "vendor": "turbolinux", "version": "1.0 (workgroup)" }, { "model": "fuji", "scope": null, "trust": 0.8, "vendor": "turbolinux", "version": null }, { "model": "server", "scope": "eq", "trust": 0.8, "vendor": "turbolinux", "version": "10" }, { "model": "server", "scope": "eq", "trust": 0.8, "vendor": "turbolinux", "version": "10 (x64)" }, { "model": "server", "scope": "eq", "trust": 0.8, "vendor": "turbolinux", "version": "11 (x64)" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.0.40" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.0.45" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.0.41" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.2.2" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.2.3" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.2" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.0.42" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.0.44" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.0.43" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.2.1" }, { "model": "interstage job workload server", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.1" }, { "model": "fedora core7", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2007.0" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.49" }, { "model": "2.2.5-dev", "scope": null, "trust": 0.3, "vendor": "apache", "version": null }, { "model": "interstage studio enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "certificate server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7.3" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.3" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.35" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0.1" }, { "model": "multi network firewall", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "2.0" }, { "model": "hp-ux b.11.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "enterprise linux ws", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2.1" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage apworks modelers-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "server", "scope": "eq", "trust": 0.3, "vendor": "turbolinux", "version": "11x64" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.50" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0.1" }, { "model": "interstage application server plus developer", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "-dev", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.56" }, { "model": "corporate server x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "4.0" }, { "model": "linux lts powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.06" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.39" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.10" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.32" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1" }, { "model": "ccs", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1.2" }, { "model": "enterprise linux es", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "enterprise linux es", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "3" }, { "model": "linux enterprise sdk 10.sp1", "scope": null, "trust": 0.3, "vendor": "suse", "version": null }, { "model": "appliance server hosting edition", "scope": "eq", "trust": 0.3, "vendor": "turbolinux", "version": "1.0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.51" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "7.04" }, { "model": "ccs", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1.1" }, { "model": "interstage studio enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2007.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.1" }, { "model": "advanced workstation for the itanium processor", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2.1" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.2" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "novell linux desktop sdk", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "9.0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.5" }, { "model": "enterprise linux desktop client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "7.04" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0.1" }, { "model": "red hat network satellite server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.11" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.2" }, { "model": "application stack", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "v20" }, { "model": "enterprise linux ws ia64", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2.1" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.53" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.3" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.06" }, { "model": "interstage application server plus developer", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0.1" }, { "model": "messaging storage server mm3.0", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.43" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "interstage apworks modelers-j edition 6.0a", "scope": null, "trust": 0.3, "vendor": "fujitsu", "version": null }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.47" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.10" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.2" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.55" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.10" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.7" }, { "model": "linux personal", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.1" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.06" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.37" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2007.1" }, { "model": "interstage application server standard edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.10" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.1" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "enterprise linux es", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2.1" }, { "model": "linux professional oss", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.0" }, { "model": "linux enterprise server sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.2" }, { "model": "fuji", "scope": "eq", "trust": 0.3, "vendor": "turbolinux", "version": "0" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2007.0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0.1" }, { "model": "linux personal oss", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.0" }, { "model": "corporate server x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "3.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "7.10" }, { "model": "interstage apworks modelers-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "application stack for enterprise linux as", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "v14" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.1" }, { "model": "linux lts sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.06" }, { "model": "corporate server", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "4.0" }, { "model": "appliance server workgroup edition", "scope": "eq", "trust": 0.3, "vendor": "turbolinux", "version": "1.0" }, { "model": "advanced workstation for the itanium processor ia64", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2.1" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.48" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.45" }, { "model": "communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.0" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "7.10" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1.1" }, { "model": "linux professional", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.1" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.38" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server web-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5" }, { "model": "2.0.61-dev", "scope": null, "trust": 0.3, "vendor": "apache", "version": null }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.46" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.2" }, { "model": "interstage application server plus developer", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1" }, { "model": "server", "scope": "eq", "trust": 0.3, "vendor": "turbolinux", "version": "10.0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.44" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "beta", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.28" }, { "model": "enterprise linux as ia64", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2.1" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.40" }, { "model": "communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1" }, { "model": "application stack for enterprise linux es", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "v14" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "novell linux pos", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "9" }, { "model": "message networking mn", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.3" }, { "model": "enterprise linux as", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "enterprise linux as", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "3" }, { "model": "linux enterprise server", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "9" }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "fedora core6", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "open-enterprise-server", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.4" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1.3" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.6" }, { "model": "ccs", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "a9", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0" }, { "model": "novell linux desktop", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "9.0" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "7.10" }, { "model": "interstage application server enterprise edition a", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.2" }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2" }, { "model": "enterprise linux ws", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "enterprise linux ws", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "3" }, { "model": "desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "3.0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.58" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.54" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "7.10" }, { "model": "enterprise linux desktop workstation client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.42" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.8" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.28" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.52" }, { "model": "intuity audix lx", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.4" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0.1" }, { "model": "apache", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": "2.2.6" }, { "model": "corporate server", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "3.0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.36" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "7.04" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.41" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1.4" }, { "model": "2.0.60-dev", "scope": null, "trust": 0.3, "vendor": "apache", "version": null }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.2" }, { "model": "server", "scope": "eq", "trust": 0.3, "vendor": "turbolinux", "version": "10.0.0x64" }, { "model": "enterprise linux es ia64", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2.1" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "enterprise linux as", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.11" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.59" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "7.04" } ], "sources": [ { "db": "BID", "id": "25653" }, { "db": "JVNDB", "id": "JVNDB-2007-001022" }, { "db": "CNNVD", "id": "CNNVD-200709-166" }, { "db": "NVD", "id": "CVE-2007-4465" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:apache:http_server", "vulnerable": true }, { "cpe22Uri": "cpe:/o:apple:mac_os_x_server", "vulnerable": true }, { "cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_framework_suite", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_apworks", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_job_workload_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_studio", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_web_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_resource_coordinator", "vulnerable": true }, { "cpe22Uri": "cpe:/o:hp:hp-ux", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:hitachi_web_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_service", "vulnerable": true }, { "cpe22Uri": "cpe:/o:redhat:enterprise_linux", "vulnerable": true }, { "cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop", "vulnerable": true }, { "cpe22Uri": "cpe:/o:redhat:linux_advanced_workstation", "vulnerable": true }, { "cpe22Uri": "cpe:/o:redhat:rhel_desktop_workstation", "vulnerable": true }, { "cpe22Uri": "cpe:/o:turbolinux:turbolinux_appliance_server", "vulnerable": true }, { "cpe22Uri": "cpe:/o:turbolinux:turbolinux_fuji", "vulnerable": true }, { "cpe22Uri": "cpe:/o:turbolinux:turbolinux_multimedia", "vulnerable": true }, { "cpe22Uri": "cpe:/o:turbolinux:turbolinux_personal", "vulnerable": true }, { "cpe22Uri": "cpe:/o:turbolinux:turbolinux_server", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2007-001022" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Maksymilian Arciemowicz is credited with the discovery of this vulnerability.", "sources": [ { "db": "CNNVD", "id": "CNNVD-200709-166" } ], "trust": 0.6 }, "cve": "CVE-2007-4465", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "CVE-2007-4465", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2007-4465", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2007-4465", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-200709-166", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2007-4465", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2007-4465" }, { "db": "JVNDB", "id": "JVNDB-2007-001022" }, { "db": "CNNVD", "id": "CNNVD-200709-166" }, { "db": "NVD", "id": "CVE-2007-4465" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection. The mod_autoindex.c module in Apache HTTP Server is vulnerable to a cross-site scripting attack. This issue stems from a lack of a defined charset on certain generated pages. \nWeb pages generated by the affected source code may be prone to a cross-site scripting issue. \nVersions prior to Apache 2.2.6 are affected. \nNOTE: Reports indicate that this issue does not occur when the application is running on Windows operating systems. =========================================================== \nUbuntu Security Notice USN-575-1 February 04, 2008\napache2 vulnerabilities\nCVE-2006-3918, CVE-2007-3847, CVE-2007-4465, CVE-2007-5000,\nCVE-2007-6388, CVE-2007-6421, CVE-2007-6422, CVE-2008-0005\n===========================================================\n\nA security issue affects the following Ubuntu releases:\n\nUbuntu 6.06 LTS\nUbuntu 6.10\nUbuntu 7.04\nUbuntu 7.10\n\nThis advisory also applies to the corresponding versions of\nKubuntu, Edubuntu, and Xubuntu. \n\nThe problem can be corrected by upgrading your system to the\nfollowing package versions:\n\nUbuntu 6.06 LTS:\n apache2-mpm-perchild 2.0.55-4ubuntu2.3\n apache2-mpm-prefork 2.0.55-4ubuntu2.3\n apache2-mpm-worker 2.0.55-4ubuntu2.3\n\nUbuntu 6.10:\n apache2-mpm-perchild 2.0.55-4ubuntu4.2\n apache2-mpm-prefork 2.0.55-4ubuntu4.2\n apache2-mpm-worker 2.0.55-4ubuntu4.2\n\nUbuntu 7.04:\n apache2-mpm-event 2.2.3-3.2ubuntu2.1\n apache2-mpm-perchild 2.2.3-3.2ubuntu2.1\n apache2-mpm-prefork 2.2.3-3.2ubuntu2.1\n apache2-mpm-worker 2.2.3-3.2ubuntu2.1\n\nUbuntu 7.10:\n apache2-mpm-event 2.2.4-3ubuntu0.1\n apache2-mpm-perchild 2.2.4-3ubuntu0.1\n apache2-mpm-prefork 2.2.4-3ubuntu0.1\n apache2-mpm-worker 2.2.4-3ubuntu0.1\n\nIn general, a standard system upgrade is sufficient to effect the\nnecessary changes. \n\nDetails follow:\n\nIt was discovered that Apache did not sanitize the Expect header from\nan HTTP request when it is reflected back in an error message, which\ncould result in browsers becoming vulnerable to cross-site scripting\nattacks when processing the output. With cross-site scripting\nvulnerabilities, if a user were tricked into viewing server output\nduring a crafted server request, a remote attacker could exploit this\nto modify the contents, or steal confidential data (such as passwords),\nwithin the same domain. This was only vulnerable in Ubuntu 6.06. \n(CVE-2006-3918)\n\nIt was discovered that when configured as a proxy server and using a\nthreaded MPM, Apache did not properly sanitize its input. A remote\nattacker could send Apache crafted date headers and cause a denial of\nservice via application crash. By default, mod_proxy is disabled in\nUbuntu. (CVE-2007-3847)\n\nIt was discovered that mod_autoindex did not force a character set,\nwhich could result in browsers becoming vulnerable to cross-site\nscripting attacks when processing the output. (CVE-2007-4465)\n\nIt was discovered that mod_imap/mod_imagemap did not force a\ncharacter set, which could result in browsers becoming vulnerable\nto cross-site scripting attacks when processing the output. By\ndefault, mod_imap/mod_imagemap is disabled in Ubuntu. By default, mod_status is\ndisabled in Ubuntu. (CVE-2007-6388)\n\nIt was discovered that mod_proxy_balancer did not sanitize its input,\nwhich could result in browsers becoming vulnerable to cross-site\nscripting attacks when processing the output. By default,\nmod_proxy_balancer is disabled in Ubuntu. This was only vulnerable\nin Ubuntu 7.04 and 7.10. (CVE-2007-6421)\n\nIt was discovered that mod_proxy_balancer could be made to\ndereference a NULL pointer. By\ndefault, mod_proxy_balancer is disabled in Ubuntu. This was only\nvulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-6422)\n\nIt was discovered that mod_proxy_ftp did not force a character set,\nwhich could result in browsers becoming vulnerable to cross-site\nscripting attacks when processing the output. By default,\nmod_proxy_ftp is disabled in Ubuntu. (CVE-2008-0005)\n\n\nUpdated packages for Ubuntu 6.06 LTS:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3.diff.gz\n Size/MD5: 121305 10359a467847b63f8d6603081450fece\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3.dsc\n Size/MD5: 1148 923d0e3dcb5afba32a130aed96ac7214\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz\n Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.3_all.deb\n Size/MD5: 2124588 2befe634f0a889cc2241772f2a7d7164\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 832842 032c077cfeb6ffbc3989c54c27cb729a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 228206 771457a0b555eef325be270e1c22c0c2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 223236 77988570570b779ebf92fcc3dc7dc198\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 227904 945d30797a27c7ac28a96d9c1793b80d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 171402 3b7567107864cf36953e7911a4851738\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 172186 85a591ea061cbc727fc261b046781502\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 94240 b80027348754c493312269f7410b38fe\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 36228 2821ca9410c9cd287e756f05b0f6930c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 285664 76f4879738a0a788414316581ac2010b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 144250 3cd8327429958569a306257da57e8be0\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 786052 7bdddb451607eeb2abb9706641675397\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 202862 a88456a5949fe1da4ad3f6c969d3a886\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 198746 aa72459cae4f5765ccd1b58d275961bc\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 202338 13bbe75f89aeedb6dec9be929528df48\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 171408 34209e19f6ef01cb08aa75c1b3045495\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 172176 4521336ea6f4d87391ee96d70b79f887\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 92182 d8a3310073c017cdc7d3ffd1046a50cf\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 36220 0ae71bd4efdd0fb325864f46ba4f16e7\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 261736 476e8d909e279fac698baf9cf0d62300\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 132160 3efb3c11dd844fbc429eff5818dcdae2\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 859014 a8c42d748bfd616f6a6f1bbbf2224205\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 220254 84f7c2678fbab6b303361d32f1a741a8\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 215932 bee4a6e00371117203647fd3a311658a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 219800 aaf4968deba24912e4981f35a367a086\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 171410 a15c13c0a2ec49e805f9ae83e5db4ae7\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 172198 4e411b4b16daab9a0ddc9ea3651f448d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 103940 dca02b7f5bc6848fa1dc8aa530f04910\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 36222 619ee3ea1064d11a02de092690bfb1e1\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 281280 9325dbc26f57d76254ceca78bee4cff2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 141398 668d7fb9dd196e82601ca6d43a326813\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 803242 120feec10c0dcc370894e2a3bdcd399b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 210668 062841f2fd30c07ff1f5b101a7c1e196\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 206266 35b3b9d4b34844b01576ca7963b5edda\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 209954 4f99e4d02fc93222cb541edb09358b79\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 171404 bd728a86c1a8984d60caeee35da0c451\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 172184 1794886b8aca59cf28cbe28d853f42ae\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 93282 1ae6def788c74750d79055784c0d8006\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 36230 5f1d8e4d19324674a1f5748601431758\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 267832 96c149638daeb993250b18c9f4285abf\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 130082 7a62f71e679a233ca118cb9813ffd3e3\n\nUpdated packages for Ubuntu 6.10:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2.diff.gz\n Size/MD5: 121671 775c3b2d53630ddfb4386cbfdb954861\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2.dsc\n Size/MD5: 1148 a5dd357e0bef2dc308656c6c0af5ca1c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz\n Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu4.2_all.deb\n Size/MD5: 2124902 baf4147b4e4d939a08f20c8ac987abf7\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 836086 e04fced4fc1efd4a192a4016f679bc38\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 227790 27c558402837f9d4c85315dcdde2f4e1\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 222698 a33ef1566dcd4793b0aa633435e8ee44\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 227296 4b3c5e771574d858dd655a9e0a7a5d8c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 171640 bd8fbcd40f5431e6688156ba4b17e960\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 172412 0520836bca78eb64bc97d4a8cc481487\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 94518 8b35759996e50046eca8154ebc63fc1f\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 36530 1b08b4418ff0f7ba90940433116cf6d8\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 286876 1426b92819b56ff892483acedfdea4c6\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 145340 109c93408c5197be50960cce80c23b7c\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 806640 81e91910683454a4b2444e0ce8e929bc\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 209996 27440ecbe836673f63ae1773e238eb65\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 206098 e77a4b69c1c456f4ca6c03d9105d8552\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 209552 8a23207211e54b138d5a87c15c097908\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 171636 07616e459905bad152a8669c8f670436\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 172408 69300678b2f8b908f90a91de325c7ee2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 93558 d47cdad1593a7332507c7d0388effbf4\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 36532 47800e58ec26a1389005b8120ad3ca3e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 266728 65cd78808f959d9e73a4d5e348bf3e20\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 137934 1493ea26165b34a841da777ed801ca7a\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 865216 a635390e5772dd30dac70f7aba5e620d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 222022 e37ef7d710800e568d838242d3129725\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 217630 53127602a5df28a5d66fdd11e396c346\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 221782 d3e43cef5b90a7e3aa405a5d167ddfb6\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 171632 d9f1c242ffeab1b90850a6ffc78f0148\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 172404 51b40f3e6a486ce372844ad24b83ecf5\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 104970 0f281f65023f52f0bea2dc54136b6c57\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 36530 c8c4a7e645fe938da23737602589d08c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 284866 ba3e1b09a14d8e5485561118f6eeefb7\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 144554 66d17552fd2385cfdf44c5d55ea583c9\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 811380 c2578ed2a96363e7c5fb268933487ccb\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 212602 aab797ade503fec11a36dbf640e1ef08\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 208354 0a571678c269d1da06787dac56567f1c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 212052 90754ccdcd95e652413426376078d223\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 171634 00fbac613f13f1d1e20470ce42703018\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 172414 65e31d4a009a9663212f8cfcfa492c53\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 94100 95bd6b71a6bc1fceeccbc51d2b913bd2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 36532 b4a7ccf0ba37c70b78a950bacbc4a650\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 268776 5b157a4dd55f533a610bc6c111e9d414\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 131000 dda2d34f2e90e0468b02e261ae2c6afe\n\nUpdated packages for Ubuntu 7.04:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1.diff.gz\n Size/MD5: 115896 cbb8201fa61844fe02dcc7c2e1e35cf5\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1.dsc\n Size/MD5: 1128 77143d282e5fc16d3f1dc327b7a4fd87\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3.orig.tar.gz\n Size/MD5: 6342475 f72ffb176e2dc7b322be16508c09f63c\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.3-3.2ubuntu2.1_all.deb\n Size/MD5: 2199570 be1a62334680ed00d5f5a4c74113d524\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.3-3.2ubuntu2.1_all.deb\n Size/MD5: 272460 eb0d9dce34ef9dd4b940fb98c38e529c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.3-3.2ubuntu2.1_all.deb\n Size/MD5: 6672646 b3d11c9f4451f75e4ff17e663999a579\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1_all.deb\n Size/MD5: 39090 d2db3ef69d13b4ed76493e189174c304\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_amd64.deb\n Size/MD5: 450016 f2726571f028c6f228a73faa1b620f63\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_amd64.deb\n Size/MD5: 445732 2f791f5e207e2ed047c4ed36572cea6d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_amd64.deb\n Size/MD5: 449602 a67b291ea2270e9c46f8eaecef65f7c6\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_amd64.deb\n Size/MD5: 403950 bc7a8419daa6c451decbb5640241df32\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_amd64.deb\n Size/MD5: 404518 099bb7f53ae885bd7e8157c781c5b50b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_amd64.deb\n Size/MD5: 341726 0aed173b3eb2db83ddd6ddb49bab7c4e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_amd64.deb\n Size/MD5: 971426 30db1106dfea5106da54d2287c02a380\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_i386.deb\n Size/MD5: 433320 03d3aa003bf777f1f1ae9d8f814caac1\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_i386.deb\n Size/MD5: 429248 e49f5accb8764204a2a759ea8b2dea55\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_i386.deb\n Size/MD5: 432706 a3c32680004d3e0b460513d426006bb0\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_i386.deb\n Size/MD5: 403964 63c77d5009e715094d21c273b57c04d0\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_i386.deb\n Size/MD5: 404530 f4b9eb26fa058eaec8f75ae956cbc852\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_i386.deb\n Size/MD5: 340810 e5d63edb8c0f2baccf9a2b072d1c3d74\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_i386.deb\n Size/MD5: 929546 828b8224e2540d7bc4e462d5b2b1f8af\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_powerpc.deb\n Size/MD5: 451914 b1057076382cb22727fa0bcd202c57dd\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_powerpc.deb\n Size/MD5: 447340 44e26684bd3a09f2ed6969d2c540f5ae\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_powerpc.deb\n Size/MD5: 451324 2c029a48b2242e1fdf137a6cec3af09d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_powerpc.deb\n Size/MD5: 403974 65a11cfaee921517445cf74ed04df701\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_powerpc.deb\n Size/MD5: 404538 d27226fdeac7d193651a2cb2bd4b61e8\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_powerpc.deb\n Size/MD5: 360936 058bbb5e05afc0ca08805ca71a713a42\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_powerpc.deb\n Size/MD5: 1073822 0f9dda867e9131cc5418dd40ec579d38\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_sparc.deb\n Size/MD5: 434804 ff6361811108a9be8b45dd255b84c376\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_sparc.deb\n Size/MD5: 430968 367e708f82317b657439fc9e70dfb3eb\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_sparc.deb\n Size/MD5: 434308 2073137bb138dc52bbace666714f4e14\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_sparc.deb\n Size/MD5: 403952 f0ed9c92b917d1749825e64be61d8822\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_sparc.deb\n Size/MD5: 404520 fa7ce800de2eb5719c479a7506798b88\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_sparc.deb\n Size/MD5: 343774 880faca3543426734431c29de77c3048\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_sparc.deb\n Size/MD5: 938534 3e9075d30b9cedd73a936a14b8b84374\n\nUpdated packages for Ubuntu 7.10:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1.diff.gz\n Size/MD5: 121669 dd7399c1dacd25d2153af25d3e9c3ea5\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1.dsc\n Size/MD5: 1241 9b9bd27a1cfe3fc33d63b0b13d345e98\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4.orig.tar.gz\n Size/MD5: 6365535 3add41e0b924d4bb53c2dee55a38c09e\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.4-3ubuntu0.1_all.deb\n Size/MD5: 2211118 6da81663b251e862bb665d9627271b9f\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.4-3ubuntu0.1_all.deb\n Size/MD5: 278032 4f8270cff0a532bd059741b366047da9\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.4-3ubuntu0.1_all.deb\n Size/MD5: 6700348 b133a1244f39b3f64fdd47cdd4a64480\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1_all.deb\n Size/MD5: 42192 3f0351337b9c5d21ceea4b92a3911040\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_amd64.deb\n Size/MD5: 456628 d85a3cbc0eef82e845a8327180136469\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_amd64.deb\n Size/MD5: 452408 8dd9341af4b538e6c9f8f70faf5fd2f2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_amd64.deb\n Size/MD5: 456134 f6bcb10663b0c13cdf68c6d0e83c6342\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_amd64.deb\n Size/MD5: 410020 036c44117688999e0eaa7a6cfc1b5a11\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_amd64.deb\n Size/MD5: 410604 cbb1e906a74fb2a34f41a3243ffa8010\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_amd64.deb\n Size/MD5: 347444 63413a914cb4546704032ab8f7f16a80\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_amd64.deb\n Size/MD5: 989366 b0c2d84f421fcb331efcec2a7b0711d1\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_i386.deb\n Size/MD5: 439730 46888aaf742cdcc30bcf7983d31c0158\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_i386.deb\n Size/MD5: 435354 f3557e1a87154424e9144cf672110e93\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_i386.deb\n Size/MD5: 439062 3469e523d93cfc20b71271b1f24daea1\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_i386.deb\n Size/MD5: 410026 fafeb6f9433f595e1a634505f78d2bd1\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_i386.deb\n Size/MD5: 410606 29b01db3883e5d12a5992c22cadfbe7a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_i386.deb\n Size/MD5: 346490 6581362eebd73d91d1f74ebd9941c890\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_i386.deb\n Size/MD5: 944816 a1f598ad168bf49f12f8b0cf08ab7908\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_powerpc.deb\n Size/MD5: 458126 f08b8b1f2673fdfcbd849bc913006408\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_powerpc.deb\n Size/MD5: 453546 f52c55b92d5b1c42cb4cfcfee774b1bd\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_powerpc.deb\n Size/MD5: 457466 f7b948be666100a7f5631cbafe2255dd\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_powerpc.deb\n Size/MD5: 410024 3bba352e3a2d8730a23d04fdcea5abd9\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_powerpc.deb\n Size/MD5: 410606 b95af66f260d1291e92986790b7d2f0f\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_powerpc.deb\n Size/MD5: 366550 c2f8906ce78396a240e37c08aa2cc197\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_powerpc.deb\n Size/MD5: 1091688 f214016a736f7743a28dfd03e09753e2\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_sparc.deb\n Size/MD5: 440954 f1a98acdf576d3e7c9576501f7886d30\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_sparc.deb\n Size/MD5: 437166 36b4878e0e9593b5d28c743eb093784a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_sparc.deb\n Size/MD5: 440446 46d56f1a8d1b10cc937c8252648a583e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_sparc.deb\n Size/MD5: 410028 0c28e9654530a4ecf363d998b78e1fd5\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_sparc.deb\n Size/MD5: 410608 8e22b403b2315b190263f8ba2c8f98dd\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_sparc.deb\n Size/MD5: 349678 fe7ce515de30be0ef1ddf865cae5dd49\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_sparc.deb\n Size/MD5: 956316 009e48ea5e94d39830b3e9ba21aa55c8\n\n. Likewise, a similar crash\n could occur on sites with a forward proxy configured if a user could\n be persuaded to visit a malicious site using the proxy (CVE-2007-3847). \n \n A flaw in the Apache mod_autoindex module was found. On sites where\n directory listings are used and the AddDefaultCharset directive was\n removed from the configuration, a cross-site-scripting attack could\n be possible against browsers that to not correctly derive the response\n character set according to the rules in RGC 2616 (CVE-2007-4465). \n \n The updated packages have been patched to correct this issue. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4465\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2007.0:\n 9bb73822e8ae92ba87aa8baa21d467d1 2007.0/i586/apache-base-2.2.3-1.2mdv2007.0.i586.rpm\n 1949631d7fc0f87c91ba5dd9e738e036 2007.0/i586/apache-devel-2.2.3-1.2mdv2007.0.i586.rpm\n 3fed692d7b2eefe64bdd5f557fb0d838 2007.0/i586/apache-htcacheclean-2.2.3-1.2mdv2007.0.i586.rpm\n 86b32442b40c9e8ee9ba4bc1def61157 2007.0/i586/apache-mod_authn_dbd-2.2.3-1.2mdv2007.0.i586.rpm\n a6ca98077bee65a270a7777f6a3f3b60 2007.0/i586/apache-mod_cache-2.2.3-1.2mdv2007.0.i586.rpm\n 3bf50ab09740de6e718dc38e5320a3f7 2007.0/i586/apache-mod_dav-2.2.3-1.2mdv2007.0.i586.rpm\n 11e3dde4beab554a1523261979852fee 2007.0/i586/apache-mod_dbd-2.2.3-1.2mdv2007.0.i586.rpm\n 993926a12a2b5192059961a8bcbf4e2c 2007.0/i586/apache-mod_deflate-2.2.3-1.2mdv2007.0.i586.rpm\n 8553d309d0b537732375fbf0ab6c3187 2007.0/i586/apache-mod_disk_cache-2.2.3-1.2mdv2007.0.i586.rpm\n 83a1fce76091ea660989b5b310d545ab 2007.0/i586/apache-mod_file_cache-2.2.3-1.2mdv2007.0.i586.rpm\n c7799b98922ee0e2f5bd114a3b2f3816 2007.0/i586/apache-mod_ldap-2.2.3-1.2mdv2007.0.i586.rpm\n b3e79d78c26282b39322910be91cd410 2007.0/i586/apache-mod_mem_cache-2.2.3-1.2mdv2007.0.i586.rpm\n 6c72e3c58cb10447304328c2f863651a 2007.0/i586/apache-mod_proxy-2.2.3-1.2mdv2007.0.i586.rpm\n a6d09de71a6b7bf7bb1cafc187777be7 2007.0/i586/apache-mod_proxy_ajp-2.2.3-1.2mdv2007.0.i586.rpm\n 05eee18af88226fb76766a9b88d843a8 2007.0/i586/apache-mod_ssl-2.2.3-1.2mdv2007.0.i586.rpm\n c499609426acef2255940cab04a28b5c 2007.0/i586/apache-mod_userdir-2.2.3-1.2mdv2007.0.i586.rpm\n bcd0563b948d8958de5a8da12e5ecd85 2007.0/i586/apache-modules-2.2.3-1.2mdv2007.0.i586.rpm\n 5c4777a2db7fd28b233d1bcc1d570a70 2007.0/i586/apache-mpm-prefork-2.2.3-1.2mdv2007.0.i586.rpm\n fa38945281388cfd4d37d2f98187a0b0 2007.0/i586/apache-mpm-worker-2.2.3-1.2mdv2007.0.i586.rpm\n 30e14fac38a58a8ab4bf59a6ecb59f9a 2007.0/i586/apache-source-2.2.3-1.2mdv2007.0.i586.rpm \n 9bf612bc66eff80fe93f34151959eede 2007.0/SRPMS/apache-2.2.3-1.2mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n 3301ff7aa05c7cb14eecfc82d1d7fe33 2007.0/x86_64/apache-base-2.2.3-1.2mdv2007.0.x86_64.rpm\n f0f6cc2cc841959558ab0222d975a9cc 2007.0/x86_64/apache-devel-2.2.3-1.2mdv2007.0.x86_64.rpm\n 7bf4dbf62cd08717fc3704798d0c839d 2007.0/x86_64/apache-htcacheclean-2.2.3-1.2mdv2007.0.x86_64.rpm\n ecb3772fac317f54303d1d67c2b1c7a2 2007.0/x86_64/apache-mod_authn_dbd-2.2.3-1.2mdv2007.0.x86_64.rpm\n c6cb91541e0f7a24b337da09ee7eb248 2007.0/x86_64/apache-mod_cache-2.2.3-1.2mdv2007.0.x86_64.rpm\n f39c5879ff62c5d8dcc41ae73d1ca0cd 2007.0/x86_64/apache-mod_dav-2.2.3-1.2mdv2007.0.x86_64.rpm\n 562dc2a4e6246fa7dde9986af40ec847 2007.0/x86_64/apache-mod_dbd-2.2.3-1.2mdv2007.0.x86_64.rpm\n 7be58654d28b2fc0207c3e44370cd118 2007.0/x86_64/apache-mod_deflate-2.2.3-1.2mdv2007.0.x86_64.rpm\n 6e4314853613d0d9fdd048c8ee96a510 2007.0/x86_64/apache-mod_disk_cache-2.2.3-1.2mdv2007.0.x86_64.rpm\n 5fd5dc78b84bb5579291d27f626cb660 2007.0/x86_64/apache-mod_file_cache-2.2.3-1.2mdv2007.0.x86_64.rpm\n d5eecb080611220807820106c24b1e22 2007.0/x86_64/apache-mod_ldap-2.2.3-1.2mdv2007.0.x86_64.rpm\n bed61f6dcb6311d99fb97225a0b48849 2007.0/x86_64/apache-mod_mem_cache-2.2.3-1.2mdv2007.0.x86_64.rpm\n f0d3bb15ba884824380ef1cf0bd129b8 2007.0/x86_64/apache-mod_proxy-2.2.3-1.2mdv2007.0.x86_64.rpm\n 8f8969581110089a51cf506b8566315e 2007.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.2mdv2007.0.x86_64.rpm\n 1a40d73c8fbbae8868f09ef947407dad 2007.0/x86_64/apache-mod_ssl-2.2.3-1.2mdv2007.0.x86_64.rpm\n 0cd432c837a9ba4795bda96b1d3cc98c 2007.0/x86_64/apache-mod_userdir-2.2.3-1.2mdv2007.0.x86_64.rpm\n f05d88bc8f9c163ca787c30e7bd84e52 2007.0/x86_64/apache-modules-2.2.3-1.2mdv2007.0.x86_64.rpm\n f5431063918c470fa1ccd6e23db4c70d 2007.0/x86_64/apache-mpm-prefork-2.2.3-1.2mdv2007.0.x86_64.rpm\n 0db10b3a236c2f59a93eb2bc6ee6c35d 2007.0/x86_64/apache-mpm-worker-2.2.3-1.2mdv2007.0.x86_64.rpm\n 71f52e6e3afba9d1d923cc64291eb98f 2007.0/x86_64/apache-source-2.2.3-1.2mdv2007.0.x86_64.rpm \n 9bf612bc66eff80fe93f34151959eede 2007.0/SRPMS/apache-2.2.3-1.2mdv2007.0.src.rpm\n\n Mandriva Linux 2007.1:\n e443a21ce0b058aede2aaf82d12d22f7 2007.1/i586/apache-base-2.2.4-6.3mdv2007.1.i586.rpm\n 6d17234fb69995d52c012bb22f52bab3 2007.1/i586/apache-devel-2.2.4-6.3mdv2007.1.i586.rpm\n 6a44621592a2320b6d0e9549eceea6a9 2007.1/i586/apache-htcacheclean-2.2.4-6.3mdv2007.1.i586.rpm\n d0405211b42d562933cd2f802a4276bc 2007.1/i586/apache-mod_authn_dbd-2.2.4-6.3mdv2007.1.i586.rpm\n 3fd09fafa06eb4e08ad975f9972f28f8 2007.1/i586/apache-mod_cache-2.2.4-6.3mdv2007.1.i586.rpm\n d61498465662a9c4a7f77f2dcc9438a7 2007.1/i586/apache-mod_dav-2.2.4-6.3mdv2007.1.i586.rpm\n fbb6c3ccfd793a8f2b9889ed399d5aad 2007.1/i586/apache-mod_dbd-2.2.4-6.3mdv2007.1.i586.rpm\n 0e67be9eaacb5f8686acdd95d26b8b47 2007.1/i586/apache-mod_deflate-2.2.4-6.3mdv2007.1.i586.rpm\n f1a050f23e3bc518b8aecd3c6cd5fd91 2007.1/i586/apache-mod_disk_cache-2.2.4-6.3mdv2007.1.i586.rpm\n d95079c4a7627fe47d529dbe99549023 2007.1/i586/apache-mod_file_cache-2.2.4-6.3mdv2007.1.i586.rpm\n b24dcaec7dc26c107ff0962d46c7b3a1 2007.1/i586/apache-mod_ldap-2.2.4-6.3mdv2007.1.i586.rpm\n 98e97b3bd11ca7939aef2bae47c2c497 2007.1/i586/apache-mod_mem_cache-2.2.4-6.3mdv2007.1.i586.rpm\n bffefef1346635e79f04d0ae56169ab1 2007.1/i586/apache-mod_proxy-2.2.4-6.3mdv2007.1.i586.rpm\n 0c5881d9e76e9ae20470a954200465ae 2007.1/i586/apache-mod_proxy_ajp-2.2.4-6.3mdv2007.1.i586.rpm\n 21f665113f11b4b88330b887254023f8 2007.1/i586/apache-mod_ssl-2.2.4-6.3mdv2007.1.i586.rpm\n 192801a60a254a58b57e2f1377ce42c4 2007.1/i586/apache-mod_userdir-2.2.4-6.3mdv2007.1.i586.rpm\n 51fc25858a4ee79d2fd2cfe460c90708 2007.1/i586/apache-modules-2.2.4-6.3mdv2007.1.i586.rpm\n d6256083a3df248847340d3c14ecb9ff 2007.1/i586/apache-mpm-event-2.2.4-6.3mdv2007.1.i586.rpm\n 1359ad128d2d7a24d9211cf7f0276e15 2007.1/i586/apache-mpm-itk-2.2.4-6.3mdv2007.1.i586.rpm\n d65ac7009e90022455c79debf48cdbdb 2007.1/i586/apache-mpm-prefork-2.2.4-6.3mdv2007.1.i586.rpm\n f1d8883b5e633cbb6e3832e7b3c4a4cb 2007.1/i586/apache-mpm-worker-2.2.4-6.3mdv2007.1.i586.rpm\n 947251a0ac81cb912bc4c900bb80e6e7 2007.1/i586/apache-source-2.2.4-6.3mdv2007.1.i586.rpm \n 299d821f2388c0b4eb49992472225564 2007.1/SRPMS/apache-2.2.4-6.3mdv2007.1.src.rpm\n\n Mandriva Linux 2007.1/X86_64:\n 444c86d0a5711e30534400781c0cbcf1 2007.1/x86_64/apache-base-2.2.4-6.3mdv2007.1.x86_64.rpm\n 02514acbf20766b1486389ce4d3e1ed0 2007.1/x86_64/apache-devel-2.2.4-6.3mdv2007.1.x86_64.rpm\n f6f4126d5a414d7ca686395173aaa3b4 2007.1/x86_64/apache-htcacheclean-2.2.4-6.3mdv2007.1.x86_64.rpm\n 1a45be10e44347c913d6493a0d3ad25f 2007.1/x86_64/apache-mod_authn_dbd-2.2.4-6.3mdv2007.1.x86_64.rpm\n 5e6df108e6fb0083ffe96810f41bc9ea 2007.1/x86_64/apache-mod_cache-2.2.4-6.3mdv2007.1.x86_64.rpm\n 31877eb202cbc9cf0869a3d7bc51b47a 2007.1/x86_64/apache-mod_dav-2.2.4-6.3mdv2007.1.x86_64.rpm\n 33a4ce4f105fbed60b2cdfc73fd524c6 2007.1/x86_64/apache-mod_dbd-2.2.4-6.3mdv2007.1.x86_64.rpm\n e093528141ed7cd178ae27743ed4ea69 2007.1/x86_64/apache-mod_deflate-2.2.4-6.3mdv2007.1.x86_64.rpm\n 697a3930734d4570db3aeadc0aac2032 2007.1/x86_64/apache-mod_disk_cache-2.2.4-6.3mdv2007.1.x86_64.rpm\n c8a20e21d7b07363c8efc8b23078a5e8 2007.1/x86_64/apache-mod_file_cache-2.2.4-6.3mdv2007.1.x86_64.rpm\n d42e4f3cc5ca6ac006d3e4bb7a750273 2007.1/x86_64/apache-mod_ldap-2.2.4-6.3mdv2007.1.x86_64.rpm\n e8fc195d18dbb431257dd816bdfa7845 2007.1/x86_64/apache-mod_mem_cache-2.2.4-6.3mdv2007.1.x86_64.rpm\n ce7184cd8abf4aa7c98d47a64133c19f 2007.1/x86_64/apache-mod_proxy-2.2.4-6.3mdv2007.1.x86_64.rpm\n 98957b99a54cb32d6ba055d5f059b7ec 2007.1/x86_64/apache-mod_proxy_ajp-2.2.4-6.3mdv2007.1.x86_64.rpm\n 17b824837cf63210790e6201154cb94a 2007.1/x86_64/apache-mod_ssl-2.2.4-6.3mdv2007.1.x86_64.rpm\n 5a2d9f93603eebdde04f8967a07b063d 2007.1/x86_64/apache-mod_userdir-2.2.4-6.3mdv2007.1.x86_64.rpm\n 44f0ad99c93ae8905a2d32b799dc1520 2007.1/x86_64/apache-modules-2.2.4-6.3mdv2007.1.x86_64.rpm\n c5c469771e2f25683ddba3f694e28968 2007.1/x86_64/apache-mpm-event-2.2.4-6.3mdv2007.1.x86_64.rpm\n b691f2e760bdd30c797e46269842a437 2007.1/x86_64/apache-mpm-itk-2.2.4-6.3mdv2007.1.x86_64.rpm\n fa3551d06a7af5a31a040f90dd215a1d 2007.1/x86_64/apache-mpm-prefork-2.2.4-6.3mdv2007.1.x86_64.rpm\n 8d2a09ba2b175cd36bbc0dc6dc4c18ea 2007.1/x86_64/apache-mpm-worker-2.2.4-6.3mdv2007.1.x86_64.rpm\n 7037cb86ca137f40364749a0933b432c 2007.1/x86_64/apache-source-2.2.4-6.3mdv2007.1.x86_64.rpm \n 299d821f2388c0b4eb49992472225564 2007.1/SRPMS/apache-2.2.4-6.3mdv2007.1.src.rpm\n\n Corporate 3.0:\n 5bbdb8ac0d8133c1b09d373cbe35f5ea corporate/3.0/i586/apache2-2.0.48-6.15.C30mdk.i586.rpm\n e14dfcec88913b5245d683502ff684d1 corporate/3.0/i586/apache2-common-2.0.48-6.15.C30mdk.i586.rpm\n 642b4136b2e2915db59801888b41d1e6 corporate/3.0/i586/apache2-devel-2.0.48-6.15.C30mdk.i586.rpm\n c8824d8aa09e4917f9b35b1c659b5181 corporate/3.0/i586/apache2-manual-2.0.48-6.15.C30mdk.i586.rpm\n 09af9e7945caec7163a12be1a14302ee corporate/3.0/i586/apache2-mod_cache-2.0.48-6.15.C30mdk.i586.rpm\n 374a782a9211ee321f31a4e716d6bb97 corporate/3.0/i586/apache2-mod_dav-2.0.48-6.15.C30mdk.i586.rpm\n 88a31c94bc077aa0a91f000b839d4b69 corporate/3.0/i586/apache2-mod_deflate-2.0.48-6.15.C30mdk.i586.rpm\n 8e55a5d1949805b0a6a4f84d571ab4ff corporate/3.0/i586/apache2-mod_disk_cache-2.0.48-6.15.C30mdk.i586.rpm\n 16b573b8a914ab130ac660cce8bddfdb corporate/3.0/i586/apache2-mod_file_cache-2.0.48-6.15.C30mdk.i586.rpm\n 68fdee10fc216a354849a6fc5d89e7cf corporate/3.0/i586/apache2-mod_ldap-2.0.48-6.15.C30mdk.i586.rpm\n 9e75fe104df971a7a707efb0d6735288 corporate/3.0/i586/apache2-mod_mem_cache-2.0.48-6.15.C30mdk.i586.rpm\n 006f66a419a5f81085bc6fd74e4c1235 corporate/3.0/i586/apache2-mod_proxy-2.0.48-6.15.C30mdk.i586.rpm\n f0910407a4042202cec58ebdb74127d3 corporate/3.0/i586/apache2-mod_ssl-2.0.48-6.15.C30mdk.i586.rpm\n 43578ffa09c88aa636c6df329cebe81a corporate/3.0/i586/apache2-modules-2.0.48-6.15.C30mdk.i586.rpm\n c5c8b21b0bbc8e57f81baa317ccba3f3 corporate/3.0/i586/apache2-source-2.0.48-6.15.C30mdk.i586.rpm\n f38fcbb77b956304d63d36ad7b003b05 corporate/3.0/i586/libapr0-2.0.48-6.15.C30mdk.i586.rpm \n aab66cf8d305132c45dfa6b8b5fced4d corporate/3.0/SRPMS/apache2-2.0.48-6.15.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n 52f3a65b7c0e82d517e66d4b176aa33e corporate/3.0/x86_64/apache2-2.0.48-6.15.C30mdk.x86_64.rpm\n b54119aca1142e9e9a848cbc18f2a5d0 corporate/3.0/x86_64/apache2-common-2.0.48-6.15.C30mdk.x86_64.rpm\n e5ac1fdacf86a8214105cc13d3c439aa corporate/3.0/x86_64/apache2-devel-2.0.48-6.15.C30mdk.x86_64.rpm\n 1bc73ab39962a806585f1c669b8c1f7e corporate/3.0/x86_64/apache2-manual-2.0.48-6.15.C30mdk.x86_64.rpm\n 87af39a3721856a710383cd51815fbaf corporate/3.0/x86_64/apache2-mod_cache-2.0.48-6.15.C30mdk.x86_64.rpm\n c03c3c1774c1baafaf44a4bb17ca74c6 corporate/3.0/x86_64/apache2-mod_dav-2.0.48-6.15.C30mdk.x86_64.rpm\n 0ef802c1187c979d48db6ae4672fb21b corporate/3.0/x86_64/apache2-mod_deflate-2.0.48-6.15.C30mdk.x86_64.rpm\n c7d6772332baffc85fd1472e018f5546 corporate/3.0/x86_64/apache2-mod_disk_cache-2.0.48-6.15.C30mdk.x86_64.rpm\n 45965308167632623ff93de397d4041d corporate/3.0/x86_64/apache2-mod_file_cache-2.0.48-6.15.C30mdk.x86_64.rpm\n 17e2a48cc23d7983351706745c7cd553 corporate/3.0/x86_64/apache2-mod_ldap-2.0.48-6.15.C30mdk.x86_64.rpm\n 5b047d484852dd9a2000028d8dcfb7e6 corporate/3.0/x86_64/apache2-mod_mem_cache-2.0.48-6.15.C30mdk.x86_64.rpm\n a5f32074ec310263bc03648b81d44173 corporate/3.0/x86_64/apache2-mod_proxy-2.0.48-6.15.C30mdk.x86_64.rpm\n 79c4a90fa0ab3bfa8dbe9b12daeff4cd corporate/3.0/x86_64/apache2-mod_ssl-2.0.48-6.15.C30mdk.x86_64.rpm\n 15af8e5591d5ff99f5c157a0c01d4174 corporate/3.0/x86_64/apache2-modules-2.0.48-6.15.C30mdk.x86_64.rpm\n 462316c74fff690d2e98116ddf614d54 corporate/3.0/x86_64/apache2-source-2.0.48-6.15.C30mdk.x86_64.rpm\n 20553b85bf243e5986af1a3551549ed8 corporate/3.0/x86_64/lib64apr0-2.0.48-6.15.C30mdk.x86_64.rpm \n aab66cf8d305132c45dfa6b8b5fced4d corporate/3.0/SRPMS/apache2-2.0.48-6.15.C30mdk.src.rpm\n\n Corporate 4.0:\n 7d50fe1ac32dec6c4d57dd850950bdb1 corporate/4.0/i586/apache-base-2.2.3-1.2.20060mlcs4.i586.rpm\n 775785cf1a22f45a64d800fdfcc4a8bc corporate/4.0/i586/apache-devel-2.2.3-1.2.20060mlcs4.i586.rpm\n 79b64bb1793933f1c8b83e7eee2d4cfa corporate/4.0/i586/apache-htcacheclean-2.2.3-1.2.20060mlcs4.i586.rpm\n eac03081a34897376d542b7032dd03c2 corporate/4.0/i586/apache-mod_authn_dbd-2.2.3-1.2.20060mlcs4.i586.rpm\n 2c223bb1645aadfba8e6d1d6a2c8756c corporate/4.0/i586/apache-mod_cache-2.2.3-1.2.20060mlcs4.i586.rpm\n e4c4c07473f9644fc146e2f4d9ce95c8 corporate/4.0/i586/apache-mod_dav-2.2.3-1.2.20060mlcs4.i586.rpm\n 13f85bc068b14e497873c6028520580a corporate/4.0/i586/apache-mod_dbd-2.2.3-1.2.20060mlcs4.i586.rpm\n aaa52a86e4a6d3e5322fa140edc5535a corporate/4.0/i586/apache-mod_deflate-2.2.3-1.2.20060mlcs4.i586.rpm\n 574e07826a89f78883f2cfb3ca224e8c corporate/4.0/i586/apache-mod_disk_cache-2.2.3-1.2.20060mlcs4.i586.rpm\n 451efb60480fd0680b6c4f955c46ccf4 corporate/4.0/i586/apache-mod_file_cache-2.2.3-1.2.20060mlcs4.i586.rpm\n 73fa350b85ea63a5b3f69d8d387474aa corporate/4.0/i586/apache-mod_ldap-2.2.3-1.2.20060mlcs4.i586.rpm\n d2364f995210cdbbe324df10d49bef98 corporate/4.0/i586/apache-mod_mem_cache-2.2.3-1.2.20060mlcs4.i586.rpm\n 145b17e675a42bed7b3a8c5ee883cf45 corporate/4.0/i586/apache-mod_proxy-2.2.3-1.2.20060mlcs4.i586.rpm\n 92b82835be476736295c15954f2a9eb6 corporate/4.0/i586/apache-mod_proxy_ajp-2.2.3-1.2.20060mlcs4.i586.rpm\n 0dd6c7df0e3ea475b6b2d50ef4aa5ac0 corporate/4.0/i586/apache-mod_ssl-2.2.3-1.2.20060mlcs4.i586.rpm\n d579208689ec9a72a599bf3510bdf942 corporate/4.0/i586/apache-mod_userdir-2.2.3-1.2.20060mlcs4.i586.rpm\n 6fd43dfcfc649c8bcd4692ba9ebeee07 corporate/4.0/i586/apache-modules-2.2.3-1.2.20060mlcs4.i586.rpm\n 9fbf1dde58f17e3f0f29a8c3f1e1b6b6 corporate/4.0/i586/apache-mpm-prefork-2.2.3-1.2.20060mlcs4.i586.rpm\n 72f26a52381b68a8bbc6e2fcc9c0ac8c corporate/4.0/i586/apache-mpm-worker-2.2.3-1.2.20060mlcs4.i586.rpm\n 99a935e7047a27043159b6555d3444c7 corporate/4.0/i586/apache-source-2.2.3-1.2.20060mlcs4.i586.rpm \n 07d86b59ebeb3596997f6c3a64242d45 corporate/4.0/SRPMS/apache-2.2.3-1.2.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n 35a789ac173ed3cc0dda52270a194bad corporate/4.0/x86_64/apache-base-2.2.3-1.2.20060mlcs4.x86_64.rpm\n e9df753a94dfb136780651ac743e50eb corporate/4.0/x86_64/apache-devel-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 3964c83541baaf5af0ccc828282a1954 corporate/4.0/x86_64/apache-htcacheclean-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 554ea610010d5f361bcc87d75d8d0f6f corporate/4.0/x86_64/apache-mod_authn_dbd-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 051c20e0f062d50a01c51ebad7dcb96d corporate/4.0/x86_64/apache-mod_cache-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 59a05bd258ba6b4729238885d2fc0273 corporate/4.0/x86_64/apache-mod_dav-2.2.3-1.2.20060mlcs4.x86_64.rpm\n ceb391b54796f3ea763b81c5085da16c corporate/4.0/x86_64/apache-mod_dbd-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 307726e1c4dfcca90093c19e3d17f504 corporate/4.0/x86_64/apache-mod_deflate-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 1500f6520843c6604192e4a621d5b9f1 corporate/4.0/x86_64/apache-mod_disk_cache-2.2.3-1.2.20060mlcs4.x86_64.rpm\n e0ac5eb68e21253d33928fa28f0acb25 corporate/4.0/x86_64/apache-mod_file_cache-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 21c68fdaf26b13ed2177bf458979df1e corporate/4.0/x86_64/apache-mod_ldap-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 28ef0171caf2d11cca8fe4f0bf2473db corporate/4.0/x86_64/apache-mod_mem_cache-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 019893e83acbfb730f79a8eb364ea042 corporate/4.0/x86_64/apache-mod_proxy-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 202b1fc0dd2d9364530abbbb13f799b0 corporate/4.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 5cd3084106482b3f01b41cd716c702b8 corporate/4.0/x86_64/apache-mod_ssl-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 6a18ec0935144ead6f037f41e852a892 corporate/4.0/x86_64/apache-mod_userdir-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 622bb60b53fb48aef1b5a7fc94be3298 corporate/4.0/x86_64/apache-modules-2.2.3-1.2.20060mlcs4.x86_64.rpm\n f573d1aef5f29f14f8764fce5ea31a1d corporate/4.0/x86_64/apache-mpm-prefork-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 842d5d6ef1c73fcb0b41b9ff18a75960 corporate/4.0/x86_64/apache-mpm-worker-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 1cae994b8a6fb2d2aa9a803d7bb3178d corporate/4.0/x86_64/apache-source-2.2.3-1.2.20060mlcs4.x86_64.rpm \n 07d86b59ebeb3596997f6c3a64242d45 corporate/4.0/SRPMS/apache-2.2.3-1.2.20060mlcs4.src.rpm\n\n Multi Network Firewall 2.0:\n 463f2a0de557bfcf7ae0655e5381b22f mnf/2.0/i586/apache2-2.0.48-6.16.M20mdk.i586.rpm\n 56117551a5480c85920263bcefb32c09 mnf/2.0/i586/apache2-common-2.0.48-6.16.M20mdk.i586.rpm\n c7496b0bb82f802cd8d17819ee1308bc mnf/2.0/i586/apache2-devel-2.0.48-6.16.M20mdk.i586.rpm\n 6be15ca61d9a7cc4cc4c7e4e55c4ffd1 mnf/2.0/i586/apache2-manual-2.0.48-6.16.M20mdk.i586.rpm\n 766a15298990769f14e5ad00745b9c7f mnf/2.0/i586/apache2-mod_cache-2.0.48-6.16.M20mdk.i586.rpm\n 21d7b83f3e1b80874c5c007c6659c470 mnf/2.0/i586/apache2-mod_dav-2.0.48-6.16.M20mdk.i586.rpm\n 417055a9758a47db50fcd7ec0a7d4047 mnf/2.0/i586/apache2-mod_deflate-2.0.48-6.16.M20mdk.i586.rpm\n 90d4aa462e8edf12c52216fa4eeac6a1 mnf/2.0/i586/apache2-mod_disk_cache-2.0.48-6.16.M20mdk.i586.rpm\n fbeb5bc02ada67198541cb4e1c2b1b27 mnf/2.0/i586/apache2-mod_file_cache-2.0.48-6.16.M20mdk.i586.rpm\n 0f2e617217d9f418182ca89bab9703f0 mnf/2.0/i586/apache2-mod_ldap-2.0.48-6.16.M20mdk.i586.rpm\n 50e9dc2b73be1f0f3a45ca7da1adbcbf mnf/2.0/i586/apache2-mod_mem_cache-2.0.48-6.16.M20mdk.i586.rpm\n 8352541a45d2c76ab840ca6f4b070ffb mnf/2.0/i586/apache2-mod_proxy-2.0.48-6.16.M20mdk.i586.rpm\n 5744f88c6e59f26418f1f3f531f30734 mnf/2.0/i586/apache2-mod_ssl-2.0.48-6.16.M20mdk.i586.rpm\n 874dc6a00a02630401f7efeadc93935e mnf/2.0/i586/apache2-modules-2.0.48-6.16.M20mdk.i586.rpm\n efbd0f5ac6f292474d29f83d36bf86eb mnf/2.0/i586/apache2-source-2.0.48-6.16.M20mdk.i586.rpm\n 15bd1fcd65bd487b6fd5bba0a8ec530d mnf/2.0/i586/libapr0-2.0.48-6.16.M20mdk.i586.rpm \n 0e6b7bac08407b02457479763d27e885 mnf/2.0/SRPMS/apache2-2.0.48-6.16.M20mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c01756421\nVersion: 1\n\nHPSBUX02431 SSRT090085 rev.1 - HP-UX Running Apache Web Server Suite, Remote Denial of Service (DoS), Execution of Arbitrary Code\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2009-06-29\nLast Updated: 2009-06-25\n\nPotential Security Impact: Remote Denial of Service (DoS), execution of arbitrary code\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP-UX running Apache-based Web Server or Tomcat-based Servelet Engine. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS), or execution of arbitrary code. \n\nReferences: CVE-2007-4465, CVE-2008-0005, CVE-2008-0599, CVE-2008-2168, CVE-2008-2371, CVE-2008-2665, CVE-2008-2666, CVE-2008-2829, CVE-2008-3659, CVE-2008-3660, CVE-2008-5498, CVE-2008-5557, CVE-2008-5624, CVE-2008-5625, CVE-2008-5658. \nHP-UX B.11.23 and B.11.31 running Apache-based Web Server v2.2.8.03 or v2.0.59.09 or earlier or Tomcat-based Servelet Engine v5.5.27.01 or earlier \nHP-UX B.11.11 running Apache-based Web Server v2.0.59.09 or earlier or Tomcat-based Servelet Engine v5.5.27.01 or earlier \n\nBACKGROUND\n\n===============================================\nReference Base Vector Base Score \nCVE-nnnn-nnnn (AV:x/AC:x/Au:x/C:x/I:x/A:x) x.x\n===============================================\nCVE-2007-4465 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 \nCVE-2008-0005 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 \nCVE-2008-0599 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 \nCVE-2008-2168 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 \nCVE-2008-2371 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 \nCVE-2008-2665 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 \nCVE-2008-2666 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 \nCVE-2008-2829 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 \nCVE-2008-3659 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4 \nCVE-2008-3660 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 \nCVE-2008-5498 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 \nCVE-2008-5557 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 \nCVE-2008-5624 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 \nCVE-2008-5625 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 \nCVE-2008-5658 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 \n===============================================\n\nInformation on CVSS is documented in HP Customer Notice: HPSN-2008-002. \n\nRESOLUTION\n\nHP has provided the following upgrades to resolve these vulnerabilities. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa \n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS \n\nFor Web Server v3.05 \nHP-UX B.11.23 \n================== \nhpuxws22APCH32.APACHE \nhpuxws22APCH32.APACHE2 \nhpuxws22APCH32.AUTH_LDAP \nhpuxws22APCH32.AUTH_LDAP2 \nhpuxws22APCH32.MOD_JK \nhpuxws22APCH32.MOD_JK2 \nhpuxws22APCH32.MOD_PERL \nhpuxws22APCH32.MOD_PERL2 \nhpuxws22APCH32.PHP \nhpuxws22APCH32.PHP2 \nhpuxws22APCH32.WEBPROXY \nhpuxws22APCH32.WEBPROXY2 \nhpuxws22TOMCAT.TOMCAT \naction: install revision B.2.2.8.04 or subsequent \nURL: http://software.hp.com \n\nHP-UX B.11.31 \n================== \nhpuxws22APACHE.APACHE \nhpuxws22APACHE.APACHE2 \nhpuxws22APACHE.AUTH_LDAP \nhpuxws22APACHE.AUTH_LDAP2 \nhpuxws22APACHE.MOD_JK \nhpuxws22APACHE.MOD_JK2 \nhpuxws22APACHE.MOD_PERL \nhpuxws22APACHE.MOD_PERL2 \nhpuxws22APACHE.PHP \nhpuxws22APACHE.PHP2 \nhpuxws22APACHE.WEBPROXY \nhpuxws22APACHE.WEBPROXY2 \nhpuxws22TOMCAT.TOMCAT \naction: install revision B.2.2.8.04 or subsequent \nURL: http://software.hp.com \n\nWeb Server v2.25 \nHP-UX B.11.11 \n================== \nhpuxwsAPACHE.APACHE \nhpuxwsAPACHE.APACHE2 \nhpuxwsAPACHE.AUTH_LDAP \nhpuxwsAPACHE.AUTH_LDAP2 \nhpuxwsAPACHE.MOD_JK \nhpuxwsAPACHE.MOD_JK2 \nhpuxwsAPACHE.MOD_PERL \nhpuxwsAPACHE.MOD_PERL2 \nhpuxwsAPACHE.PHP \nhpuxwsAPACHE.PHP2 \nhpuxwsAPACHE.WEBPROXY \nhpuxwsTOMCAT.TOMCAT \naction: install revision B.2.0.59.10 or subsequent \nURL: http://software.hp.com \n\nHP-UX B.11.23 \n================== \nhpuxwsAPCH32.APACHE \nhpuxwsAPCH32.APACHE2 \nhpuxwsAPCH32.AUTH_LDAP \nhpuxwsAPCH32.AUTH_LDAP2 \nhpuxwsAPCH32.MOD_JK \nhpuxwsAPCH32.MOD_JK2 \nhpuxwsAPCH32.MOD_PERL \nhpuxwsAPCH32.MOD_PERL2 \nhpuxwsAPCH32.PHP \nhpuxwsAPCH32.PHP2 \nhpuxwsAPCH32.WEBPROXY \nhpuxwsAPACHE.APACHE \nhpuxwsAPACHE.APACHE2 \nhpuxwsAPACHE.AUTH_LDAP \nhpuxwsAPACHE.AUTH_LDAP2 \nhpuxwsAPACHE.MOD_JK \nhpuxwsAPACHE.MOD_JK2 \nhpuxwsAPACHE.MOD_PERL \nhpuxwsAPACHE.MOD_PERL2 \nhpuxwsAPACHE.PHP \nhpuxwsAPACHE.PHP2 \nhpuxwsAPACHE .WEBPROXY \nhpuxwsTOMCAT.TOMCAT \naction: install revision B.2.0.59.10 or subsequent \nURL: http://software.hp.com \n\nHP-UX B.11.31 \n================== \nhpuxwsAPCH32.APACHE \nhpuxwsAPCH32.APACHE2 \nhpuxwsAPCH32.AUTH_LDAP \nhpuxwsAPCH32.AUTH_LDAP2 \nhpuxwsAPCH32.MOD_JK \nhpuxwsAPCH32.MOD_JK2 \nhpuxwsAPCH32.MOD_PERL \nhpuxwsAPCH32.MOD_PERL2 \nhpuxwsAPCH32.PHP \nhpuxwsAPCH32.PHP2 \nhpuxwsAPCH32.WEBPROXY \nhpuxwsAPACHE.APACHE \nhpuxwsAPACHE.APACHE2 \nhpuxwsAPACHE.AUTH_LDAP \nhpuxwsAPACHE.AUTH_LDAP2 \nhpuxwsAPACHE.MOD_JK \nhpuxwsAPACHE.MOD_JK2 \nhpuxwsAPACHE.MOD_PERL \nhpuxwsAPACHE.MOD_PERL2 \nhpuxwsAPACHE.PHP \nhpuxwsAPACHE.PHP2 \nhpuxwsAPACHE.WEBPROXY \nhpuxwsTOMCAT.TOMCAT \naction: install revision B.2.0.59.10 or subsequent \nURL: http://software.hp.com \n\nEND AFFECTED VERSIONS \n\nHISTORY \nVersion:1 (rev.1) 29 June 2009 Initial release \n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com \nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n To: security-alert@hp.com \n Subject: get key\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email: \nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC \nOn the web page: ITRC security bulletins and patch sign-up \nUnder Step1: your ITRC security bulletins and patches \n -check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems \n -verify your operating system selections are checked and save. \n\n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php \nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do \n\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: \n\nGN = HP General SW \nMA = HP Management Agents \nMI = Misc. 3rd Party SW \nMP = HP MPE/iX \nNS = HP NonStop Servers \nOV = HP OpenVMS \nPI = HP Printing \u0026 Imaging \nST = HP Storage SW \nTL = HP Trusted Linux \nTU = HP Tru64 UNIX \nUX = HP-UX \nVV = HP VirtualVault \n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2009 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n[Apache2 Undefined Charset UTF-7 XSS Vulnerability ]\n\nAuthor: SecurityReason\nMaksymilian Arciemowicz (cXIb8O3)\n\nDate:\n- - Written: 08.08.2007\n- - Public: 11.09.2007\n\nSecurityReason Research\nSecurityAlert Id: 46\n\nCVE: CVE-2007-4465\nSecurityRisk: Low \n\nAffected Software: Apache 2.x (mod_autoindex)\nAdvisory URL: http://securityreason.com/achievement_securityalert/46\nVendor: http://httpd.apache.org\n\n- --- 0.Description ---\n\nThe Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT. The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards. \n\nApache has been the most popular web server on the Internet since April 1996. The November 2005 Netcraft Web Server Survey found that more than 70% of the web sites on the Internet are using Apache, thus making it more widely used than all other web servers combined. \n\n- --- 1. Apache2 XSS Undefined Charset UTF-7 XSS Vulnerability ---\n\nThe XSS(UTF7) exist in mod_autoindex.c . Charset is not defined and we can provide XSS attack using \"P\" option available in apache 2.2.4 by setting Charset to UTF-7. \n\n\"P=pattern lists only files matching the given pattern\"\n\nMore : http://httpd.apache.org/docs/2.0/mod/mod_autoindex.html\n\n- -Source code from mod_autoindex.c--------------\n#if APR_HAS_UNICODE_FS\nap_set_content_type(r, \"text/html;charset=utf-8\");\n#else\nap_set_content_type(r, \"text/html\");\n#endif\n- -Source code from mod_autoindex.c--------------\n\n\nif APR_HAS_UNICODE_FS is set to 1 then we have defined charset and this is present on Windows systems . But on on unix , linux systems the charset is not definded. \n\n- --- EXAMPLE 1 ---\n# telnet localhost 80\nTrying 127.0.0.1... \nConnected to localhost. \nEscape character is \u0027^]\u0027\n\nGET /icons/ http/1.1\nHost: localhost\nContent-type: text/html\nKeep-Alive: 300\nConnection: keep-alive\n\n\nHTTP/1.1 200 OK\nDate: Thu, 09 Aug 2007 01:01:48 GMT\nServer: Apache/1.3.29 (Unix) PHP/5.1.6 with Suhosin-Patch mod_ssl/2.8.16 OpenSSL/0.9.7j\nKeep-Alive: timeout=15, max=100\nConnection: Keep-Alive\nTransfer-Encoding: chunked\nContent-Type: text/html\n\n\n\u003c!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3.2 Final//EN\"\u003e\n\u003cHTML\u003e\n\u003cHEAD\u003e\n\u003cTITLE\u003eIndex of /icons\u003c/TITLE\u003e\n\u003c/HEAD\u003e\n\u003cBODY\u003e\n\u003cH1\u003eIndex of /icons\u003c/H1\u003e\n... \n- --- EXAMPLE 1 ---\n\n- --- EXAMPLE 2 ---\n# telnet httpd.apache.org 80\nTrying 140.211.11.130... \nConnected to httpd.apache.org. \nEscape character is \u0027^]\u0027. \n\nGET /icons/ http/1.1\nHost: httpd.apache.org\nContent-type: text/html\nKeep-Alive: 300\nConnection: keep-alive\n\n\nHTTP/1.1 200 OK\nDate: Wed, 08 Aug 2007 23:06:26 GMT\nServer: Apache/2.3.0-dev (Unix)\nVary: Accept-Encoding\nKeep-Alive: timeout=5, max=100\nConnection: Keep-Alive\nTransfer-Encoding: chunked\nContent-Type: text/html\n\n\n\u003c!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3.2 Final//EN\"\u003e\n\u003chtml\u003e\n\u003chead\u003e\n\u003ctitle\u003eIndex of /icons\u003c/title\u003e\n\u003c/head\u003e\n\u003cbody\u003e\n\u003ch1\u003eIndex of /icons\u003c/h1\u003e\n... \n- --- EXAMPLE 2 ---\n\nAny request to folder /icons don\u0027t give charset in main header and in \u003chead\u003e\u003c/head\u003e section. In requests like 400 404 etc charset is defined (standard UTF8). \n\nFor example :\n\n- --- EXAMPLE 3 (400) ---\n# telnet 127.0.0.1 80\nTrying 127.0.0.1... \nConnected to 127.0.0.1. \nEscape character is \u0027^]\u0027. \nGET /%0 HTTP/1.1\nHost: localhost\n\nHTTP/1.1 400 Bad Request\nDate: Thu, 09 Aug 2007 13:13:32 GMT\nServer: Apache/1.3.29 (Unix) PHP/5.1.6 with Suhosin-Patch mod_ssl/2.8.16 OpenSSL/0.9.7j\nConnection: close\nTransfer-Encoding: chunked\nContent-Type: text/html; charset=iso-8859-1\n... \n- --- EXAMPLE 3 ---\n\n- --- EXAMPLE 4 (404) ---\n# telnet 127.0.0.1 80\nTrying 127.0.0.1... \nConnected to 127.0.0.1. \nEscape character is \u0027^]\u0027. \nGET /noex HTTP/1.1\nHost: localhost\n\nHTTP/1.1 404 Not Found\nDate: Thu, 09 Aug 2007 13:14:48 GMT\nServer: Apache/1.3.29 (Unix) PHP/5.1.6 with Suhosin-Patch mod_ssl/2.8.16 OpenSSL/0.9.7j\nTransfer-Encoding: chunked\nContent-Type: text/html; charset=iso-8859-1\n... \n- --- EXAMPLE 4 ---\n\nAny request from family 4xx is defined with charset. Because it is possible put the text to site (like wrong patch) in 404. Main idea was that, anybody can\u0027t put any text to this site with folder. And it was good idea, but in apache 2.x exist option \"P\". \nLike:\n\nhttp://localhost/icons/?P=[Filter]\n\nAny value gived to this variable is displayed in html text. For example :\n\nhttp://localhost/icons/?P=Hallo\n\n- --- HTML --------\n\u003cpre\u003e\u003cimg src=\"/icons/blank.gif\" alt=\"Icon \"\u003e \u003ca href=\"?C=N;O=D;P=Hallo\"\u003eName\u003c/a\u003e\n- -----------------\n\n- --- 2. Exploit ---\n\nSecurityReason is not going to release a exploit to the general public. \nExploit was provided and tested for Apache Team . \n\n- --- 3. How to fix ---\n\nUpdate to Apache 2.2.6\n\nhttp://www.apache.org/dist/httpd/CHANGES_2.2.6\n\n- ---\nmod_autoindex: Add in Type and Charset options to IndexOptions\ndirective. This allows the admin to explicitly set the \ncontent-type and charset of the generated page and is therefore\na viable workaround for buggy browsers affected by CVE-2007-4465\n(cve.mitre.org). [Jim Jagielski]\n- ---\n\n- --- 4. Greets ---\n\nFor: sp3x, Infospec, p_e_a\n\n- --- 5. Contact ---\n\nAuthor: SecurityReason [ Maksymilian Arciemowicz ( cXIb8O3 ) ]\nEmail: cxib [at] securityreason [dot] com\nGPG: http://securityreason.pl/key/Arciemowicz.Maksymilian.gpg\nhttp://securityreason.com\nhttp://securityreason.pl\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.6 (OpenBSD)\n\niD8DBQFG6F0A3Ke13X/fTO4RAg49AJ9ZYTCR02BWOxInIA0qybXBagnu4wCdFvlo\nMGWmxpeZzSTbVKnHIP5M+2o=\n=BrVf\n-----END PGP SIGNATURE-----\n", "sources": [ { "db": "NVD", "id": "CVE-2007-4465" }, { "db": "JVNDB", "id": "JVNDB-2007-001022" }, { "db": "BID", "id": "25653" }, { "db": "VULMON", "id": "CVE-2007-4465" }, { "db": "PACKETSTORM", "id": "63262" }, { "db": "PACKETSTORM", "id": "62719" }, { "db": "PACKETSTORM", "id": "61459" }, { "db": "PACKETSTORM", "id": "78873" }, { "db": "PACKETSTORM", "id": "59301" }, { "db": "PACKETSTORM", "id": "69466" }, { "db": "PACKETSTORM", "id": "82164" } ], "trust": 2.61 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2007-4465", "trust": 3.5 }, { "db": "BID", "id": "25653", "trust": 2.8 }, { "db": "USCERT", "id": "TA08-150A", "trust": 2.5 }, { "db": "SECTRACK", "id": "1019194", "trust": 2.5 }, { "db": "SECUNIA", "id": "33105", "trust": 1.7 }, { "db": "SECUNIA", "id": "28749", "trust": 1.7 }, { "db": "SECUNIA", "id": "35650", "trust": 1.7 }, { "db": "SECUNIA", "id": "28607", "trust": 1.7 }, { "db": "SECUNIA", "id": "27732", "trust": 1.7 }, { "db": "SECUNIA", "id": "31651", "trust": 1.7 }, { "db": "SECUNIA", "id": "26952", "trust": 1.7 }, { "db": "SECUNIA", "id": "30430", "trust": 1.7 }, { "db": "SECUNIA", "id": "28471", "trust": 1.7 }, { "db": "SECUNIA", "id": "26842", "trust": 1.7 }, { "db": "SECUNIA", "id": "27563", "trust": 1.7 }, { "db": "SECUNIA", "id": "28467", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2008-1697", "trust": 1.7 }, { "db": "SREASON", "id": "3113", "trust": 1.7 }, { "db": "XF", "id": "36586", "trust": 1.4 }, { "db": "USCERT", "id": "SA08-150A", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2007-001022", "trust": 0.8 }, { "db": "HP", "id": "SSRT080118", "trust": 0.6 }, { "db": "HP", "id": "SSRT090192", "trust": 0.6 }, { "db": "HP", "id": "SSRT090085", "trust": 0.6 }, { "db": "SUSE", "id": "SUSE-SA:2007:061", "trust": 0.6 }, { "db": "APPLE", "id": "APPLE-SA-2008-05-28", "trust": 0.6 }, { "db": "MANDRIVA", "id": "MDVSA-2008:014", "trust": 0.6 }, { "db": "REDHAT", "id": "RHSA-2008:0005", "trust": 0.6 }, { "db": "REDHAT", "id": "RHSA-2008:0004", "trust": 0.6 }, { "db": "REDHAT", "id": "RHSA-2008:0008", "trust": 0.6 }, { "db": "REDHAT", "id": "RHSA-2008:0006", "trust": 0.6 }, { "db": "REDHAT", "id": "RHSA-2007:0911", "trust": 0.6 }, { "db": "REDHAT", "id": "RHSA-2008:0261", "trust": 0.6 }, { "db": "GENTOO", "id": "GLSA-200711-06", "trust": 0.6 }, { "db": "FEDORA", "id": "FEDORA-2007-2214", "trust": 0.6 }, { "db": "FEDORA", "id": "FEDORA-2007-707", "trust": 0.6 }, { "db": "UBUNTU", "id": "USN-575-1", "trust": 0.6 }, { "db": "SREASONRES", "id": "20070912 APACHE2 UNDEFINED CHARSET UTF-7 XSS VULNERABILITY", "trust": 0.6 }, { "db": "XF", "id": "7", "trust": 0.6 }, { "db": "BUGTRAQ", "id": "20070912 APACHE2 UNDEFINED CHARSET UTF-7 XSS VULNERABILITY", "trust": 0.6 }, { "db": "OVAL", "id": "OVAL:ORG.MITRE.OVAL:DEF:6089", "trust": 0.6 }, { "db": "CERT/CC", "id": "TA08-150A", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-200709-166", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2007-4465", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "63262", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "62719", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "61459", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "78873", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "59301", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "69466", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "82164", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2007-4465" }, { "db": "BID", "id": "25653" }, { "db": "JVNDB", "id": "JVNDB-2007-001022" }, { "db": "PACKETSTORM", "id": "63262" }, { "db": "PACKETSTORM", "id": "62719" }, { "db": "PACKETSTORM", "id": "61459" }, { "db": "PACKETSTORM", "id": "78873" }, { "db": "PACKETSTORM", "id": "59301" }, { "db": "PACKETSTORM", "id": "69466" }, { "db": "PACKETSTORM", "id": "82164" }, { "db": "CNNVD", "id": "CNNVD-200709-166" }, { "db": "NVD", "id": "CVE-2007-4465" } ] }, "id": "VAR-200709-0495", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.16519225 }, "last_update_date": "2024-11-27T19:50:23.753000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Security Update 2008-003", "trust": 0.8, "url": "http://support.apple.com/kb/HT1897" }, { "title": "httpd-2.2.3-11.3.1AX", "trust": 0.8, "url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=94" }, { "title": "CHANGES_2.0.61", "trust": 0.8, "url": "http://www.apache.org/dist/httpd/CHANGES_2.0.61" }, { "title": "CHANGES_2.2.6", "trust": 0.8, "url": "http://www.apache.org/dist/httpd/CHANGES_2.2.6" }, { "title": "interstage-200807e", "trust": 0.8, "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html" }, { "title": "HS07-041", "trust": 0.8, "url": "http://www.hitachi-support.com/security_e/vuls_e/HS07-041_e/index-e.html" }, { "title": "HPSBUX02465", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01905287" }, { "title": "HPSBUX02365", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01539432" }, { "title": "HPSBUX02431", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01756421" }, { "title": "1205", "trust": 0.8, "url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=1205" }, { "title": "1224", "trust": 0.8, "url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=1224" }, { "title": "1221", "trust": 0.8, "url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=1221" }, { "title": "RHSA-2008:0005", "trust": 0.8, "url": "https://rhn.redhat.com/errata/RHSA-2008-0005.html" }, { "title": "RHSA-2008:0006", "trust": 0.8, "url": "https://rhn.redhat.com/errata/RHSA-2008-0006.html" }, { "title": "RHSA-2008:0008", "trust": 0.8, "url": "https://rhn.redhat.com/errata/RHSA-2008-0008.html" }, { "title": "RHSA-2008:0004", "trust": 0.8, "url": "https://rhn.redhat.com/errata/RHSA-2008-0004.html" }, { "title": "TLSA-2008-5", "trust": 0.8, "url": "http://www.turbolinux.com/security/2008/TLSA-2008-5.txt" }, { "title": "Debian CVElist Bug Report Logs: apache2: CVE-2007-4465", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=8a7503dd359ab44b424a9918eb8a6f66" }, { "title": "Ubuntu Security Notice: apache2 vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-575-1" }, { "title": "", "trust": 0.1, "url": "https://github.com/SecureAxom/strike " } ], "sources": [ { "db": "VULMON", "id": "CVE-2007-4465" }, { "db": "JVNDB", "id": "JVNDB-2007-001022" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-79", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2007-001022" }, { "db": "NVD", "id": "CVE-2007-4465" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.6, "url": "http://www.securityfocus.com/bid/25653" }, { "trust": 2.5, "url": "http://www.us-cert.gov/cas/techalerts/ta08-150a.html" }, { "trust": 2.3, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01539432" }, { "trust": 2.3, "url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2" }, { "trust": 2.3, "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2" }, { "trust": 2.1, "url": "http://www.apache.org/dist/httpd/changes_2.2.6" }, { "trust": 2.0, "url": "http://support.avaya.com/elmodocs2/security/asa-2008-032.htm" }, { "trust": 2.0, "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html" }, { "trust": 1.8, "url": "http://securityreason.com/achievement_securityalert/46" }, { "trust": 1.7, "url": "http://securityreason.com/securityalert/3113" }, { "trust": 1.7, "url": "http://bugs.gentoo.org/show_bug.cgi?id=186219" }, { "trust": 1.7, "url": "http://www.redhat.com/archives/fedora-package-announce/2007-september/msg00320.html" }, { "trust": 1.7, "url": "https://www.redhat.com/archives/fedora-package-announce/2007-september/msg00353.html" }, { "trust": 1.7, "url": "http://security.gentoo.org/glsa/glsa-200711-06.xml" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2007-0911.html" }, { "trust": 1.7, "url": "http://www.novell.com/linux/security/advisories/2007_61_apache2.html" }, { "trust": 1.7, "url": "http://secunia.com/advisories/26842" }, { "trust": 1.7, "url": "http://secunia.com/advisories/26952" }, { "trust": 1.7, "url": "http://secunia.com/advisories/27563" }, { "trust": 1.7, "url": "http://secunia.com/advisories/27732" }, { "trust": 1.7, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2008:014" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2008-0004.html" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2008-0005.html" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2008-0006.html" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2008-0008.html" }, { "trust": 1.7, "url": "http://securitytracker.com/id?1019194" }, { "trust": 1.7, "url": "http://secunia.com/advisories/28467" }, { "trust": 1.7, "url": "http://secunia.com/advisories/28471" }, { "trust": 1.7, "url": "http://secunia.com/advisories/28607" }, { "trust": 1.7, "url": "http://www.ubuntu.com/usn/usn-575-1" }, { "trust": 1.7, "url": "http://secunia.com/advisories/28749" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2008-0261.html" }, { "trust": 1.7, "url": "http://lists.apple.com/archives/security-announce/2008//may/msg00001.html" }, { "trust": 1.7, "url": "http://secunia.com/advisories/30430" }, { "trust": 1.7, "url": "http://secunia.com/advisories/31651" }, { "trust": 1.7, "url": "http://secunia.com/advisories/33105" }, { "trust": 1.7, "url": "http://secunia.com/advisories/35650" }, { "trust": 1.4, "url": "http://xforce.iss.net/xforce/xfdb/36586" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2008/1697" }, { "trust": 1.1, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36586" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a6089" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10929" }, { "trust": 1.1, "url": "http://www.securityfocus.com/archive/1/479237/100/0/threaded" }, { "trust": 1.0, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4465" }, { "trust": 0.8, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-4465" }, { "trust": 0.8, "url": "http://www.securitytracker.com/id?1019194" }, { "trust": 0.8, "url": "http://www.us-cert.gov/cas/alerts/sa08-150a.html" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-4465" }, { "trust": 0.6, "url": "http://www.securityfocus.com/archive/1/archive/1/479237/100/0/threaded" }, { "trust": 0.6, "url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:6089" }, { "trust": 0.6, "url": "http://www.frsirt.com/english/advisories/2008/1697" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0005" }, { "trust": 0.3, "url": "http://httpd.apache.org/" }, { "trust": 0.3, "url": "/archive/1/479237" }, { "trust": 0.3, "url": "http://support.avaya.com/elmodocs2/security/asa-2008-026.htm" }, { "trust": 0.3, "url": "http://support.avaya.com/elmodocs2/security/asa-2008-031.htm" }, { "trust": 0.3, "url": "http://alerts.hp.com/r?2.1.3kt.2zr.xg7ek.ctm6em..t.epps.1zqm.kdcefl00" }, { "trust": 0.3, "url": "https://rhn.redhat.com/errata/rhsa-2007-0911.html" }, { "trust": 0.3, "url": "http://rhn.redhat.com/errata/rhsa-2008-0004.html" }, { "trust": 0.3, "url": "http://rhn.redhat.com/errata/rhsa-2008-0005.html" }, { "trust": 0.3, "url": "http://rhn.redhat.com/errata/rhsa-2008-0006.html" }, { "trust": 0.3, "url": "http://rhn.redhat.com/errata/rhsa-2008-0008.html" }, { "trust": 0.3, "url": "http://rhn.redhat.com/errata/rhsa-2008-0261.html" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-2168" }, { "trust": 0.3, "url": "http://h30046.www3.hp.com/subsignin.php" }, { "trust": 0.3, "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do" }, { "trust": 0.3, "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc" }, { "trust": 0.3, "url": "https://www.hp.com/go/swa" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6388" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3918" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-3847" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5000" }, { "trust": 0.2, "url": "http://www.mandriva.com/security/" }, { "trust": 0.2, "url": "http://www.mandriva.com/security/advisories" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-2371" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-3660" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-5498" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0599" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-2829" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-2665" }, { "trust": 0.2, "url": "http://software.hp.com" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-5557" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-5624" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-3659" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-2666" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-2364" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/79.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453783" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/575-1/" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.4-3ubuntu0.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2.dsc" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3.orig.tar.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.4-3ubuntu0.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.3-3.2ubuntu2.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4.orig.tar.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3.dsc" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.4-3ubuntu0.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.3-3.2ubuntu2.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu4.2_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.3-3.2ubuntu2.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1.dsc" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_i386.deb" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6422" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1.diff.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2.diff.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_i386.deb" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6421" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1.dsc" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3.diff.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.3_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1.diff.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_powerpc.deb" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6388" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5000" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0005" }, { "trust": 0.1, "url": "http://secunia.com/" }, { "trust": 0.1, "url": "http://lists.grok.org.uk/full-disclosure-charter.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3847" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-5658" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-5625" }, { "trust": 0.1, "url": "http://securityreason.pl/key/arciemowicz.maksymilian.gpg" }, { "trust": 0.1, "url": "http://localhost/icons/?p=hallo" }, { "trust": 0.1, "url": "http://localhost/icons/?p=[filter]" }, { "trust": 0.1, "url": "http://securityreason.com" }, { "trust": 0.1, "url": "http://httpd.apache.org" }, { "trust": 0.1, "url": "http://securityreason.pl" }, { "trust": 0.1, "url": "http://httpd.apache.org/docs/2.0/mod/mod_autoindex.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-2939" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6203" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-3658" } ], "sources": [ { "db": "VULMON", "id": "CVE-2007-4465" }, { "db": "BID", "id": "25653" }, { "db": "JVNDB", "id": "JVNDB-2007-001022" }, { "db": "PACKETSTORM", "id": "63262" }, { "db": "PACKETSTORM", "id": "62719" }, { "db": "PACKETSTORM", "id": "61459" }, { "db": "PACKETSTORM", "id": "78873" }, { "db": "PACKETSTORM", "id": "59301" }, { "db": "PACKETSTORM", "id": "69466" }, { "db": "PACKETSTORM", "id": "82164" }, { "db": "CNNVD", "id": "CNNVD-200709-166" }, { "db": "NVD", "id": "CVE-2007-4465" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2007-4465" }, { "db": "BID", "id": "25653" }, { "db": "JVNDB", "id": "JVNDB-2007-001022" }, { "db": "PACKETSTORM", "id": "63262" }, { "db": "PACKETSTORM", "id": "62719" }, { "db": "PACKETSTORM", "id": "61459" }, { "db": "PACKETSTORM", "id": "78873" }, { "db": "PACKETSTORM", "id": "59301" }, { "db": "PACKETSTORM", "id": "69466" }, { "db": "PACKETSTORM", "id": "82164" }, { "db": "CNNVD", "id": "CNNVD-200709-166" }, { "db": "NVD", "id": "CVE-2007-4465" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2007-09-14T00:00:00", "db": "VULMON", "id": "CVE-2007-4465" }, { "date": "2007-09-12T00:00:00", "db": "BID", "id": "25653" }, { "date": "2008-05-21T00:00:00", "db": "JVNDB", "id": "JVNDB-2007-001022" }, { "date": "2008-02-05T00:41:56", "db": "PACKETSTORM", "id": "63262" }, { "date": "2008-01-17T05:56:17", "db": "PACKETSTORM", "id": "62719" }, { "date": "2007-12-04T05:30:30", "db": "PACKETSTORM", "id": "61459" }, { "date": "2009-07-02T18:53:57", "db": "PACKETSTORM", "id": "78873" }, { "date": "2007-09-13T23:41:20", "db": "PACKETSTORM", "id": "59301" }, { "date": "2008-08-29T05:14:23", "db": "PACKETSTORM", "id": "69466" }, { "date": "2009-10-23T18:14:28", "db": "PACKETSTORM", "id": "82164" }, { "date": "2007-09-13T00:00:00", "db": "CNNVD", "id": "CNNVD-200709-166" }, { "date": "2007-09-14T00:17:00", "db": "NVD", "id": "CVE-2007-4465" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-10-30T00:00:00", "db": "VULMON", "id": "CVE-2007-4465" }, { "date": "2010-08-05T21:45:00", "db": "BID", "id": "25653" }, { "date": "2009-11-16T00:00:00", "db": "JVNDB", "id": "JVNDB-2007-001022" }, { "date": "2009-07-15T00:00:00", "db": "CNNVD", "id": "CNNVD-200709-166" }, { "date": "2024-11-21T00:35:40.043000", "db": "NVD", "id": "CVE-2007-4465" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "61459" }, { "db": "CNNVD", "id": "CNNVD-200709-166" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache UTF-7 Encoding Cross-Site Scripting Vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2007-001022" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "xss", "sources": [ { "db": "PACKETSTORM", "id": "63262" }, { "db": "PACKETSTORM", "id": "62719" }, { "db": "PACKETSTORM", "id": "59301" }, { "db": "PACKETSTORM", "id": "69466" }, { "db": "PACKETSTORM", "id": "82164" }, { "db": "CNNVD", "id": "CNNVD-200709-166" } ], "trust": 1.1 } }
var-201108-0132
Vulnerability from variot
The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086. Both the 'Range' header and the 'Range-Request' header are vulnerable. The attack tool causes a significant increase in CPU and memory usage on the server. Apache HTTPD The server has a service disruption (DoS) Vulnerabilities exist. Apache HTTPD The server Range Header and Request-Range There is a problem with header processing, and service operation is interrupted. (DoS) Vulnerabilities exist. Attacks using this vulnerability have been observed. Also, "Apache Killer" The attack tool called is released. Apache The advisory states that: "Background and the 2007 report There are two aspects to this vulnerability. One is new, is Apache specific; and resolved with this server side fix. The other issue is fundamentally a protocol design issue dating back to 2007: http://seclists.org/bugtraq/2007/Jan/83 The contemporary interpretation of the HTTP protocol (currently) requires a server to return multiple (overlapping) ranges; in the order requested. This means that one can request a very large range (e.g. from byte 0- to the end) 100's of times in a single request. Being able to do so is an issue for (probably all) webservers and currently subject of an IETF discussion to change the protocol: http://trac.tools.ietf.org/wg/httpbis/trac/ticket/311 This advisory details a problem with how Apache httpd and its so called internal 'bucket brigades' deal with serving such "valid" request. The problem is that currently such requests internally explode into 100's of large fetches, all of which are kept in memory in an inefficient way. This is being addressed in two ways. By making things more efficient. And by weeding out or simplifying requests deemed too unwieldy."Service disruption by a remote third party (DoS) There is a possibility of being attacked. ----------------------------------------------------------------------
The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242
TITLE: Hitachi Web Server ByteRange Filter Denial of Service Vulnerability
SECUNIA ADVISORY ID: SA45865
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45865/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45865
RELEASE DATE: 2011-09-05
DISCUSS ADVISORY: http://secunia.com/advisories/45865/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/45865/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=45865
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Hitachi has acknowledged a vulnerability in Hitachi Web Server, which can be exploited by malicious people to cause a DoS (Denial of Service).
ORIGINAL ADVISORY: Hitachi (Japanese): http://www.hitachi.co.jp/Prod/comp/soft1/security/info/./vuls/HS11-019/index.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. Summary:
Updated httpd packages that fix one security issue are now available for Red Hat Enterprise Linux 5.3 Long Life, 5.6 Extended Update Support, and 6.0 Extended Update Support.
The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux (v. 5.3.LL server) - i386, ia64, x86_64 Red Hat Enterprise Linux Server (v. 6.0.z) - i386, noarch, ppc64, s390x, x86_64
- (CVE-2011-3192)
All httpd users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
- Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259
- Bugs fixed (http://bugzilla.redhat.com/):
732928 - CVE-2011-3192 httpd: multiple ranges DoS
- Package List:
Red Hat Enterprise Linux (v. 5.3.LL server):
Source: httpd-2.2.3-22.el5_3.3.src.rpm
i386: httpd-2.2.3-22.el5_3.3.i386.rpm httpd-debuginfo-2.2.3-22.el5_3.3.i386.rpm httpd-devel-2.2.3-22.el5_3.3.i386.rpm httpd-manual-2.2.3-22.el5_3.3.i386.rpm mod_ssl-2.2.3-22.el5_3.3.i386.rpm
ia64: httpd-2.2.3-22.el5_3.3.ia64.rpm httpd-debuginfo-2.2.3-22.el5_3.3.ia64.rpm httpd-devel-2.2.3-22.el5_3.3.ia64.rpm httpd-manual-2.2.3-22.el5_3.3.ia64.rpm mod_ssl-2.2.3-22.el5_3.3.ia64.rpm
x86_64: httpd-2.2.3-22.el5_3.3.x86_64.rpm httpd-debuginfo-2.2.3-22.el5_3.3.i386.rpm httpd-debuginfo-2.2.3-22.el5_3.3.x86_64.rpm httpd-devel-2.2.3-22.el5_3.3.i386.rpm httpd-devel-2.2.3-22.el5_3.3.x86_64.rpm httpd-manual-2.2.3-22.el5_3.3.x86_64.rpm mod_ssl-2.2.3-22.el5_3.3.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
Source: httpd-2.2.3-45.el5_6.2.src.rpm
i386: httpd-2.2.3-45.el5_6.2.i386.rpm httpd-debuginfo-2.2.3-45.el5_6.2.i386.rpm httpd-devel-2.2.3-45.el5_6.2.i386.rpm httpd-manual-2.2.3-45.el5_6.2.i386.rpm mod_ssl-2.2.3-45.el5_6.2.i386.rpm
ia64: httpd-2.2.3-45.el5_6.2.ia64.rpm httpd-debuginfo-2.2.3-45.el5_6.2.ia64.rpm httpd-devel-2.2.3-45.el5_6.2.ia64.rpm httpd-manual-2.2.3-45.el5_6.2.ia64.rpm mod_ssl-2.2.3-45.el5_6.2.ia64.rpm
ppc: httpd-2.2.3-45.el5_6.2.ppc.rpm httpd-debuginfo-2.2.3-45.el5_6.2.ppc.rpm httpd-debuginfo-2.2.3-45.el5_6.2.ppc64.rpm httpd-devel-2.2.3-45.el5_6.2.ppc.rpm httpd-devel-2.2.3-45.el5_6.2.ppc64.rpm httpd-manual-2.2.3-45.el5_6.2.ppc.rpm mod_ssl-2.2.3-45.el5_6.2.ppc.rpm
s390x: httpd-2.2.3-45.el5_6.2.s390x.rpm httpd-debuginfo-2.2.3-45.el5_6.2.s390.rpm httpd-debuginfo-2.2.3-45.el5_6.2.s390x.rpm httpd-devel-2.2.3-45.el5_6.2.s390.rpm httpd-devel-2.2.3-45.el5_6.2.s390x.rpm httpd-manual-2.2.3-45.el5_6.2.s390x.rpm mod_ssl-2.2.3-45.el5_6.2.s390x.rpm
x86_64: httpd-2.2.3-45.el5_6.2.x86_64.rpm httpd-debuginfo-2.2.3-45.el5_6.2.i386.rpm httpd-debuginfo-2.2.3-45.el5_6.2.x86_64.rpm httpd-devel-2.2.3-45.el5_6.2.i386.rpm httpd-devel-2.2.3-45.el5_6.2.x86_64.rpm httpd-manual-2.2.3-45.el5_6.2.x86_64.rpm mod_ssl-2.2.3-45.el5_6.2.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6.0.z):
Source: httpd-2.2.15-5.el6_0.1.src.rpm
i386: httpd-2.2.15-5.el6_0.1.i686.rpm httpd-debuginfo-2.2.15-5.el6_0.1.i686.rpm httpd-devel-2.2.15-5.el6_0.1.i686.rpm httpd-tools-2.2.15-5.el6_0.1.i686.rpm mod_ssl-2.2.15-5.el6_0.1.i686.rpm
noarch: httpd-manual-2.2.15-5.el6_0.1.noarch.rpm
ppc64: httpd-2.2.15-5.el6_0.1.ppc64.rpm httpd-debuginfo-2.2.15-5.el6_0.1.ppc.rpm httpd-debuginfo-2.2.15-5.el6_0.1.ppc64.rpm httpd-devel-2.2.15-5.el6_0.1.ppc.rpm httpd-devel-2.2.15-5.el6_0.1.ppc64.rpm httpd-tools-2.2.15-5.el6_0.1.ppc64.rpm mod_ssl-2.2.15-5.el6_0.1.ppc64.rpm
s390x: httpd-2.2.15-5.el6_0.1.s390x.rpm httpd-debuginfo-2.2.15-5.el6_0.1.s390.rpm httpd-debuginfo-2.2.15-5.el6_0.1.s390x.rpm httpd-devel-2.2.15-5.el6_0.1.s390.rpm httpd-devel-2.2.15-5.el6_0.1.s390x.rpm httpd-tools-2.2.15-5.el6_0.1.s390x.rpm mod_ssl-2.2.15-5.el6_0.1.s390x.rpm
x86_64: httpd-2.2.15-5.el6_0.1.x86_64.rpm httpd-debuginfo-2.2.15-5.el6_0.1.i686.rpm httpd-debuginfo-2.2.15-5.el6_0.1.x86_64.rpm httpd-devel-2.2.15-5.el6_0.1.i686.rpm httpd-devel-2.2.15-5.el6_0.1.x86_64.rpm httpd-tools-2.2.15-5.el6_0.1.x86_64.rpm mod_ssl-2.2.15-5.el6_0.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2011-3192.html https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2011 Red Hat, Inc. This update fixes this bug. This issue only affects the Debian 5.0 oldstable/lenny distribution.
The regression has been fixed in the following packages:
For the oldstable distribution (lenny), this problem has been fixed in version 2.2.9-10+lenny11.
For the stable distribution (squeeze), this problem has been fixed in version 2.2.16-6+squeeze3.
For the testing distribution (wheezy), this problem will be fixed in version 2.2.20-1.
For the unstable distribution (sid), this problem has been fixed in version 2.2.20-1.
We recommend that you upgrade your apache2 packages. The new version number for the oldstable distribution is 2.2.6-02-1+lenny6. In the stable distribution, apache2-mpm-itk has the same version number as apache2. HP Secure Web Server (SWS) for OpenVMS V2.2 and earlier. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02997184 Version: 2
HPSBUX02702 SSRT100606 rev.2 - HP-UX Apache Web Server, Remote Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2011-09-08 Last Updated: 2011-09-08
Potential Security Impact: Remote Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX Apache Web Server.
References: CVE-2011-3192, CVE-2011-0419
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.23, B.11.31 running HP-UX Apache Web Server Suite v3.17 containing Apache v2.2.15.07 or earlier HP-UX B.11.11 running HP-UX Apache Web Server Suite v2.33 containing Apache v2.0.64.01 or earlier
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2011-3192 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2011-0419 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
This bulletin will be revised when additional information becomes available.
HP has provided the following software update to resolve these vulnerabilities.
The update is available for download from the following location ftp://srt10606:P2xg=AD5@ftp.usa.hp.com or https://ftp.usa.hp.com/hprc/home with username srt10606 and password P2xg=AD5
HP-UX Web Server Suite (WSS) v.3.18 containing Apache v2.2.15.08 HP-UX 11i Release / Apache Depot name
B.11.23 (32-bit) / Apache-CVE-2011-3192-Fix-IA-PA-32.depot B.11.23 (64-bit) / Apache-CVE-2011-3192-Fix-IA-PA-64.depot
B.11.31 (32-bit) / Apache-CVE-2011-3192-Fix-IA-PA-32.depot B.11.31 (64-bit) / Apache-CVE-2011-3192-Fix-IA-PA-64.depot
HP-UX Web Server Suite (WSS) v.2.33 containing Apache v2.0.64.01 and earlier HP-UX 11i Release / Apache Depot name
B.11.11 / Use work around suggested below B.11.23 (32 & 64-bit) / No longer supported. Upgrade to WSS v 3.18 B.11.31 (32 & 64-bit) / No longer supported. Upgrade to WSS v 3.18
Alternatives to Installing the Preliminary Patch The Apache Software Foundation has documented work arounds. For customers not wanting to install the preliminary patch, the following are recommended. Note: that no patch is available for Apache 2.0.64.01.
2) Limit the size of the request field to a few hundred bytes.
3) Use mod_headers to completely disallow the use of Range headers.
Please refer to the Apache advisory for details. http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3c20110826103531.998348F82@minotaur.apache.org%3e
MANUAL ACTIONS: Yes - Update Install HP-UX Web Server Suite v3.18 or subsequent.
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check.
It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX Web Server Suite v3.18 HP-UX B.11.23 HP-UX B.11.31 ================== hpuxws22APCH32.APACHE hpuxws22APCH32.APACHE2 hpuxws22APCH32.AUTH_LDAP hpuxws22APCH32.AUTH_LDAP2 hpuxws22APCH32.MOD_JK hpuxws22APCH32.MOD_JK2 hpuxws22APCH32.MOD_PERL hpuxws22APCH32.MOD_PERL2 hpuxws22APCH32.PHP hpuxws22APCH32.PHP2 hpuxws22APCH32.WEBPROXY hpuxws22APCH32.WEBPROXY2 hpuxws22APACHE.APACHE hpuxws22APACHE.APACHE2 hpuxws22APACHE.AUTH_LDAP hpuxws22APACHE.AUTH_LDAP2 hpuxws22APACHE.MOD_JK hpuxws22APACHE.MOD_JK2 hpuxws22APACHE.MOD_PERL hpuxws22APACHE.MOD_PERL2 hpuxws22APACHE.PHP hpuxws22APACHE.PHP2 hpuxws22APACHE.WEBPROXY hpuxws22APACHE.WEBPROXY2 action: install revision B.2.2.15.08 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) - 8 September 2011 Initial release Version:2 (rev.2) - 8 September 2011 Updated affectivity, recommendations, typos
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2011 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk5pPZoACgkQ4B86/C0qfVn5nwCg/w2MOkbP7d5Xp4fAyX4zAOdp aWQAoJoKZs8qDHYIVa41KgH1ANkNQI3C =MTc6 -----END PGP SIGNATURE----- . Enjoy!
- apache has been upgraded to the latest version (2.2.21) for 2011
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192
Updated Packages:
Mandriva Linux 2011: 5c4825e4c63b4a06c68a5fd81517de71 2011/i586/apache-base-2.2.21-0.1-mdv2011.0.i586.rpm b5a00191b27804f9735643cdcd704b19 2011/i586/apache-conf-2.2.21-0.1-mdv2011.0.i586.rpm 49defd7efbb4a37ec49c01c7ef9c64aa 2011/i586/apache-devel-2.2.21-0.1-mdv2011.0.i586.rpm a023e40689777630df036eae1a84a475 2011/i586/apache-doc-2.2.21-0.1-mdv2011.0.noarch.rpm f03744bb74a3e0872cb08465799c3ee1 2011/i586/apache-htcacheclean-2.2.21-0.1-mdv2011.0.i586.rpm bb9efa66089deef66f9434b813d41a95 2011/i586/apache-mod_authn_dbd-2.2.21-0.1-mdv2011.0.i586.rpm bb334eb7fe43927ba7c6c9196b4e1fd1 2011/i586/apache-mod_cache-2.2.21-0.1-mdv2011.0.i586.rpm 086b5ed82c064b16964fff70bf9c841e 2011/i586/apache-mod_dav-2.2.21-0.1-mdv2011.0.i586.rpm 115008b2471e10ea01689dafe5c46bcd 2011/i586/apache-mod_dbd-2.2.21-0.1-mdv2011.0.i586.rpm 6b686ec6612ff8740d1e482faa06c544 2011/i586/apache-mod_deflate-2.2.21-0.1-mdv2011.0.i586.rpm 8c8f14074bc0dbbeb2b3890611f95c6b 2011/i586/apache-mod_disk_cache-2.2.21-0.1-mdv2011.0.i586.rpm b03569edc20c9393e0b5eea09f590368 2011/i586/apache-mod_file_cache-2.2.21-0.1-mdv2011.0.i586.rpm 343703d3822a6757e000edeebe7e0a06 2011/i586/apache-mod_ldap-2.2.21-0.1-mdv2011.0.i586.rpm 3457011403525d40e525716c4da8e477 2011/i586/apache-mod_mem_cache-2.2.21-0.1-mdv2011.0.i586.rpm 3d060145b3665ca4c0b309f812af9370 2011/i586/apache-mod_proxy-2.2.21-0.1-mdv2011.0.i586.rpm a0e00b0610eb5a8c5c57afabeafc07f8 2011/i586/apache-mod_proxy_ajp-2.2.21-0.1-mdv2011.0.i586.rpm dd4bb38bbc2997ca398fb37225eca371 2011/i586/apache-mod_proxy_scgi-2.2.21-0.1-mdv2011.0.i586.rpm 2966cdfddf02fa32447711af6a3046dd 2011/i586/apache-mod_reqtimeout-2.2.21-0.1-mdv2011.0.i586.rpm 48774d9c282dc476f35a0c8b2e821a7f 2011/i586/apache-mod_ssl-2.2.21-0.1-mdv2011.0.i586.rpm 7b832f85bd258abf0c7abb161f4028b4 2011/i586/apache-mod_suexec-2.2.21-0.1-mdv2011.0.i586.rpm 1c6b93eaa5b27477989bf82ea9a63685 2011/i586/apache-modules-2.2.21-0.1-mdv2011.0.i586.rpm 1e7dc0ee3fafae8a786be0cc164ebe4a 2011/i586/apache-mod_userdir-2.2.21-0.1-mdv2011.0.i586.rpm ab2d074f2dfe57a64b022d4e6b8254ab 2011/i586/apache-mpm-event-2.2.21-0.1-mdv2011.0.i586.rpm a22debf09366b64e236965a4091009e9 2011/i586/apache-mpm-itk-2.2.21-0.1-mdv2011.0.i586.rpm 174aed4327491b83f147f3b4e76bcd1f 2011/i586/apache-mpm-peruser-2.2.21-0.1-mdv2011.0.i586.rpm e141881c27496e7e74ad7f3f566a1bd2 2011/i586/apache-mpm-prefork-2.2.21-0.1-mdv2011.0.i586.rpm 97893069a3d6eb73e3773bc0ee78c9a4 2011/i586/apache-mpm-worker-2.2.21-0.1-mdv2011.0.i586.rpm fe530e2da15b3e0bf14c617824ff82c9 2011/i586/apache-source-2.2.21-0.1-mdv2011.0.i586.rpm 4376094cd799523a1a7666f4e768707d 2011/SRPMS/apache-2.2.21-0.1.src.rpm b37e2a1dafb6883a10cefb4140e9635e 2011/SRPMS/apache-conf-2.2.21-0.1.src.rpm d83c587ad4d56a31362f67334bbf9455 2011/SRPMS/apache-doc-2.2.21-0.1.src.rpm 0b4a145fd5ff8c11a53956f750cdbd42 2011/SRPMS/apache-mod_suexec-2.2.21-0.1.src.rpm
Mandriva Linux 2011/X86_64: 8837c56966896e10d3403956e7cf86ac 2011/x86_64/apache-base-2.2.21-0.1-mdv2011.0.x86_64.rpm aec6da25319585e53623471734f99c57 2011/x86_64/apache-conf-2.2.21-0.1-mdv2011.0.x86_64.rpm e8600455214ad4f2303d9f36576e4952 2011/x86_64/apache-devel-2.2.21-0.1-mdv2011.0.x86_64.rpm 90694f3211fca3d436ec4130b8bb43e2 2011/x86_64/apache-doc-2.2.21-0.1-mdv2011.0.noarch.rpm fd3f6a51c8abf8b1ff8356489ba6d6e1 2011/x86_64/apache-htcacheclean-2.2.21-0.1-mdv2011.0.x86_64.rpm 796c8129bbc160455587bc54c58c2220 2011/x86_64/apache-mod_authn_dbd-2.2.21-0.1-mdv2011.0.x86_64.rpm 61add54b6e0c8306dff065a150b262e2 2011/x86_64/apache-mod_cache-2.2.21-0.1-mdv2011.0.x86_64.rpm cb98169c29008c256662f3a08141bf95 2011/x86_64/apache-mod_dav-2.2.21-0.1-mdv2011.0.x86_64.rpm 5aa03ee54a7e40d41fd746fd1a223c72 2011/x86_64/apache-mod_dbd-2.2.21-0.1-mdv2011.0.x86_64.rpm 386a956f014fe2d64dfe38fc261abd39 2011/x86_64/apache-mod_deflate-2.2.21-0.1-mdv2011.0.x86_64.rpm 5a473bc45fa59323c4d526dd4f5a30d3 2011/x86_64/apache-mod_disk_cache-2.2.21-0.1-mdv2011.0.x86_64.rpm aaa544f7a4912c161a2c73e222ae87d6 2011/x86_64/apache-mod_file_cache-2.2.21-0.1-mdv2011.0.x86_64.rpm f04054edc62a24ea9042c5b41074bd1d 2011/x86_64/apache-mod_ldap-2.2.21-0.1-mdv2011.0.x86_64.rpm 1c97f63c1169f483d086a94b97f5c421 2011/x86_64/apache-mod_mem_cache-2.2.21-0.1-mdv2011.0.x86_64.rpm ca912c34fec5cf470947a7f87e9705a4 2011/x86_64/apache-mod_proxy-2.2.21-0.1-mdv2011.0.x86_64.rpm b5ae70a8ed412e40275b4de7b639caa0 2011/x86_64/apache-mod_proxy_ajp-2.2.21-0.1-mdv2011.0.x86_64.rpm 6b11b032c13277712c336405ea23a8b0 2011/x86_64/apache-mod_proxy_scgi-2.2.21-0.1-mdv2011.0.x86_64.rpm 874a420342f1ea9278e014b79fe5a337 2011/x86_64/apache-mod_reqtimeout-2.2.21-0.1-mdv2011.0.x86_64.rpm 2757b3d7c8261563e22c41d3f94aaa29 2011/x86_64/apache-mod_ssl-2.2.21-0.1-mdv2011.0.x86_64.rpm 6edbc6963aab9beee507f9a3c8be38a2 2011/x86_64/apache-mod_suexec-2.2.21-0.1-mdv2011.0.x86_64.rpm fe6143eaa1acc0de751198ea19129279 2011/x86_64/apache-modules-2.2.21-0.1-mdv2011.0.x86_64.rpm 3e66fa1e1e2cf243c1c6472243cb86fe 2011/x86_64/apache-mod_userdir-2.2.21-0.1-mdv2011.0.x86_64.rpm 7d45bfd7d3aa87d45d2287fdd9507847 2011/x86_64/apache-mpm-event-2.2.21-0.1-mdv2011.0.x86_64.rpm bce9e2cdffe45cbc4baf72f0d0c4000e 2011/x86_64/apache-mpm-itk-2.2.21-0.1-mdv2011.0.x86_64.rpm 217bd96dfa802f7d049b6fd12600b154 2011/x86_64/apache-mpm-peruser-2.2.21-0.1-mdv2011.0.x86_64.rpm cc304b9011d16d7f3cf5c8250e4d9f18 2011/x86_64/apache-mpm-prefork-2.2.21-0.1-mdv2011.0.x86_64.rpm a8bb9b62c39f98a6df728d51a4fff39a 2011/x86_64/apache-mpm-worker-2.2.21-0.1-mdv2011.0.x86_64.rpm 7d41c857be2574ac5f3ea7090a1f3c78 2011/x86_64/apache-source-2.2.21-0.1-mdv2011.0.x86_64.rpm 4376094cd799523a1a7666f4e768707d 2011/SRPMS/apache-2.2.21-0.1.src.rpm b37e2a1dafb6883a10cefb4140e9635e 2011/SRPMS/apache-conf-2.2.21-0.1.src.rpm d83c587ad4d56a31362f67334bbf9455 2011/SRPMS/apache-doc-2.2.21-0.1.src.rpm 0b4a145fd5ff8c11a53956f750cdbd42 2011/SRPMS/apache-mod_suexec-2.2.21-0.1.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . HP OpenView Network Node Manager (OV NNM) v7.53 running on HP-UX, Linux, and Solaris.
Apache-2.2.21.tar.gz is available using ftp.
Host Account Password
ftp.usa.hp.com sb02704 Secure12
After downloading Apache-2.2.21.tar.gz optionally verify the SHA1 check sum: SHA1(Apache-2.2.21.tar)= 642721cac9a7c4d1e8e6033a5198071bbdd54840 SHA1(Apache-2.2.21.tar.gz)= 87d0c04be6dd06b52f1b9c7c645ce39fad117a08
The Apache-2.2.21.tar archive contains a README.txt file with installation instructions
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201108-0132", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "linux enterprise software development kit", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "11" }, { "model": "http server", "scope": "lt", "trust": 1.0, "vendor": "apache", "version": "2.0.65" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "8.04" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "11.04" }, { "model": "linux enterprise server", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "10" }, { "model": "http server", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "2.2.0" }, { "model": "http server", "scope": "lt", "trust": 1.0, "vendor": "apache", "version": "2.2.20" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "10.04" }, { "model": "linux enterprise server", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "11" }, { "model": "linux enterprise software development kit", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "10" }, { "model": "http server", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "2.0.35" }, { "model": "opensuse", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "11.3" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "10.10" }, { "model": "opensuse", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "11.4" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "apache http server", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "cisco", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "debian gnu linux", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "mandriva s a", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "oracle", "version": null }, { "model": "http server", "scope": "eq", "trust": 0.8, "vendor": "apache", "version": "1.3 system" }, { "model": "http server", "scope": "eq", "trust": 0.8, "vendor": "apache", "version": "2.x system" }, { "model": "http server", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "1.3" }, { "model": "http server", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "2.0" }, { "model": "http server", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "6.0" }, { "model": "http server", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "6.1" }, { "model": "http server", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "7.0" }, { "model": "http server", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "8.0" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6.8" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.7 and v10.7.1" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6.8" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.7 and v10.7.1" }, { "model": "application server", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "10g release 2 version 10.1.2.3" }, { "model": "application server", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "10g release 3 version 10.1.3.5" }, { "model": "fusion middleware", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "11g release 1 11.1.1.3" }, { "model": "fusion middleware", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "11g release 1 11.1.1.4" }, { "model": "fusion middleware", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "11g release 1 11.1.1.5" }, { "model": "secure backup", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "10.3.0.3" }, { "model": "secure backup", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "10.4.0.1" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "10" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "11 express" }, { "model": "supply chain products suite", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "5.5.06" }, { "model": "supply chain products suite", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "6.0" }, { "model": "supply chain products suite", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "6.1" }, { "model": "supply chain products suite", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "6.2" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "3.0" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "3.0 (x86-64)" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "4.0" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "4.0 (x86-64)" }, { "model": "hp secure web server for openvms", "scope": "lte", "trust": 0.8, "vendor": "hewlett packard", "version": "v2.2" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.23" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.31" }, { "model": "hp-ux web server suite", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "v3.19" }, { "model": "ridoc document router", "scope": "lt", "trust": 0.8, "vendor": "ricoh", "version": "pro v2 v.2.2.5.0" }, { "model": "ridoc document router", "scope": "lt", "trust": 0.8, "vendor": "ricoh", "version": "v3 v.3.2.5.0" }, { "model": "ridoc document router", "scope": "lt", "trust": 0.8, "vendor": "ricoh", "version": "v4 v.4.0.6.0" }, { "model": "ridoc document server", "scope": "lt", "trust": 0.8, "vendor": "ricoh", "version": "ep v1 / v1 type h v.1.0.6.0" }, { "model": "ridoc document server", "scope": "lt", "trust": 0.8, "vendor": "ricoh", "version": "ep v2 / v2 type h v.2.0.5.0" }, { "model": "ridoc document server", "scope": "lt", "trust": 0.8, "vendor": "ricoh", "version": "v3 v.3.2.4.0" }, { "model": "ridoc document system", "scope": "lt", "trust": 0.8, "vendor": "ricoh", "version": "image log options v1 v.1.1.5.0" }, { "model": "ridoc io operationserver", "scope": "lt", "trust": 0.8, "vendor": "ricoh", "version": "pro / device operation management utility is02.09.00" }, { "model": "ridoc web navigator", "scope": "lt", "trust": 0.8, "vendor": "ricoh", "version": "lt v.1.0.6.0" }, { "model": "ridoc web navigator", "scope": "lt", "trust": 0.8, "vendor": "ricoh", "version": "v3 v.3.3.8.0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4 (as)" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4 (es)" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4 (ws)" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (server)" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4.0" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5.0 (client)" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux els", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "3" }, { "model": "enterprise linux eus", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5.6.z (server)" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux long life", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "(v. 5.3 server)" }, { "model": "enterprise linux long life", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "(v. 5.6 server)" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux server eus", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6.0.z" }, { "model": "enterprise linux server eus", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6.1.z" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel desktop workstation", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (client)" }, { "model": "csview", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "/faq navigator" }, { "model": "csview", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "/web questionnaire" }, { "model": "pasolink nms", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "enterprise edition v4.1 to v6.5" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "standard edition v4.1 to v6.5" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "standard-j edition v4.1 to v6.5" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "web edition v4.1 to v6.5" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "enterprise edition v7.1 to v8.1" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "enterprise v8.2 to v8.4" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "express v8.2 to v8.4" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "foundation v8.2 to v8.4" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "standard edition v7.1 to v8.1" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "standard v8.2 to v8.4" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "standard-j edition v7.1 to v8.1" }, { "model": "webotx enterprise service bus", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v6.4 to v8.4" }, { "model": "webotx portal", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v8.2 to v8.3" }, { "model": "webotx sip application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "standard edition v7.1 to v8.1" }, { "model": "groupmax collaboration", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- server" }, { "model": "hirdb realtime monitor", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "device manager", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "software" }, { "model": "global link manager", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "software" }, { "model": "it operations analyzer", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "it operations director", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "provisioning manager", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "software" }, { "model": "replication manager", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "software" }, { "model": "tiered storage manager", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "software" }, { "model": "tuning manager", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "software" }, { "model": "web server", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "job management partner 1/automatic job management system 3", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- web operation assistant( english edition )" }, { "model": "job management partner 1/performance management - web console", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "( overseas edition )" }, { "model": "jp1/automatic job management system 2", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- web operation assistant" }, { "model": "jp1/automatic job management system 3", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- web operation assistant" }, { "model": "jp1/cm2/snmp system observer", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "jp1/hicommand device manager", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "jp1/hicommand provisioning manager", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "jp1/hicommand replication monitor", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "jp1/hicommand tiered storage manager", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "jp1/hicommand tuning manager", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "jp1/integrated management", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- service support" }, { "model": "jp1/it resource management", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- manager" }, { "model": "jp1/it service level management", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- manager" }, { "model": "jp1/performance management", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- manager web option" }, { "model": "jp1/performance management", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- web console" }, { "model": "jp1/serverconductor/control manager", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "enterprise" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "express" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "light" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "smart edition" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard-r" }, { "model": "ucosminexus collaboration", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- server" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "01" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "light" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional for plug-in" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard" }, { "model": "ucosminexus navigation", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "developer" }, { "model": "ucosminexus navigation", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "platform" }, { "model": "ucosminexus navigation", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "platform - authoring license" }, { "model": "ucosminexus navigation", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "platform - user license" }, { "model": "ucosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "base" }, { "model": "ucosminexus service", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "architect" }, { "model": "ucosminexus service", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "platform" }, { "model": "ucosminexus service", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "platform - messaging" }, { "model": "ucosminexus stream data platform", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- application framework" }, { "model": "electronic form workflow", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard set" }, { "model": "electronic form workflow", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "set" }, { "model": "electronic form workflow", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "developer client set" }, { "model": "electronic form workflow", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "developer set" }, { "model": "electronic form workflow", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional library set" }, { "model": "electronic form workflow", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional set" }, { "model": "internet navigware server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage application development cycle manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage application framework suite", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage apworks", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage business application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage form coordinator workflow", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage job workload server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage list manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage list works", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage service integrator", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage studio", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage web server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage xml business activity recorder", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker availability view", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker centric manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker desktop inspection", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker it change manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker it process master", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker resource coordinator", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker runbook automation", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker service catalog manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker service quality coordinator", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker software configuration manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "cloud infrastructure management software", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null } ], "sources": [ { "db": "CERT/CC", "id": "VU#405811" }, { "db": "JVNDB", "id": "JVNDB-2011-002172" }, { "db": "NVD", "id": "CVE-2011-3192" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:apache:http_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:ibm:http_server", "vulnerable": true }, { "cpe22Uri": "cpe:/o:apple:mac_os_x", "vulnerable": true }, { "cpe22Uri": "cpe:/o:apple:mac_os_x_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:oracle:application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:oracle:fusion_middleware", "vulnerable": true }, { "cpe22Uri": "cpe:/a:oracle:secure_backup", "vulnerable": true }, { "cpe22Uri": "cpe:/o:oracle:solaris", "vulnerable": true }, { "cpe22Uri": "cpe:/a:oracle:supply_chain_products_suite", "vulnerable": true }, { "cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hp:secure_web_server_for_open_vms", "vulnerable": true }, { "cpe22Uri": "cpe:/o:hp:hp-ux", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hp:hp-ux_web_server_suite", "vulnerable": true }, { "cpe22Uri": "cpe:/a:ricoh:ridoc_document_router", "vulnerable": true }, { "cpe22Uri": "cpe:/a:ricoh:ridoc_document_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:ricoh:ridoc_document_system", "vulnerable": true }, { "cpe22Uri": "cpe:/a:ricoh:ridoc_io_operationserver", "vulnerable": true }, { "cpe22Uri": "cpe:/a:ricoh:ridoc_web_navigator", "vulnerable": true }, { "cpe22Uri": "cpe:/o:redhat:enterprise_linux", "vulnerable": true }, { "cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop", "vulnerable": true }, { "cpe22Uri": "cpe:/o:redhat:enterprise_linux_els", "vulnerable": true }, { "cpe22Uri": "cpe:/o:redhat:enterprise_linux_eus", "vulnerable": true }, { "cpe22Uri": "cpe:/o:redhat:enterprise_linux_hpc_node", "vulnerable": true }, { "cpe22Uri": "cpe:/o:redhat:enterprise_linux_long_life", "vulnerable": true }, { "cpe22Uri": "cpe:/o:redhat:enterprise_linux_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:rhel_server_eus", "vulnerable": true }, { "cpe22Uri": "cpe:/o:redhat:enterprise_linux_workstation", "vulnerable": true }, { "cpe22Uri": "cpe:/o:redhat:rhel_desktop_workstation", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:csview", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:pasolink_nms", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:webotx", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:webotx_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:webotx_enterprise_service_bus", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:webotx_portal", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:webotx_sip_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:groupmax_collaboration", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:hirdb_realtime_monitor", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:device_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:global_link_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:it_operations_analyzer", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:it_operations_director", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:provisioning_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:replication_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:tiered_storage_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:tuning_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:hitachi_web_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:job_management_partner_1_automatic_job_management_system_3", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:job_management_partner_1_performance_management_web_console", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:jp1_automatic_job_management_system_2", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:jp1_automatic_job_management_system_3", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:jp1_cm2_snmp_system_observer", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:jp1-hicommand_device_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:jp1-hicommand_provisioning_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:jp1-hicommand_replication_monitor", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:jp1-hicommand_tiered_storage_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:jp1-hicommand_tuning_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:jp1_integrated_management", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:jp1_it_resource_management", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:jp1_it_service_level_management", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:jp1_performance_management", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:jp1_serverconductor_control_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_collaboration", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_navigation", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_primary_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_service", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_stream_data_platform", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:electronic_form_workflow", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:internet_navigware_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_development_cycle_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_framework_suite", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_apworks", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_form_coordinator_workflow", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_job_workload_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_list_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_list_works", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_service_integrator", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_studio", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_web_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_xml_business_activity_recorder", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_availability_view", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_centric_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_desktop_inspection", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_it_change_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_it_process_master", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_resource_coordinator", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_runbook_automation", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_service_catalog_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_service_quality_coordinator", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_software_configuration_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:cloud_infrastructure_management_software", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-002172" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "HP", "sources": [ { "db": "PACKETSTORM", "id": "105422" }, { "db": "PACKETSTORM", "id": "117251" }, { "db": "PACKETSTORM", "id": "104969" }, { "db": "PACKETSTORM", "id": "106557" } ], "trust": 0.4 }, "cve": "CVE-2011-3192", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2011-3192", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 1.9, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2011-3192", "trust": 1.0, "value": "HIGH" }, { "author": "CARNEGIE MELLON", "id": "VU#405811", "trust": 0.8, "value": "16.01" }, { "author": "NVD", "id": "CVE-2011-3192", "trust": 0.8, "value": "High" }, { "author": "VULMON", "id": "CVE-2011-3192", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "CERT/CC", "id": "VU#405811" }, { "db": "VULMON", "id": "CVE-2011-3192" }, { "db": "JVNDB", "id": "JVNDB-2011-002172" }, { "db": "NVD", "id": "CVE-2011-3192" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086. Both the \u0027Range\u0027 header and the \u0027Range-Request\u0027 header are vulnerable. The attack tool causes a significant increase in CPU and memory usage on the server. Apache HTTPD The server has a service disruption (DoS) Vulnerabilities exist. Apache HTTPD The server Range Header and Request-Range There is a problem with header processing, and service operation is interrupted. (DoS) Vulnerabilities exist. Attacks using this vulnerability have been observed. Also, \"Apache Killer\" The attack tool called is released. Apache The advisory states that: \"Background and the 2007 report There are two aspects to this vulnerability. One is new, is Apache specific; and resolved with this server side fix. The other issue is fundamentally a protocol design issue dating back to 2007: http://seclists.org/bugtraq/2007/Jan/83 The contemporary interpretation of the HTTP protocol (currently) requires a server to return multiple (overlapping) ranges; in the order requested. This means that one can request a very large range (e.g. from byte 0- to the end) 100\u0027s of times in a single request. Being able to do so is an issue for (probably all) webservers and currently subject of an IETF discussion to change the protocol: http://trac.tools.ietf.org/wg/httpbis/trac/ticket/311 This advisory details a problem with how Apache httpd and its so called internal \u0027bucket brigades\u0027 deal with serving such \"valid\" request. The problem is that currently such requests internally explode into 100\u0027s of large fetches, all of which are kept in memory in an inefficient way. This is being addressed in two ways. By making things more efficient. And by weeding out or simplifying requests deemed too unwieldy.\"Service disruption by a remote third party (DoS) There is a possibility of being attacked. ----------------------------------------------------------------------\n\nThe Secunia CSI 5.0 Beta - now available for testing\nFind out more, take a free test drive, and share your opinion with us: \nhttp://secunia.com/blog/242 \n\n----------------------------------------------------------------------\n\nTITLE:\nHitachi Web Server ByteRange Filter Denial of Service Vulnerability\n\nSECUNIA ADVISORY ID:\nSA45865\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/45865/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45865\n\nRELEASE DATE:\n2011-09-05\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/45865/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/45865/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45865\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nHitachi has acknowledged a vulnerability in Hitachi Web Server, which\ncan be exploited by malicious people to cause a DoS (Denial of\nService). \n\nORIGINAL ADVISORY:\nHitachi (Japanese):\nhttp://www.hitachi.co.jp/Prod/comp/soft1/security/info/./vuls/HS11-019/index.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. Summary:\n\nUpdated httpd packages that fix one security issue are now available for\nRed Hat Enterprise Linux 5.3 Long Life, 5.6 Extended Update Support, and\n6.0 Extended Update Support. \n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from the\nCVE link in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64\nRed Hat Enterprise Linux (v. 5.3.LL server) - i386, ia64, x86_64\nRed Hat Enterprise Linux Server (v. 6.0.z) - i386, noarch, ppc64, s390x, x86_64\n\n3. (CVE-2011-3192)\n\nAll httpd users should upgrade to these updated packages, which contain a\nbackported patch to correct this issue. After installing the updated\npackages, the httpd daemon must be restarted for the update to take effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n732928 - CVE-2011-3192 httpd: multiple ranges DoS\n\n6. Package List:\n\nRed Hat Enterprise Linux (v. 5.3.LL server):\n\nSource:\nhttpd-2.2.3-22.el5_3.3.src.rpm\n\ni386:\nhttpd-2.2.3-22.el5_3.3.i386.rpm\nhttpd-debuginfo-2.2.3-22.el5_3.3.i386.rpm\nhttpd-devel-2.2.3-22.el5_3.3.i386.rpm\nhttpd-manual-2.2.3-22.el5_3.3.i386.rpm\nmod_ssl-2.2.3-22.el5_3.3.i386.rpm\n\nia64:\nhttpd-2.2.3-22.el5_3.3.ia64.rpm\nhttpd-debuginfo-2.2.3-22.el5_3.3.ia64.rpm\nhttpd-devel-2.2.3-22.el5_3.3.ia64.rpm\nhttpd-manual-2.2.3-22.el5_3.3.ia64.rpm\nmod_ssl-2.2.3-22.el5_3.3.ia64.rpm\n\nx86_64:\nhttpd-2.2.3-22.el5_3.3.x86_64.rpm\nhttpd-debuginfo-2.2.3-22.el5_3.3.i386.rpm\nhttpd-debuginfo-2.2.3-22.el5_3.3.x86_64.rpm\nhttpd-devel-2.2.3-22.el5_3.3.i386.rpm\nhttpd-devel-2.2.3-22.el5_3.3.x86_64.rpm\nhttpd-manual-2.2.3-22.el5_3.3.x86_64.rpm\nmod_ssl-2.2.3-22.el5_3.3.x86_64.rpm\n\nRed Hat Enterprise Linux (v. 5 server):\n\nSource:\nhttpd-2.2.3-45.el5_6.2.src.rpm\n\ni386:\nhttpd-2.2.3-45.el5_6.2.i386.rpm\nhttpd-debuginfo-2.2.3-45.el5_6.2.i386.rpm\nhttpd-devel-2.2.3-45.el5_6.2.i386.rpm\nhttpd-manual-2.2.3-45.el5_6.2.i386.rpm\nmod_ssl-2.2.3-45.el5_6.2.i386.rpm\n\nia64:\nhttpd-2.2.3-45.el5_6.2.ia64.rpm\nhttpd-debuginfo-2.2.3-45.el5_6.2.ia64.rpm\nhttpd-devel-2.2.3-45.el5_6.2.ia64.rpm\nhttpd-manual-2.2.3-45.el5_6.2.ia64.rpm\nmod_ssl-2.2.3-45.el5_6.2.ia64.rpm\n\nppc:\nhttpd-2.2.3-45.el5_6.2.ppc.rpm\nhttpd-debuginfo-2.2.3-45.el5_6.2.ppc.rpm\nhttpd-debuginfo-2.2.3-45.el5_6.2.ppc64.rpm\nhttpd-devel-2.2.3-45.el5_6.2.ppc.rpm\nhttpd-devel-2.2.3-45.el5_6.2.ppc64.rpm\nhttpd-manual-2.2.3-45.el5_6.2.ppc.rpm\nmod_ssl-2.2.3-45.el5_6.2.ppc.rpm\n\ns390x:\nhttpd-2.2.3-45.el5_6.2.s390x.rpm\nhttpd-debuginfo-2.2.3-45.el5_6.2.s390.rpm\nhttpd-debuginfo-2.2.3-45.el5_6.2.s390x.rpm\nhttpd-devel-2.2.3-45.el5_6.2.s390.rpm\nhttpd-devel-2.2.3-45.el5_6.2.s390x.rpm\nhttpd-manual-2.2.3-45.el5_6.2.s390x.rpm\nmod_ssl-2.2.3-45.el5_6.2.s390x.rpm\n\nx86_64:\nhttpd-2.2.3-45.el5_6.2.x86_64.rpm\nhttpd-debuginfo-2.2.3-45.el5_6.2.i386.rpm\nhttpd-debuginfo-2.2.3-45.el5_6.2.x86_64.rpm\nhttpd-devel-2.2.3-45.el5_6.2.i386.rpm\nhttpd-devel-2.2.3-45.el5_6.2.x86_64.rpm\nhttpd-manual-2.2.3-45.el5_6.2.x86_64.rpm\nmod_ssl-2.2.3-45.el5_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6.0.z):\n\nSource:\nhttpd-2.2.15-5.el6_0.1.src.rpm\n\ni386:\nhttpd-2.2.15-5.el6_0.1.i686.rpm\nhttpd-debuginfo-2.2.15-5.el6_0.1.i686.rpm\nhttpd-devel-2.2.15-5.el6_0.1.i686.rpm\nhttpd-tools-2.2.15-5.el6_0.1.i686.rpm\nmod_ssl-2.2.15-5.el6_0.1.i686.rpm\n\nnoarch:\nhttpd-manual-2.2.15-5.el6_0.1.noarch.rpm\n\nppc64:\nhttpd-2.2.15-5.el6_0.1.ppc64.rpm\nhttpd-debuginfo-2.2.15-5.el6_0.1.ppc.rpm\nhttpd-debuginfo-2.2.15-5.el6_0.1.ppc64.rpm\nhttpd-devel-2.2.15-5.el6_0.1.ppc.rpm\nhttpd-devel-2.2.15-5.el6_0.1.ppc64.rpm\nhttpd-tools-2.2.15-5.el6_0.1.ppc64.rpm\nmod_ssl-2.2.15-5.el6_0.1.ppc64.rpm\n\ns390x:\nhttpd-2.2.15-5.el6_0.1.s390x.rpm\nhttpd-debuginfo-2.2.15-5.el6_0.1.s390.rpm\nhttpd-debuginfo-2.2.15-5.el6_0.1.s390x.rpm\nhttpd-devel-2.2.15-5.el6_0.1.s390.rpm\nhttpd-devel-2.2.15-5.el6_0.1.s390x.rpm\nhttpd-tools-2.2.15-5.el6_0.1.s390x.rpm\nmod_ssl-2.2.15-5.el6_0.1.s390x.rpm\n\nx86_64:\nhttpd-2.2.15-5.el6_0.1.x86_64.rpm\nhttpd-debuginfo-2.2.15-5.el6_0.1.i686.rpm\nhttpd-debuginfo-2.2.15-5.el6_0.1.x86_64.rpm\nhttpd-devel-2.2.15-5.el6_0.1.i686.rpm\nhttpd-devel-2.2.15-5.el6_0.1.x86_64.rpm\nhttpd-tools-2.2.15-5.el6_0.1.x86_64.rpm\nmod_ssl-2.2.15-5.el6_0.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and \ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2011-3192.html\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2011 Red Hat, Inc. This update fixes this bug. This issue only\naffects the Debian 5.0 oldstable/lenny distribution. \n\n\nThe regression has been fixed in the following packages:\n\nFor the oldstable distribution (lenny), this problem has been fixed\nin version 2.2.9-10+lenny11. \n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.2.16-6+squeeze3. \n\nFor the testing distribution (wheezy), this problem will be fixed in\nversion 2.2.20-1. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.2.20-1. \n\nWe recommend that you upgrade your apache2 packages. The new version\nnumber for the oldstable distribution is 2.2.6-02-1+lenny6. In the\nstable distribution, apache2-mpm-itk has the same version number as\napache2. \nHP Secure Web Server (SWS) for OpenVMS V2.2 and earlier. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c02997184\nVersion: 2\n\nHPSBUX02702 SSRT100606 rev.2 - HP-UX Apache Web Server, Remote Denial of Service (DoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2011-09-08\nLast Updated: 2011-09-08\n\n ------------------------------------------------------------------------------\n\nPotential Security Impact: Remote Denial of Service (DoS)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP-UX Apache Web Server. \n\nReferences: CVE-2011-3192, CVE-2011-0419\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.23, B.11.31 running HP-UX Apache Web Server Suite v3.17 containing Apache v2.2.15.07 or earlier\nHP-UX B.11.11 running HP-UX Apache Web Server Suite v2.33 containing Apache v2.0.64.01 or earlier\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2011-3192 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8\nCVE-2011-0419 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nThis bulletin will be revised when additional information becomes available. \n\nHP has provided the following software update to resolve these vulnerabilities. \n\nThe update is available for download from the following location\nftp://srt10606:P2xg=AD5@ftp.usa.hp.com\nor\nhttps://ftp.usa.hp.com/hprc/home with\nusername srt10606 and password P2xg=AD5\n\nHP-UX Web Server Suite (WSS) v.3.18 containing Apache v2.2.15.08\nHP-UX 11i Release / Apache Depot name\n\nB.11.23 (32-bit) / Apache-CVE-2011-3192-Fix-IA-PA-32.depot\nB.11.23 (64-bit) / Apache-CVE-2011-3192-Fix-IA-PA-64.depot\n\nB.11.31 (32-bit) / Apache-CVE-2011-3192-Fix-IA-PA-32.depot\nB.11.31 (64-bit) / Apache-CVE-2011-3192-Fix-IA-PA-64.depot\n\nHP-UX Web Server Suite (WSS) v.2.33 containing Apache v2.0.64.01 and earlier\nHP-UX 11i Release / Apache Depot name\n\nB.11.11 / Use work around suggested below\nB.11.23 (32 \u0026 64-bit) / No longer supported. Upgrade to WSS v 3.18\nB.11.31 (32 \u0026 64-bit) / No longer supported. Upgrade to WSS v 3.18\n\nAlternatives to Installing the Preliminary Patch\nThe Apache Software Foundation has documented work arounds. For customers not wanting to install the preliminary patch, the following are recommended. \nNote: that no patch is available for Apache 2.0.64.01. \n\n2) Limit the size of the request field to a few hundred bytes. \n\n3) Use mod_headers to completely disallow the use of Range headers. \n\nPlease refer to the Apache advisory for details. http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3c20110826103531.998348F82@minotaur.apache.org%3e\n\nMANUAL ACTIONS: Yes - Update\nInstall HP-UX Web Server Suite v3.18 or subsequent. \n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. \n\nIt analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX Web Server Suite v3.18\nHP-UX B.11.23\nHP-UX B.11.31\n==================\nhpuxws22APCH32.APACHE\nhpuxws22APCH32.APACHE2\nhpuxws22APCH32.AUTH_LDAP\nhpuxws22APCH32.AUTH_LDAP2\nhpuxws22APCH32.MOD_JK\nhpuxws22APCH32.MOD_JK2\nhpuxws22APCH32.MOD_PERL\nhpuxws22APCH32.MOD_PERL2\nhpuxws22APCH32.PHP\nhpuxws22APCH32.PHP2\nhpuxws22APCH32.WEBPROXY\nhpuxws22APCH32.WEBPROXY2\nhpuxws22APACHE.APACHE\nhpuxws22APACHE.APACHE2\nhpuxws22APACHE.AUTH_LDAP\nhpuxws22APACHE.AUTH_LDAP2\nhpuxws22APACHE.MOD_JK\nhpuxws22APACHE.MOD_JK2\nhpuxws22APACHE.MOD_PERL\nhpuxws22APACHE.MOD_PERL2\nhpuxws22APACHE.PHP\nhpuxws22APACHE.PHP2\nhpuxws22APACHE.WEBPROXY\nhpuxws22APACHE.WEBPROXY2\naction: install revision B.2.2.15.08 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) - 8 September 2011 Initial release\nVersion:2 (rev.2) - 8 September 2011 Updated affectivity, recommendations, typos\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430\n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2011 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.10 (GNU/Linux)\n\niEYEARECAAYFAk5pPZoACgkQ4B86/C0qfVn5nwCg/w2MOkbP7d5Xp4fAyX4zAOdp\naWQAoJoKZs8qDHYIVa41KgH1ANkNQI3C\n=MTc6\n-----END PGP SIGNATURE-----\n. Enjoy!\n \n * apache has been upgraded to the latest version (2.2.21) for 2011\n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2011:\n 5c4825e4c63b4a06c68a5fd81517de71 2011/i586/apache-base-2.2.21-0.1-mdv2011.0.i586.rpm\n b5a00191b27804f9735643cdcd704b19 2011/i586/apache-conf-2.2.21-0.1-mdv2011.0.i586.rpm\n 49defd7efbb4a37ec49c01c7ef9c64aa 2011/i586/apache-devel-2.2.21-0.1-mdv2011.0.i586.rpm\n a023e40689777630df036eae1a84a475 2011/i586/apache-doc-2.2.21-0.1-mdv2011.0.noarch.rpm\n f03744bb74a3e0872cb08465799c3ee1 2011/i586/apache-htcacheclean-2.2.21-0.1-mdv2011.0.i586.rpm\n bb9efa66089deef66f9434b813d41a95 2011/i586/apache-mod_authn_dbd-2.2.21-0.1-mdv2011.0.i586.rpm\n bb334eb7fe43927ba7c6c9196b4e1fd1 2011/i586/apache-mod_cache-2.2.21-0.1-mdv2011.0.i586.rpm\n 086b5ed82c064b16964fff70bf9c841e 2011/i586/apache-mod_dav-2.2.21-0.1-mdv2011.0.i586.rpm\n 115008b2471e10ea01689dafe5c46bcd 2011/i586/apache-mod_dbd-2.2.21-0.1-mdv2011.0.i586.rpm\n 6b686ec6612ff8740d1e482faa06c544 2011/i586/apache-mod_deflate-2.2.21-0.1-mdv2011.0.i586.rpm\n 8c8f14074bc0dbbeb2b3890611f95c6b 2011/i586/apache-mod_disk_cache-2.2.21-0.1-mdv2011.0.i586.rpm\n b03569edc20c9393e0b5eea09f590368 2011/i586/apache-mod_file_cache-2.2.21-0.1-mdv2011.0.i586.rpm\n 343703d3822a6757e000edeebe7e0a06 2011/i586/apache-mod_ldap-2.2.21-0.1-mdv2011.0.i586.rpm\n 3457011403525d40e525716c4da8e477 2011/i586/apache-mod_mem_cache-2.2.21-0.1-mdv2011.0.i586.rpm\n 3d060145b3665ca4c0b309f812af9370 2011/i586/apache-mod_proxy-2.2.21-0.1-mdv2011.0.i586.rpm\n a0e00b0610eb5a8c5c57afabeafc07f8 2011/i586/apache-mod_proxy_ajp-2.2.21-0.1-mdv2011.0.i586.rpm\n dd4bb38bbc2997ca398fb37225eca371 2011/i586/apache-mod_proxy_scgi-2.2.21-0.1-mdv2011.0.i586.rpm\n 2966cdfddf02fa32447711af6a3046dd 2011/i586/apache-mod_reqtimeout-2.2.21-0.1-mdv2011.0.i586.rpm\n 48774d9c282dc476f35a0c8b2e821a7f 2011/i586/apache-mod_ssl-2.2.21-0.1-mdv2011.0.i586.rpm\n 7b832f85bd258abf0c7abb161f4028b4 2011/i586/apache-mod_suexec-2.2.21-0.1-mdv2011.0.i586.rpm\n 1c6b93eaa5b27477989bf82ea9a63685 2011/i586/apache-modules-2.2.21-0.1-mdv2011.0.i586.rpm\n 1e7dc0ee3fafae8a786be0cc164ebe4a 2011/i586/apache-mod_userdir-2.2.21-0.1-mdv2011.0.i586.rpm\n ab2d074f2dfe57a64b022d4e6b8254ab 2011/i586/apache-mpm-event-2.2.21-0.1-mdv2011.0.i586.rpm\n a22debf09366b64e236965a4091009e9 2011/i586/apache-mpm-itk-2.2.21-0.1-mdv2011.0.i586.rpm\n 174aed4327491b83f147f3b4e76bcd1f 2011/i586/apache-mpm-peruser-2.2.21-0.1-mdv2011.0.i586.rpm\n e141881c27496e7e74ad7f3f566a1bd2 2011/i586/apache-mpm-prefork-2.2.21-0.1-mdv2011.0.i586.rpm\n 97893069a3d6eb73e3773bc0ee78c9a4 2011/i586/apache-mpm-worker-2.2.21-0.1-mdv2011.0.i586.rpm\n fe530e2da15b3e0bf14c617824ff82c9 2011/i586/apache-source-2.2.21-0.1-mdv2011.0.i586.rpm \n 4376094cd799523a1a7666f4e768707d 2011/SRPMS/apache-2.2.21-0.1.src.rpm\n b37e2a1dafb6883a10cefb4140e9635e 2011/SRPMS/apache-conf-2.2.21-0.1.src.rpm\n d83c587ad4d56a31362f67334bbf9455 2011/SRPMS/apache-doc-2.2.21-0.1.src.rpm\n 0b4a145fd5ff8c11a53956f750cdbd42 2011/SRPMS/apache-mod_suexec-2.2.21-0.1.src.rpm\n\n Mandriva Linux 2011/X86_64:\n 8837c56966896e10d3403956e7cf86ac 2011/x86_64/apache-base-2.2.21-0.1-mdv2011.0.x86_64.rpm\n aec6da25319585e53623471734f99c57 2011/x86_64/apache-conf-2.2.21-0.1-mdv2011.0.x86_64.rpm\n e8600455214ad4f2303d9f36576e4952 2011/x86_64/apache-devel-2.2.21-0.1-mdv2011.0.x86_64.rpm\n 90694f3211fca3d436ec4130b8bb43e2 2011/x86_64/apache-doc-2.2.21-0.1-mdv2011.0.noarch.rpm\n fd3f6a51c8abf8b1ff8356489ba6d6e1 2011/x86_64/apache-htcacheclean-2.2.21-0.1-mdv2011.0.x86_64.rpm\n 796c8129bbc160455587bc54c58c2220 2011/x86_64/apache-mod_authn_dbd-2.2.21-0.1-mdv2011.0.x86_64.rpm\n 61add54b6e0c8306dff065a150b262e2 2011/x86_64/apache-mod_cache-2.2.21-0.1-mdv2011.0.x86_64.rpm\n cb98169c29008c256662f3a08141bf95 2011/x86_64/apache-mod_dav-2.2.21-0.1-mdv2011.0.x86_64.rpm\n 5aa03ee54a7e40d41fd746fd1a223c72 2011/x86_64/apache-mod_dbd-2.2.21-0.1-mdv2011.0.x86_64.rpm\n 386a956f014fe2d64dfe38fc261abd39 2011/x86_64/apache-mod_deflate-2.2.21-0.1-mdv2011.0.x86_64.rpm\n 5a473bc45fa59323c4d526dd4f5a30d3 2011/x86_64/apache-mod_disk_cache-2.2.21-0.1-mdv2011.0.x86_64.rpm\n aaa544f7a4912c161a2c73e222ae87d6 2011/x86_64/apache-mod_file_cache-2.2.21-0.1-mdv2011.0.x86_64.rpm\n f04054edc62a24ea9042c5b41074bd1d 2011/x86_64/apache-mod_ldap-2.2.21-0.1-mdv2011.0.x86_64.rpm\n 1c97f63c1169f483d086a94b97f5c421 2011/x86_64/apache-mod_mem_cache-2.2.21-0.1-mdv2011.0.x86_64.rpm\n ca912c34fec5cf470947a7f87e9705a4 2011/x86_64/apache-mod_proxy-2.2.21-0.1-mdv2011.0.x86_64.rpm\n b5ae70a8ed412e40275b4de7b639caa0 2011/x86_64/apache-mod_proxy_ajp-2.2.21-0.1-mdv2011.0.x86_64.rpm\n 6b11b032c13277712c336405ea23a8b0 2011/x86_64/apache-mod_proxy_scgi-2.2.21-0.1-mdv2011.0.x86_64.rpm\n 874a420342f1ea9278e014b79fe5a337 2011/x86_64/apache-mod_reqtimeout-2.2.21-0.1-mdv2011.0.x86_64.rpm\n 2757b3d7c8261563e22c41d3f94aaa29 2011/x86_64/apache-mod_ssl-2.2.21-0.1-mdv2011.0.x86_64.rpm\n 6edbc6963aab9beee507f9a3c8be38a2 2011/x86_64/apache-mod_suexec-2.2.21-0.1-mdv2011.0.x86_64.rpm\n fe6143eaa1acc0de751198ea19129279 2011/x86_64/apache-modules-2.2.21-0.1-mdv2011.0.x86_64.rpm\n 3e66fa1e1e2cf243c1c6472243cb86fe 2011/x86_64/apache-mod_userdir-2.2.21-0.1-mdv2011.0.x86_64.rpm\n 7d45bfd7d3aa87d45d2287fdd9507847 2011/x86_64/apache-mpm-event-2.2.21-0.1-mdv2011.0.x86_64.rpm\n bce9e2cdffe45cbc4baf72f0d0c4000e 2011/x86_64/apache-mpm-itk-2.2.21-0.1-mdv2011.0.x86_64.rpm\n 217bd96dfa802f7d049b6fd12600b154 2011/x86_64/apache-mpm-peruser-2.2.21-0.1-mdv2011.0.x86_64.rpm\n cc304b9011d16d7f3cf5c8250e4d9f18 2011/x86_64/apache-mpm-prefork-2.2.21-0.1-mdv2011.0.x86_64.rpm\n a8bb9b62c39f98a6df728d51a4fff39a 2011/x86_64/apache-mpm-worker-2.2.21-0.1-mdv2011.0.x86_64.rpm\n 7d41c857be2574ac5f3ea7090a1f3c78 2011/x86_64/apache-source-2.2.21-0.1-mdv2011.0.x86_64.rpm \n 4376094cd799523a1a7666f4e768707d 2011/SRPMS/apache-2.2.21-0.1.src.rpm\n b37e2a1dafb6883a10cefb4140e9635e 2011/SRPMS/apache-conf-2.2.21-0.1.src.rpm\n d83c587ad4d56a31362f67334bbf9455 2011/SRPMS/apache-doc-2.2.21-0.1.src.rpm\n 0b4a145fd5ff8c11a53956f750cdbd42 2011/SRPMS/apache-mod_suexec-2.2.21-0.1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \nHP OpenView Network Node Manager (OV NNM) v7.53 running on HP-UX, Linux, and Solaris. \n\nApache-2.2.21.tar.gz is available using ftp. \n\nHost\n Account\n Password\n\nftp.usa.hp.com\n sb02704\n Secure12\n\nAfter downloading Apache-2.2.21.tar.gz optionally verify the SHA1 check sum:\nSHA1(Apache-2.2.21.tar)= 642721cac9a7c4d1e8e6033a5198071bbdd54840\nSHA1(Apache-2.2.21.tar.gz)= 87d0c04be6dd06b52f1b9c7c645ce39fad117a08\n\nThe Apache-2.2.21.tar archive contains a README.txt file with installation instructions", "sources": [ { "db": "NVD", "id": "CVE-2011-3192" }, { "db": "CERT/CC", "id": "VU#405811" }, { "db": "JVNDB", "id": "JVNDB-2011-002172" }, { "db": "VULMON", "id": "CVE-2011-3192" }, { "db": "PACKETSTORM", "id": "104804" }, { "db": "PACKETSTORM", "id": "105792" }, { "db": "PACKETSTORM", "id": "105422" }, { "db": "PACKETSTORM", "id": "105120" }, { "db": "PACKETSTORM", "id": "104836" }, { "db": "PACKETSTORM", "id": "117251" }, { "db": "PACKETSTORM", "id": "104969" }, { "db": "PACKETSTORM", "id": "105184" }, { "db": "PACKETSTORM", "id": "106788" }, { "db": "PACKETSTORM", "id": "106557" } ], "trust": 3.33 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=17696", "trust": 0.2, "type": "exploit" } ], "sources": [ { "db": "VULMON", "id": "CVE-2011-3192" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2011-3192", "trust": 2.8 }, { "db": "CERT/CC", "id": "VU#405811", "trust": 2.6 }, { "db": "BID", "id": "49303", "trust": 1.8 }, { "db": "SECUNIA", "id": "45606", "trust": 1.8 }, { "db": "SECTRACK", "id": "1025960", "trust": 1.8 }, { "db": "OSVDB", "id": "74721", "trust": 1.8 }, { "db": "SECUNIA", "id": "46000", "trust": 1.0 }, { "db": "SECUNIA", "id": "45937", "trust": 1.0 }, { "db": "SECUNIA", "id": "46125", "trust": 1.0 }, { "db": "SECUNIA", "id": "46126", "trust": 1.0 }, { "db": "EXPLOIT-DB", "id": "17696", "trust": 1.0 }, { "db": "JVNDB", "id": "JVNDB-2011-002172", "trust": 0.8 }, { "db": "SECUNIA", "id": "45865", "trust": 0.2 }, { "db": "VULMON", "id": "CVE-2011-3192", "trust": 0.1 }, { "db": "HITACHI", "id": "HS11-019", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "104804", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "105792", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "105422", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "105120", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "104836", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "117251", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "104969", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "105184", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106788", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106557", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#405811" }, { "db": "VULMON", "id": "CVE-2011-3192" }, { "db": "JVNDB", "id": "JVNDB-2011-002172" }, { "db": "PACKETSTORM", "id": "104804" }, { "db": "PACKETSTORM", "id": "105792" }, { "db": "PACKETSTORM", "id": "105422" }, { "db": "PACKETSTORM", "id": "105120" }, { "db": "PACKETSTORM", "id": "104836" }, { "db": "PACKETSTORM", "id": "117251" }, { "db": "PACKETSTORM", "id": "104969" }, { "db": "PACKETSTORM", "id": "105184" }, { "db": "PACKETSTORM", "id": "106788" }, { "db": "PACKETSTORM", "id": "106557" }, { "db": "NVD", "id": "CVE-2011-3192" } ] }, "id": "VAR-201108-0132", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.23680949000000004 }, "last_update_date": "2024-11-28T21:09:46.556000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Fixed in Apache httpd 2.2.20", "trust": 0.8, "url": "http://httpd.apache.org/security/vulnerabilities_22.html#2.2.20" }, { "title": "Downloading the Apache HTTP Server", "trust": 0.8, "url": "http://httpd.apache.org/download.cgi" }, { "title": "Range header DoS vulnerability Apache HTTPD 1.3/2.x UPDATE 2", "trust": 0.8, "url": "http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3C20110826103531.998348F82@minotaur.apache.org%3E" }, { "title": "Range header DoS vulnerability Apache HTTPD 1.3/2.x", "trust": 0.8, "url": "http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3C20110824161640.122D387DD@minotaur.apache.org%3E" }, { "title": "Apache HTTP Server 2.2.20 Released", "trust": 0.8, "url": "http://www.apache.org/dist/httpd/Announcement2.2.html" }, { "title": "HT5002", "trust": 0.8, "url": "http://support.apple.com/kb/HT5002" }, { "title": "Changes with Apache 2.2.20", "trust": 0.8, "url": "http://www.apache.org/dist/httpd/CHANGES_2.2.20" }, { "title": "cisco-sa-20110830-apache", "trust": 0.8, "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110830-apache" }, { "title": "HS11-020", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-020/index.html" }, { "title": "HS11-021", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-021/index.html" }, { "title": "HS11-022", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-022/index.html" }, { "title": "HS11-019", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-019/index.html" }, { "title": "HPSBOV02822 SSRT100966", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03517954" }, { "title": "HPSBUX02707 SSRT100626", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03025215" }, { "title": "HPSBUX02702 SSRT100606", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02997184" }, { "title": "7021867", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27021867#8001" }, { "title": "4030863", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24030863" }, { "title": "1512087", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21512087" }, { "title": "J1008285", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=jpn1J1008285" }, { "title": "J1008222", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=jpn1J1008222" }, { "title": "2236", "trust": 0.8, "url": "https://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=2236" }, { "title": "NV11-005", "trust": 0.8, "url": "http://jpn.nec.com/security-info/secinfo/nv11-005.html" }, { "title": "SUSE-SU-2011:1010", "trust": 0.8, "url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00011.html" }, { "title": "openSUSE-SU-2011:0993", "trust": 0.8, "url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00006.html" }, { "title": "SUSE-SU-2011:1000", "trust": 0.8, "url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00009.html" }, { "title": "SUSE-SU-2011:1007", "trust": 0.8, "url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00010.html" }, { "title": "Oracle Critical Patch Update Advisory - January 2012", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html" }, { "title": "Oracle Critical Patch Update Advisory - July 2012", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" }, { "title": "Text Form of Oracle Critical Patch Update - July 2012 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2012verbose-392736.html" }, { "title": "alert-cve-2011-3192-485304", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2011-3192-485304.html" }, { "title": "RHSA-2011:1369", "trust": 0.8, "url": "http://rhn.redhat.com/errata/RHSA-2011-1369.html" }, { "title": "RHSA-2011:1330", "trust": 0.8, "url": "http://rhn.redhat.com/errata/RHSA-2011-1330.html" }, { "title": "RHSA-2011:1294", "trust": 0.8, "url": "https://rhn.redhat.com/errata/RHSA-2011-1294.html" }, { "title": "RHSA-2011:1329", "trust": 0.8, "url": "http://rhn.redhat.com/errata/RHSA-2011-1329.html" }, { "title": "RHSA-2011:1300", "trust": 0.8, "url": "https://rhn.redhat.com/errata/RHSA-2011-1300.html" }, { "title": "RHSA-2011:1245", "trust": 0.8, "url": "https://rhn.redhat.com/errata/RHSA-2011-1245.html" }, { "title": "Ridoc\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u88fd\u54c1\u3067\u306e\u300cApache HTTPD \u30b5\u30fc\u30d0\u30fc\u306b\u304a\u3051\u308b\u30b5\u30fc\u30d3\u30b9\u904b\u7528\u59a8\u5bb3 (DoS) \u306e\u8106\u5f31\u6027\u300d\u306b\u3064\u3044\u3066", "trust": 0.8, "url": "http://www.ricoh.co.jp/support/news/121114.html" }, { "title": "MDVSA-2011:130", "trust": 0.8, "url": "http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2011:130" }, { "title": "January 2012 Critical Patch Update Released", "trust": 0.8, "url": "http://blogs.oracle.com/security/entry/january_2012_critical_patch_update" }, { "title": "CVE-2011-3192 Denial of Service vulnerability in Apache HTTP Server", "trust": 0.8, "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2011_3192_denial_of1" }, { "title": "July 2012 Critical Patch Update Released", "trust": 0.8, "url": "http://blogs.oracle.com/security/entry/july_2012_critical_patch_update" }, { "title": "cve_2011_3192_denial_of", "trust": 0.8, "url": "http://blogs.oracle.com/sunsecurity/entry/cve_2011_3192_denial_of" }, { "title": "USN-1199-1", "trust": 0.8, "url": "http://www.ubuntu.com/usn/USN-1199-1/" }, { "title": "interstage_as_201102", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_201102.html" }, { "title": "cisco-sa-20110830-apache", "trust": 0.8, "url": "http://www.cisco.com/cisco/web/support/JP/110/1108/1108502_cisco-sa-20110830-apache-j.html" }, { "title": "HS11-021", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-021/index.html" }, { "title": "HS11-022", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-022/index.html" }, { "title": "HS11-019", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-019/index.html" }, { "title": "HS11-020", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-020/index.html" }, { "title": "VU#405811", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/vulnerabilities/vu405811.html" }, { "title": "Ubuntu Security Notice: apache2 vulnerability", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1199-1" }, { "title": "Cisco: Apache HTTPd Range Header Denial of Service Vulnerability", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20110830-apache" }, { "title": "Debian Security Advisories: DSA-2298-2 apache2 -- denial of service", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=7227b6751a2a5332a53278f1881d559f" }, { "title": "Amazon Linux AMI: ALAS-2011-001", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2011-001" }, { "title": "Red Hat: Moderate: httpd security and bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120542 - Security Advisory" }, { "title": "", "trust": 0.1, "url": "https://github.com/Live-Hack-CVE/CVE-2011-3192 " }, { "title": "MNCanyon", "trust": 0.1, "url": "https://github.com/MNCanyon/MNCanyon " }, { "title": "haproxy-ddos", "trust": 0.1, "url": "https://github.com/analytically/haproxy-ddos " }, { "title": "DDoS-Script", "trust": 0.1, "url": "https://github.com/Encapsulate/DDoS-Script " }, { "title": "Mind_help", "trust": 0.1, "url": "https://github.com/MNCanyon/Mind_help " }, { "title": "DC-p0t", "trust": 0.1, "url": "https://github.com/5p1n6a11/DC-p0t " } ], "sources": [ { "db": "VULMON", "id": "CVE-2011-3192" }, { "db": "JVNDB", "id": "JVNDB-2011-002172" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-400", "trust": 1.0 }, { "problemtype": "CWE-399", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-002172" }, { "db": "NVD", "id": "CVE-2011-3192" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "http://www.apache.org/dist/httpd/announcement2.2.html" }, { "trust": 1.8, "url": "http://osvdb.org/74721" }, { "trust": 1.8, "url": "http://secunia.com/advisories/45606" }, { "trust": 1.8, "url": "http://www.securityfocus.com/bid/49303" }, { "trust": 1.8, "url": "http://www.kb.cert.org/vuls/id/405811" }, { "trust": 1.0, "url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00011.html" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=131551295528105\u0026w=2" }, { "trust": 1.0, "url": "https://help.ecostruxureit.com/display/public/uadce725/security+fixes+in+struxureware+data+center+expert+v7.6.0" }, { "trust": 1.0, "url": "http://www.exploit-db.com/exploits/17696" }, { "trust": 1.0, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a14824" }, { "trust": 1.0, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a18827" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=51714" }, { "trust": 1.0, "url": "http://www.gossamer-threads.com/lists/apache/dev/401638" }, { "trust": 1.0, "url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html" }, { "trust": 1.0, "url": "http://secunia.com/advisories/45937" }, { "trust": 1.0, "url": "http://www.redhat.com/support/errata/rhsa-2011-1329.html" }, { "trust": 1.0, "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-08/0285.html" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "http://www.redhat.com/support/errata/rhsa-2011-1245.html" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=134987041210674\u0026w=2" }, { "trust": 1.0, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=732928" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=133477473521382\u0026w=2" }, { "trust": 1.0, "url": "http://secunia.com/advisories/46000" }, { "trust": 1.0, "url": "http://www.redhat.com/support/errata/rhsa-2011-1330.html" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=131731002122529\u0026w=2" }, { "trust": 1.0, "url": "http://secunia.com/advisories/46125" }, { "trust": 1.0, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a14762" }, { "trust": 1.0, "url": "http://www.cisco.com/en/us/products/products_security_advisory09186a0080b90d73.shtml" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "http://seclists.org/fulldisclosure/2011/aug/175" }, { "trust": 1.0, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69396" }, { "trust": 1.0, "url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00008.html" }, { "trust": 1.0, "url": "http://securitytracker.com/id?1025960" }, { "trust": 1.0, "url": "http://secunia.com/advisories/46126" }, { "trust": 1.0, "url": "http://mail-archives.apache.org/mod_mbox/httpd-dev/201108.mbox/%3ccaapsnn2po-d-c4nqt_tes2rrwizr7urefhtkpwbc1b+k1dqc7g%40mail.gmail.com%3e" }, { "trust": 1.0, "url": "http://www.redhat.com/support/errata/rhsa-2011-1294.html" }, { "trust": 1.0, "url": "http://www.redhat.com/support/errata/rhsa-2011-1369.html" }, { "trust": 1.0, "url": "http://blogs.oracle.com/security/entry/security_alert_for_cve_2011" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "http://www.redhat.com/support/errata/rhsa-2011-1300.html" }, { "trust": 1.0, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2011:130" }, { "trust": 1.0, "url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=132033751509019\u0026w=2" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00010.html" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html" }, { "trust": 1.0, "url": "http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3c20110824161640.122d387dd%40minotaur.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00009.html" }, { "trust": 1.0, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2011-3192-485304.html" }, { "trust": 1.0, "url": "http://support.apple.com/kb/ht5002" }, { "trust": 1.0, "url": "http://www.ubuntu.com/usn/usn-1199-1" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "http://lists.apple.com/archives/security-announce/2011//oct/msg00003.html" }, { "trust": 1.0, "url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00006.html" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2013:150" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3ccvs.httpd.apache.org%3e" }, { "trust": 0.9, "url": "http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3c20110826103531.998348f82@minotaur.apache.org%3e" }, { "trust": 0.9, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3192" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3192" }, { "trust": 0.8, "url": "http://blog.spiderlabs.com/2011/08/mitigation-of-apache-range-header-dos-attack.html" }, { "trust": 0.8, "url": "http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3c20110824161640.122d387dd@minotaur.apache.org%3e" }, { "trust": 0.8, "url": "http://www.apache.org/dist/httpd/changes_2.2.20" }, { "trust": 0.8, "url": "http://www.ipa.go.jp/security/ciadr/vul/20110831-apache.html" }, { "trust": 0.8, "url": "https://www.jpcert.or.jp/at/2011/at110023.html" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu405811" }, { "trust": 0.8, "url": "http://jvn.jp/tr/jvntr-2011-05" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3192" }, { "trust": 0.8, "url": "http://www.securitytracker.com/id?1025960" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0419" }, { "trust": 0.4, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.3, "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02964430" }, { "trust": 0.3, "url": "https://www.hp.com/go/swa" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3348" }, { "trust": 0.2, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.2, "url": "https://access.redhat.com/kb/docs/doc-11259" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/key/#package" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3192.html" }, { "trust": 0.2, "url": "http://bugzilla.redhat.com/):" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.2, "url": "http://www.mandriva.com/security/" }, { "trust": 0.2, "url": "http://secunia.com/" }, { "trust": 0.2, "url": "http://www.mandriva.com/security/advisories" }, { "trust": 0.2, "url": "http://lists.grok.org.uk/full-disclosure-charter.html" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.1, "url": "http://secunia.com/blog/242" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45865" }, { "trust": 0.1, "url": "http://secunia.com/advisories/45865/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.1, "url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/./vuls/hs11-019/index.html" }, { "trust": 0.1, "url": "http://secunia.com/advisories/45865/#comments" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2011-1369.html" }, { "trust": 0.1, "url": "https://ftp.usa.hp.com/hprc" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2011-1294.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1452" }, { "trust": 0.1, "url": "http://www.debian.org/security/faq" }, { "trust": 0.1, "url": "http://www.debian.org/security/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3368" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1928" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4317" }, { "trust": 0.1, "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0031" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3607" }, { "trust": 0.1, "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws_patches.html" }, { "trust": 0.1, "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/" }, { "trust": 0.1, "url": "https://ftp.usa.hp.com/hprc/home" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3348" }, { "trust": 0.1, "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=51878" } ], "sources": [ { "db": "CERT/CC", "id": "VU#405811" }, { "db": "JVNDB", "id": "JVNDB-2011-002172" }, { "db": "PACKETSTORM", "id": "104804" }, { "db": "PACKETSTORM", "id": "105792" }, { "db": "PACKETSTORM", "id": "105422" }, { "db": "PACKETSTORM", "id": "105120" }, { "db": "PACKETSTORM", "id": "104836" }, { "db": "PACKETSTORM", "id": "117251" }, { "db": "PACKETSTORM", "id": "104969" }, { "db": "PACKETSTORM", "id": "105184" }, { "db": "PACKETSTORM", "id": "106788" }, { "db": "PACKETSTORM", "id": "106557" }, { "db": "NVD", "id": "CVE-2011-3192" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#405811" }, { "db": "VULMON", "id": "CVE-2011-3192" }, { "db": "JVNDB", "id": "JVNDB-2011-002172" }, { "db": "PACKETSTORM", "id": "104804" }, { "db": "PACKETSTORM", "id": "105792" }, { "db": "PACKETSTORM", "id": "105422" }, { "db": "PACKETSTORM", "id": "105120" }, { "db": "PACKETSTORM", "id": "104836" }, { "db": "PACKETSTORM", "id": "117251" }, { "db": "PACKETSTORM", "id": "104969" }, { "db": "PACKETSTORM", "id": "105184" }, { "db": "PACKETSTORM", "id": "106788" }, { "db": "PACKETSTORM", "id": "106557" }, { "db": "NVD", "id": "CVE-2011-3192" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2011-08-26T00:00:00", "db": "CERT/CC", "id": "VU#405811" }, { "date": "2011-08-29T00:00:00", "db": "VULMON", "id": "CVE-2011-3192" }, { "date": "2011-09-01T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-002172" }, { "date": "2011-09-06T04:48:58", "db": "PACKETSTORM", "id": "104804" }, { "date": "2011-10-14T05:53:11", "db": "PACKETSTORM", "id": "105792" }, { "date": "2011-09-29T18:05:00", "db": "PACKETSTORM", "id": "105422" }, { "date": "2011-09-14T22:52:49", "db": "PACKETSTORM", "id": "105120" }, { "date": "2011-09-07T00:26:51", "db": "PACKETSTORM", "id": "104836" }, { "date": "2012-10-10T02:28:54", "db": "PACKETSTORM", "id": "117251" }, { "date": "2011-09-10T01:00:13", "db": "PACKETSTORM", "id": "104969" }, { "date": "2011-09-17T19:02:19", "db": "PACKETSTORM", "id": "105184" }, { "date": "2011-11-09T16:26:04", "db": "PACKETSTORM", "id": "106788" }, { "date": "2011-11-03T22:08:17", "db": "PACKETSTORM", "id": "106557" }, { "date": "2011-08-29T15:55:02.017000", "db": "NVD", "id": "CVE-2011-3192" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2011-09-19T00:00:00", "db": "CERT/CC", "id": "VU#405811" }, { "date": "2022-09-19T00:00:00", "db": "VULMON", "id": "CVE-2011-3192" }, { "date": "2017-07-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-002172" }, { "date": "2024-11-21T01:29:56.747000", "db": "NVD", "id": "CVE-2011-3192" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "105792" }, { "db": "PACKETSTORM", "id": "105120" }, { "db": "PACKETSTORM", "id": "105184" }, { "db": "PACKETSTORM", "id": "106788" } ], "trust": 0.4 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache HTTPD 1.3/2.x Range header DoS vulnerability", "sources": [ { "db": "CERT/CC", "id": "VU#405811" } ], "trust": 0.8 } }
var-201201-0038
Vulnerability from variot
protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script. Apache HTTP Server is prone to an information-disclosure vulnerability. The issue occurs in the default error response for status code 400. Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks. The vulnerability affects Apache HTTP Server versions 2.2.0 through 2.2.21. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: httpd security update Advisory ID: RHSA-2012:0128-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0128.html Issue date: 2012-02-13 CVE Names: CVE-2011-3607 CVE-2011-3639 CVE-2011-4317 CVE-2012-0031 CVE-2012-0053 =====================================================================
- Summary:
Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64
It was discovered that the fix for CVE-2011-3368 (released via RHSA-2011:1391) did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 request, or by using a specially-crafted URI. (CVE-2011-3639, CVE-2011-4317)
The httpd server included the full HTTP header line in the default error page generated when receiving an excessively long or malformed header. Malicious JavaScript running in the server's domain context could use this flaw to gain access to httpOnly cookies. (CVE-2012-0053)
An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way httpd performed substitutions in regular expressions. An attacker able to set certain httpd settings, such as a user permitted to override the httpd configuration for a specific directory using a ".htaccess" file, could use this flaw to crash the httpd child process or, possibly, execute arbitrary code with the privileges of the "apache" user. (CVE-2011-3607)
A flaw was found in the way httpd handled child process status information. A malicious program running with httpd child process privileges (such as a PHP or CGI script) could use this flaw to cause the parent httpd process to crash during httpd service shutdown. (CVE-2012-0031)
All httpd users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon will be restarted automatically.
- Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259
- Bugs fixed (http://bugzilla.redhat.com/):
752080 - CVE-2011-3639 httpd: http 0.9 request bypass of the reverse proxy vulnerability CVE-2011-3368 fix 756483 - CVE-2011-4317 httpd: uri scheme bypass of the reverse proxy vulnerability CVE-2011-3368 fix 769844 - CVE-2011-3607 httpd: ap_pregsub Integer overflow to buffer overflow 773744 - CVE-2012-0031 httpd: possible crash on shutdown due to flaw in scoreboard handling 785069 - CVE-2012-0053 httpd: cookie exposure due to error responses
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/httpd-2.2.15-15.el6_2.1.src.rpm
i386: httpd-2.2.15-15.el6_2.1.i686.rpm httpd-debuginfo-2.2.15-15.el6_2.1.i686.rpm httpd-tools-2.2.15-15.el6_2.1.i686.rpm
x86_64: httpd-2.2.15-15.el6_2.1.x86_64.rpm httpd-debuginfo-2.2.15-15.el6_2.1.x86_64.rpm httpd-tools-2.2.15-15.el6_2.1.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/httpd-2.2.15-15.el6_2.1.src.rpm
i386: httpd-debuginfo-2.2.15-15.el6_2.1.i686.rpm httpd-devel-2.2.15-15.el6_2.1.i686.rpm mod_ssl-2.2.15-15.el6_2.1.i686.rpm
noarch: httpd-manual-2.2.15-15.el6_2.1.noarch.rpm
x86_64: httpd-debuginfo-2.2.15-15.el6_2.1.i686.rpm httpd-debuginfo-2.2.15-15.el6_2.1.x86_64.rpm httpd-devel-2.2.15-15.el6_2.1.i686.rpm httpd-devel-2.2.15-15.el6_2.1.x86_64.rpm mod_ssl-2.2.15-15.el6_2.1.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/httpd-2.2.15-15.el6_2.1.src.rpm
x86_64: httpd-2.2.15-15.el6_2.1.x86_64.rpm httpd-debuginfo-2.2.15-15.el6_2.1.x86_64.rpm httpd-tools-2.2.15-15.el6_2.1.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/httpd-2.2.15-15.el6_2.1.src.rpm
noarch: httpd-manual-2.2.15-15.el6_2.1.noarch.rpm
x86_64: httpd-debuginfo-2.2.15-15.el6_2.1.i686.rpm httpd-debuginfo-2.2.15-15.el6_2.1.x86_64.rpm httpd-devel-2.2.15-15.el6_2.1.i686.rpm httpd-devel-2.2.15-15.el6_2.1.x86_64.rpm mod_ssl-2.2.15-15.el6_2.1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/httpd-2.2.15-15.el6_2.1.src.rpm
i386: httpd-2.2.15-15.el6_2.1.i686.rpm httpd-debuginfo-2.2.15-15.el6_2.1.i686.rpm httpd-devel-2.2.15-15.el6_2.1.i686.rpm httpd-tools-2.2.15-15.el6_2.1.i686.rpm mod_ssl-2.2.15-15.el6_2.1.i686.rpm
noarch: httpd-manual-2.2.15-15.el6_2.1.noarch.rpm
ppc64: httpd-2.2.15-15.el6_2.1.ppc64.rpm httpd-debuginfo-2.2.15-15.el6_2.1.ppc.rpm httpd-debuginfo-2.2.15-15.el6_2.1.ppc64.rpm httpd-devel-2.2.15-15.el6_2.1.ppc.rpm httpd-devel-2.2.15-15.el6_2.1.ppc64.rpm httpd-tools-2.2.15-15.el6_2.1.ppc64.rpm mod_ssl-2.2.15-15.el6_2.1.ppc64.rpm
s390x: httpd-2.2.15-15.el6_2.1.s390x.rpm httpd-debuginfo-2.2.15-15.el6_2.1.s390.rpm httpd-debuginfo-2.2.15-15.el6_2.1.s390x.rpm httpd-devel-2.2.15-15.el6_2.1.s390.rpm httpd-devel-2.2.15-15.el6_2.1.s390x.rpm httpd-tools-2.2.15-15.el6_2.1.s390x.rpm mod_ssl-2.2.15-15.el6_2.1.s390x.rpm
x86_64: httpd-2.2.15-15.el6_2.1.x86_64.rpm httpd-debuginfo-2.2.15-15.el6_2.1.i686.rpm httpd-debuginfo-2.2.15-15.el6_2.1.x86_64.rpm httpd-devel-2.2.15-15.el6_2.1.i686.rpm httpd-devel-2.2.15-15.el6_2.1.x86_64.rpm httpd-tools-2.2.15-15.el6_2.1.x86_64.rpm mod_ssl-2.2.15-15.el6_2.1.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/httpd-2.2.15-15.el6_2.1.src.rpm
i386: httpd-2.2.15-15.el6_2.1.i686.rpm httpd-debuginfo-2.2.15-15.el6_2.1.i686.rpm httpd-devel-2.2.15-15.el6_2.1.i686.rpm httpd-tools-2.2.15-15.el6_2.1.i686.rpm mod_ssl-2.2.15-15.el6_2.1.i686.rpm
noarch: httpd-manual-2.2.15-15.el6_2.1.noarch.rpm
x86_64: httpd-2.2.15-15.el6_2.1.x86_64.rpm httpd-debuginfo-2.2.15-15.el6_2.1.i686.rpm httpd-debuginfo-2.2.15-15.el6_2.1.x86_64.rpm httpd-devel-2.2.15-15.el6_2.1.i686.rpm httpd-devel-2.2.15-15.el6_2.1.x86_64.rpm httpd-tools-2.2.15-15.el6_2.1.x86_64.rpm mod_ssl-2.2.15-15.el6_2.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2011-3607.html https://www.redhat.com/security/data/cve/CVE-2011-3639.html https://www.redhat.com/security/data/cve/CVE-2011-4317.html https://www.redhat.com/security/data/cve/CVE-2012-0031.html https://www.redhat.com/security/data/cve/CVE-2012-0053.html https://access.redhat.com/security/updates/classification/#moderate https://rhn.redhat.com/errata/RHSA-2011-1391.html
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFPOXUIXlSAg2UNWIIRAg4AAJ9vTPttyKrbHbaSV7xCAzG89ytZgACfTSq+ HOLS5+cKusdo+jUiYKIV4mw= =fM2U -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Please review the CVE identifiers referenced below for details.
Impact
A remote attacker might obtain sensitive information, gain privileges, send requests to unintended servers behind proxies, bypass certain security restrictions, obtain the values of HTTPOnly cookies, or cause a Denial of Service in various ways.
A local attacker could gain escalated privileges.
Workaround
There is no known workaround at this time.
Resolution
All Apache HTTP Server users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/apache-2.2.22-r1"
References
[ 1 ] CVE-2010-0408 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0408 [ 2 ] CVE-2010-0434 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0434 [ 3 ] CVE-2010-1452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1452 [ 4 ] CVE-2010-2791 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2791 [ 5 ] CVE-2011-3192 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3192 [ 6 ] CVE-2011-3348 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3348 [ 7 ] CVE-2011-3368 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3368 [ 8 ] CVE-2011-3607 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3607 [ 9 ] CVE-2011-4317 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4317 [ 10 ] CVE-2012-0021 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0021 [ 11 ] CVE-2012-0031 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0031 [ 12 ] CVE-2012-0053 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0053 [ 13 ] CVE-2012-0883 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0883
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201206-25.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . HP System Management Homepage (SMH) before v7.1.1 running on Linux, Windows and VMware ESX.
It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. (CVE-2011-3368)
It was discovered that mod_proxy_ajp incorrectly returned an "Internal Server Error" response when processing certain malformed HTTP requests, which caused the back-end server to be marked as failed in configurations where mod_proxy was used in load balancer mode. A remote attacker could cause mod_proxy to not send requests to back-end AJP (Apache JServ Protocol) servers for the retry timeout period or until all back-end servers were marked as failed. (CVE-2011-3607)
A NULL pointer dereference flaw was found in the httpd mod_log_config module.
This update also fixes the following bug:
- The fix for CVE-2011-3192 provided by the RHSA-2011:1330 update introduced a regression in the way httpd handled certain Range HTTP header values. This update corrects this regression. Solution:
The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing JBoss Enterprise Web Server installation (including all applications and configuration files).
Release Date: 2012-04-18 Last Updated: 2012-04-18
Potential Security Impact: Remote Denial of Service (DoS), local increase of privilege
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX Running Apache. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or to gain a local increase of privilege.
References: CVE-2011-3607, CVE-2012-0021, CVE-2012-0031, CVE-2012-0053
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.23, B.11.31 running HP-UX Apache Web Server Suite v3.22 or earlier HP-UX B.11.11 running HP-UX Apache Web Server Suite v2.34 or earlier
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2011-3607 (AV:L/AC:M/Au:N/C:P/I:P/A:P) 4.4 CVE-2012-0021 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6 CVE-2012-0031 (AV:L/AC:L/Au:N/C:P/I:P/A:P) 4.6 CVE-2012-0053 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following software updates to resolve the vulnerability. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.23 HP-UX B.11.31 ================== hpuxws22APCH32.APACHE hpuxws22APCH32.APACHE2 hpuxws22APCH32.AUTH_LDAP hpuxws22APCH32.AUTH_LDAP2 hpuxws22APCH32.MOD_JK hpuxws22APCH32.MOD_JK2 hpuxws22APCH32.MOD_PERL hpuxws22APCH32.MOD_PERL2 hpuxws22APCH32.PHP hpuxws22APCH32.PHP2 hpuxws22APCH32.WEBPROXY hpuxws22APCH32.WEBPROXY2 action: install revision B.2.2.15.12 or subsequent
HP-UX B.11.11
hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY action: install revision B.2.0.64.03 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) - 18 April 2012 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
TITLE: Hitachi Multiple Products Apache HTTP Server "httpOnly" Cookie Disclosure Vulnerability
SECUNIA ADVISORY ID: SA51626
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51626/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51626
RELEASE DATE: 2012-12-26
DISCUSS ADVISORY: http://secunia.com/advisories/51626/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/51626/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=51626
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Hitachi has acknowledged a vulnerability in multiple products, which can be exploited by malicious people to disclose potentially sensitive information.
For more information see vulnerability #1 in: SA47779
Please see the vendor's advisory for a list of affected products.
ORIGINAL ADVISORY: Hitachi (HS12-033): http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-033/index.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Mandriva Linux Security Advisory MDVSA-2012:012 http://www.mandriva.com/security/
Package : apache Date : February 2, 2012 Affected: 2010.1, 2011., Enterprise Server 5.0
Problem Description:
Multiple vulnerabilities has been found and corrected in apache (ASF HTTPD):
The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a \%{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value (CVE-2012-0021).
scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function (CVE-2012-0031).
The updated packages have been upgraded to the latest 2.2.22 version which is not vulnerable to this issue.
Additionally APR and APR-UTIL has been upgraded to the latest versions 1.4.5 and 1.4.1 respectively which holds many improvments over the previous versions. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFPKoIMmqjQ0CJFipgRApUPAKDybXSBuVY2HxRpnqQnFpCmVw9TjACgjD7S qoOiBUIAc3k8YDXisM5t9Gc= =3aR8 -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201201-0038", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "web server", "scope": "eq", "trust": 1.8, "vendor": "hitachi", "version": "02-03" }, { "model": "web server 02-04-/a", "scope": null, "trust": 1.5, "vendor": "hitachi", "version": null }, { "model": "web server", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "02-01" }, { "model": "web server", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "02-02" }, { "model": "http server", "scope": "lt", "trust": 1.0, "vendor": "apache", "version": "2.0.65" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "6.0" }, { "model": "linux enterprise server", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "10" }, { "model": "jboss enterprise web server", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "1.0.0" }, { "model": "enterprise linux eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.2" }, { "model": "http server", "scope": "lt", "trust": 1.0, "vendor": "apache", "version": "2.2.22" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "5.0" }, { "model": "linux enterprise software development kit", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "10" }, { "model": "storage", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "2.0" }, { "model": "enterprise linux server", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "http server", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "2.2.0" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "7.0" }, { "model": "opensuse", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "11.4" }, { "model": "http server", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "2.0.0" }, { "model": "web server 01-02-/b", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "web server 01-02-/a", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "web server 01-02-/c", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "http server", "scope": "eq", "trust": 0.8, "vendor": "apache", "version": "2.2.x to 2.2.21" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6.8" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.7 to v10.7.4" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6.8" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.7 to v10.7.4" }, { "model": "sparc enterprise m3000 server", "scope": null, "trust": 0.8, "vendor": "oracle", "version": null }, { "model": "sparc enterprise m4000 server", "scope": null, "trust": 0.8, "vendor": "oracle", "version": null }, { "model": "sparc enterprise m5000 server", "scope": null, "trust": 0.8, "vendor": "oracle", "version": null }, { "model": "sparc enterprise m8000 server", "scope": null, "trust": 0.8, "vendor": "oracle", "version": null }, { "model": "sparc enterprise m9000 server", "scope": null, "trust": 0.8, "vendor": "oracle", "version": null }, { "model": "xcp", "scope": "lt", "trust": 0.8, "vendor": "oracle", "version": "1118" }, { "model": "hp system management homepage", "scope": "lt", "trust": 0.8, "vendor": "hewlett packard", "version": "v7.1.1 (linux" }, { "model": "hp system management homepage", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "windows and vmware esx)" }, { "model": "hp xp p9000", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "command view advanced edition suite" }, { "model": "cosminexus application server enterprise", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 6" }, { "model": "cosminexus application server standard", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 6" }, { "model": "cosminexus application server version 5", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer light version 6", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer professional version 6", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer standard version 6", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer version 5", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus http server", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "base version 6" }, { "model": "cosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 6" }, { "model": "device manager", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "software" }, { "model": "global link manager", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "software" }, { "model": "provisioning manager", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "software" }, { "model": "replication manager", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "software" }, { "model": "tiered storage manager", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "software" }, { "model": "tuning manager", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "software" }, { "model": "web server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "none" }, { "model": "web server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- security enhancement" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "none" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "(64)" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "-r" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "express" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard-r" }, { "model": "ucosminexus application server enterprise", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server smart edition", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "none" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "01" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional for plug-in" }, { "model": "ucosminexus developer light", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer standard", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "base" }, { "model": "ucosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "base(64)" }, { "model": "ucosminexus service architect", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "none" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "(64)" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- messaging" }, { "model": "interstage application framework suite", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage apworks", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage business application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage job workload server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage studio", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage web server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage web server express", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker resource coordinator", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "web server linux", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "04-00" }, { "model": "web server linux", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "03-00" }, { "model": "web server 02-04-/b", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "web server", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "02-04" }, { "model": "web server", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "01-02" }, { "model": "web server hp-ux", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "03-00" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.2.21" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.2.14" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.2.18" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.2.15" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.2.20" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.2.13" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.2.17" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.2.16" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.2.19" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.2.12" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.49" }, { "model": "nsm3000", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "interstage studio enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.35" }, { "model": "p9000 replication manager", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.4.1-00" }, { "model": "interstage apworks modelers-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.50" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "linux enterprise sdk sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.10" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "p9000 replication monitor", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0-00" }, { "model": "interstage studio standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "web server hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "04-00" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.39" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "web server aix", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "04-00" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.10" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "firepass", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "7.0" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "11.1" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "web server windows", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "04-10" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "10.0" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.3" }, { "model": "web server hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "04-10-02" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.1" }, { "model": "xp p9000 command view advanced edition", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1-00" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.43" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.55" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "interstage business application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.0" }, { "model": "web server", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "03-00-01" }, { "model": "web server security enhancement 02-04-/b", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "big-ip apm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.17" }, { "model": "web server solaris", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "04-00-01" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.21" }, { "model": "interstage studio enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "10.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.2" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.20" }, { "model": "network and security manager software", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "2012.2-" }, { "model": "web server windows", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "04-10-03" }, { "model": "big-ip psm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "linux enterprise server sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "xp p9000 command view advanced edition", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.4.1-00" }, { "model": "web server windows", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "04-10-01(x64)" }, { "model": "interstage apworks modelers-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "jboss enterprise web server for rhel server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "51.0" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.1" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.45" }, { "model": "web server windows", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "03-10" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.2" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip ltm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip webaccelerator hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.0" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.0" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.1" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.40" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.4" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip link controller hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "web appliance", "scope": "ne", "trust": 0.3, "vendor": "sophos", "version": "3.7.9.1" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.28" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.3" }, { "model": "cosminexus", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "8.0" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.3" }, { "model": "web appliance", "scope": "eq", "trust": 0.3, "vendor": "sophos", "version": "3.7.9" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.60" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.8" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "freeflow print server 73.c0.41", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.2" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.59" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "nsmexpress", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-ip gtm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "firepass", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.1" }, { "model": "interstage studio standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.2" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.5" }, { "model": "web server hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "03-00-05" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "12.2" }, { "model": "voice portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "junos space 13.1r1.6", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.51" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2011" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.2" }, { "model": "p9000 tiered storage manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0.0-00" }, { "model": "web server", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "03-00-02" }, { "model": "web server )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "02-03" }, { "model": "enterprise linux desktop client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.4" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "nsm appliance generic offline for centos", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": "51" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "linux lts sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "onboard administrator", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.50" }, { "model": "storwize unified", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "v70001.3.23" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "onboard administrator", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.55" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0.0" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "12.1" }, { "model": "web server hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "04-10-01" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "freeflow print server 73.b3.61", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.13" }, { "model": "web server 02-04-/a (windows(ip", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "mac os", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.7.5" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.38" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.46" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.63" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.1" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.14" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.3.20" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.2" }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "big-ip edge gateway hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "web server windows", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "04-00-05" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "linux enterprise server for vmware sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.18" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "2.2.22-dev", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": null }, { "model": "web server hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "03-10" }, { "model": "interstage studio enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.1" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "web server hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "03-10-09" }, { "model": "big-ip analytics 11.0.0-hf2", "scope": null, "trust": 0.3, "vendor": "f5", "version": null }, { "model": "enterprise server x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.15" }, { "model": "interstage studio standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "big-ip asm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.9" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "linux x86 64 -current", "scope": null, "trust": 0.3, "vendor": "slackware", "version": null }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.1" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.3.0.0" }, { "model": "enterprise linux hpc node optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "onboard administrator", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "3.56" }, { "model": "web server hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "04-00-04" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5" }, { "model": "cosminexus", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.0" }, { "model": "web server windows", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "03-00" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.3" }, { "model": "enterprise server", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "11.3" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.32" }, { "model": "interstage studio enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.3" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.47" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.3.1.0" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.1.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.1" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.56" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.37" }, { "model": "interstage studio standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "10.0" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "xp provisioning manager", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.0.0-00" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "linux enterprise server sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.37" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "web server", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "02-05" }, { "model": "web appliance", "scope": "ne", "trust": 0.3, "vendor": "sophos", "version": "3.8.1.1" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6" }, { "model": "storwize unified", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "v70001.40" }, { "model": "cosminexus", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.0" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.3.1" }, { "model": "web server )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "02-04" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2011" }, { "model": "linux lts lpia", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.44" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.19" }, { "model": "web server 01-02-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.8" }, { "model": "cosminexus", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "9.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.3" }, { "model": "web server windows", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "03-10-10" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.64" }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "apache", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": "2.0.65" }, { "model": "p9000 replication manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0-00" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "p9000 replication monitor", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0.0-00" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.1" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.11" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.52" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.36" }, { "model": "web appliance", "scope": "eq", "trust": 0.3, "vendor": "sophos", "version": "3.8.0" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "web server windows", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "04-00" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.1" }, { "model": "web server windows", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "03-00-060" }, { "model": "interstage job workload server", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.1" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.10" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "cosminexus", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "5.0" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "12.0" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.6" }, { "model": "jboss enterprise web server for rhel", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "61.0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.16" }, { "model": "xp provisioning manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0.0-00" }, { "model": "interstage studio enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.12" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.8" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.5" }, { "model": "linux lts powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.53" }, { "model": "linux enterprise sdk sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.37" }, { "model": "interstage apworks modelers-j edition 6.0a", "scope": null, "trust": 0.3, "vendor": "fujitsu", "version": null }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.1" }, { "model": "web server windows", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "04-10-03(x64)" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.1" }, { "model": "web server aix", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "03-00" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0.00" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "linux -current", "scope": null, "trust": 0.3, "vendor": "slackware", "version": null }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.3" }, { "model": "web server 02-04-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.3.0.5" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.0" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "big-ip wom hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "enterprise linux desktop optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.48" }, { "model": "web server solaris", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "03-00" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "xp p9000 command view advanced edition", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4.0-00" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "web server hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "03-00-01" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.2" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.2" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.40" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.0" }, { "model": "interstage studio enterprise edition b", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.1.0" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.61" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0.00" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.4" }, { "model": "p9000 tiered storage manager", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.4.1-00" }, { "model": "cosminexus developer no version", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "mac os", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.8.2" }, { "model": "interstage studio standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.1" }, { "model": "interstage application server enterprise edition a", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2" }, { "model": "web appliance", "scope": "eq", "trust": 0.3, "vendor": "sophos", "version": "3.8.1" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.58" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.54" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "enterprise linux desktop workstation client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.42" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "11.2" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0.1" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.41" }, { "model": "cosminexus application server no version", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.57" }, { "model": "system management homepage", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.1.1" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "interstage studio standard-j edition b", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.1.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.2" } ], "sources": [ { "db": "BID", "id": "51706" }, { "db": "JVNDB", "id": "JVNDB-2012-001258" }, { "db": "CNNVD", "id": "CNNVD-201201-403" }, { "db": "NVD", "id": "CVE-2012-0053" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:apache:http_server", "vulnerable": true }, { "cpe22Uri": "cpe:/o:apple:mac_os_x", "vulnerable": true }, { "cpe22Uri": "cpe:/o:apple:mac_os_x_server", "vulnerable": true }, { "cpe22Uri": "cpe:/h:oracle:sparc_enterprise_m3000_server", "vulnerable": true }, { "cpe22Uri": "cpe:/h:oracle:sparc_enterprise_m4000_server", "vulnerable": true }, { "cpe22Uri": "cpe:/h:oracle:sparc_enterprise_m5000_server", "vulnerable": true }, { "cpe22Uri": "cpe:/h:oracle:sparc_enterprise_m8000_server", "vulnerable": true }, { "cpe22Uri": "cpe:/h:oracle:sparc_enterprise_m9000_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:oracle:xcp", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hp:system_management_homepage", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hp:xp_p9000", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server_enterprise", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server_standard", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server_version_5", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_developer_light_version_6", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_developer_professional_version_6", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_developer_standard_version_6", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_developer_version_5", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_http_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_primary_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:device_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:global_link_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:provisioning_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:replication_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:tiered_storage_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:tuning_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:hitachi_web_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server_enterprise", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server_smart_edition", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server_standard", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer_light", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer_standard", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_primary_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_service_architect", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_service_platform", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_framework_suite", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_apworks", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_job_workload_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_studio", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_web_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_web_server_express", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_resource_coordinator", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-001258" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Norman Hippert", "sources": [ { "db": "BID", "id": "51706" } ], "trust": 0.3 }, "cve": "CVE-2012-0053", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2012-0053", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2012-0053", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2012-0053", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-201201-403", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2012-0053", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2012-0053" }, { "db": "JVNDB", "id": "JVNDB-2012-001258" }, { "db": "CNNVD", "id": "CNNVD-201201-403" }, { "db": "NVD", "id": "CVE-2012-0053" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script. Apache HTTP Server is prone to an information-disclosure vulnerability. The issue occurs in the default error response for status code 400. \nSuccessful exploits will allow attackers to obtain sensitive information that may aid in further attacks. \nThe vulnerability affects Apache HTTP Server versions 2.2.0 through 2.2.21. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: httpd security update\nAdvisory ID: RHSA-2012:0128-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2012-0128.html\nIssue date: 2012-02-13\nCVE Names: CVE-2011-3607 CVE-2011-3639 CVE-2011-4317 \n CVE-2012-0031 CVE-2012-0053 \n=====================================================================\n\n1. Summary:\n\nUpdated httpd packages that fix multiple security issues are now available\nfor Red Hat Enterprise Linux 6. \n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64\n\n3. \n\nIt was discovered that the fix for CVE-2011-3368 (released via\nRHSA-2011:1391) did not completely address the problem. An attacker could\nbypass the fix and make a reverse proxy connect to an arbitrary server not\ndirectly accessible to the attacker by sending an HTTP version 0.9 request,\nor by using a specially-crafted URI. (CVE-2011-3639, CVE-2011-4317)\n\nThe httpd server included the full HTTP header line in the default error\npage generated when receiving an excessively long or malformed header. \nMalicious JavaScript running in the server\u0027s domain context could use this\nflaw to gain access to httpOnly cookies. (CVE-2012-0053)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way httpd performed substitutions in regular expressions. An\nattacker able to set certain httpd settings, such as a user permitted to\noverride the httpd configuration for a specific directory using a\n\".htaccess\" file, could use this flaw to crash the httpd child process or,\npossibly, execute arbitrary code with the privileges of the \"apache\" user. \n(CVE-2011-3607)\n\nA flaw was found in the way httpd handled child process status information. \nA malicious program running with httpd child process privileges (such as a\nPHP or CGI script) could use this flaw to cause the parent httpd process to\ncrash during httpd service shutdown. (CVE-2012-0031)\n\nAll httpd users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the updated\npackages, the httpd daemon will be restarted automatically. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n752080 - CVE-2011-3639 httpd: http 0.9 request bypass of the reverse proxy vulnerability CVE-2011-3368 fix\n756483 - CVE-2011-4317 httpd: uri scheme bypass of the reverse proxy vulnerability CVE-2011-3368 fix\n769844 - CVE-2011-3607 httpd: ap_pregsub Integer overflow to buffer overflow\n773744 - CVE-2012-0031 httpd: possible crash on shutdown due to flaw in scoreboard handling\n785069 - CVE-2012-0053 httpd: cookie exposure due to error responses\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/httpd-2.2.15-15.el6_2.1.src.rpm\n\ni386:\nhttpd-2.2.15-15.el6_2.1.i686.rpm\nhttpd-debuginfo-2.2.15-15.el6_2.1.i686.rpm\nhttpd-tools-2.2.15-15.el6_2.1.i686.rpm\n\nx86_64:\nhttpd-2.2.15-15.el6_2.1.x86_64.rpm\nhttpd-debuginfo-2.2.15-15.el6_2.1.x86_64.rpm\nhttpd-tools-2.2.15-15.el6_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/httpd-2.2.15-15.el6_2.1.src.rpm\n\ni386:\nhttpd-debuginfo-2.2.15-15.el6_2.1.i686.rpm\nhttpd-devel-2.2.15-15.el6_2.1.i686.rpm\nmod_ssl-2.2.15-15.el6_2.1.i686.rpm\n\nnoarch:\nhttpd-manual-2.2.15-15.el6_2.1.noarch.rpm\n\nx86_64:\nhttpd-debuginfo-2.2.15-15.el6_2.1.i686.rpm\nhttpd-debuginfo-2.2.15-15.el6_2.1.x86_64.rpm\nhttpd-devel-2.2.15-15.el6_2.1.i686.rpm\nhttpd-devel-2.2.15-15.el6_2.1.x86_64.rpm\nmod_ssl-2.2.15-15.el6_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/httpd-2.2.15-15.el6_2.1.src.rpm\n\nx86_64:\nhttpd-2.2.15-15.el6_2.1.x86_64.rpm\nhttpd-debuginfo-2.2.15-15.el6_2.1.x86_64.rpm\nhttpd-tools-2.2.15-15.el6_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/httpd-2.2.15-15.el6_2.1.src.rpm\n\nnoarch:\nhttpd-manual-2.2.15-15.el6_2.1.noarch.rpm\n\nx86_64:\nhttpd-debuginfo-2.2.15-15.el6_2.1.i686.rpm\nhttpd-debuginfo-2.2.15-15.el6_2.1.x86_64.rpm\nhttpd-devel-2.2.15-15.el6_2.1.i686.rpm\nhttpd-devel-2.2.15-15.el6_2.1.x86_64.rpm\nmod_ssl-2.2.15-15.el6_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/httpd-2.2.15-15.el6_2.1.src.rpm\n\ni386:\nhttpd-2.2.15-15.el6_2.1.i686.rpm\nhttpd-debuginfo-2.2.15-15.el6_2.1.i686.rpm\nhttpd-devel-2.2.15-15.el6_2.1.i686.rpm\nhttpd-tools-2.2.15-15.el6_2.1.i686.rpm\nmod_ssl-2.2.15-15.el6_2.1.i686.rpm\n\nnoarch:\nhttpd-manual-2.2.15-15.el6_2.1.noarch.rpm\n\nppc64:\nhttpd-2.2.15-15.el6_2.1.ppc64.rpm\nhttpd-debuginfo-2.2.15-15.el6_2.1.ppc.rpm\nhttpd-debuginfo-2.2.15-15.el6_2.1.ppc64.rpm\nhttpd-devel-2.2.15-15.el6_2.1.ppc.rpm\nhttpd-devel-2.2.15-15.el6_2.1.ppc64.rpm\nhttpd-tools-2.2.15-15.el6_2.1.ppc64.rpm\nmod_ssl-2.2.15-15.el6_2.1.ppc64.rpm\n\ns390x:\nhttpd-2.2.15-15.el6_2.1.s390x.rpm\nhttpd-debuginfo-2.2.15-15.el6_2.1.s390.rpm\nhttpd-debuginfo-2.2.15-15.el6_2.1.s390x.rpm\nhttpd-devel-2.2.15-15.el6_2.1.s390.rpm\nhttpd-devel-2.2.15-15.el6_2.1.s390x.rpm\nhttpd-tools-2.2.15-15.el6_2.1.s390x.rpm\nmod_ssl-2.2.15-15.el6_2.1.s390x.rpm\n\nx86_64:\nhttpd-2.2.15-15.el6_2.1.x86_64.rpm\nhttpd-debuginfo-2.2.15-15.el6_2.1.i686.rpm\nhttpd-debuginfo-2.2.15-15.el6_2.1.x86_64.rpm\nhttpd-devel-2.2.15-15.el6_2.1.i686.rpm\nhttpd-devel-2.2.15-15.el6_2.1.x86_64.rpm\nhttpd-tools-2.2.15-15.el6_2.1.x86_64.rpm\nmod_ssl-2.2.15-15.el6_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/httpd-2.2.15-15.el6_2.1.src.rpm\n\ni386:\nhttpd-2.2.15-15.el6_2.1.i686.rpm\nhttpd-debuginfo-2.2.15-15.el6_2.1.i686.rpm\nhttpd-devel-2.2.15-15.el6_2.1.i686.rpm\nhttpd-tools-2.2.15-15.el6_2.1.i686.rpm\nmod_ssl-2.2.15-15.el6_2.1.i686.rpm\n\nnoarch:\nhttpd-manual-2.2.15-15.el6_2.1.noarch.rpm\n\nx86_64:\nhttpd-2.2.15-15.el6_2.1.x86_64.rpm\nhttpd-debuginfo-2.2.15-15.el6_2.1.i686.rpm\nhttpd-debuginfo-2.2.15-15.el6_2.1.x86_64.rpm\nhttpd-devel-2.2.15-15.el6_2.1.i686.rpm\nhttpd-devel-2.2.15-15.el6_2.1.x86_64.rpm\nhttpd-tools-2.2.15-15.el6_2.1.x86_64.rpm\nmod_ssl-2.2.15-15.el6_2.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and \ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2011-3607.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3639.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-4317.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0031.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0053.html\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://rhn.redhat.com/errata/RHSA-2011-1391.html\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2012 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFPOXUIXlSAg2UNWIIRAg4AAJ9vTPttyKrbHbaSV7xCAzG89ytZgACfTSq+\nHOLS5+cKusdo+jUiYKIV4mw=\n=fM2U\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \nPlease review the CVE identifiers referenced below for details. \n\nImpact\n======\n\nA remote attacker might obtain sensitive information, gain privileges,\nsend requests to unintended servers behind proxies, bypass certain\nsecurity restrictions, obtain the values of HTTPOnly cookies, or cause\na Denial of Service in various ways. \n\nA local attacker could gain escalated privileges. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Apache HTTP Server users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/apache-2.2.22-r1\"\n\nReferences\n==========\n\n[ 1 ] CVE-2010-0408\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0408\n[ 2 ] CVE-2010-0434\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0434\n[ 3 ] CVE-2010-1452\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1452\n[ 4 ] CVE-2010-2791\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2791\n[ 5 ] CVE-2011-3192\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3192\n[ 6 ] CVE-2011-3348\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3348\n[ 7 ] CVE-2011-3368\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3368\n[ 8 ] CVE-2011-3607\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3607\n[ 9 ] CVE-2011-4317\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4317\n[ 10 ] CVE-2012-0021\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0021\n[ 11 ] CVE-2012-0031\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0031\n[ 12 ] CVE-2012-0053\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0053\n[ 13 ] CVE-2012-0883\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0883\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201206-25.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. \nHP System Management Homepage (SMH) before v7.1.1 running on Linux, Windows\nand VMware ESX. \n\nIt was discovered that the Apache HTTP Server did not properly validate the\nrequest URI for proxied requests. \n(CVE-2011-3368)\n\nIt was discovered that mod_proxy_ajp incorrectly returned an \"Internal\nServer Error\" response when processing certain malformed HTTP requests,\nwhich caused the back-end server to be marked as failed in configurations\nwhere mod_proxy was used in load balancer mode. A remote attacker could\ncause mod_proxy to not send requests to back-end AJP (Apache JServ\nProtocol) servers for the retry timeout period or until all back-end\nservers were marked as failed. \n(CVE-2011-3607)\n\nA NULL pointer dereference flaw was found in the httpd mod_log_config\nmodule. \n\nThis update also fixes the following bug:\n\n* The fix for CVE-2011-3192 provided by the RHSA-2011:1330 update\nintroduced a regression in the way httpd handled certain Range HTTP header\nvalues. This update corrects this regression. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise Web Server installation (including all\napplications and configuration files). \n\nRelease Date: 2012-04-18\nLast Updated: 2012-04-18\n\nPotential Security Impact: Remote Denial of Service (DoS), local increase of privilege\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP-UX Running Apache. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or to gain a local increase of privilege. \n\nReferences: CVE-2011-3607, CVE-2012-0021, CVE-2012-0031, CVE-2012-0053\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.23, B.11.31 running HP-UX Apache Web Server Suite v3.22 or earlier\nHP-UX B.11.11 running HP-UX Apache Web Server Suite v2.34 or earlier\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2011-3607 (AV:L/AC:M/Au:N/C:P/I:P/A:P) 4.4\nCVE-2012-0021 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6\nCVE-2012-0031 (AV:L/AC:L/Au:N/C:P/I:P/A:P) 4.6\nCVE-2012-0053 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following software updates to resolve the vulnerability. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.23\nHP-UX B.11.31\n==================\nhpuxws22APCH32.APACHE\nhpuxws22APCH32.APACHE2\nhpuxws22APCH32.AUTH_LDAP\nhpuxws22APCH32.AUTH_LDAP2\nhpuxws22APCH32.MOD_JK\nhpuxws22APCH32.MOD_JK2\nhpuxws22APCH32.MOD_PERL\nhpuxws22APCH32.MOD_PERL2\nhpuxws22APCH32.PHP\nhpuxws22APCH32.PHP2\nhpuxws22APCH32.WEBPROXY\nhpuxws22APCH32.WEBPROXY2\naction: install revision B.2.2.15.12 or subsequent\n\nHP-UX B.11.11\n==================\nhpuxwsAPACHE.APACHE\nhpuxwsAPACHE.APACHE2\nhpuxwsAPACHE.AUTH_LDAP\nhpuxwsAPACHE.AUTH_LDAP2\nhpuxwsAPACHE.MOD_JK\nhpuxwsAPACHE.MOD_JK2\nhpuxwsAPACHE.MOD_PERL\nhpuxwsAPACHE.MOD_PERL2\nhpuxwsAPACHE.PHP\nhpuxwsAPACHE.PHP2\nhpuxwsAPACHE.WEBPROXY\naction: install revision B.2.0.64.03 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) - 18 April 2012 Initial release\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in the title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2012 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. ----------------------------------------------------------------------\n\nThe final version of the CSI 6.0 has been released. \nFind out why this is not just another Patch Management solution: http://secunia.com/blog/325/\n\n----------------------------------------------------------------------\n\nTITLE:\nHitachi Multiple Products Apache HTTP Server \"httpOnly\" Cookie\nDisclosure Vulnerability\n\nSECUNIA ADVISORY ID:\nSA51626\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/51626/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=51626\n\nRELEASE DATE:\n2012-12-26\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/51626/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/51626/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=51626\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nHitachi has acknowledged a vulnerability in multiple products, which\ncan be exploited by malicious people to disclose potentially\nsensitive information. \n\nFor more information see vulnerability #1 in:\nSA47779\n\nPlease see the vendor\u0027s advisory for a list of affected products. \n\nORIGINAL ADVISORY:\nHitachi (HS12-033):\nhttp://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-033/index.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n\n Mandriva Linux Security Advisory MDVSA-2012:012\n http://www.mandriva.com/security/\n _______________________________________________________________________\n\n Package : apache\n Date : February 2, 2012\n Affected: 2010.1, 2011., Enterprise Server 5.0\n _______________________________________________________________________\n\n Problem Description:\n\n Multiple vulnerabilities has been found and corrected in apache\n (ASF HTTPD):\n \n The log_cookie function in mod_log_config.c in the mod_log_config\n module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded\n MPM is used, does not properly handle a \\%{}C format string, which\n allows remote attackers to cause a denial of service (daemon crash)\n via a cookie that lacks both a name and a value (CVE-2012-0021). \n \n scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might\n allow local users to cause a denial of service (daemon crash during\n shutdown) or possibly have unspecified other impact by modifying\n a certain type field within a scoreboard shared memory segment,\n leading to an invalid call to the free function (CVE-2012-0031). \n \n The updated packages have been upgraded to the latest 2.2.22 version\n which is not vulnerable to this issue. \n \n Additionally APR and APR-UTIL has been upgraded to the latest versions\n 1.4.5 and 1.4.1 respectively which holds many improvments over the\n previous versions. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.11 (GNU/Linux)\n\niD8DBQFPKoIMmqjQ0CJFipgRApUPAKDybXSBuVY2HxRpnqQnFpCmVw9TjACgjD7S\nqoOiBUIAc3k8YDXisM5t9Gc=\n=3aR8\n-----END PGP SIGNATURE-----\n", "sources": [ { "db": "NVD", "id": "CVE-2012-0053" }, { "db": "JVNDB", "id": "JVNDB-2012-001258" }, { "db": "BID", "id": "51706" }, { "db": "VULMON", "id": "CVE-2012-0053" }, { "db": "PACKETSTORM", "id": "109731" }, { "db": "PACKETSTORM", "id": "114141" }, { "db": "PACKETSTORM", "id": "121573" }, { "db": "PACKETSTORM", "id": "112503" }, { "db": "PACKETSTORM", "id": "112059" }, { "db": "PACKETSTORM", "id": "119095" }, { "db": "PACKETSTORM", "id": "109387" } ], "trust": 2.61 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=18442", "trust": 0.1, "type": "exploit" } ], "sources": [ { "db": "VULMON", "id": "CVE-2012-0053" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2012-0053", "trust": 3.4 }, { "db": "JUNIPER", "id": "JSA10585", "trust": 1.9 }, { "db": "BID", "id": "51706", "trust": 1.9 }, { "db": "SECUNIA", "id": "48551", "trust": 1.6 }, { "db": "JVNDB", "id": "JVNDB-2012-001258", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201201-403", "trust": 0.6 }, { "db": "HITACHI", "id": "HS12-033", "trust": 0.4 }, { "db": "JUNIPER", "id": "JSA10642", "trust": 0.3 }, { "db": "SECUNIA", "id": "51626", "trust": 0.2 }, { "db": "VULMON", "id": "CVE-2012-0053", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "109731", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "114141", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "121573", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "112503", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "112059", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "119095", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "109387", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2012-0053" }, { "db": "BID", "id": "51706" }, { "db": "JVNDB", "id": "JVNDB-2012-001258" }, { "db": "PACKETSTORM", "id": "109731" }, { "db": "PACKETSTORM", "id": "114141" }, { "db": "PACKETSTORM", "id": "121573" }, { "db": "PACKETSTORM", "id": "112503" }, { "db": "PACKETSTORM", "id": "112059" }, { "db": "PACKETSTORM", "id": "119095" }, { "db": "PACKETSTORM", "id": "109387" }, { "db": "CNNVD", "id": "CNNVD-201201-403" }, { "db": "NVD", "id": "CVE-2012-0053" } ] }, "id": "VAR-201201-0038", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.33942824 }, "last_update_date": "2024-11-29T19:25:15.333000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Fixed in Apache httpd 2.2.22-dev", "trust": 0.8, "url": "http://httpd.apache.org/security/vulnerabilities_22.html" }, { "title": "1235454", "trust": 0.8, "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1235454" }, { "title": "APPLE-SA-2012-09-19-2", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html" }, { "title": "HT5501", "trust": 0.8, "url": "http://support.apple.com/kb/HT5501" }, { "title": "HT5501", "trust": 0.8, "url": "http://support.apple.com/kb/HT5501?viewlocale=ja_JP" }, { "title": "HS12-033", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-033/index.html" }, { "title": "HS13-001", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-001/index.html" }, { "title": "HPSBST02848 SSRT101112", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03691745" }, { "title": "HPSBMU02786 SSRT100877", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" }, { "title": "openSUSE-SU-2012:0314", "trust": 0.8, "url": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00026.html" }, { "title": "Oracle Critical Patch Update Advisory - January 2015", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" }, { "title": "Text Form of Oracle Critical Patch Update - January 2015 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015verbose-1972976.html" }, { "title": "Oracle Critical Patch Update Advisory - July 2012", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" }, { "title": "Bug 785069", "trust": 0.8, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=785069" }, { "title": "RHSA-2012:0128", "trust": 0.8, "url": "http://rhn.redhat.com/errata/RHSA-2012-0128.html" }, { "title": "CVE-2012-0053 Information Disclosure vulnerability in Apache HTTP Server ", "trust": 0.8, "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2012_0053_information_disclosure" }, { "title": "January 2015 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/january_2015_critical_patch_update" }, { "title": "Multiple vulnerabilities in Apache HTTP Server 1.3", "trust": 0.8, "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_apache_http1" }, { "title": "JSA10585", "trust": 0.8, "url": "http://kb.juniper.net/JSA10585" }, { "title": "HS12-033", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-033/index.html" }, { "title": "HS13-001", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS13-001/index.html" }, { "title": "Interstage HTTP Server: \u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u8106\u5f31\u6027(CVE-2012-0053)", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_201203.html" }, { "title": "httpd-2.4.3", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=44298" }, { "title": "httpd_2.4.3-netware-bin", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=44300" }, { "title": "httpd-2.4.3", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=44299" }, { "title": "httpd-2.2.22-win32-src", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42509" }, { "title": "httpd-2.2.22", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42508" }, { "title": "httpd_2.2.22-netware", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42512" }, { "title": "httpd-2.2.22", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42507" }, { "title": "httpd-2.2.22-win32-x86-openssl-0.9.8t", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42511" }, { "title": "httpd-2.2.22-win32-x86-no_ssl", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42510" }, { "title": "Red Hat: Moderate: httpd security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120323 - Security Advisory" }, { "title": "Red Hat: Moderate: httpd security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120128 - Security Advisory" }, { "title": "Red Hat: Moderate: httpd security and bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120542 - Security Advisory" }, { "title": "Amazon Linux AMI: ALAS-2012-046", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2012-046" }, { "title": "Ubuntu Security Notice: apache2 vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1368-1" }, { "title": "xss_payloads", "trust": 0.1, "url": "https://github.com/nettitude/xss_payloads " }, { "title": "CVE20120053Demo", "trust": 0.1, "url": "https://github.com/jonathansp/CVE20120053Demo " }, { "title": "Apache-Vulns", "trust": 0.1, "url": "https://github.com/styx00/Apache-Vulns " }, { "title": "https://github.com/goddemondemongod/Sec-Interview", "trust": 0.1, "url": "https://github.com/goddemondemongod/Sec-Interview " } ], "sources": [ { "db": "VULMON", "id": "CVE-2012-0053" }, { "db": "JVNDB", "id": "JVNDB-2012-001258" }, { "db": "CNNVD", "id": "CNNVD-201201-403" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "CWE-264", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-001258" }, { "db": "NVD", "id": "CVE-2012-0053" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.9, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03360041" }, { "trust": 1.7, "url": "http://rhn.redhat.com/errata/rhsa-2012-0128.html" }, { "trust": 1.7, "url": "http://rhn.redhat.com/errata/rhsa-2012-0543.html" }, { "trust": 1.6, "url": "http://lists.apple.com/archives/security-announce/2012/sep/msg00004.html" }, { "trust": 1.6, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=785069" }, { "trust": 1.6, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" }, { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=133494237717847\u0026w=2" }, { "trust": 1.6, "url": "http://support.apple.com/kb/ht5501" }, { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=133294460209056\u0026w=2" }, { "trust": 1.6, "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1235454" }, { "trust": 1.6, "url": "http://secunia.com/advisories/48551" }, { "trust": 1.6, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2012:012" }, { "trust": 1.6, "url": "http://rhn.redhat.com/errata/rhsa-2012-0542.html" }, { "trust": 1.6, "url": "http://www.securityfocus.com/bid/51706" }, { "trust": 1.6, "url": "http://www.debian.org/security/2012/dsa-2405" }, { "trust": 1.6, "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" }, { "trust": 1.6, "url": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00026.html" }, { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=136441204617335\u0026w=2" }, { "trust": 1.6, "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00002.html" }, { "trust": 1.6, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2013:150" }, { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "trust": 1.6, "url": "http://kb.juniper.net/jsa10585" }, { "trust": 1.4, "url": "http://httpd.apache.org/security/vulnerabilities_22.html" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3ccvs.httpd.apache.org%3e" }, { "trust": 0.9, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0053" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu381963/index.html" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0053" }, { "trust": 0.6, "url": "http://support.avaya.com/css/p8/documents/100158872" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0031" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0053" }, { "trust": 0.6, "url": "httpd.apache.org%3e" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3ccvs." }, { "trust": 0.6, "url": "httpd.apache.org/security/vulnerabilities_22.html" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729@%3ccvs." }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3607" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0021" }, { "trust": 0.4, "url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs12-033/index.html" }, { "trust": 0.3, "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c03691745" }, { "trust": 0.3, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10642\u0026cat=sirt_1\u0026actp=list" }, { "trust": 0.3, "url": "http://httpd.apache.org/" }, { "trust": 0.3, "url": "http://mail-archives.apache.org/mod_mbox/httpd-announce/201307.mbox/%3c20130710124920.2b8793ed.wrowe%40rowe-clan.net%3e" }, { "trust": 0.3, "url": "http://httpd.apache.org/security/vulnerabilities_20.html" }, { "trust": 0.3, "url": "https://h20565.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01\u0026javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigational" }, { "trust": 0.3, "url": "http://www.sophos.com/en-us/support/knowledgebase/119773.aspx" }, { "trust": 0.3, "url": "http://www.xerox.com/download/security/security-bulletin/16aeb-4cd3628b94080/cert_xrx12-009_v1.1.pdf" }, { "trust": 0.3, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10585" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100157326" }, { "trust": 0.3, "url": "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03231301\u0026ac.admitted=1332965374461.876444892.492883150" }, { "trust": 0.3, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03315912" }, { "trust": 0.3, "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-201203e.html" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004302" }, { "trust": 0.3, "url": "http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15273.html" }, { "trust": 0.3, "url": "http://www.coresecurity.com/advisories/sophos-web-protection-appliance-multiple-vulnerabilities" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4317" }, { "trust": 0.2, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3607.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2012-0053.html" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.2, "url": "http://bugzilla.redhat.com/):" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2012-0031.html" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3368" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3348" }, { "trust": 0.2, "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.2, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-4317.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3639" }, { "trust": 0.1, "url": "https://access.redhat.com/kb/docs/doc-11259" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/#package" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3639.html" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2011-1391.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0434" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2791" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3368" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0031" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3192" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0408" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0408" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1452" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1452" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0053" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0883" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3348" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4317" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0021" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3607" }, { "trust": 0.1, "url": "http://security.gentoo.org/glsa/glsa-201206-25.xml" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3192" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0883" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0434" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2791" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0036" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2016" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0057" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4078" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1165" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4885" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2834" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1944" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2014" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0830" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4108" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4153" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1823" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2013" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4415" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4577" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4619" }, { "trust": 0.1, "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-ac3d1f80b8dd48b792bfc01a08" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0027" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2012" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2015" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3379" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4576" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2821" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3368.html" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2011-1330.html" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver\u0026downloadtype=securitypatches\u0026version=1.0.2" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3348.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0021.html" }, { "trust": 0.1, "url": "https://h20392.www2.hp.com/portal/swdepot/try.do?productnumber=hpuxwsatw235" }, { "trust": 0.1, "url": "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber=hpuxwsatw323" }, { "trust": 0.1, "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02964430" }, { "trust": 0.1, "url": "https://www.hp.com/go/swa" }, { "trust": 0.1, "url": "http://secunia.com/advisories/51626/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=51626" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/blog/325/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/51626/#comments" }, { "trust": 0.1, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0021" }, { "trust": 0.1, "url": "http://www.apache.org/dist/apr/changes-apr-util-1.4" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0031" }, { "trust": 0.1, "url": "http://www.apache.org/dist/httpd/changes_2.2.22" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/advisories" }, { "trust": 0.1, "url": "http://www.apache.org/dist/apr/changes-apr-1.4" } ], "sources": [ { "db": "BID", "id": "51706" }, { "db": "JVNDB", "id": "JVNDB-2012-001258" }, { "db": "PACKETSTORM", "id": "109731" }, { "db": "PACKETSTORM", "id": "114141" }, { "db": "PACKETSTORM", "id": "121573" }, { "db": "PACKETSTORM", "id": "112503" }, { "db": "PACKETSTORM", "id": "112059" }, { "db": "PACKETSTORM", "id": "119095" }, { "db": "PACKETSTORM", "id": "109387" }, { "db": "CNNVD", "id": "CNNVD-201201-403" }, { "db": "NVD", "id": "CVE-2012-0053" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2012-0053" }, { "db": "BID", "id": "51706" }, { "db": "JVNDB", "id": "JVNDB-2012-001258" }, { "db": "PACKETSTORM", "id": "109731" }, { "db": "PACKETSTORM", "id": "114141" }, { "db": "PACKETSTORM", "id": "121573" }, { "db": "PACKETSTORM", "id": "112503" }, { "db": "PACKETSTORM", "id": "112059" }, { "db": "PACKETSTORM", "id": "119095" }, { "db": "PACKETSTORM", "id": "109387" }, { "db": "CNNVD", "id": "CNNVD-201201-403" }, { "db": "NVD", "id": "CVE-2012-0053" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2012-01-28T00:00:00", "db": "VULMON", "id": "CVE-2012-0053" }, { "date": "2012-01-23T00:00:00", "db": "BID", "id": "51706" }, { "date": "2012-02-01T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-001258" }, { "date": "2012-02-13T22:08:05", "db": "PACKETSTORM", "id": "109731" }, { "date": "2012-06-24T23:54:52", "db": "PACKETSTORM", "id": "114141" }, { "date": "2013-05-09T14:44:00", "db": "PACKETSTORM", "id": "121573" }, { "date": "2012-05-07T20:02:40", "db": "PACKETSTORM", "id": "112503" }, { "date": "2012-04-21T00:19:01", "db": "PACKETSTORM", "id": "112059" }, { "date": "2012-12-27T07:16:59", "db": "PACKETSTORM", "id": "119095" }, { "date": "2012-02-03T02:14:27", "db": "PACKETSTORM", "id": "109387" }, { "date": "2012-01-28T00:00:00", "db": "CNNVD", "id": "CNNVD-201201-403" }, { "date": "2012-01-28T04:05:00.797000", "db": "NVD", "id": "CVE-2012-0053" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-07T00:00:00", "db": "VULMON", "id": "CVE-2012-0053" }, { "date": "2015-04-13T21:30:00", "db": "BID", "id": "51706" }, { "date": "2015-01-30T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-001258" }, { "date": "2022-09-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201201-403" }, { "date": "2024-11-21T01:34:17.753000", "db": "NVD", "id": "CVE-2012-0053" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "112503" }, { "db": "CNNVD", "id": "CNNVD-201201-403" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache HTTP Server of protocol.c In HTTPOnly Cookie Vulnerability that gets the value of", "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-001258" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "permissions and access control issues", "sources": [ { "db": "CNNVD", "id": "CNNVD-201201-403" } ], "trust": 0.6 } }
var-201112-0123
Vulnerability from variot
Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka Oracle security ticket S0104869. Some programming language implementations do not sufficiently randomize their hash functions or provide means to limit key collision attacks, which can be leveraged by an unauthenticated attacker to cause a denial-of-service (DoS) condition. Oracle Glassfish Calculates the hash value of the form parameter without restricting the assumption of hash collision. (CPU Resource consumption ) There is a vulnerability that becomes a condition.A third party can send a large amount of crafted parameters to disrupt service operation. (CPU Resource consumption ) There is a possibility of being put into a state. Oracle GlassFish Server is prone to a denial-of-service vulnerability. An attacker can exploit this issue by sending specially crafted forms in HTTP POST requests. Oracle GlassFish Server 3.1.1 and prior versions are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2012-04-03-1 Java for OS X 2012-001 and Java for Mac OS X 10.6 Update 7
Java for OS X 2012-001 and Java for Mac OS X 10.6 Update 7 is now available and addresses the following:
Java Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7.3, OS X Lion Server v10.7.3 Impact: Multiple vulnerabilities in Java 1.6.0_29 Description: Multiple vulnerabilities exist in Java 1.6.0_29, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_31. Further information is available via the Java website at http://www.o racle.com/technetwork/java/javase/releasenotes-136954.html CVE-ID CVE-2011-3563 CVE-2011-5035 CVE-2012-0497 CVE-2012-0498 CVE-2012-0499 CVE-2012-0500 CVE-2012-0501 CVE-2012-0502 CVE-2012-0503 CVE-2012-0505 CVE-2012-0506 CVE-2012-0507
Java for OS X 2012-001 and Java for Mac OS X 10.6 Update 7 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/
For Mac OS X v10.6 systems The download file is named: JavaForMacOSX10.6.dmg Its SHA-1 digest is: f76807153bc0ca253e4a466a2a8c0abf1e180667
For OS X Lion systems The download file is named: JavaForOSX.dmg Its SHA-1 digest is: 176ac1f8e79b4245301e84b616de5105ccd13e16
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org
iQEcBAEBAgAGBQJPezVqAAoJEGnF2JsdZQee7gIIALa7b5hVTKL7kOXF7EYT6wjx VnAmxoQbjEwpBkdzPzqqhCQ303/iBdLdHr2O/yxdaX0tFuB+5+4iInPU2t6O+PNh 7iJ3rhQszzIj5q/qGDXyzIQEjurNfvrEKAxQ3T7uj1At+n/9YVBaw8p6i+HopbRc Fo6Jrxy0Qf/MyeGO4lqxht2Aq8omh+pEBNP68EglqrJp/CjZTYGaFAHVGvnm8/gA wjcpIRQBacXcBCJ3K8pZhuQvXhm+GVLWYgc2KGsZ/l7jbQX5Bi67b7CFf7lBHlyd V7ss6N/0T/O3nspdhg+jhnvcaia1Ow3GikC/707NNkM8Dm3lm0DFVMBBgpNvPcU= =Pf96 -----END PGP SIGNATURE----- .
Background
IcedTea is a distribution of the Java OpenJDK source code built with free build tools. ============================================================================ Ubuntu Security Notice USN-1373-2 March 01, 2012
openjdk-6b18 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS
Summary:
Multiple vulnerabilities in OpenJDK 6 for the ARM architecture have been fixed.
Software Description: - openjdk-6b18: Open Source Java implementation
Details:
USN 1373-1 fixed vulnerabilities in OpenJDK 6 in Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04 for all architectures except for ARM (armel). This provides the corresponding OpenJDK 6 update for use with the ARM (armel) architecture in Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. A remote attacker could cause a denial of service by sending special requests that trigger hash collisions predictably. This may be increased by adjusting the sun.net.httpserver.maxReqHeaders property. (CVE-2012-0497)
It was discovered that an off-by-one error exists in the Java ZIP file processing code. An attacker could us this to cause a denial of service through a maliciously crafted ZIP file. (CVE-2012-0507)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 11.04: icedtea-6-jre-cacao 6b18-1.8.13-0ubuntu1~11.04.1 icedtea-6-jre-jamvm 6b18-1.8.13-0ubuntu1~11.04.1 openjdk-6-jre 6b18-1.8.13-0ubuntu1~11.04.1 openjdk-6-jre-headless 6b18-1.8.13-0ubuntu1~11.04.1 openjdk-6-jre-zero 6b18-1.8.13-0ubuntu1~11.04.1
Ubuntu 10.10: icedtea-6-jre-cacao 6b18-1.8.13-0ubuntu1~10.10.1 openjdk-6-jre 6b18-1.8.13-0ubuntu1~10.10.1 openjdk-6-jre-headless 6b18-1.8.13-0ubuntu1~10.10.1 openjdk-6-jre-zero 6b18-1.8.13-0ubuntu1~10.10.1
Ubuntu 10.04 LTS: icedtea-6-jre-cacao 6b18-1.8.13-0ubuntu1~10.04.1 openjdk-6-jre 6b18-1.8.13-0ubuntu1~10.04.1 openjdk-6-jre-headless 6b18-1.8.13-0ubuntu1~10.04.1 openjdk-6-jre-zero 6b18-1.8.13-0ubuntu1~10.04.1
After a standard system update you need to restart any Java applications or applets to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03350339
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03350339 Version: 1
HPSBUX02784 SSRT100871 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2012-05-30 Last Updated: 2012-05-29
Potential Security Impact: Remote unauthorized access, disclosure of information, and other vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
References: CVE-2011-3563, CVE-2011-5035, CVE-2012-0497, CVE-2012-0498, CVE-2012-0499, CVE-2012-0500, CVE-2012-0501, CVE-2012-0502, CVE-2012-0503, CVE-2012-0504, CVE-2012-0505, CVE-2012-0506, CVE-2012-0507
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.23, B.11.31 running HP JDK and JRE 7.0.0
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2011-3563 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4 CVE-2011-5035 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-0497 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-0498 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-0499 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-0500 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-0501 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-0502 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4 CVE-2012-0503 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-0504 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2012-0505 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-0506 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2012-0507 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following Java version upgrade to resolve these vulnerabilities. The upgrade is available from the following location
http://www.hp.com/go/java
HP-UX B.11.23, B.11.31 JDK and JRE v7.0.01 or subsequent
MANUAL ACTIONS: Yes - Update For Java v7.0.0, update to Java v7.0.01 or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.23 HP-UX B.11.31 =========== Jdk70.JDK70-COM Jdk70.JDK70-DEMO Jdk70.JDK70-IPF32 Jdk70.JDK70-IPF64 Jre70.JRE70-COM Jre70.JRE70-IPF32 Jre70.JRE70-IPF32-HS Jre70.JRE70-IPF64 Jre70.JRE70-IPF64-HS action: install revision 1.7.0.01 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) 30 May 2012 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c02964430
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
Fix in AtomicReferenceArray (CVE-2011-3571).
Multiple unspecified vulnerabilities allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors (CVE-2012-0498. CVE-2012-0499, CVE-2012-0500).
Issues with some KeyboardFocusManager method (CVE-2012-0502).
Issues with TimeZone class (CVE-2012-0503).
Enhance exception throwing mechanism in ObjectStreamClass (CVE-2012-0505).
Issues with some method in corba (CVE-2012-0506). The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFPPnJ1mqjQ0CJFipgRAsShAJ9uLjzWi9Y8x/myvScmQfUPwRh8RACg22f9 NSDNWCT+JqEyYHUExPAwR58= =cwgS -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201401-30
http://security.gentoo.org/
Severity: High Title: Oracle JRE/JDK: Multiple vulnerabilities Date: January 27, 2014 Bugs: #404071, #421073, #433094, #438706, #451206, #455174, #458444, #460360, #466212, #473830, #473980, #488210, #498148 ID: 201401-30
Synopsis
Multiple vulnerabilities have been found in the Oracle JRE/JDK, allowing attackers to cause unspecified impact.
Background
The Oracle Java Development Kit (JDK) (formerly known as Sun JDK) and the Oracle Java Runtime Environment (JRE) (formerly known as Sun JRE) provide the Oracle Java platform (formerly known as Sun Java Platform).
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-java/sun-jdk <= 1.6.0.45 Vulnerable! 2 dev-java/oracle-jdk-bin < 1.7.0.51 >= 1.7.0.51 * 3 dev-java/sun-jre-bin <= 1.6.0.45 Vulnerable! 4 dev-java/oracle-jre-bin < 1.7.0.51 >= 1.7.0.51 * 5 app-emulation/emul-linux-x86-java < 1.7.0.51 >= 1.7.0.51 * ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- NOTE: Packages marked with asterisks require manual intervention! ------------------------------------------------------------------- 5 affected packages
Description
Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below for details.
Impact
An unauthenticated, remote attacker could exploit these vulnerabilities to execute arbitrary code. Furthermore, a local or remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code.
Workaround
There is no known workaround at this time.
Resolution
All Oracle JDK 1.7 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=dev-java/oracle-jdk-bin-1.7.0.51"
All Oracle JRE 1.7 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=dev-java/oracle-jre-bin-1.7.0.51"
All users of the precompiled 32-bit Oracle JRE should upgrade to the latest version:
# emerge --sync # emerge -a -1 -v ">=app-emulation/emul-linux-x86-java-1.7.0.51"
All Sun Microsystems JDK/JRE 1.6 users are suggested to upgrade to one of the newer Oracle packages like dev-java/oracle-jdk-bin or dev-java/oracle-jre-bin or choose another alternative we provide; eg. the IBM JDK/JRE or the open source IcedTea.
NOTE: As Oracle has revoked the DLJ license for its Java implementation, the packages can no longer be updated automatically.
References
[ 1 ] CVE-2011-3563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3563 [ 2 ] CVE-2011-5035 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5035 [ 3 ] CVE-2012-0497 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0497 [ 4 ] CVE-2012-0498 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0498 [ 5 ] CVE-2012-0499 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0499 [ 6 ] CVE-2012-0500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0500 [ 7 ] CVE-2012-0501 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0501 [ 8 ] CVE-2012-0502 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0502 [ 9 ] CVE-2012-0503 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0503 [ 10 ] CVE-2012-0504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0504 [ 11 ] CVE-2012-0505 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0505 [ 12 ] CVE-2012-0506 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0506 [ 13 ] CVE-2012-0507 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0507 [ 14 ] CVE-2012-0547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0547 [ 15 ] CVE-2012-1531 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1531 [ 16 ] CVE-2012-1532 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1532 [ 17 ] CVE-2012-1533 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1533 [ 18 ] CVE-2012-1541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1541 [ 19 ] CVE-2012-1682 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1682 [ 20 ] CVE-2012-1711 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1711 [ 21 ] CVE-2012-1713 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1713 [ 22 ] CVE-2012-1716 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1716 [ 23 ] CVE-2012-1717 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1717 [ 24 ] CVE-2012-1718 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1718 [ 25 ] CVE-2012-1719 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1719 [ 26 ] CVE-2012-1721 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1721 [ 27 ] CVE-2012-1722 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1722 [ 28 ] CVE-2012-1723 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1723 [ 29 ] CVE-2012-1724 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1724 [ 30 ] CVE-2012-1725 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1725 [ 31 ] CVE-2012-1726 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1726 [ 32 ] CVE-2012-3136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3136 [ 33 ] CVE-2012-3143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3143 [ 34 ] CVE-2012-3159 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3159 [ 35 ] CVE-2012-3174 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3174 [ 36 ] CVE-2012-3213 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3213 [ 37 ] CVE-2012-3216 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3216 [ 38 ] CVE-2012-3342 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3342 [ 39 ] CVE-2012-4416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4416 [ 40 ] CVE-2012-4681 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4681 [ 41 ] CVE-2012-5067 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5067 [ 42 ] CVE-2012-5068 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5068 [ 43 ] CVE-2012-5069 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5069 [ 44 ] CVE-2012-5070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5070 [ 45 ] CVE-2012-5071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5071 [ 46 ] CVE-2012-5072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5072 [ 47 ] CVE-2012-5073 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5073 [ 48 ] CVE-2012-5074 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5074 [ 49 ] CVE-2012-5075 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5075 [ 50 ] CVE-2012-5076 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5076 [ 51 ] CVE-2012-5077 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5077 [ 52 ] CVE-2012-5079 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5079 [ 53 ] CVE-2012-5081 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5081 [ 54 ] CVE-2012-5083 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5083 [ 55 ] CVE-2012-5084 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5084 [ 56 ] CVE-2012-5085 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5085 [ 57 ] CVE-2012-5086 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5086 [ 58 ] CVE-2012-5087 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5087 [ 59 ] CVE-2012-5088 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5088 [ 60 ] CVE-2012-5089 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5089 [ 61 ] CVE-2013-0169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0169 [ 62 ] CVE-2013-0351 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0351 [ 63 ] CVE-2013-0401 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0401 [ 64 ] CVE-2013-0402 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0402 [ 65 ] CVE-2013-0409 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0409 [ 66 ] CVE-2013-0419 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0419 [ 67 ] CVE-2013-0422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0422 [ 68 ] CVE-2013-0423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0423 [ 69 ] CVE-2013-0430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0430 [ 70 ] CVE-2013-0437 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0437 [ 71 ] CVE-2013-0438 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0438 [ 72 ] CVE-2013-0445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0445 [ 73 ] CVE-2013-0446 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0446 [ 74 ] CVE-2013-0448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0448 [ 75 ] CVE-2013-0449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0449 [ 76 ] CVE-2013-0809 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0809 [ 77 ] CVE-2013-1473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1473 [ 78 ] CVE-2013-1479 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1479 [ 79 ] CVE-2013-1481 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1481 [ 80 ] CVE-2013-1484 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1484 [ 81 ] CVE-2013-1485 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1485 [ 82 ] CVE-2013-1486 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1486 [ 83 ] CVE-2013-1487 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1487 [ 84 ] CVE-2013-1488 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1488 [ 85 ] CVE-2013-1491 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1491 [ 86 ] CVE-2013-1493 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1493 [ 87 ] CVE-2013-1500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1500 [ 88 ] CVE-2013-1518 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1518 [ 89 ] CVE-2013-1537 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1537 [ 90 ] CVE-2013-1540 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1540 [ 91 ] CVE-2013-1557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1557 [ 92 ] CVE-2013-1558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1558 [ 93 ] CVE-2013-1561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1561 [ 94 ] CVE-2013-1563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1563 [ 95 ] CVE-2013-1564 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1564 [ 96 ] CVE-2013-1569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1569 [ 97 ] CVE-2013-1571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1571 [ 98 ] CVE-2013-2383 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2383 [ 99 ] CVE-2013-2384 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2384 [ 100 ] CVE-2013-2394 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2394 [ 101 ] CVE-2013-2400 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2400 [ 102 ] CVE-2013-2407 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2407 [ 103 ] CVE-2013-2412 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2412 [ 104 ] CVE-2013-2414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2414 [ 105 ] CVE-2013-2415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2415 [ 106 ] CVE-2013-2416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2416 [ 107 ] CVE-2013-2417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2417 [ 108 ] CVE-2013-2418 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2418 [ 109 ] CVE-2013-2419 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2419 [ 110 ] CVE-2013-2420 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2420 [ 111 ] CVE-2013-2421 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2421 [ 112 ] CVE-2013-2422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2422 [ 113 ] CVE-2013-2423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2423 [ 114 ] CVE-2013-2424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2424 [ 115 ] CVE-2013-2425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2425 [ 116 ] CVE-2013-2426 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2426 [ 117 ] CVE-2013-2427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2427 [ 118 ] CVE-2013-2428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2428 [ 119 ] CVE-2013-2429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2429 [ 120 ] CVE-2013-2430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2430 [ 121 ] CVE-2013-2431 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2431 [ 122 ] CVE-2013-2432 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2432 [ 123 ] CVE-2013-2433 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2433 [ 124 ] CVE-2013-2434 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2434 [ 125 ] CVE-2013-2435 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2435 [ 126 ] CVE-2013-2436 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2436 [ 127 ] CVE-2013-2437 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2437 [ 128 ] CVE-2013-2438 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2438 [ 129 ] CVE-2013-2439 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2439 [ 130 ] CVE-2013-2440 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2440 [ 131 ] CVE-2013-2442 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2442 [ 132 ] CVE-2013-2443 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2443 [ 133 ] CVE-2013-2444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2444 [ 134 ] CVE-2013-2445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2445 [ 135 ] CVE-2013-2446 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2446 [ 136 ] CVE-2013-2447 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2447 [ 137 ] CVE-2013-2448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2448 [ 138 ] CVE-2013-2449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2449 [ 139 ] CVE-2013-2450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2450 [ 140 ] CVE-2013-2451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2451 [ 141 ] CVE-2013-2452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2452 [ 142 ] CVE-2013-2453 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2453 [ 143 ] CVE-2013-2454 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2454 [ 144 ] CVE-2013-2455 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2455 [ 145 ] CVE-2013-2456 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2456 [ 146 ] CVE-2013-2457 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2457 [ 147 ] CVE-2013-2458 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2458 [ 148 ] CVE-2013-2459 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2459 [ 149 ] CVE-2013-2460 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2460 [ 150 ] CVE-2013-2461 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2461 [ 151 ] CVE-2013-2462 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2462 [ 152 ] CVE-2013-2463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2463 [ 153 ] CVE-2013-2464 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2464 [ 154 ] CVE-2013-2465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2465 [ 155 ] CVE-2013-2466 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2466 [ 156 ] CVE-2013-2467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2467 [ 157 ] CVE-2013-2468 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2468 [ 158 ] CVE-2013-2469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2469 [ 159 ] CVE-2013-2470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2470 [ 160 ] CVE-2013-2471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2471 [ 161 ] CVE-2013-2472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2472 [ 162 ] CVE-2013-2473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2473 [ 163 ] CVE-2013-3743 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3743 [ 164 ] CVE-2013-3744 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3744 [ 165 ] CVE-2013-3829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3829 [ 166 ] CVE-2013-5772 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5772 [ 167 ] CVE-2013-5774 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5774 [ 168 ] CVE-2013-5775 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5775 [ 169 ] CVE-2013-5776 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5776 [ 170 ] CVE-2013-5777 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5777 [ 171 ] CVE-2013-5778 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5778 [ 172 ] CVE-2013-5780 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5780 [ 173 ] CVE-2013-5782 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5782 [ 174 ] CVE-2013-5783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5783 [ 175 ] CVE-2013-5784 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5784 [ 176 ] CVE-2013-5787 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5787 [ 177 ] CVE-2013-5788 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5788 [ 178 ] CVE-2013-5789 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5789 [ 179 ] CVE-2013-5790 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5790 [ 180 ] CVE-2013-5797 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5797 [ 181 ] CVE-2013-5800 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5800 [ 182 ] CVE-2013-5801 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5801 [ 183 ] CVE-2013-5802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5802 [ 184 ] CVE-2013-5803 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5803 [ 185 ] CVE-2013-5804 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5804 [ 186 ] CVE-2013-5805 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5805 [ 187 ] CVE-2013-5806 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5806 [ 188 ] CVE-2013-5809 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5809 [ 189 ] CVE-2013-5810 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5810 [ 190 ] CVE-2013-5812 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5812 [ 191 ] CVE-2013-5814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5814 [ 192 ] CVE-2013-5817 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5817 [ 193 ] CVE-2013-5818 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5818 [ 194 ] CVE-2013-5819 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5819 [ 195 ] CVE-2013-5820 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5820 [ 196 ] CVE-2013-5823 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5823 [ 197 ] CVE-2013-5824 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5824 [ 198 ] CVE-2013-5825 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5825 [ 199 ] CVE-2013-5829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5829 [ 200 ] CVE-2013-5830 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5830 [ 201 ] CVE-2013-5831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5831 [ 202 ] CVE-2013-5832 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5832 [ 203 ] CVE-2013-5838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5838 [ 204 ] CVE-2013-5840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5840 [ 205 ] CVE-2013-5842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5842 [ 206 ] CVE-2013-5843 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5843 [ 207 ] CVE-2013-5844 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5844 [ 208 ] CVE-2013-5846 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5846 [ 209 ] CVE-2013-5848 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5848 [ 210 ] CVE-2013-5849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5849 [ 211 ] CVE-2013-5850 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5850 [ 212 ] CVE-2013-5851 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5851 [ 213 ] CVE-2013-5852 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5852 [ 214 ] CVE-2013-5854 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5854 [ 215 ] CVE-2013-5870 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5870 [ 216 ] CVE-2013-5878 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5878 [ 217 ] CVE-2013-5887 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5887 [ 218 ] CVE-2013-5888 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5888 [ 219 ] CVE-2013-5889 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5889 [ 220 ] CVE-2013-5893 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5893 [ 221 ] CVE-2013-5895 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5895 [ 222 ] CVE-2013-5896 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5896 [ 223 ] CVE-2013-5898 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5898 [ 224 ] CVE-2013-5899 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5899 [ 225 ] CVE-2013-5902 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5902 [ 226 ] CVE-2013-5904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5904 [ 227 ] CVE-2013-5905 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5905 [ 228 ] CVE-2013-5906 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5906 [ 229 ] CVE-2013-5907 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5907 [ 230 ] CVE-2013-5910 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5910 [ 231 ] CVE-2014-0368 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0368 [ 232 ] CVE-2014-0373 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0373 [ 233 ] CVE-2014-0375 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0375 [ 234 ] CVE-2014-0376 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0376 [ 235 ] CVE-2014-0382 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0382 [ 236 ] CVE-2014-0385 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0385 [ 237 ] CVE-2014-0387 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0387 [ 238 ] CVE-2014-0403 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0403 [ 239 ] CVE-2014-0408 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0408 [ 240 ] CVE-2014-0410 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0410 [ 241 ] CVE-2014-0411 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0411 [ 242 ] CVE-2014-0415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0415 [ 243 ] CVE-2014-0416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0416 [ 244 ] CVE-2014-0417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0417 [ 245 ] CVE-2014-0418 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0418 [ 246 ] CVE-2014-0422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0422 [ 247 ] CVE-2014-0423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0423 [ 248 ] CVE-2014-0424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0424 [ 249 ] CVE-2014-0428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0428
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201401-30.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . ----------------------------------------------------------------------
Secunia is hiring!
Find your next job here:
http://secunia.com/company/jobs/
TITLE: Oracle Multiple Products Web Form Hash Collision Denial of Service Vulnerability
SECUNIA ADVISORY ID: SA47819
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47819/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47819
RELEASE DATE: 2012-02-01
DISCUSS ADVISORY: http://secunia.com/advisories/47819/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/47819/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=47819
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in multiple Oracle products, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error within a hash generation function when hashing form posts and updating a hash table.
The vulnerability is reported in the following products: * Oracle Application Server 10g Release 3 version 10.1.3.5.0. * Oracle iPlanet Web Server 7.0. * Oracle iPlanet Web Server (formerly Oracle Java System Web Server) 6.1.
SOLUTION: Apply patch.
Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.
ORIGINAL ADVISORY: http://www.oracle.com/technetwork/topics/security/alert-cve-2011-5035-1506603.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: java-1.6.0-openjdk security update Advisory ID: RHSA-2012:0322-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0322.html Issue date: 2012-02-21 CVE Names: CVE-2011-3563 CVE-2011-3571 CVE-2011-5035 CVE-2012-0497 CVE-2012-0501 CVE-2012-0502 CVE-2012-0503 CVE-2012-0505 CVE-2012-0506 =====================================================================
- Summary:
Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
- Description:
These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit.
It was discovered that Java2D did not properly check graphics rendering objects before passing them to the native renderer. Malicious input, or an untrusted Java application or applet could use this flaw to crash the Java Virtual Machine (JVM), or bypass Java sandbox restrictions. (CVE-2012-0497)
It was discovered that the exception thrown on deserialization failure did not always contain a proper identification of the cause of the failure. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2012-0505)
The AtomicReferenceArray class implementation did not properly check if the array was of the expected Object[] type. A malicious Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2011-3571)
It was discovered that the use of TimeZone.setDefault() was not restricted by the SecurityManager, allowing an untrusted Java application or applet to set a new default time zone, and hence bypass Java sandbox restrictions. (CVE-2012-0503)
The HttpServer class did not limit the number of headers read from HTTP requests. A remote attacker could use this flaw to make an application using HttpServer use an excessive amount of CPU time via a specially-crafted request. This update introduces a header count limit controlled using the sun.net.httpserver.maxReqHeaders property. The default value is 200. (CVE-2011-5035)
The Java Sound component did not properly check buffer boundaries. Malicious input, or an untrusted Java application or applet could use this flaw to cause the Java Virtual Machine (JVM) to crash or disclose a portion of its memory. (CVE-2011-3563)
A flaw was found in the AWT KeyboardFocusManager that could allow an untrusted Java application or applet to acquire keyboard focus and possibly steal sensitive information. (CVE-2012-0502)
It was discovered that the CORBA (Common Object Request Broker Architecture) implementation in Java did not properly protect repository identifiers on certain CORBA objects. This could have been used to modify immutable object data. (CVE-2012-0506)
An off-by-one flaw, causing a stack overflow, was found in the unpacker for ZIP files. A specially-crafted ZIP archive could cause the Java Virtual Machine (JVM) to crash when opened. (CVE-2012-0501)
This erratum also upgrades the OpenJDK package to IcedTea6 1.10.6. Refer to the NEWS file, linked to in the References, for further information.
All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
- Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259
- Bugs fixed (http://bugzilla.redhat.com/):
788606 - CVE-2011-5035 OpenJDK: HttpServer no header count limit (Lightweight HTTP Server, 7126960) 788624 - CVE-2012-0501 OpenJDK: off-by-one bug in ZIP reading code (JRE, 7118283) 788976 - CVE-2012-0503 OpenJDK: unrestricted use of TimeZone.setDefault() (i18n, 7110687) 788994 - CVE-2011-3571 OpenJDK: AtomicReferenceArray insufficient array type check (Concurrency, 7082299) 789295 - CVE-2011-3563 OpenJDK: JavaSound incorrect bounds check (Sound, 7088367) 789297 - CVE-2012-0502 OpenJDK: KeyboardFocusManager focus stealing (AWT, 7110683) 789299 - CVE-2012-0505 OpenJDK: incomplete info in the deserialization exception (Serialization, 7110700) 789300 - CVE-2012-0506 OpenJDK: mutable repository identifiers (CORBA, 7110704) 789301 - CVE-2012-0497 OpenJDK: insufficient checking of the graphics rendering object (2D, 7112642)
- Package List:
Red Hat Enterprise Linux Desktop (v. 5 client):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.25.1.10.6.el5_8.src.rpm
i386: java-1.6.0-openjdk-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm java-1.6.0-openjdk-src-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm
x86_64: java-1.6.0-openjdk-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.25.1.10.6.el5_8.src.rpm
i386: java-1.6.0-openjdk-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm java-1.6.0-openjdk-src-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm
x86_64: java-1.6.0-openjdk-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2011-3563.html https://www.redhat.com/security/data/cve/CVE-2011-3571.html https://www.redhat.com/security/data/cve/CVE-2011-5035.html https://www.redhat.com/security/data/cve/CVE-2012-0497.html https://www.redhat.com/security/data/cve/CVE-2012-0501.html https://www.redhat.com/security/data/cve/CVE-2012-0502.html https://www.redhat.com/security/data/cve/CVE-2012-0503.html https://www.redhat.com/security/data/cve/CVE-2012-0505.html https://www.redhat.com/security/data/cve/CVE-2012-0506.html https://access.redhat.com/security/updates/classification/#important http://icedtea.classpath.org/hg/release/icedtea6-1.10/file/icedtea6-1.10.6/NEWS http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFPRBvTXlSAg2UNWIIRArkfAJ9B74k5cUjTIZGepTvbu+3kEcMpIgCgo2FR eIi8N5jfo4lIBLPu4EKFpVo= =ChsF -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201112-0123", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "glassfish server", "scope": "eq", "trust": 2.7, "vendor": "oracle", "version": "3.0.1" }, { "model": "glassfish server", "scope": "eq", "trust": 2.7, "vendor": "oracle", "version": "2.1.1" }, { "model": "glassfish server", "scope": "eq", "trust": 1.7, "vendor": "oracle", "version": "3.1.1" }, { "model": "communications server", "scope": "eq", "trust": 1.1, "vendor": "oracle", "version": "2.0" }, { "model": "weblogic server", "scope": "eq", "trust": 1.1, "vendor": "oracle", "version": "10.3.4" }, { "model": "weblogic server", "scope": "eq", "trust": 1.1, "vendor": "oracle", "version": "9.2.4" }, { "model": "weblogic server", "scope": "eq", "trust": 1.1, "vendor": "oracle", "version": "10.0.2" }, { "model": "glassfish server", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "3.1.1" }, { "model": "jre 1.6.0 03", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 30", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 22", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.6.0 28", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 14", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.6.0 21", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 25", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.6.0 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 27", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 03", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.7.0 2", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.7.0 2", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 14", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.6.0 25", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 27", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 15", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 30", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 12", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.7" }, { "model": "jre 1.6.0 02", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 23", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 01", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 15", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 28", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 23", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 11", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 13", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.6.0 02", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.6.0 26", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 26", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 21", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 24", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 11", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk", "scope": "eq", "trust": 0.9, "vendor": "oracle", "version": "1.7" }, { "model": "jdk 1.6.0 22", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 24", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 13", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "apache tomcat", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "microsoft", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "oracle", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "ruby", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "the php group", "version": null }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6.8" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.7.3" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6.8" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.7.3" }, { "model": "java system web server", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "6.1" }, { "model": "application server", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "10g r3 (10.1.3.5.0)" }, { "model": "iplanet web server", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "7.0" }, { "model": "jrockit", "scope": "lte", "trust": 0.8, "vendor": "oracle", "version": "27.7.1" }, { "model": "jrockit", "scope": "lte", "trust": 0.8, "vendor": "oracle", "version": "28.2.2" }, { "model": "sun java system application server", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "8.1" }, { "model": "sun java system application server", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "8.2" }, { "model": "weblogic server", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "11gr1 (10.3.3" }, { "model": "weblogic server", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "10.3.5)" }, { "model": "weblogic server", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "12cr1 (12.1.1)" }, { "model": "hp xp p9000 performance advisor software", "scope": "lte", "trust": 0.8, "vendor": "hewlett packard", "version": "5.4.1" }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "enterprise version 6" }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard version 6" }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 5" }, { "model": "cosminexus client", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 6" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "light version 6" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional version 6" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard version 6" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 5" }, { "model": "cosminexus developer\u0027s kit for java", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "base" }, { "model": "cosminexus server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- standard edition version 4" }, { "model": "cosminexus server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- web edition version 4" }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- standard edition version 4" }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- web edition version 4" }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 5" }, { "model": "hirdb for java /xml", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "developer\u0027s kit for java", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "processing kit for xml", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "enterprise" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "express" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "light" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "smart edition" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard-r" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "none" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "for plug-in" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "01" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "light" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional for plug-in" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard" }, { "model": "ucosminexus operator", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus portal framework", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "entry set" }, { "model": "ucosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "base" }, { "model": "ucosminexus service", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "architect" }, { "model": "ucosminexus service", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "platform" }, { "model": "ucosminexus service", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "platform - messaging" }, { "model": "internet navigware server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage application development cycle manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage application framework suite", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage application server", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "none" }, { "model": "interstage application server", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "plus developer / apworks / studio" }, { "model": "interstage business application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage form coordinator workflow", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage job workload server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage list manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage list works", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage service integrator", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage shunsaku data manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage web server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage xml business activity recorder", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "serverview", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "resource orchestrator cloud edition" }, { "model": "success server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker availability view", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker desktop inspection", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker it change manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker it process master", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker operation manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker runbook automation", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker service catalog manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker service quality coordinator", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker software configuration manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "jdk 01-b06", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 2", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 01", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 20", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "weblogic server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10.3.5.0" }, { "model": "jrockit r28.2.2", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "java se sr8 fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "java system web server sp9", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "6.1" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "linux enterprise sdk sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "jrockit r27.6.0-50", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.5.015" }, { "model": "processing kit for xml", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.16.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.19.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "enterprise linux as extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.10" }, { "model": "jdk 01", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6" }, { "model": "cosminexus studio web edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-0" }, { "model": "nonstop server j06.08.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.15.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.06" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "cosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "java ibm 64-bit sdk for z/os", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "nonstop server j06.06.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk and jre", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.1" }, { "model": "java system web server sp7", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "6.1" }, { "model": "nonstop server j06.14", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "jrockit r27.6.2", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "jrockit r27.6.5", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.8" }, { "model": "nonstop server j06.09.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.26", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "glassfish server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.0" }, { "model": "nonstop server j06.04.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura system platform sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.2" }, { "model": "nonstop server j06.13", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "linux enterprise server sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "weblogic server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.1.10" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.1" }, { "model": "nonstop server j06.09.04", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "iplanet web server", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "7.0" }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "linux enterprise server sp2", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.2" }, { "model": "meeting exchange sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.0" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0.0.52" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "java system application server", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "8.2" }, { "model": "cosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "nonstop server h06.18.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.15.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.22.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.014" }, { "model": "cosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server j06.12.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ir", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "jrockit r27.6.9", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server j06.05.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.011" }, { "model": "nonstop server j06.08.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.09.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jrockit r27.6.3", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "nonstop server j06.16", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus client for plug-in", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "java se sr6", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "nonstop server j6.0.14.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.2" }, { "model": "enterprise linux desktop supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "jrockit r27.1.0", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.3" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "010" }, { "model": "enterprise linux supplementary server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "glassfish server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2.0" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "jrockit r28.1.4", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "ucosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "ucosminexus service platform messaging", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-0" }, { "model": "voice portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "nonstop server j06.07.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2011" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "nonstop server j06.09.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "java system web server sp5", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "6.1" }, { "model": "jrockit r28.0.0", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "meeting exchange sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "nonstop server j06.10.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "enterprise linux desktop client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "jrockit r27.6.6", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "nonstop server j06.06.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.012" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "nonstop server h06.24.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.4" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "jrockit r27.6.8", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "nonstop server h06.25", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "java system web server sp8", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "6.1" }, { "model": "messaging storage server sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.04" }, { "model": "ucosminexus application server light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.15.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "java system web server sp4", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "6.1" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "jrockit r27.7.1", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "java system web server sp10", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "6.1" }, { "model": "glassfish server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.1" }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "enterprise linux ws extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "java se sr9", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0" }, { "model": "jrockit r28.1.1", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.5" }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "nonstop server j06.07.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "enterprise linux es extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "message networking sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "linux enterprise server for vmware sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "xp p9000 performance advisor", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5.5.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.010" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.013" }, { "model": "java system web server sp2", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "6.1" }, { "model": "jrockit r27.6.4", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "nonstop server j06.08.04", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.08.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura system manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "messaging storage server sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "enterprise server x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.015" }, { "model": "nonstop server h06.15.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.24", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.018" }, { "model": "cosminexus primary server base", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.019" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" }, { "model": "nonstop server h06.16.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus developer professional for plug-in", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.18.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.20.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.0" }, { "model": "enterprise linux hpc node optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.6" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "java ibm 31-bit sdk for z/os", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5" }, { "model": "nonstop server j06.13.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.1" }, { "model": "nonstop server h06.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.3" }, { "model": "enterprise server", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "nonstop server h06.19.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "java se sr7", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "communication manager sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.5" }, { "model": "esx", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.1" }, { "model": "nonstop server", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6" }, { "model": "jrockit r28.0.1", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "call management system r", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "15.0" }, { "model": "glassfish server ur1 po1", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.3" }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "weblogic server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10.3.3" }, { "model": "nonstop server h06.22.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "enterprise linux workstation optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "jrockit r28.1.3", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.1" }, { "model": "communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.2" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "weblogic server 11gr1", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.020" }, { "model": "iplanet webserver", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7.0" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "cosminexus studio standard edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-0" }, { "model": "nonstop server h06.19.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "linux enterprise server sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.03" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6" }, { "model": "glassfish server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2.1" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.6" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.7" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.05" }, { "model": "linux enterprise sdk sp2", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.1" }, { "model": "nonstop server j06.11.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "java se sr9-fp2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0" }, { "model": "java system web server", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "6.1" }, { "model": "virtual desktop infrastructure", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.2" }, { "model": "nonstop server j06.15", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2011" }, { "model": "messaging application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "glassfish server ur1", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.0" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.21.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jrockit r27.6.7", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.8" }, { "model": "nonstop server h06.20.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.3" }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "rational synergy", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.3" }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "jrockit r27.6.0", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-80" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "cosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "glassfish server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.1" }, { "model": "messaging storage server sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "nonstop server j06.05.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "java system web server sp3", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "6.1" }, { "model": "application server 10g r3", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10.1.3.5.0" }, { "model": "nonstop server j06.07.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "java system application server", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "8.1" }, { "model": "nonstop server h06.21.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server h06.19.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "linux enterprise java sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.10" }, { "model": "xp p9000 performance advisor", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.4.1" }, { "model": "ucosminexus application server smart edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.7" }, { "model": "nonstop server j06.11.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.26.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "cosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.021" }, { "model": "jdk and jre", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.0.1" }, { "model": "enterprise linux server optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "desktop extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "nonstop server j06.04.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura conferencing sp1 standard", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "java se sr5", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "nonstop server j06.04.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "nonstop server j06.06.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus primary server base", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.016" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.8" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "nonstop server h06.21.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.07" }, { "model": "nonstop server j06.06.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.17.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "call management system r", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "16.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.1" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "network node manager i", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.1" }, { "model": "aura system platform sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "linux enterprise desktop sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "jdk 1.6.0 01-b06", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "cosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "rational synergy", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.2" }, { "model": "virtual desktop infrastructure", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.3" }, { "model": "nonstop server h06.20.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "conferencing standard edition", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "nonstop server j06.10.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "enterprise linux desktop optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "nonstop server h06.17.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.017" }, { "model": "enterprise linux hpc node supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux desktop supplementary client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "ucosminexus application server standard-r", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "java system web server sp11", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "6.1" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "nonstop server h06.16.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rational synergy", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.5" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.4" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "java system web server sp1", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "6.1" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "nonstop server j06.05.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7" }, { "model": "linux enterprise java sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "java se sr1", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7" }, { "model": "nonstop server h06.20.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cosminexus developer no version", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "nonstop server j06.09.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "linux enterprise desktop sp1 for sp2", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "nonstop server h06.17.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.08.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "aura conferencing standard", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "rational synergy", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.6" }, { "model": "nonstop server j06.10.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "java system web server sp6", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "6.1" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "nonstop server h06.25.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.18.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cosminexus application server no version", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "weblogic server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10.3.60" }, { "model": "nonstop server h06.27", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "java se sr10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "nonstop server h06.17.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.14.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.2" } ], "sources": [ { "db": "CERT/CC", "id": "VU#903934" }, { "db": "BID", "id": "51194" }, { "db": "JVNDB", "id": "JVNDB-2011-003567" }, { "db": "CNNVD", "id": "CNNVD-201112-502" }, { "db": "NVD", "id": "CVE-2011-5035" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/o:apple:mac_os_x", "vulnerable": true }, { "cpe22Uri": "cpe:/o:apple:mac_os_x_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:oracle:java_system_web_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:oracle:application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:oracle:communications_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:oracle:glassfish_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:oracle:iplanet_web_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:oracle:jrockit", "vulnerable": true }, { "cpe22Uri": "cpe:/a:oracle:java_system_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:oracle:weblogic_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hp:xp_9000_performance_advisor_software", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_client", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_developer", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_developers_kit_for_java", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_primary_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_studio", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:hirdb_for_java_xml", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:hitachi_developers_kit_for_java", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:processing_kit_for_xml", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_client", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_operator", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_portal_framework", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_primary_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_service", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:internet_navigware_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_development_cycle_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_framework_suite", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_form_coordinator_workflow", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_job_workload_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_list_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_list_works", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_service_integrator", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_shunsaku_data_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_web_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_xml_business_activity_recorder", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:serverview", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:success_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_availability_view", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_desktop_inspection", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_it_change_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_it_process_master", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_operation_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_runbook_automation", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_service_catalog_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_service_quality_coordinator", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_software_configuration_manager", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-003567" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Alexander Klink, n.runs AG and Julian W?lde, Technische Universit?t Darmstadt", "sources": [ { "db": "CNNVD", "id": "CNNVD-201112-500" } ], "trust": 0.6 }, "cve": "CVE-2011-5035", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2011-5035", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2011-5035", "trust": 1.0, "value": "MEDIUM" }, { "author": "CARNEGIE MELLON", "id": "VU#903934", "trust": 0.8, "value": "10.80" }, { "author": "NVD", "id": "CVE-2011-5035", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-201112-502", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2011-5035", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CERT/CC", "id": "VU#903934" }, { "db": "VULMON", "id": "CVE-2011-5035" }, { "db": "JVNDB", "id": "JVNDB-2011-003567" }, { "db": "CNNVD", "id": "CNNVD-201112-502" }, { "db": "NVD", "id": "CVE-2011-5035" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka Oracle security ticket S0104869. Some programming language implementations do not sufficiently randomize their hash functions or provide means to limit key collision attacks, which can be leveraged by an unauthenticated attacker to cause a denial-of-service (DoS) condition. Oracle Glassfish Calculates the hash value of the form parameter without restricting the assumption of hash collision. (CPU Resource consumption ) There is a vulnerability that becomes a condition.A third party can send a large amount of crafted parameters to disrupt service operation. (CPU Resource consumption ) There is a possibility of being put into a state. Oracle GlassFish Server is prone to a denial-of-service vulnerability. \nAn attacker can exploit this issue by sending specially crafted forms in HTTP POST requests. \nOracle GlassFish Server 3.1.1 and prior versions are vulnerable. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2012-04-03-1 Java for OS X 2012-001 and\nJava for Mac OS X 10.6 Update 7\n\nJava for OS X 2012-001 and Java for Mac OS X 10.6 Update 7 is now\navailable and addresses the following:\n\nJava\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7.3, OS X Lion Server v10.7.3\nImpact: Multiple vulnerabilities in Java 1.6.0_29\nDescription: Multiple vulnerabilities exist in Java 1.6.0_29, the\nmost serious of which may allow an untrusted Java applet to execute\narbitrary code outside the Java sandbox. Visiting a web page\ncontaining a maliciously crafted untrusted Java applet may lead to\narbitrary code execution with the privileges of the current user. \nThese issues are addressed by updating to Java version 1.6.0_31. \nFurther information is available via the Java website at http://www.o\nracle.com/technetwork/java/javase/releasenotes-136954.html\nCVE-ID\nCVE-2011-3563\nCVE-2011-5035\nCVE-2012-0497\nCVE-2012-0498\nCVE-2012-0499\nCVE-2012-0500\nCVE-2012-0501\nCVE-2012-0502\nCVE-2012-0503\nCVE-2012-0505\nCVE-2012-0506\nCVE-2012-0507\n\n\nJava for OS X 2012-001 and Java for Mac OS X 10.6 Update 7\nmay be obtained from the Software Update pane in System Preferences,\nor Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nFor Mac OS X v10.6 systems\nThe download file is named: JavaForMacOSX10.6.dmg\nIts SHA-1 digest is: f76807153bc0ca253e4a466a2a8c0abf1e180667\n\nFor OS X Lion systems\nThe download file is named: JavaForOSX.dmg\nIts SHA-1 digest is: 176ac1f8e79b4245301e84b616de5105ccd13e16\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.17 (Darwin)\nComment: GPGTools - http://gpgtools.org\n\niQEcBAEBAgAGBQJPezVqAAoJEGnF2JsdZQee7gIIALa7b5hVTKL7kOXF7EYT6wjx\nVnAmxoQbjEwpBkdzPzqqhCQ303/iBdLdHr2O/yxdaX0tFuB+5+4iInPU2t6O+PNh\n7iJ3rhQszzIj5q/qGDXyzIQEjurNfvrEKAxQ3T7uj1At+n/9YVBaw8p6i+HopbRc\nFo6Jrxy0Qf/MyeGO4lqxht2Aq8omh+pEBNP68EglqrJp/CjZTYGaFAHVGvnm8/gA\nwjcpIRQBacXcBCJ3K8pZhuQvXhm+GVLWYgc2KGsZ/l7jbQX5Bi67b7CFf7lBHlyd\nV7ss6N/0T/O3nspdhg+jhnvcaia1Ow3GikC/707NNkM8Dm3lm0DFVMBBgpNvPcU=\n=Pf96\n-----END PGP SIGNATURE-----\n. \n\nBackground\n==========\n\nIcedTea is a distribution of the Java OpenJDK source code built with\nfree build tools. ============================================================================\nUbuntu Security Notice USN-1373-2\nMarch 01, 2012\n\nopenjdk-6b18 vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 11.04\n- Ubuntu 10.10\n- Ubuntu 10.04 LTS\n\nSummary:\n\nMultiple vulnerabilities in OpenJDK 6 for the ARM architecture have\nbeen fixed. \n\nSoftware Description:\n- openjdk-6b18: Open Source Java implementation\n\nDetails:\n\nUSN 1373-1 fixed vulnerabilities in OpenJDK 6 in Ubuntu 10.04 LTS,\nUbuntu 10.10 and Ubuntu 11.04 for all architectures except for ARM\n(armel). This provides the corresponding OpenJDK 6 update for use\nwith the ARM (armel) architecture in Ubuntu 10.04 LTS, Ubuntu 10.10\nand Ubuntu 11.04. A remote attacker could\n cause a denial of service by sending special requests that trigger\n hash collisions predictably. This may be increased\n by adjusting the sun.net.httpserver.maxReqHeaders property. (CVE-2012-0497)\n \n It was discovered that an off-by-one error exists in the Java ZIP\n file processing code. An attacker could us this to cause a denial of\n service through a maliciously crafted ZIP file. (CVE-2012-0507)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 11.04:\n icedtea-6-jre-cacao 6b18-1.8.13-0ubuntu1~11.04.1\n icedtea-6-jre-jamvm 6b18-1.8.13-0ubuntu1~11.04.1\n openjdk-6-jre 6b18-1.8.13-0ubuntu1~11.04.1\n openjdk-6-jre-headless 6b18-1.8.13-0ubuntu1~11.04.1\n openjdk-6-jre-zero 6b18-1.8.13-0ubuntu1~11.04.1\n\nUbuntu 10.10:\n icedtea-6-jre-cacao 6b18-1.8.13-0ubuntu1~10.10.1\n openjdk-6-jre 6b18-1.8.13-0ubuntu1~10.10.1\n openjdk-6-jre-headless 6b18-1.8.13-0ubuntu1~10.10.1\n openjdk-6-jre-zero 6b18-1.8.13-0ubuntu1~10.10.1\n\nUbuntu 10.04 LTS:\n icedtea-6-jre-cacao 6b18-1.8.13-0ubuntu1~10.04.1\n openjdk-6-jre 6b18-1.8.13-0ubuntu1~10.04.1\n openjdk-6-jre-headless 6b18-1.8.13-0ubuntu1~10.04.1\n openjdk-6-jre-zero 6b18-1.8.13-0ubuntu1~10.04.1\n\nAfter a standard system update you need to restart any Java applications\nor applets to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20566.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c03350339\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c03350339\nVersion: 1\n\nHPSBUX02784 SSRT100871 rev.1 - HP-UX Running Java, Remote Unauthorized\nAccess, Disclosure of Information, and Other Vulnerabilities\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2012-05-30\nLast Updated: 2012-05-29\n\n- -----------------------------------------------------------------------------\n\nPotential Security Impact: Remote unauthorized access, disclosure of\ninformation, and other vulnerabilities\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified in Java Runtime\nEnvironment (JRE) and Java Developer Kit (JDK) running on HP-UX. These\nvulnerabilities could allow remote unauthorized access, disclosure of\ninformation, and other vulnerabilities. \n\nReferences: CVE-2011-3563, CVE-2011-5035, CVE-2012-0497, CVE-2012-0498,\nCVE-2012-0499, CVE-2012-0500, CVE-2012-0501, CVE-2012-0502, CVE-2012-0503,\nCVE-2012-0504, CVE-2012-0505, CVE-2012-0506, CVE-2012-0507\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.23, B.11.31 running HP JDK and JRE 7.0.0\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2011-3563 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4\nCVE-2011-5035 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2012-0497 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2012-0498 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2012-0499 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2012-0500 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2012-0501 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2012-0502 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4\nCVE-2012-0503 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2012-0504 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\nCVE-2012-0505 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2012-0506 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2012-0507 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following Java version upgrade to resolve these\nvulnerabilities. \nThe upgrade is available from the following location\n\nhttp://www.hp.com/go/java\n\nHP-UX B.11.23, B.11.31\n JDK and JRE v7.0.01 or subsequent\n\nMANUAL ACTIONS: Yes - Update\nFor Java v7.0.0, update to Java v7.0.01 or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.23\nHP-UX B.11.31\n===========\nJdk70.JDK70-COM\nJdk70.JDK70-DEMO\nJdk70.JDK70-IPF32\nJdk70.JDK70-IPF64\nJre70.JRE70-COM\nJre70.JRE70-IPF32\nJre70.JRE70-IPF32-HS\nJre70.JRE70-IPF64\nJre70.JRE70-IPF64-HS\naction: install revision 1.7.0.01 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) 30 May 2012 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin List: A list of HP Security Bulletins, updated\nperiodically, is contained in HP Security Notice HPSN-2011-001:\nhttps://h20566.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c02964430\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttp://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2012 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits;damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n \n Fix in AtomicReferenceArray (CVE-2011-3571). \n \n Multiple unspecified vulnerabilities allows remote attackers to affect\n confidentiality, integrity, and availability via unknown vectors\n (CVE-2012-0498. CVE-2012-0499, CVE-2012-0500). \n \n Issues with some KeyboardFocusManager method (CVE-2012-0502). \n \n Issues with TimeZone class (CVE-2012-0503). \n \n Enhance exception throwing mechanism in ObjectStreamClass\n (CVE-2012-0505). \n \n Issues with some method in corba (CVE-2012-0506). The verification\n of md5 checksums and GPG signatures is performed automatically for you. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.11 (GNU/Linux)\n\niD8DBQFPPnJ1mqjQ0CJFipgRAsShAJ9uLjzWi9Y8x/myvScmQfUPwRh8RACg22f9\nNSDNWCT+JqEyYHUExPAwR58=\n=cwgS\n-----END PGP SIGNATURE-----\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201401-30\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: Oracle JRE/JDK: Multiple vulnerabilities\n Date: January 27, 2014\n Bugs: #404071, #421073, #433094, #438706, #451206, #455174,\n #458444, #460360, #466212, #473830, #473980, #488210, #498148\n ID: 201401-30\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in the Oracle JRE/JDK,\nallowing attackers to cause unspecified impact. \n\nBackground\n==========\n\nThe Oracle Java Development Kit (JDK) (formerly known as Sun JDK) and\nthe Oracle Java Runtime Environment (JRE) (formerly known as Sun JRE)\nprovide the Oracle Java platform (formerly known as Sun Java Platform). \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-java/sun-jdk \u003c= 1.6.0.45 Vulnerable!\n 2 dev-java/oracle-jdk-bin \u003c 1.7.0.51 \u003e= 1.7.0.51 *\n 3 dev-java/sun-jre-bin \u003c= 1.6.0.45 Vulnerable!\n 4 dev-java/oracle-jre-bin \u003c 1.7.0.51 \u003e= 1.7.0.51 *\n 5 app-emulation/emul-linux-x86-java\n \u003c 1.7.0.51 \u003e= 1.7.0.51 *\n -------------------------------------------------------------------\n NOTE: Certain packages are still vulnerable. Users should migrate\n to another package if one is available or wait for the\n existing packages to be marked stable by their\n architecture maintainers. \n -------------------------------------------------------------------\n NOTE: Packages marked with asterisks require manual intervention!\n -------------------------------------------------------------------\n 5 affected packages\n\nDescription\n===========\n\nMultiple vulnerabilities have been reported in the Oracle Java\nimplementation. Please review the CVE identifiers referenced below for\ndetails. \n\nImpact\n======\n\nAn unauthenticated, remote attacker could exploit these vulnerabilities\nto execute arbitrary code. \nFurthermore, a local or remote attacker could exploit these\nvulnerabilities to cause unspecified impact, possibly including remote\nexecution of arbitrary code. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Oracle JDK 1.7 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=dev-java/oracle-jdk-bin-1.7.0.51\"\n\nAll Oracle JRE 1.7 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=dev-java/oracle-jre-bin-1.7.0.51\"\n\nAll users of the precompiled 32-bit Oracle JRE should upgrade to the\nlatest version:\n\n # emerge --sync\n # emerge -a -1 -v \"\u003e=app-emulation/emul-linux-x86-java-1.7.0.51\"\n\nAll Sun Microsystems JDK/JRE 1.6 users are suggested to upgrade to one\nof the newer Oracle packages like dev-java/oracle-jdk-bin or\ndev-java/oracle-jre-bin or choose another alternative we provide; eg. \nthe IBM JDK/JRE or the open source IcedTea. \n\nNOTE: As Oracle has revoked the DLJ license for its Java\nimplementation, the packages can no longer be updated automatically. \n\nReferences\n==========\n\n[ 1 ] CVE-2011-3563\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3563\n[ 2 ] CVE-2011-5035\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5035\n[ 3 ] CVE-2012-0497\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0497\n[ 4 ] CVE-2012-0498\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0498\n[ 5 ] CVE-2012-0499\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0499\n[ 6 ] CVE-2012-0500\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0500\n[ 7 ] CVE-2012-0501\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0501\n[ 8 ] CVE-2012-0502\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0502\n[ 9 ] CVE-2012-0503\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0503\n[ 10 ] CVE-2012-0504\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0504\n[ 11 ] CVE-2012-0505\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0505\n[ 12 ] CVE-2012-0506\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0506\n[ 13 ] CVE-2012-0507\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0507\n[ 14 ] CVE-2012-0547\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0547\n[ 15 ] CVE-2012-1531\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1531\n[ 16 ] CVE-2012-1532\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1532\n[ 17 ] CVE-2012-1533\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1533\n[ 18 ] CVE-2012-1541\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1541\n[ 19 ] CVE-2012-1682\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1682\n[ 20 ] CVE-2012-1711\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1711\n[ 21 ] CVE-2012-1713\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1713\n[ 22 ] CVE-2012-1716\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1716\n[ 23 ] CVE-2012-1717\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1717\n[ 24 ] CVE-2012-1718\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1718\n[ 25 ] CVE-2012-1719\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1719\n[ 26 ] CVE-2012-1721\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1721\n[ 27 ] CVE-2012-1722\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1722\n[ 28 ] CVE-2012-1723\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1723\n[ 29 ] CVE-2012-1724\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1724\n[ 30 ] CVE-2012-1725\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1725\n[ 31 ] CVE-2012-1726\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1726\n[ 32 ] CVE-2012-3136\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3136\n[ 33 ] CVE-2012-3143\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3143\n[ 34 ] CVE-2012-3159\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3159\n[ 35 ] CVE-2012-3174\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3174\n[ 36 ] CVE-2012-3213\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3213\n[ 37 ] CVE-2012-3216\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3216\n[ 38 ] CVE-2012-3342\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3342\n[ 39 ] CVE-2012-4416\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4416\n[ 40 ] CVE-2012-4681\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4681\n[ 41 ] CVE-2012-5067\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5067\n[ 42 ] CVE-2012-5068\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5068\n[ 43 ] CVE-2012-5069\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5069\n[ 44 ] CVE-2012-5070\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5070\n[ 45 ] CVE-2012-5071\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5071\n[ 46 ] CVE-2012-5072\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5072\n[ 47 ] CVE-2012-5073\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5073\n[ 48 ] CVE-2012-5074\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5074\n[ 49 ] CVE-2012-5075\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5075\n[ 50 ] CVE-2012-5076\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5076\n[ 51 ] CVE-2012-5077\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5077\n[ 52 ] CVE-2012-5079\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5079\n[ 53 ] CVE-2012-5081\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5081\n[ 54 ] CVE-2012-5083\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5083\n[ 55 ] CVE-2012-5084\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5084\n[ 56 ] CVE-2012-5085\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5085\n[ 57 ] CVE-2012-5086\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5086\n[ 58 ] CVE-2012-5087\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5087\n[ 59 ] CVE-2012-5088\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5088\n[ 60 ] CVE-2012-5089\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5089\n[ 61 ] CVE-2013-0169\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0169\n[ 62 ] CVE-2013-0351\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0351\n[ 63 ] CVE-2013-0401\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0401\n[ 64 ] CVE-2013-0402\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0402\n[ 65 ] CVE-2013-0409\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0409\n[ 66 ] CVE-2013-0419\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0419\n[ 67 ] CVE-2013-0422\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0422\n[ 68 ] CVE-2013-0423\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0423\n[ 69 ] CVE-2013-0430\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0430\n[ 70 ] CVE-2013-0437\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0437\n[ 71 ] CVE-2013-0438\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0438\n[ 72 ] CVE-2013-0445\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0445\n[ 73 ] CVE-2013-0446\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0446\n[ 74 ] CVE-2013-0448\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0448\n[ 75 ] CVE-2013-0449\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0449\n[ 76 ] CVE-2013-0809\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0809\n[ 77 ] CVE-2013-1473\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1473\n[ 78 ] CVE-2013-1479\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1479\n[ 79 ] CVE-2013-1481\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1481\n[ 80 ] CVE-2013-1484\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1484\n[ 81 ] CVE-2013-1485\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1485\n[ 82 ] CVE-2013-1486\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1486\n[ 83 ] CVE-2013-1487\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1487\n[ 84 ] CVE-2013-1488\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1488\n[ 85 ] CVE-2013-1491\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1491\n[ 86 ] CVE-2013-1493\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1493\n[ 87 ] CVE-2013-1500\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1500\n[ 88 ] CVE-2013-1518\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1518\n[ 89 ] CVE-2013-1537\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1537\n[ 90 ] CVE-2013-1540\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1540\n[ 91 ] CVE-2013-1557\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1557\n[ 92 ] CVE-2013-1558\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1558\n[ 93 ] CVE-2013-1561\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1561\n[ 94 ] CVE-2013-1563\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1563\n[ 95 ] CVE-2013-1564\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1564\n[ 96 ] CVE-2013-1569\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1569\n[ 97 ] CVE-2013-1571\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1571\n[ 98 ] CVE-2013-2383\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2383\n[ 99 ] CVE-2013-2384\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2384\n[ 100 ] CVE-2013-2394\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2394\n[ 101 ] CVE-2013-2400\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2400\n[ 102 ] CVE-2013-2407\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2407\n[ 103 ] CVE-2013-2412\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2412\n[ 104 ] CVE-2013-2414\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2414\n[ 105 ] CVE-2013-2415\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2415\n[ 106 ] CVE-2013-2416\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2416\n[ 107 ] CVE-2013-2417\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2417\n[ 108 ] CVE-2013-2418\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2418\n[ 109 ] CVE-2013-2419\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2419\n[ 110 ] CVE-2013-2420\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2420\n[ 111 ] CVE-2013-2421\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2421\n[ 112 ] CVE-2013-2422\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2422\n[ 113 ] CVE-2013-2423\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2423\n[ 114 ] CVE-2013-2424\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2424\n[ 115 ] CVE-2013-2425\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2425\n[ 116 ] CVE-2013-2426\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2426\n[ 117 ] CVE-2013-2427\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2427\n[ 118 ] CVE-2013-2428\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2428\n[ 119 ] CVE-2013-2429\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2429\n[ 120 ] CVE-2013-2430\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2430\n[ 121 ] CVE-2013-2431\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2431\n[ 122 ] CVE-2013-2432\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2432\n[ 123 ] CVE-2013-2433\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2433\n[ 124 ] CVE-2013-2434\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2434\n[ 125 ] CVE-2013-2435\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2435\n[ 126 ] CVE-2013-2436\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2436\n[ 127 ] CVE-2013-2437\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2437\n[ 128 ] CVE-2013-2438\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2438\n[ 129 ] CVE-2013-2439\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2439\n[ 130 ] CVE-2013-2440\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2440\n[ 131 ] CVE-2013-2442\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2442\n[ 132 ] CVE-2013-2443\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2443\n[ 133 ] CVE-2013-2444\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2444\n[ 134 ] CVE-2013-2445\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2445\n[ 135 ] CVE-2013-2446\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2446\n[ 136 ] CVE-2013-2447\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2447\n[ 137 ] CVE-2013-2448\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2448\n[ 138 ] CVE-2013-2449\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2449\n[ 139 ] CVE-2013-2450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2450\n[ 140 ] CVE-2013-2451\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2451\n[ 141 ] CVE-2013-2452\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2452\n[ 142 ] CVE-2013-2453\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2453\n[ 143 ] CVE-2013-2454\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2454\n[ 144 ] CVE-2013-2455\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2455\n[ 145 ] CVE-2013-2456\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2456\n[ 146 ] CVE-2013-2457\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2457\n[ 147 ] CVE-2013-2458\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2458\n[ 148 ] CVE-2013-2459\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2459\n[ 149 ] CVE-2013-2460\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2460\n[ 150 ] CVE-2013-2461\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2461\n[ 151 ] CVE-2013-2462\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2462\n[ 152 ] CVE-2013-2463\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2463\n[ 153 ] CVE-2013-2464\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2464\n[ 154 ] CVE-2013-2465\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2465\n[ 155 ] CVE-2013-2466\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2466\n[ 156 ] CVE-2013-2467\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2467\n[ 157 ] CVE-2013-2468\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2468\n[ 158 ] CVE-2013-2469\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2469\n[ 159 ] CVE-2013-2470\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2470\n[ 160 ] CVE-2013-2471\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2471\n[ 161 ] CVE-2013-2472\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2472\n[ 162 ] CVE-2013-2473\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2473\n[ 163 ] CVE-2013-3743\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3743\n[ 164 ] CVE-2013-3744\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3744\n[ 165 ] CVE-2013-3829\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3829\n[ 166 ] CVE-2013-5772\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5772\n[ 167 ] CVE-2013-5774\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5774\n[ 168 ] CVE-2013-5775\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5775\n[ 169 ] CVE-2013-5776\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5776\n[ 170 ] CVE-2013-5777\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5777\n[ 171 ] CVE-2013-5778\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5778\n[ 172 ] CVE-2013-5780\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5780\n[ 173 ] CVE-2013-5782\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5782\n[ 174 ] CVE-2013-5783\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5783\n[ 175 ] CVE-2013-5784\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5784\n[ 176 ] CVE-2013-5787\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5787\n[ 177 ] CVE-2013-5788\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5788\n[ 178 ] CVE-2013-5789\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5789\n[ 179 ] CVE-2013-5790\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5790\n[ 180 ] CVE-2013-5797\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5797\n[ 181 ] CVE-2013-5800\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5800\n[ 182 ] CVE-2013-5801\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5801\n[ 183 ] CVE-2013-5802\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5802\n[ 184 ] CVE-2013-5803\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5803\n[ 185 ] CVE-2013-5804\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5804\n[ 186 ] CVE-2013-5805\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5805\n[ 187 ] CVE-2013-5806\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5806\n[ 188 ] CVE-2013-5809\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5809\n[ 189 ] CVE-2013-5810\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5810\n[ 190 ] CVE-2013-5812\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5812\n[ 191 ] CVE-2013-5814\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5814\n[ 192 ] CVE-2013-5817\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5817\n[ 193 ] CVE-2013-5818\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5818\n[ 194 ] CVE-2013-5819\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5819\n[ 195 ] CVE-2013-5820\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5820\n[ 196 ] CVE-2013-5823\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5823\n[ 197 ] CVE-2013-5824\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5824\n[ 198 ] CVE-2013-5825\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5825\n[ 199 ] CVE-2013-5829\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5829\n[ 200 ] CVE-2013-5830\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5830\n[ 201 ] CVE-2013-5831\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5831\n[ 202 ] CVE-2013-5832\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5832\n[ 203 ] CVE-2013-5838\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5838\n[ 204 ] CVE-2013-5840\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5840\n[ 205 ] CVE-2013-5842\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5842\n[ 206 ] CVE-2013-5843\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5843\n[ 207 ] CVE-2013-5844\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5844\n[ 208 ] CVE-2013-5846\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5846\n[ 209 ] CVE-2013-5848\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5848\n[ 210 ] CVE-2013-5849\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5849\n[ 211 ] CVE-2013-5850\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5850\n[ 212 ] CVE-2013-5851\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5851\n[ 213 ] CVE-2013-5852\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5852\n[ 214 ] CVE-2013-5854\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5854\n[ 215 ] CVE-2013-5870\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5870\n[ 216 ] CVE-2013-5878\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5878\n[ 217 ] CVE-2013-5887\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5887\n[ 218 ] CVE-2013-5888\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5888\n[ 219 ] CVE-2013-5889\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5889\n[ 220 ] CVE-2013-5893\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5893\n[ 221 ] CVE-2013-5895\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5895\n[ 222 ] CVE-2013-5896\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5896\n[ 223 ] CVE-2013-5898\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5898\n[ 224 ] CVE-2013-5899\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5899\n[ 225 ] CVE-2013-5902\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5902\n[ 226 ] CVE-2013-5904\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5904\n[ 227 ] CVE-2013-5905\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5905\n[ 228 ] CVE-2013-5906\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5906\n[ 229 ] CVE-2013-5907\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5907\n[ 230 ] CVE-2013-5910\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5910\n[ 231 ] CVE-2014-0368\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0368\n[ 232 ] CVE-2014-0373\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0373\n[ 233 ] CVE-2014-0375\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0375\n[ 234 ] CVE-2014-0376\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0376\n[ 235 ] CVE-2014-0382\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0382\n[ 236 ] CVE-2014-0385\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0385\n[ 237 ] CVE-2014-0387\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0387\n[ 238 ] CVE-2014-0403\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0403\n[ 239 ] CVE-2014-0408\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0408\n[ 240 ] CVE-2014-0410\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0410\n[ 241 ] CVE-2014-0411\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0411\n[ 242 ] CVE-2014-0415\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0415\n[ 243 ] CVE-2014-0416\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0416\n[ 244 ] CVE-2014-0417\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0417\n[ 245 ] CVE-2014-0418\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0418\n[ 246 ] CVE-2014-0422\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0422\n[ 247 ] CVE-2014-0423\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0423\n[ 248 ] CVE-2014-0424\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0424\n[ 249 ] CVE-2014-0428\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0428\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201401-30.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ----------------------------------------------------------------------\n\nSecunia is hiring!\n\nFind your next job here:\n\nhttp://secunia.com/company/jobs/\n\n----------------------------------------------------------------------\n\nTITLE:\nOracle Multiple Products Web Form Hash Collision Denial of Service\nVulnerability\n\nSECUNIA ADVISORY ID:\nSA47819\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/47819/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47819\n\nRELEASE DATE:\n2012-02-01\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/47819/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/47819/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47819\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in multiple Oracle products, which\ncan be exploited by malicious people to cause a DoS (Denial of\nService). \n\nThe vulnerability is caused due to an error within a hash generation\nfunction when hashing form posts and updating a hash table. \n\nThe vulnerability is reported in the following products:\n* Oracle Application Server 10g Release 3 version 10.1.3.5.0. \n* Oracle iPlanet Web Server 7.0. \n* Oracle iPlanet Web Server (formerly Oracle Java System Web Server)\n6.1. \n\nSOLUTION:\nApply patch. \n\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nhttp://www.oracle.com/technetwork/topics/security/alert-cve-2011-5035-1506603.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: java-1.6.0-openjdk security update\nAdvisory ID: RHSA-2012:0322-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2012-0322.html\nIssue date: 2012-02-21\nCVE Names: CVE-2011-3563 CVE-2011-3571 CVE-2011-5035 \n CVE-2012-0497 CVE-2012-0501 CVE-2012-0502 \n CVE-2012-0503 CVE-2012-0505 CVE-2012-0506 \n=====================================================================\n\n1. Summary:\n\nUpdated java-1.6.0-openjdk packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 5. \n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux (v. 5 server) - i386, x86_64\nRed Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64\n\n3. Description:\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit. \n\nIt was discovered that Java2D did not properly check graphics rendering\nobjects before passing them to the native renderer. Malicious input, or an\nuntrusted Java application or applet could use this flaw to crash the Java\nVirtual Machine (JVM), or bypass Java sandbox restrictions. (CVE-2012-0497)\n\nIt was discovered that the exception thrown on deserialization failure did\nnot always contain a proper identification of the cause of the failure. An\nuntrusted Java application or applet could use this flaw to bypass Java\nsandbox restrictions. (CVE-2012-0505)\n\nThe AtomicReferenceArray class implementation did not properly check if\nthe array was of the expected Object[] type. A malicious Java application\nor applet could use this flaw to bypass Java sandbox restrictions. \n(CVE-2011-3571)\n\nIt was discovered that the use of TimeZone.setDefault() was not restricted\nby the SecurityManager, allowing an untrusted Java application or applet to\nset a new default time zone, and hence bypass Java sandbox restrictions. \n(CVE-2012-0503)\n\nThe HttpServer class did not limit the number of headers read from HTTP\nrequests. A remote attacker could use this flaw to make an application\nusing HttpServer use an excessive amount of CPU time via a\nspecially-crafted request. This update introduces a header count limit\ncontrolled using the sun.net.httpserver.maxReqHeaders property. The default\nvalue is 200. (CVE-2011-5035)\n\nThe Java Sound component did not properly check buffer boundaries. \nMalicious input, or an untrusted Java application or applet could use this\nflaw to cause the Java Virtual Machine (JVM) to crash or disclose a portion\nof its memory. (CVE-2011-3563)\n\nA flaw was found in the AWT KeyboardFocusManager that could allow an\nuntrusted Java application or applet to acquire keyboard focus and possibly\nsteal sensitive information. (CVE-2012-0502)\n\nIt was discovered that the CORBA (Common Object Request Broker\nArchitecture) implementation in Java did not properly protect repository\nidentifiers on certain CORBA objects. This could have been used to modify\nimmutable object data. (CVE-2012-0506)\n\nAn off-by-one flaw, causing a stack overflow, was found in the unpacker for\nZIP files. A specially-crafted ZIP archive could cause the Java Virtual\nMachine (JVM) to crash when opened. (CVE-2012-0501)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.10.6. Refer to\nthe NEWS file, linked to in the References, for further information. \n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n788606 - CVE-2011-5035 OpenJDK: HttpServer no header count limit (Lightweight HTTP Server, 7126960)\n788624 - CVE-2012-0501 OpenJDK: off-by-one bug in ZIP reading code (JRE, 7118283)\n788976 - CVE-2012-0503 OpenJDK: unrestricted use of TimeZone.setDefault() (i18n, 7110687)\n788994 - CVE-2011-3571 OpenJDK: AtomicReferenceArray insufficient array type check (Concurrency, 7082299)\n789295 - CVE-2011-3563 OpenJDK: JavaSound incorrect bounds check (Sound, 7088367)\n789297 - CVE-2012-0502 OpenJDK: KeyboardFocusManager focus stealing (AWT, 7110683)\n789299 - CVE-2012-0505 OpenJDK: incomplete info in the deserialization exception (Serialization, 7110700)\n789300 - CVE-2012-0506 OpenJDK: mutable repository identifiers (CORBA, 7110704)\n789301 - CVE-2012-0497 OpenJDK: insufficient checking of the graphics rendering object (2D, 7112642)\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 5 client):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.25.1.10.6.el5_8.src.rpm\n\ni386:\njava-1.6.0-openjdk-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm\n\nx86_64:\njava-1.6.0-openjdk-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm\n\nRed Hat Enterprise Linux (v. 5 server):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.25.1.10.6.el5_8.src.rpm\n\ni386:\njava-1.6.0-openjdk-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm\n\nx86_64:\njava-1.6.0-openjdk-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and \ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2011-3563.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3571.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-5035.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0497.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0501.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0502.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0503.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0505.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0506.html\nhttps://access.redhat.com/security/updates/classification/#important\nhttp://icedtea.classpath.org/hg/release/icedtea6-1.10/file/icedtea6-1.10.6/NEWS\nhttp://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2012 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFPRBvTXlSAg2UNWIIRArkfAJ9B74k5cUjTIZGepTvbu+3kEcMpIgCgo2FR\neIi8N5jfo4lIBLPu4EKFpVo=\n=ChsF\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n", "sources": [ { "db": "NVD", "id": "CVE-2011-5035" }, { "db": "CERT/CC", "id": "VU#903934" }, { "db": "JVNDB", "id": "JVNDB-2011-003567" }, { "db": "BID", "id": "51194" }, { "db": "VULMON", "id": "CVE-2011-5035" }, { "db": "PACKETSTORM", "id": "110181" }, { "db": "PACKETSTORM", "id": "111594" }, { "db": "PACKETSTORM", "id": "127267" }, { "db": "PACKETSTORM", "id": "112144" }, { "db": "PACKETSTORM", "id": "110365" }, { "db": "PACKETSTORM", "id": "113170" }, { "db": "PACKETSTORM", "id": "109918" }, { "db": "PACKETSTORM", "id": "124943" }, { "db": "PACKETSTORM", "id": "109353" }, { "db": "PACKETSTORM", "id": "110035" } ], "trust": 3.6 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=2012", "trust": 0.1, "type": "exploit" } ], "sources": [ { "db": "VULMON", "id": "CVE-2011-5035" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2011-5035", "trust": 3.8 }, { "db": "CERT/CC", "id": "VU#903934", "trust": 3.3 }, { "db": "OCERT", "id": "OCERT-2011-003", "trust": 2.8 }, { "db": "SECUNIA", "id": "48589", "trust": 1.1 }, { "db": "SECUNIA", "id": "57126", "trust": 1.1 }, { "db": "SECUNIA", "id": "48073", "trust": 1.1 }, { "db": "SECUNIA", "id": "48074", "trust": 1.1 }, { "db": "SECUNIA", "id": "48950", "trust": 1.1 }, { "db": "BID", "id": "51194", "trust": 1.0 }, { "db": "JVNDB", "id": "JVNDB-2011-003567", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201112-500", "trust": 0.6 }, { "db": "NSFOCUS", "id": "19347", "trust": 0.6 }, { "db": "NSFOCUS", "id": "19819", "trust": 0.6 }, { "db": "NSFOCUS", "id": "19290", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201112-502", "trust": 0.6 }, { "db": "HITACHI", "id": "HS12-007", "trust": 0.3 }, { "db": "SECUNIA", "id": "47819", "trust": 0.2 }, { "db": "EXPLOIT-DB", "id": "2012", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2011-5035", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "110181", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "111594", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127267", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "112144", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "110365", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "113170", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "109918", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "124943", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "109353", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "110035", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#903934" }, { "db": "VULMON", "id": "CVE-2011-5035" }, { "db": "BID", "id": "51194" }, { "db": "JVNDB", "id": "JVNDB-2011-003567" }, { "db": "PACKETSTORM", "id": "110181" }, { "db": "PACKETSTORM", "id": "111594" }, { "db": "PACKETSTORM", "id": "127267" }, { "db": "PACKETSTORM", "id": "112144" }, { "db": "PACKETSTORM", "id": "110365" }, { "db": "PACKETSTORM", "id": "113170" }, { "db": "PACKETSTORM", "id": "109918" }, { "db": "PACKETSTORM", "id": "124943" }, { "db": "PACKETSTORM", "id": "109353" }, { "db": "PACKETSTORM", "id": "110035" }, { "db": "CNNVD", "id": "CNNVD-201112-500" }, { "db": "CNNVD", "id": "CNNVD-201112-502" }, { "db": "NVD", "id": "CVE-2011-5035" } ] }, "id": "VAR-201112-0123", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.26205936 }, "last_update_date": "2024-11-27T21:02:28.039000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "HT5228", "trust": 0.8, "url": "http://support.apple.com/kb/HT5228" }, { "title": "HT1338", "trust": 0.8, "url": "http://support.apple.com/kb/HT1338?viewlocale=ja_JP" }, { "title": "HT5228", "trust": 0.8, "url": "http://support.apple.com/kb/HT5228?viewlocale=ja_JP" }, { "title": "HS12-007", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-007/index.html" }, { "title": "HPSBST02955 SSRT101157", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c04047415" }, { "title": "Text Form of Oracle Critical Patch Update - January 2013 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujan2013verbose-1897756.html" }, { "title": "Oracle Critical Patch Update Advisory - April 2012", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" }, { "title": "Oracle Critical Patch Update Advisory - January 2012", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html" }, { "title": "Oracle Critical Patch Update Advisory - January 2013", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html" }, { "title": "Oracle Security Alert for CVE-2011-5035", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2011-5035-1506603.html" }, { "title": "RHSA-2013:1455", "trust": 0.8, "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html" }, { "title": "January 2012 Critical Patch Update Released", "trust": 0.8, "url": "http://blogs.oracle.com/security/entry/january_2012_critical_patch_update" }, { "title": "January 2013 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/january_2013_critical_patch_update" }, { "title": "interstage_as_201201", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_201201.html" }, { "title": "HS12-007", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-007/index.html" }, { "title": "Red Hat: Important: java-1.6.0-openjdk security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120322 - Security Advisory" }, { "title": "Red Hat: Critical: java-1.6.0-openjdk security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120135 - Security Advisory" }, { "title": "Red Hat: Critical: java-1.6.0-sun security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120139 - Security Advisory" }, { "title": "Red Hat: Critical: java-1.6.0-ibm security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120514 - Security Advisory" }, { "title": "Ubuntu Security Notice: openjdk-6b18 vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1373-2" }, { "title": "Ubuntu Security Notice: openjdk-6 vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1373-1" }, { "title": "Amazon Linux AMI: ALAS-2012-043", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2012-043" }, { "title": "Red Hat: Low: Red Hat Network Satellite server IBM Java Runtime security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20131455 - Security Advisory" }, { "title": "Threatpost", "trust": 0.1, "url": "https://threatpost.com/oracle-patches-88-vulnerabilities-including-some-allow-remote-exploits-without-authentication/76457/" }, { "title": "welivesecurity", "trust": 0.1, "url": "https://www.welivesecurity.com/2012/04/05/mac-flashback-trojan-java-update/" } ], "sources": [ { "db": "VULMON", "id": "CVE-2011-5035" }, { "db": "JVNDB", "id": "JVNDB-2011-003567" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-003567" }, { "db": "NVD", "id": "CVE-2011-5035" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.8, "url": "http://www.ocert.org/advisories/ocert-2011-003.html" }, { "trust": 2.8, "url": "http://www.nruns.com/_downloads/advisory28122011.pdf" }, { "trust": 2.5, "url": "http://www.kb.cert.org/vuls/id/903934" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" }, { "trust": 1.2, "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" }, { "trust": 1.2, "url": "http://rhn.redhat.com/errata/rhsa-2012-0514.html" }, { "trust": 1.1, "url": "https://github.com/firefart/hashcollision-dos-poc/blob/master/hashtablepoc.py" }, { "trust": 1.1, "url": "http://secunia.com/advisories/48589" }, { "trust": 1.1, "url": "http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html" }, { "trust": 1.1, "url": "http://secunia.com/advisories/48950" }, { "trust": 1.1, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2013:150" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2013-1455.html" }, { "trust": 1.1, "url": "http://www.debian.org/security/2012/dsa-2420" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2" }, { "trust": 1.1, "url": "http://secunia.com/advisories/57126" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=133364885411663\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=133847939902305\u0026w=2" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a16908" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00010.html" }, { "trust": 1.1, "url": "http://secunia.com/advisories/48073" }, { "trust": 1.1, "url": "http://secunia.com/advisories/48074" }, { "trust": 0.9, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-5035" }, { "trust": 0.8, "url": "http://www.cs.rice.edu/~scrosby/hash/crosbywallach_usenixsec2003.pdf" }, { "trust": 0.8, "url": "http://technet.microsoft.com/en-us/security/bulletin/ms11-100.mspx" }, { "trust": 0.8, "url": "http://blogs.technet.com/b/srd/archive/2011/12/27/more-information-about-the-december-2011-asp-net-vulnerability.aspx" }, { "trust": 0.8, "url": "http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-talk/391606" }, { "trust": 0.8, "url": "http://www.ipa.go.jp/security/ciadr/vul/20120106-web.html" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu903934" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu514315/" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-5035" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0505" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0497" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0503" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0501" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-5035" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3563" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0506" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0502" }, { "trust": 0.7, "url": "http://www.securityfocus.com/bid/51194" }, { "trust": 0.7, "url": "http://www.ibm.com/developerworks/java/jdk/alerts/" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0507" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/19347" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/19290" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/19819" }, { "trust": 0.5, "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0499" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0500" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0498" }, { "trust": 0.4, "url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2011-5035-1506603.html" }, { "trust": 0.3, "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c03350339" }, { "trust": 0.3, "url": "http://www.oracle.com/us/products/middleware/application-server/oracle-glassfish-server/index.html" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pm59971" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pm59978" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100159245" }, { "trust": 0.3, "url": "http://downloads.avaya.com/css/p8/documents/100160575" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100160941" }, { "trust": 0.3, "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03254184\u0026ac.admitted=1332960372864.876444892.199480143" }, { "trust": 0.3, "url": "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03254184\u0026ac.admitted=1333452463922.876444892.492883150" }, { "trust": 0.3, "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs12-007/index.html" }, { "trust": 0.2, "url": "http://www.ubuntu.com/usn/usn-1373-1" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2469" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2443" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1717" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1716" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0505" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1518" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2419" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3829" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5829" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5804" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1485" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5806" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5087" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2422" }, { "trust": 0.2, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5075" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2426" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5084" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1711" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2461" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5820" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2470" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0547" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2451" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2459" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5823" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2460" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1713" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5784" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5830" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5800" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2456" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5803" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5086" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2383" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2423" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2447" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2452" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2445" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2450" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5778" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5780" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5073" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1493" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2446" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5069" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-5035" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1500" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5850" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2384" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1557" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2453" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0401" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5085" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2407" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2421" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2429" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5068" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5071" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0497" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5774" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5782" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1725" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5790" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5805" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5802" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5849" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1719" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2448" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2458" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5825" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0506" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1484" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2430" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2415" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3216" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1718" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5772" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5074" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2454" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2444" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5072" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2436" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4416" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1537" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2449" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0503" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2457" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0169" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3563" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0809" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5077" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1723" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1726" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1571" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5081" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5840" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5851" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2465" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2431" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2473" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5783" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2463" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2412" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5809" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2420" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0501" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2417" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2471" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2424" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5076" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5842" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1569" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1724" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5797" }, { "trust": 0.2, "url": "http://security.gentoo.org/" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5070" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1486" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2472" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1488" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0502" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5814" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5817" }, { "trust": 0.2, "url": "https://bugs.gentoo.org." }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2455" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5089" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2012-0503.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2012-0502.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3563.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2012-0497.html" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.2, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-5035.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2012-0505.html" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/key/#package" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2012-0506.html" }, { "trust": 0.2, "url": "http://bugzilla.redhat.com/):" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2012-0501.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0504" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3571" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/20.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2012:0322" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/1373-2/" }, { "trust": 0.1, "url": "https://www.exploit-db.com/exploits/2012/" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=25553" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openjdk-6/6b23~pre11-0ubuntu1.11.10.2" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openjdk-6/6b22-1.10.6-0ubuntu1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openjdk-6/6b20-1.9.13-0ubuntu1~10.10.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openjdk-6/6b20-1.9.13-0ubuntu1~10.04.1" }, { "trust": 0.1, "url": "http://www.apple.com/support/downloads/" }, { "trust": 0.1, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.1, "url": "http://support.apple.com/kb/ht1222" }, { "trust": 0.1, "url": "http://www.o" }, { "trust": 0.1, "url": "http://gpgtools.org" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4470" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3574" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3423" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3548" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3565" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0864" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3553" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2412" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3557" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2414" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4450" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0865" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4471" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3557" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3562" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3567" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4002" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1478" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5979" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6954" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4476" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4540" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0429" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0441" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2421" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0870" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3554" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0862" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0706" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0434" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3568" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3561" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4467" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3567" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4465" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4472" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3556" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0425" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3568" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3548" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3541" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3566" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3549" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3562" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3571" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3555" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0426" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0457" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2783" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3573" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3552" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0451" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0459" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2423" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1876" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4469" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0431" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0458" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2548" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4448" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3521" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3564" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4465" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3569" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2403" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2548" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0871" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2398" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0432" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0815" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0444" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1475" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3554" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4469" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3564" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3569" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3573" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0461" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0442" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0427" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3548" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2427" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3541" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3549" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3565" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0872" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0429" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3860" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3422" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0433" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3554" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3574" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4470" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0822" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3553" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3551" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0025" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1476" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0424" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0435" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3544" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0456" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4450" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0450" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4467" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0460" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3547" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6629" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4448" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2783" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3560" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1480" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4351" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0428" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0869" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3566" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3551" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2397" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0452" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3553" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3558" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0446" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0453" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3860" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3561" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0868" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0440" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0443" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3389" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4351" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3551" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3557" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0498.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0500.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0499.html" }, { "trust": 0.1, "url": "https://access.redhat.com/knowledge/articles/11258" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0507.html" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openjdk-6b18/6b18-1.8.13-0ubuntu1~10.10.1" }, { "trust": 0.1, "url": "http://www.ubuntu.com/usn/usn-1373-2" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openjdk-6b18/6b18-1.8.13-0ubuntu1~11.04.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openjdk-6b18/6b18-1.8.13-0ubuntu1~10.04.1" }, { "trust": 0.1, "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/" }, { "trust": 0.1, "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.1, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.1, "url": "https://www.hp.com/go/swa" }, { "trust": 0.1, "url": "http://www.hp.com/go/java" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0497" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3571" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0505" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0500" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3563" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0498" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0499" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/advisories" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0503" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0506" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0502" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0501" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0507" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5870" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0419" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1558" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5818" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1541" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5889" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0449" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2440" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1540" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0385" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2427" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2437" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0445" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0500" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2468" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3743" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0422" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5893" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3159" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3174" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5888" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0437" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1541" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0373" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0351" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1563" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5789" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0504" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1682" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5899" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5801" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0423" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5832" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5848" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0428" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0415" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1719" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1533" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2400" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1564" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3143" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0448" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0438" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5810" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5905" }, { "trust": 0.1, "url": "http://security.gentoo.org/glsa/glsa-201401-30.xml" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5904" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5831" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0422" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3744" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5854" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2394" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0498" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5852" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5777" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0547" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0499" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0409" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1532" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2428" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4681" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2462" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0423" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5083" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0375" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2439" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2416" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3136" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0376" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5824" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3342" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5776" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1531" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0417" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1723" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5819" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1722" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5895" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2466" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0403" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0446" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2418" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5788" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0416" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0424" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1473" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5887" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0418" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0410" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0368" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1717" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2425" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1722" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5902" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2432" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0387" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1716" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1533" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2438" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1721" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0382" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5812" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3213" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5846" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1718" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5775" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5787" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5898" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1531" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1481" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2433" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5844" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5906" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1711" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1532" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1561" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2435" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1491" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5910" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1487" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1713" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5907" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5896" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5843" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5067" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1682" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2414" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2467" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5079" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0411" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1721" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1479" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2434" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2442" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2464" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5878" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0408" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0402" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5838" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0430" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5088" }, { "trust": 0.1, "url": "http://secunia.com/company/jobs/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/47819/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47819" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/advisories/47819/#comments" }, { "trust": 0.1, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.1, "url": "https://access.redhat.com/kb/docs/doc-11259" }, { "trust": 0.1, "url": "http://icedtea.classpath.org/hg/release/icedtea6-1.10/file/icedtea6-1.10.6/news" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3571.html" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2012-0322.html" } ], "sources": [ { "db": "CERT/CC", "id": "VU#903934" }, { "db": "VULMON", "id": "CVE-2011-5035" }, { "db": "BID", "id": "51194" }, { "db": "JVNDB", "id": "JVNDB-2011-003567" }, { "db": "PACKETSTORM", "id": "110181" }, { "db": "PACKETSTORM", "id": "111594" }, { "db": "PACKETSTORM", "id": "127267" }, { "db": "PACKETSTORM", "id": "112144" }, { "db": "PACKETSTORM", "id": "110365" }, { "db": "PACKETSTORM", "id": "113170" }, { "db": "PACKETSTORM", "id": "109918" }, { "db": "PACKETSTORM", "id": "124943" }, { "db": "PACKETSTORM", "id": "109353" }, { "db": "PACKETSTORM", "id": "110035" }, { "db": "CNNVD", "id": "CNNVD-201112-500" }, { "db": "CNNVD", "id": "CNNVD-201112-502" }, { "db": "NVD", "id": "CVE-2011-5035" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#903934" }, { "db": "VULMON", "id": "CVE-2011-5035" }, { "db": "BID", "id": "51194" }, { "db": "JVNDB", "id": "JVNDB-2011-003567" }, { "db": "PACKETSTORM", "id": "110181" }, { "db": "PACKETSTORM", "id": "111594" }, { "db": "PACKETSTORM", "id": "127267" }, { "db": "PACKETSTORM", "id": "112144" }, { "db": "PACKETSTORM", "id": "110365" }, { "db": "PACKETSTORM", "id": "113170" }, { "db": "PACKETSTORM", "id": "109918" }, { "db": "PACKETSTORM", "id": "124943" }, { "db": "PACKETSTORM", "id": "109353" }, { "db": "PACKETSTORM", "id": "110035" }, { "db": "CNNVD", "id": "CNNVD-201112-500" }, { "db": "CNNVD", "id": "CNNVD-201112-502" }, { "db": "NVD", "id": "CVE-2011-5035" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2011-12-28T00:00:00", "db": "CERT/CC", "id": "VU#903934" }, { "date": "2011-12-30T00:00:00", "db": "VULMON", "id": "CVE-2011-5035" }, { "date": "2011-12-29T00:00:00", "db": "BID", "id": "51194" }, { "date": "2012-01-04T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-003567" }, { "date": "2012-02-24T22:58:36", "db": "PACKETSTORM", "id": "110181" }, { "date": "2012-04-05T01:14:57", "db": "PACKETSTORM", "id": "111594" }, { "date": "2014-06-30T23:39:28", "db": "PACKETSTORM", "id": "127267" }, { "date": "2012-04-25T02:09:03", "db": "PACKETSTORM", "id": "112144" }, { "date": "2012-03-02T03:55:14", "db": "PACKETSTORM", "id": "110365" }, { "date": "2012-06-01T00:12:35", "db": "PACKETSTORM", "id": "113170" }, { "date": "2012-02-18T03:25:35", "db": "PACKETSTORM", "id": "109918" }, { "date": "2014-01-27T18:30:13", "db": "PACKETSTORM", "id": "124943" }, { "date": "2012-02-02T03:30:52", "db": "PACKETSTORM", "id": "109353" }, { "date": "2012-02-22T02:10:34", "db": "PACKETSTORM", "id": "110035" }, { "date": "1900-01-01T00:00:00", "db": "CNNVD", "id": "CNNVD-201112-500" }, { "date": "2011-12-30T00:00:00", "db": "CNNVD", "id": "CNNVD-201112-502" }, { "date": "2011-12-30T01:55:01.640000", "db": "NVD", "id": "CVE-2011-5035" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-02-15T00:00:00", "db": "CERT/CC", "id": "VU#903934" }, { "date": "2018-01-06T00:00:00", "db": "VULMON", "id": "CVE-2011-5035" }, { "date": "2015-04-13T21:24:00", "db": "BID", "id": "51194" }, { "date": "2015-03-06T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-003567" }, { "date": "2012-01-04T00:00:00", "db": "CNNVD", "id": "CNNVD-201112-500" }, { "date": "2012-01-04T00:00:00", "db": "CNNVD", "id": "CNNVD-201112-502" }, { "date": "2024-11-21T01:33:28.300000", "db": "NVD", "id": "CVE-2011-5035" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "110181" }, { "db": "PACKETSTORM", "id": "113170" }, { "db": "CNNVD", "id": "CNNVD-201112-500" }, { "db": "CNNVD", "id": "CNNVD-201112-502" } ], "trust": 1.4 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Hash table implementations vulnerable to algorithmic complexity attacks", "sources": [ { "db": "CERT/CC", "id": "VU#903934" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation", "sources": [ { "db": "CNNVD", "id": "CNNVD-201112-502" } ], "trust": 0.6 } }
var-201404-0286
Vulnerability from variot
ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094. Apache Struts provided by the Apache Software Foundation is a software framework for creating Java web applications. Apache Struts contains a vulnerability where the ClassLoader may be manipulated. NTT-CERT reported this vulnerability to IPA. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. Summary:
A minor version update (from 7.2 to 7.3) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description:
This release of Red Hat Fuse 7.3 serves as a replacement for Red Hat Fuse 7.2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
-
jackson-databind: A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. (CVE-2017-7525)
-
struts2: ClassLoader manipulation via request parameters (CVE-2014-0112)
-
jetty: HTTP request smuggling (CVE-2017-7657)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
Installation instructions are available from the Fuse 7.3.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.3/
- Bugs fixed (https://bugzilla.redhat.com/):
1091939 - CVE-2014-0112 struts2: ClassLoader manipulation via request parameters 1462702 - CVE-2017-7525 jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper 1595620 - CVE-2017-7657 jetty: HTTP request smuggling
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
VMware Security Advisory
Advisory ID: VMSA-2014-0007 Synopsis: VMware product updates address security vulnerabilities in Apache Struts library Issue date: 2014-06-24 Updated on: 2014-06-24 (Initial Advisory) CVE number: CVE-2014-0050, CVE-2014-0094, CVE-2014-0112
-
Summary
VMware product updates address security vulnerabilities in Apache Struts library
-
Relevant releases
VMware vCenter Operations Management Suite prior to 5.8.2
-
Problem Description
a. The Apache Struts library is updated to version 2.3.16.2 to address multiple security issues.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2014-0050, CVE-2014-0094, and
CVE-2014-0112 to these issues.
CVE-2014-0112 may lead to remote code execution. This issue was
found to be only partially addressed in CVE-2014-0094.
CVE-2014-0050 may lead to a denial of service condition.
vCenter Operations Management Suite (vCOps) is affected by both
CVE-2014-0112 and CVE-2014-0050. Exploitation of CVE-2014-0112
may lead to remote code execution without authentication.
vCenter Orchestrator (vCO) is affected by CVE-2014-0050 and not
by CVE-2014-0112.
Workaround
A workaround for CVE-2014-0112 is documented in VMware Knowledge Base
article 2081470.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======= ======= =================
vCOPS 5.8.x any vCOPS 5.8.2
vCOPS 5.7.x any patch pending *
vCO 5.5 any patch pending
vCO 5.1 any patch pending
vCO 4.2 any patch pending
*Customers are advised to apply the workaround or update to vCOps
5.8.2.
- Solution
Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
vCenter Operations Management Suite 5.8.2
Downloads and Documentation: https://www.vmware.com/go/download-vcops
- References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0094 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0112
http://kb.vmware.com/kb/2081470
- Change log
2014-06-24 VMSA-2014-0007 Initial security advisory in conjunction with the release of vCenter Operations Management Suite 5.8.2 on 2014-06-24.
- Contact
E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
security-announce at lists.vmware.com
bugtraq at securityfocus.com
fulldisclosure at seclists.org
E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055
VMware Security Advisories http://www.vmware.com/security/advisories
VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html
VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html
Twitter https://twitter.com/VMwareSRC
Copyright 2014 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE----- Version: Encryption Desktop 10.3.2 (Build 15337) Charset: utf-8
wj8DBQFTqi0BDEcm8Vbi9kMRAnCKAJ9otVO7DlXuMnSEGh2TLBzS5hniKgCeMnAM CZ5+DYZAydCjMwVgtKqoo7Y= =Vwu5 -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201404-0286", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "struts", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "2.0.0" }, { "model": "struts", "scope": "lt", "trust": 1.0, "vendor": "apache", "version": "2.3.16.2" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "apache struts", "version": null }, { "model": "struts", "scope": "eq", "trust": 0.8, "vendor": "apache", "version": "2.0.0 to 2.3.16.1" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "3 for x86(32bit)" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "3 for x86_64(64bit)" }, { "model": "cloud infrastructure management software", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "integrated system ha database ready", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "business analytics modeling server" }, { "model": "interstage", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "business process manager analytics" }, { "model": "interstage", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "extreme transaction processing server" }, { "model": "interstage", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "mobile manager" }, { "model": "interstage application development cycle manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage application framework suite", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage apworks", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage business application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage interaction manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage job workload server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage service integrator", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage studio", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "serverview", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "resource orchestrator" }, { "model": "symfoware", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "analytics server" }, { "model": "symfoware", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "server" }, { "model": "systemwalker service catalog manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker service quality coordinator", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker software configuration manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "triole", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "cloudmiddleset b set" }, { "model": "struts", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.3.8" }, { "model": "struts", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.3.7" }, { "model": "struts", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.3.14.1" }, { "model": "struts", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.3.14" }, { "model": "struts", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.3.4.1" }, { "model": "struts", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.3.14.3" }, { "model": "struts", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.3.16.1" }, { "model": "struts", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.3.15" }, { "model": "struts", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.3.4" }, { "model": "struts", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.3.14.2" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.3" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.8" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.6" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.5" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.2" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.1" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.14" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.12" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.11" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.10" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.9" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.8" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.7" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.6" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.5" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.4" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.3" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.2" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.1" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.3.1.2" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.3.1.1" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.3.1" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.4" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.3" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.13" } ], "sources": [ { "db": "CERT/CC", "id": "VU#719225" }, { "db": "BID", "id": "67064" }, { "db": "JVNDB", "id": "JVNDB-2014-000045" }, { "db": "CNNVD", "id": "CNNVD-201404-445" }, { "db": "NVD", "id": "CVE-2014-0112" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:apache:struts", "vulnerable": true }, { "cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:cloud_infrastructure_management_software", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:integrated_system_ha_database_ready", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_development_cycle_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_framework_suite", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_apworks", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_interaction_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_job_workload_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_service_integrator", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_studio", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:serverview", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:symfoware", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_service_catalog_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_service_quality_coordinator", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_software_configuration_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:triole", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-000045" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "152687" }, { "db": "CNNVD", "id": "CNNVD-201404-445" } ], "trust": 0.7 }, "cve": "CVE-2014-0112", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2014-0112", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 1.1, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "availabilityRequirement": "NOT DEFINED", "baseScore": 7.5, "collateralDamagePotential": "LOW", "confidentialityImpact": "PARTIAL", "confidentialityRequirement": "NOT DEFINED", "enviromentalScore": 6.9, "exploitability": "HIGH", "exploitabilityScore": 10.0, "id": "CVE-2014-0094", "impactScore": 6.4, "integrityImpact": "PARTIAL", "integrityRequirement": "NOT DEFINED", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "remediationLevel": "OFFICIAL FIX", "reportConfidence": "CONFIRMED", "severity": "HIGH", "targetDistribution": "HIGH", "trust": 0.8, "userInteractionRequired": null, "vector_string": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "IPA", "availabilityImpact": "Partial", "baseScore": 7.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "JVNDB-2014-000045", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2014-0112", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2014-0094", "trust": 0.8, "value": "HIGH" }, { "author": "IPA", "id": "JVNDB-2014-000045", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-201404-445", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2014-0112", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "CERT/CC", "id": "VU#719225" }, { "db": "VULMON", "id": "CVE-2014-0112" }, { "db": "JVNDB", "id": "JVNDB-2014-000045" }, { "db": "CNNVD", "id": "CNNVD-201404-445" }, { "db": "NVD", "id": "CVE-2014-0112" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which allows remote attackers to \"manipulate\" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094. Apache Struts provided by the Apache Software Foundation is a software framework for creating Java web applications. Apache Struts contains a vulnerability where the ClassLoader may be manipulated. NTT-CERT reported this vulnerability to IPA. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. Summary:\n\nA minor version update (from 7.2 to 7.3) is now available for Red Hat Fuse. \nThe purpose of this text-only errata is to inform you about the security\nissues fixed in this release. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. Description:\n\nThis release of Red Hat Fuse 7.3 serves as a replacement for Red Hat Fuse\n7.2, and includes bug fixes and enhancements, which are documented in the\nRelease Notes document linked to in the References. \n\nSecurity Fix(es):\n\n* jackson-databind: A deserialization flaw was discovered in the\njackson-databind which could allow an unauthenticated user to perform code\nexecution by sending the maliciously crafted input to the readValue method\nof the ObjectMapper. (CVE-2017-7525)\n\n* struts2: ClassLoader manipulation via request parameters (CVE-2014-0112)\n\n* jetty: HTTP request smuggling (CVE-2017-7657)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nInstallation instructions are available from the Fuse 7.3.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.3/\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1091939 - CVE-2014-0112 struts2: ClassLoader manipulation via request parameters\n1462702 - CVE-2017-7525 jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper\n1595620 - CVE-2017-7657 jetty: HTTP request smuggling\n\n5. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- ------------------------------------------------------------------------\n VMware Security Advisory\n\nAdvisory ID: VMSA-2014-0007\nSynopsis: VMware product updates address security vulnerabilities in \n Apache Struts library \nIssue date: 2014-06-24\nUpdated on: 2014-06-24 (Initial Advisory)\nCVE number: CVE-2014-0050, CVE-2014-0094, CVE-2014-0112\n- ------------------------------------------------------------------------\n\n1. Summary\n\n VMware product updates address security vulnerabilities in Apache \n Struts library\n\n2. Relevant releases\n\n VMware vCenter Operations Management Suite prior to 5.8.2\n\n3. Problem Description\n\n a. The Apache Struts library is updated to version 2.3.16.2 to \n address multiple security issues. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2014-0050, CVE-2014-0094, and\n CVE-2014-0112 to these issues. \n\n CVE-2014-0112 may lead to remote code execution. This issue was \n found to be only partially addressed in CVE-2014-0094. \n\n CVE-2014-0050 may lead to a denial of service condition. \n\n vCenter Operations Management Suite (vCOps) is affected by both \n CVE-2014-0112 and CVE-2014-0050. Exploitation of CVE-2014-0112\n may lead to remote code execution without authentication. \n\n vCenter Orchestrator (vCO) is affected by CVE-2014-0050 and not \n by CVE-2014-0112. \n\n Workaround\n\n A workaround for CVE-2014-0112 is documented in VMware Knowledge Base\n article 2081470. \n\n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is \n available. \n\n VMware Product\tRunning\tReplace with/\n Product Version\ton\tApply Patch\n ============= =======\t=======\t=================\n vCOPS\t 5.8.x \tany \tvCOPS 5.8.2\n vCOPS 5.7.x any patch pending *\n\n vCO 5.5 any patch pending\n vCO 5.1 any patch pending\n vCO 4.2 any patch pending\n\n *Customers are advised to apply the workaround or update to vCOps\n5.8.2. \n\n4. Solution\n\n Please review the patch/release notes for your product and version \n and verify the checksum of your downloaded file. \n\n vCenter Operations Management Suite 5.8.2\n -----------------------------------------\n Downloads and Documentation:\n https://www.vmware.com/go/download-vcops\n \n5. References\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0094\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0112\n\n http://kb.vmware.com/kb/2081470\n\n- ------------------------------------------------------------------------\n\n6. Change log\n\n 2014-06-24 VMSA-2014-0007\n Initial security advisory in conjunction with the release of vCenter\n Operations Management Suite 5.8.2 on 2014-06-24. \n\n- ------------------------------------------------------------------------\n\n7. Contact\n\n E-mail list for product security notifications and announcements:\n http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\n This Security Advisory is posted to the following lists:\n\n security-announce at lists.vmware.com\n bugtraq at securityfocus.com\n fulldisclosure at seclists.org\n\n E-mail: security at vmware.com\n PGP key at: http://kb.vmware.com/kb/1055\n\n VMware Security Advisories\n http://www.vmware.com/security/advisories\n\n VMware Security Response Policy\n https://www.vmware.com/support/policies/security_response.html\n\n VMware Lifecycle Support Phases\n https://www.vmware.com/support/policies/lifecycle.html\n \n Twitter\n https://twitter.com/VMwareSRC\n\n Copyright 2014 VMware Inc. All rights reserved. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: Encryption Desktop 10.3.2 (Build 15337)\nCharset: utf-8\n\nwj8DBQFTqi0BDEcm8Vbi9kMRAnCKAJ9otVO7DlXuMnSEGh2TLBzS5hniKgCeMnAM\nCZ5+DYZAydCjMwVgtKqoo7Y=\n=Vwu5\n-----END PGP SIGNATURE-----\n", "sources": [ { "db": "NVD", "id": "CVE-2014-0112" }, { "db": "CERT/CC", "id": "VU#719225" }, { "db": "JVNDB", "id": "JVNDB-2014-000045" }, { "db": "BID", "id": "67064" }, { "db": "VULMON", "id": "CVE-2014-0112" }, { "db": "PACKETSTORM", "id": "152687" }, { "db": "PACKETSTORM", "id": "127215" } ], "trust": 2.88 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.kb.cert.org/vuls/id/719225", "trust": 0.8, "type": "unknown" }, { "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=33142", "trust": 0.2, "type": "exploit" } ], "sources": [ { "db": "CERT/CC", "id": "VU#719225" }, { "db": "VULMON", "id": "CVE-2014-0112" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2014-0112", "trust": 3.0 }, { "db": "JVN", "id": "JVN19294237", "trust": 2.5 }, { "db": "JVNDB", "id": "JVNDB-2014-000045", "trust": 2.5 }, { "db": "BID", "id": "67064", "trust": 2.0 }, { "db": "PACKETSTORM", "id": "127215", "trust": 1.8 }, { "db": "SECUNIA", "id": "59500", "trust": 1.7 }, { "db": "SECUNIA", "id": "59178", "trust": 1.7 }, { "db": "CERT/CC", "id": "VU#719225", "trust": 1.6 }, { "db": "PACKETSTORM", "id": "152687", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2019.1493", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201404-445", "trust": 0.6 }, { "db": "EXPLOITDB", "id": "33142", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2014-0112", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#719225" }, { "db": "VULMON", "id": "CVE-2014-0112" }, { "db": "BID", "id": "67064" }, { "db": "JVNDB", "id": "JVNDB-2014-000045" }, { "db": "PACKETSTORM", "id": "152687" }, { "db": "PACKETSTORM", "id": "127215" }, { "db": "CNNVD", "id": "CNNVD-201404-445" }, { "db": "NVD", "id": "CVE-2014-0112" } ] }, "id": "VAR-201404-0286", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.1875 }, "last_update_date": "2024-11-23T20:43:10.110000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Announcements - 2013 24 April 2014 - Struts up to 2.3.16.1: Zero-Day Exploit Mitigation", "trust": 0.8, "url": "http://struts.apache.org/announce.html#a20140424" }, { "title": "Security Bulletins S2-020", "trust": 0.8, "url": "http://struts.apache.org/release/2.3.x/docs/s2-020.html" }, { "title": "Security Bulletins S2-021", "trust": 0.8, "url": "http://struts.apache.org/release/2.3.x/docs/s2-021.html" }, { "title": "Download a Release of Apache Struts -- Full Releases Struts 2.3.16.2", "trust": 0.8, "url": "http://struts.apache.org/download.cgi#struts23162" }, { "title": "struts-1.2.9-4jpp.8.AXS3 ", "trust": 0.8, "url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=3678\u0026sType=\u0026sProduct=\u0026published=1" }, { "title": "Interstage Application Development Cycle Manager(ADM): Apache Struts vulnerable (CVE-2014-0094)", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_aplidevcyclemgr_201401.html" }, { "title": "CVE-2014-0094, CVE-2014-0114: Apache Struts vulnerable to ClassLoader manipulation", "trust": 0.8, "url": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve2014-0094-0114e.html" }, { "title": "Interstage Business Process Manager Analytics, Systemwalker Service Quality Coordinator: Vulnerability of allowing attackers to \"manipulate\" the ClassLoader (CVE-2014-0094). May 20th, 2014", "trust": 0.8, "url": "http://www.fujitsu.com/global/support/products/software/security/products-f/interstage-bpma201401e.html" }, { "title": "Symfoware Server (Open Interface) : Security vulnerabilities of Struts (CVE-2014-0094, CVE-2014-0112, CVE-2014-0113, CVE-2014-0116)", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/symfoware_201402.html" }, { "title": "Interstage Interaction Manager: Struts1 vulnerability (CVE-2014-0094)", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_im_201401.html" }, { "title": "Interstage Mobile Manager: Struts1 vulnerability (CVE-2014-0094)", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_mm_201401.html" }, { "title": "FUJITSU Integrated System HA Database Ready: Struts2 vulnerabilities (CVE-2014-0094,CVE-2014-0112,CVE-2014-0113,CVE-2014-0116)", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/ha_db_ready_201401.html" }, { "title": "1680848", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680848" }, { "title": "1681190", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681190" }, { "title": "2081470", "trust": 0.8, "url": "http://kb.vmware.com/selfservice/microsites/search.do?language=en_US\u0026cmd=displayKC\u0026externalId=2081470" }, { "title": "NV15-001", "trust": 0.8, "url": "http://jpn.nec.com/security-info/secinfo/nv15-001.html" }, { "title": "Oracle Critical Patch Update Advisory - April 2015", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" }, { "title": "Text Form of Oracle Critical Patch Update - April 2015 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015verbose-2365613.html" }, { "title": "Bug 1091939", "trust": 0.8, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1091939" }, { "title": "Huawei-SA-20140707-01-Struts2", "trust": 0.8, "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm" }, { "title": "April 2015 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/april_2015_critical_patch_update" }, { "title": "Alert/Advisory: Multiple Vulnerabilities in Apache Struts on Trend Micro Products", "trust": 0.8, "url": "http://esupport.trendmicro.com/solution/ja-JP/1103321.aspx" }, { "title": "VMSA-2014-0007", "trust": 0.8, "url": "http://www.vmware.com/security/advisories/VMSA-2014-0007.html" }, { "title": "Red Hat: Important: Red Hat Fuse 7.3 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20190910 - Security Advisory" }, { "title": "Red Hat: CVE-2014-0112", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2014-0112" }, { "title": "VMware Security Advisories: VMware product updates address security vulnerabilities in Apache Struts library", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=3f8f92a767d3e2773247be2d5077cbee" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - April 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4b527561ba1a5de7a529c8a93679f585" }, { "title": "strutt-cve-2014-0114", "trust": 0.1, "url": "https://github.com/anob3it/strutt-cve-2014-0114 " }, { "title": "-maven-security-versions", "trust": 0.1, "url": "https://github.com/nagauker/-maven-security-versions " }, { "title": "maven-security-versions-Travis", "trust": 0.1, "url": "https://github.com/klee94/maven-security-versions-Travis " }, { "title": "maven-security-versions", "trust": 0.1, "url": "https://github.com/victims/maven-security-versions " }, { "title": "victims", "trust": 0.1, "url": "https://github.com/tmpgit3000/victims " }, { "title": "victims", "trust": 0.1, "url": "https://github.com/alexsh88/victims " }, { "title": "Threatpost", "trust": 0.1, "url": "https://threatpost.com/vmware-patches-apache-struts-flaws-in-vcops/106858/" } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-0112" }, { "db": "JVNDB", "id": "JVNDB-2014-000045" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-264", "trust": 1.0 }, { "problemtype": "CWE-DesignError", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-000045" }, { "db": "NVD", "id": "CVE-2014-0112" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "http://jvn.jp/en/jp/jvn19294237/index.html" }, { "trust": 2.5, "url": "https://access.redhat.com/errata/rhsa-2019:0910" }, { "trust": 2.4, "url": "http://www.securityfocus.com/bid/67064" }, { "trust": 2.3, "url": "http://packetstormsecurity.com/files/127215/vmware-security-advisory-2014-0007.html" }, { "trust": 2.3, "url": "http://www.vmware.com/security/advisories/vmsa-2014-0007.html" }, { "trust": 1.7, "url": "http://jvndb.jvn.jp/jvndb/jvndb-2014-000045" }, { "trust": 1.7, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1091939" }, { "trust": 1.7, "url": "https://cwiki.apache.org/confluence/display/ww/s2-021" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59500" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" }, { "trust": 1.7, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676706" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59178" }, { "trust": 1.7, "url": "http://www.securityfocus.com/archive/1/532549/100/0/threaded" }, { "trust": 1.7, "url": "http://www.securityfocus.com/archive/1/531952/100/0/threaded" }, { "trust": 0.9, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0094" }, { "trust": 0.9, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0112" }, { "trust": 0.8, "url": "http://struts.apache.org/announce.html#a20140424" }, { "trust": 0.8, "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/chinese-underground-creates-tool-exploiting-apache-struts-vulnerability/" }, { "trust": 0.8, "url": "http://www.ipa.go.jp/security/ciadr/vul/20140417-struts.html" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0094" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0112" }, { "trust": 0.8, "url": "http://www.konakart.com/downloads/ver-7-3-0-0-whats-new/" }, { "trust": 0.8, "url": "http://www.kb.cert.org/vuls/id/719225" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/152687/red-hat-security-advisory-2019-0910-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/80006" }, { "trust": 0.3, "url": "http://struts.apache.org/" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2014-0112" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0112" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/264.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://threatpost.com/vmware-patches-apache-struts-flaws-in-vcops/106858/" }, { "trust": 0.1, "url": "https://www.exploit-db.com/exploits/33142/" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=38390" }, { "trust": 0.1, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7657" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.3/html-single/release_notes/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-7525" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7525" }, { "trust": 0.1, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-7657" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.3.0" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.3/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0050" }, { "trust": 0.1, "url": "https://twitter.com/vmwaresrc" }, { "trust": 0.1, "url": "https://www.vmware.com/support/policies/lifecycle.html" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/2081470" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/1055" }, { "trust": 0.1, "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce" }, { "trust": 0.1, "url": "https://www.vmware.com/support/policies/security_response.html" }, { "trust": 0.1, "url": "http://www.vmware.com/security/advisories" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0050" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0094" }, { "trust": 0.1, "url": "https://www.vmware.com/go/download-vcops" } ], "sources": [ { "db": "CERT/CC", "id": "VU#719225" }, { "db": "VULMON", "id": "CVE-2014-0112" }, { "db": "BID", "id": "67064" }, { "db": "JVNDB", "id": "JVNDB-2014-000045" }, { "db": "PACKETSTORM", "id": "152687" }, { "db": "PACKETSTORM", "id": "127215" }, { "db": "CNNVD", "id": "CNNVD-201404-445" }, { "db": "NVD", "id": "CVE-2014-0112" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#719225" }, { "db": "VULMON", "id": "CVE-2014-0112" }, { "db": "BID", "id": "67064" }, { "db": "JVNDB", "id": "JVNDB-2014-000045" }, { "db": "PACKETSTORM", "id": "152687" }, { "db": "PACKETSTORM", "id": "127215" }, { "db": "CNNVD", "id": "CNNVD-201404-445" }, { "db": "NVD", "id": "CVE-2014-0112" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-04-25T00:00:00", "db": "CERT/CC", "id": "VU#719225" }, { "date": "2014-04-29T00:00:00", "db": "VULMON", "id": "CVE-2014-0112" }, { "date": "2014-04-24T00:00:00", "db": "BID", "id": "67064" }, { "date": "2014-04-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-000045" }, { "date": "2019-04-30T16:20:15", "db": "PACKETSTORM", "id": "152687" }, { "date": "2014-06-25T21:34:12", "db": "PACKETSTORM", "id": "127215" }, { "date": "2014-04-24T00:00:00", "db": "CNNVD", "id": "CNNVD-201404-445" }, { "date": "2014-04-29T10:37:03.670000", "db": "NVD", "id": "CVE-2014-0112" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-07-24T00:00:00", "db": "CERT/CC", "id": "VU#719225" }, { "date": "2019-08-12T00:00:00", "db": "VULMON", "id": "CVE-2014-0112" }, { "date": "2015-04-16T18:14:00", "db": "BID", "id": "67064" }, { "date": "2015-05-08T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-000045" }, { "date": "2019-08-14T00:00:00", "db": "CNNVD", "id": "CNNVD-201404-445" }, { "date": "2024-11-21T02:01:23.690000", "db": "NVD", "id": "CVE-2014-0112" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201404-445" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache Struts2 ClassLoader allows access to class properties via request parameters", "sources": [ { "db": "CERT/CC", "id": "VU#719225" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "permissions and access control issues", "sources": [ { "db": "CNNVD", "id": "CNNVD-201404-445" } ], "trust": 0.6 } }
var-201005-0181
Vulnerability from variot
Unspecified vulnerability in the Servlet service in Fujitsu Limited Interstage Application Server 3.0 through 7.0, as used in Interstage Application Framework Suite, Interstage Business Application Server, and Interstage List Manager, allows attackers to obtain sensitive information or force invalid requests to be processed via unknown vectors related to unspecified invalid requests and settings on the load balancing device. According to the developer, the impact of this vulnerability depends on the implementation of the web application. Fujitsu Interstage Application Server is an application platform that supports the construction and operation of business systems. A remote attacker can exploit the vulnerability to perform partial illegal requests or obtain sensitive information from other users. ----------------------------------------------------------------------
Looking for a job?
Secunia is hiring skilled researchers and talented developers.
SOLUTION: Please see the vendor's advisory for a patch matrix.
The vendor recommends setting the distribution beginning time to five minutes or more at the loading balancer.
PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.
ORIGINAL ADVISORY: Fujitsu: http://www.fujitsu.com/global/support/software/security/products-f/interstage-201001e.html
OTHER REFERENCES: JVN: http://jvn.jp/en/jp/JVN90248889/index.html
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201005-0181", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "interstage application server", "scope": "eq", "trust": 1.6, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage application server", "scope": "eq", "trust": 1.6, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server", "scope": "eq", "trust": 1.6, "vendor": "fujitsu", "version": "4.0" }, { "model": "interstage application server", "scope": "eq", "trust": 1.6, "vendor": "fujitsu", "version": "5.0" }, { "model": "interstage application server", "scope": "eq", "trust": 1.6, "vendor": "fujitsu", "version": "5.0.1" }, { "model": "interstage application server", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "4.1" }, { "model": "interstage application server", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "3.0" }, { "model": "interstage application server", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "7.0.1" }, { "model": "interstage application framework suite", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage business application manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage list manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": null, "scope": "eq", "trust": 0.6, "vendor": "interstage application server", "version": "4.0" }, { "model": null, "scope": "eq", "trust": 0.6, "vendor": "interstage application server", "version": "5.0" }, { "model": null, "scope": "eq", "trust": 0.6, "vendor": "interstage application server", "version": "7.0" }, { "model": "interstage application server web-j edition l11", "scope": "lte", "trust": 0.6, "vendor": "fujitsu", "version": "\u003c=7.0" }, { "model": "interstage application server standard edition l11", "scope": "lte", "trust": 0.6, "vendor": "fujitsu", "version": "\u003c=7.0" }, { "model": "interstage application server plus developer l10", "scope": "lte", "trust": 0.6, "vendor": "fujitsu", "version": "\u003c=7.0" }, { "model": "interstage application server plus l11", "scope": "lte", "trust": 0.6, "vendor": "fujitsu", "version": "\u003c=7.0" }, { "model": "interstage application server enterprise edition l11", "scope": "lte", "trust": 0.6, "vendor": "fujitsu", "version": "\u003c=7.0" }, { "model": null, "scope": "eq", "trust": 0.4, "vendor": "interstage application server", "version": "3.0" }, { "model": null, "scope": "eq", "trust": 0.4, "vendor": "interstage application server", "version": "4.1" }, { "model": null, "scope": "eq", "trust": 0.4, "vendor": "interstage application server", "version": "5.0.1" }, { "model": null, "scope": "eq", "trust": 0.4, "vendor": "interstage application server", "version": "6.0" }, { "model": null, "scope": "eq", "trust": 0.4, "vendor": "interstage application server", "version": "7.0.1" }, { "model": "interstage application server web-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0.1" }, { "model": "interstage application server web-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0.2" }, { "model": "interstage application server web-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0.1" }, { "model": "interstage application server web-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.1.1" }, { "model": "interstage application server web-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0.1" }, { "model": "interstage application server web-j edition l11", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage application server web-j edition l10a", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage application server web-j edition l10", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage application server web-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage application server web-j edition l11", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server web-j edition l10c", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server web-j edition l10b", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server web-j edition l10a", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server web-j edition l10", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server web-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server web-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.1" }, { "model": "interstage application server web-j edition l20a", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "interstage application server web-j edition l20", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "interstage application server web-j edition l11", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "interstage application server web-j edition l10b", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "interstage application server web-j edition l10a", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "interstage application server web-j edition l10", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "interstage application server web-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "interstage application server web-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "4.1" }, { "model": "interstage application server web-j edition l20", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "4.0" }, { "model": "interstage application server web-j edition l10", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "4.0" }, { "model": "interstage application server web-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "4.0" }, { "model": "interstage application server web-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "3.1" }, { "model": "interstage application server web-j edition 3.0l10", "scope": null, "trust": 0.3, "vendor": "fujitsu", "version": null }, { "model": "interstage application server web-j edition l20", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "3.0" }, { "model": "interstage application server standard edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0.1" }, { "model": "interstage application server standard edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0.2" }, { "model": "interstage application server standard edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0.1" }, { "model": "interstage application server standard edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.1.1" }, { "model": "interstage application server standard edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0.1" }, { "model": "interstage application server standard edition l11", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage application server standard edition l10", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage application server standard edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage application server standard edition l10c", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server standard edition l10b", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server standard edition l10", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server standard edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server standard edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.1" }, { "model": "interstage application server standard edition l20a", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "interstage application server standard edition l20", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "interstage application server standard edition l11", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "interstage application server standard edition l10b", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "interstage application server standard edition l10a", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "interstage application server standard edition l10", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "interstage application server standard edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "interstage application server standard edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "4.1" }, { "model": "interstage application server standard edition l20", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "4.0" }, { "model": "interstage application server standard edition l10", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "4.0" }, { "model": "interstage application server standard edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "4.0" }, { "model": "interstage application server standard edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "3.1" }, { "model": "interstage application server standard edition l20", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "3.0" }, { "model": "interstage application server standard edition l10", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "3.0" }, { "model": "interstage application server standard edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "3.0" }, { "model": "interstage application server plus developer", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0.1" }, { "model": "interstage application server plus developer l10", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage application server plus developer", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage application server plus developer l10", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server plus developer", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server plus developer l20", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0.1" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0.2" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0.1" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.1.1" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0.1" }, { "model": "interstage application server plus l11", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage application server plus l10", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage application server plus l11", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server plus l10c", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server plus l10b", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server plus l10a", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server plus l10", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.1" }, { "model": "interstage application server plus l20a", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "interstage application server plus l20", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0.1" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0.2" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0.1" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.1.1" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0.1" }, { "model": "interstage application server enterprise edition l11", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage application server enterprise edition l10", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage application server enterprise edition 6.0a", "scope": null, "trust": 0.3, "vendor": "fujitsu", "version": null }, { "model": "interstage application server enterprise edition l10c", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server enterprise edition l10b", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server enterprise edition l10", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.1" }, { "model": "interstage application server enterprise edition l20a", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "interstage application server enterprise edition l20", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "interstage application server enterprise edition l11", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "interstage application server enterprise edition l10b", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "interstage application server enterprise edition l10a", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "interstage application server enterprise edition l10", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "4.1" }, { "model": "interstage application server enterprise edition l20", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "4.0" }, { "model": "interstage application server enterprise edition l10", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "4.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "4.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "3.1" }, { "model": "interstage application server enterprise edition l20", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "3.0" }, { "model": "interstage application server enterprise edition l10", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "3.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "3.0" } ], "sources": [ { "db": "IVD", "id": "5f166280-1fb9-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2010-0882" }, { "db": "BID", "id": "40189" }, { "db": "JVNDB", "id": "JVNDB-2010-000018" }, { "db": "CNNVD", "id": "CNNVD-201005-254" }, { "db": "NVD", "id": "CVE-2010-1942" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_framework_suite", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_list_manager", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2010-000018" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The vendor reported this issue.", "sources": [ { "db": "BID", "id": "40189" }, { "db": "CNNVD", "id": "CNNVD-201005-254" } ], "trust": 0.9 }, "cve": "CVE-2010-1942", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2010-1942", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.1, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "IPA", "availabilityImpact": "None", "baseScore": 6.4, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "JVNDB-2010-000018", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "5f166280-1fb9-11e6-abef-000c29c66e3d", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.9 [IVD]" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2010-1942", "trust": 1.0, "value": "MEDIUM" }, { "author": "IPA", "id": "JVNDB-2010-000018", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-201005-254", "trust": 0.6, "value": "MEDIUM" }, { "author": "IVD", "id": "5f166280-1fb9-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2010-1942", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "5f166280-1fb9-11e6-abef-000c29c66e3d" }, { "db": "VULMON", "id": "CVE-2010-1942" }, { "db": "JVNDB", "id": "JVNDB-2010-000018" }, { "db": "CNNVD", "id": "CNNVD-201005-254" }, { "db": "NVD", "id": "CVE-2010-1942" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Unspecified vulnerability in the Servlet service in Fujitsu Limited Interstage Application Server 3.0 through 7.0, as used in Interstage Application Framework Suite, Interstage Business Application Server, and Interstage List Manager, allows attackers to obtain sensitive information or force invalid requests to be processed via unknown vectors related to unspecified invalid requests and settings on the load balancing device. According to the developer, the impact of this vulnerability depends on the implementation of the web application. Fujitsu Interstage Application Server is an application platform that supports the construction and operation of business systems. A remote attacker can exploit the vulnerability to perform partial illegal requests or obtain sensitive information from other users. ----------------------------------------------------------------------\n\n\nLooking for a job?\n\n\nSecunia is hiring skilled researchers and talented developers. \n\nSOLUTION:\nPlease see the vendor\u0027s advisory for a patch matrix. \n\nThe vendor recommends setting the distribution beginning time to five\nminutes or more at the loading balancer. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nFujitsu:\nhttp://www.fujitsu.com/global/support/software/security/products-f/interstage-201001e.html\n\nOTHER REFERENCES:\nJVN:\nhttp://jvn.jp/en/jp/JVN90248889/index.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2010-1942" }, { "db": "JVNDB", "id": "JVNDB-2010-000018" }, { "db": "CNVD", "id": "CNVD-2010-0882" }, { "db": "BID", "id": "40189" }, { "db": "IVD", "id": "5f166280-1fb9-11e6-abef-000c29c66e3d" }, { "db": "VULMON", "id": "CVE-2010-1942" }, { "db": "PACKETSTORM", "id": "89581" } ], "trust": 2.79 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "JVN", "id": "JVN90248889", "trust": 3.5 }, { "db": "BID", "id": "40189", "trust": 3.4 }, { "db": "NVD", "id": "CVE-2010-1942", "trust": 3.0 }, { "db": "SECUNIA", "id": "39803", "trust": 2.7 }, { "db": "OSVDB", "id": "64703", "trust": 2.5 }, { "db": "JVNDB", "id": "JVNDB-2010-000018", "trust": 2.5 }, { "db": "VUPEN", "id": "ADV-2010-1165", "trust": 2.4 }, { "db": "CNVD", "id": "CNVD-2010-0882", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201005-254", "trust": 0.8 }, { "db": "JVN", "id": "JVN#90248889", "trust": 0.6 }, { "db": "IVD", "id": "5F166280-1FB9-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "VUPEN", "id": "2010/1165", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2010-1942", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "89581", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "5f166280-1fb9-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2010-0882" }, { "db": "VULMON", "id": "CVE-2010-1942" }, { "db": "BID", "id": "40189" }, { "db": "JVNDB", "id": "JVNDB-2010-000018" }, { "db": "PACKETSTORM", "id": "89581" }, { "db": "CNNVD", "id": "CNNVD-201005-254" }, { "db": "NVD", "id": "CVE-2010-1942" } ] }, "id": "VAR-201005-0181", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "5f166280-1fb9-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2010-0882" } ], "trust": 0.996489158 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "5f166280-1fb9-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2010-0882" } ] }, "last_update_date": "2024-11-23T22:31:48.038000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "JVN#90248889", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/vulnerabilities/jvn-90248889.html" }, { "title": "Fujitsu Interstage Application Server Servlet Component Security Patch", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/416" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2010-0882" }, { "db": "JVNDB", "id": "JVNDB-2010-000018" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2010-1942" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.6, "url": "http://www.securityfocus.com/bid/40189" }, { "trust": 2.6, "url": "http://jvn.jp/en/jp/jvn90248889/index.html" }, { "trust": 2.5, "url": "http://secunia.com/advisories/39803" }, { "trust": 2.5, "url": "http://osvdb.org/64703" }, { "trust": 2.5, "url": "http://www.vupen.com/english/advisories/2010/1165" }, { "trust": 2.1, "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-201001e.html" }, { "trust": 1.7, "url": "http://software.fujitsu.com/jp/security/vulnerabilities/jvn-90248889.html" }, { "trust": 1.7, "url": "http://jvndb.jvn.jp/ja/contents/2010/jvndb-2010-000018.html" }, { "trust": 1.1, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58634" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1942" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-1942" }, { "trust": 0.6, "url": "http://jvn.jp/jp/jvn90248889/index.htmlhttp" }, { "trust": 0.3, "url": "http://www.fujitsu.com/global/services/software/interstage/apserver/" }, { "trust": 0.3, "url": "http://jvn.jp/jp/jvn90248889/index.html" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "http://secunia.com/company/jobs/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/39803/" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/advisories/about_secunia_advisories/" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2010-0882" }, { "db": "VULMON", "id": "CVE-2010-1942" }, { "db": "BID", "id": "40189" }, { "db": "JVNDB", "id": "JVNDB-2010-000018" }, { "db": "PACKETSTORM", "id": "89581" }, { "db": "CNNVD", "id": "CNNVD-201005-254" }, { "db": "NVD", "id": "CVE-2010-1942" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "5f166280-1fb9-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2010-0882" }, { "db": "VULMON", "id": "CVE-2010-1942" }, { "db": "BID", "id": "40189" }, { "db": "JVNDB", "id": "JVNDB-2010-000018" }, { "db": "PACKETSTORM", "id": "89581" }, { "db": "CNNVD", "id": "CNNVD-201005-254" }, { "db": "NVD", "id": "CVE-2010-1942" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2010-05-17T00:00:00", "db": "IVD", "id": "5f166280-1fb9-11e6-abef-000c29c66e3d" }, { "date": "2010-05-17T00:00:00", "db": "CNVD", "id": "CNVD-2010-0882" }, { "date": "2010-05-19T00:00:00", "db": "VULMON", "id": "CVE-2010-1942" }, { "date": "2010-05-17T00:00:00", "db": "BID", "id": "40189" }, { "date": "2010-05-17T00:00:00", "db": "JVNDB", "id": "JVNDB-2010-000018" }, { "date": "2010-05-18T11:50:54", "db": "PACKETSTORM", "id": "89581" }, { "date": "2010-05-19T00:00:00", "db": "CNNVD", "id": "CNNVD-201005-254" }, { "date": "2010-05-19T12:08:04.507000", "db": "NVD", "id": "CVE-2010-1942" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2010-05-17T00:00:00", "db": "CNVD", "id": "CNVD-2010-0882" }, { "date": "2017-08-17T00:00:00", "db": "VULMON", "id": "CVE-2010-1942" }, { "date": "2015-04-13T21:02:00", "db": "BID", "id": "40189" }, { "date": "2010-05-17T00:00:00", "db": "JVNDB", "id": "JVNDB-2010-000018" }, { "date": "2010-05-19T00:00:00", "db": "CNNVD", "id": "CNNVD-201005-254" }, { "date": "2024-11-21T01:15:31.287000", "db": "NVD", "id": "CVE-2010-1942" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201005-254" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Fujitsu Interstage Application Server Servlet Component Security Vulnerability", "sources": [ { "db": "BID", "id": "40189" }, { "db": "CNNVD", "id": "CNNVD-201005-254" } ], "trust": 0.9 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "lack of information", "sources": [ { "db": "CNNVD", "id": "CNNVD-201005-254" } ], "trust": 0.6 } }
var-200708-0612
Vulnerability from variot
The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read. Apache HTTP Server of mod_proxy The module includes modules/proxy/proxy_util.c When an invalid data header is processed in the service, the read operation is executed beyond the buffer area, resulting in an interruption in service operation. (DoS) There is a vulnerability that becomes a condition.When processing a specially crafted data header by a third party, the proxy server cache processing crashes and disrupts service operation (DoS) It may be in a state. The Apache mod_proxy module is prone to a denial-of-service vulnerability. A remote attacker may be able to exploit this issue to crash the child process. This could lead to denial-of-service conditions if the server is using a multithreaded Multi-Processing Module (MPM). =========================================================== Ubuntu Security Notice USN-575-1 February 04, 2008 apache2 vulnerabilities CVE-2006-3918, CVE-2007-3847, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388, CVE-2007-6421, CVE-2007-6422, CVE-2008-0005 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 6.06 LTS: apache2-mpm-perchild 2.0.55-4ubuntu2.3 apache2-mpm-prefork 2.0.55-4ubuntu2.3 apache2-mpm-worker 2.0.55-4ubuntu2.3
Ubuntu 6.10: apache2-mpm-perchild 2.0.55-4ubuntu4.2 apache2-mpm-prefork 2.0.55-4ubuntu4.2 apache2-mpm-worker 2.0.55-4ubuntu4.2
Ubuntu 7.04: apache2-mpm-event 2.2.3-3.2ubuntu2.1 apache2-mpm-perchild 2.2.3-3.2ubuntu2.1 apache2-mpm-prefork 2.2.3-3.2ubuntu2.1 apache2-mpm-worker 2.2.3-3.2ubuntu2.1
Ubuntu 7.10: apache2-mpm-event 2.2.4-3ubuntu0.1 apache2-mpm-perchild 2.2.4-3ubuntu0.1 apache2-mpm-prefork 2.2.4-3ubuntu0.1 apache2-mpm-worker 2.2.4-3ubuntu0.1
In general, a standard system upgrade is sufficient to effect the necessary changes.
Details follow:
It was discovered that Apache did not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. This was only vulnerable in Ubuntu 6.06. (CVE-2006-3918)
It was discovered that when configured as a proxy server and using a threaded MPM, Apache did not properly sanitize its input. By default, mod_proxy is disabled in Ubuntu. (CVE-2007-3847)
It was discovered that mod_autoindex did not force a character set, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. (CVE-2007-4465)
It was discovered that mod_imap/mod_imagemap did not force a character set, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. By default, mod_imap/mod_imagemap is disabled in Ubuntu. (CVE-2007-5000)
It was discovered that mod_status when status pages were available, allowed for cross-site scripting attacks. By default, mod_status is disabled in Ubuntu. (CVE-2007-6388)
It was discovered that mod_proxy_balancer did not sanitize its input, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. By default, mod_proxy_balancer is disabled in Ubuntu. This was only vulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-6421)
It was discovered that mod_proxy_balancer could be made to dereference a NULL pointer. By default, mod_proxy_balancer is disabled in Ubuntu. This was only vulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-6422)
It was discovered that mod_proxy_ftp did not force a character set, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. By default, mod_proxy_ftp is disabled in Ubuntu. (CVE-2008-0005)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3.diff.gz
Size/MD5: 121305 10359a467847b63f8d6603081450fece
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3.dsc
Size/MD5: 1148 923d0e3dcb5afba32a130aed96ac7214
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz
Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.3_all.deb
Size/MD5: 2124588 2befe634f0a889cc2241772f2a7d7164
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 832842 032c077cfeb6ffbc3989c54c27cb729a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 228206 771457a0b555eef325be270e1c22c0c2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 223236 77988570570b779ebf92fcc3dc7dc198
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 227904 945d30797a27c7ac28a96d9c1793b80d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 171402 3b7567107864cf36953e7911a4851738
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 172186 85a591ea061cbc727fc261b046781502
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 94240 b80027348754c493312269f7410b38fe
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 36228 2821ca9410c9cd287e756f05b0f6930c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 285664 76f4879738a0a788414316581ac2010b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 144250 3cd8327429958569a306257da57e8be0
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 786052 7bdddb451607eeb2abb9706641675397
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 202862 a88456a5949fe1da4ad3f6c969d3a886
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 198746 aa72459cae4f5765ccd1b58d275961bc
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 202338 13bbe75f89aeedb6dec9be929528df48
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 171408 34209e19f6ef01cb08aa75c1b3045495
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 172176 4521336ea6f4d87391ee96d70b79f887
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 92182 d8a3310073c017cdc7d3ffd1046a50cf
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 36220 0ae71bd4efdd0fb325864f46ba4f16e7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 261736 476e8d909e279fac698baf9cf0d62300
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 132160 3efb3c11dd844fbc429eff5818dcdae2
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 859014 a8c42d748bfd616f6a6f1bbbf2224205
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 220254 84f7c2678fbab6b303361d32f1a741a8
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 215932 bee4a6e00371117203647fd3a311658a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 219800 aaf4968deba24912e4981f35a367a086
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 171410 a15c13c0a2ec49e805f9ae83e5db4ae7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 172198 4e411b4b16daab9a0ddc9ea3651f448d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 103940 dca02b7f5bc6848fa1dc8aa530f04910
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 36222 619ee3ea1064d11a02de092690bfb1e1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 281280 9325dbc26f57d76254ceca78bee4cff2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 141398 668d7fb9dd196e82601ca6d43a326813
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 803242 120feec10c0dcc370894e2a3bdcd399b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 210668 062841f2fd30c07ff1f5b101a7c1e196
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 206266 35b3b9d4b34844b01576ca7963b5edda
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 209954 4f99e4d02fc93222cb541edb09358b79
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 171404 bd728a86c1a8984d60caeee35da0c451
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 172184 1794886b8aca59cf28cbe28d853f42ae
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 93282 1ae6def788c74750d79055784c0d8006
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 36230 5f1d8e4d19324674a1f5748601431758
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 267832 96c149638daeb993250b18c9f4285abf
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 130082 7a62f71e679a233ca118cb9813ffd3e3
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2.diff.gz
Size/MD5: 121671 775c3b2d53630ddfb4386cbfdb954861
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2.dsc
Size/MD5: 1148 a5dd357e0bef2dc308656c6c0af5ca1c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz
Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu4.2_all.deb
Size/MD5: 2124902 baf4147b4e4d939a08f20c8ac987abf7
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 836086 e04fced4fc1efd4a192a4016f679bc38
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 227790 27c558402837f9d4c85315dcdde2f4e1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 222698 a33ef1566dcd4793b0aa633435e8ee44
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 227296 4b3c5e771574d858dd655a9e0a7a5d8c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 171640 bd8fbcd40f5431e6688156ba4b17e960
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 172412 0520836bca78eb64bc97d4a8cc481487
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 94518 8b35759996e50046eca8154ebc63fc1f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 36530 1b08b4418ff0f7ba90940433116cf6d8
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 286876 1426b92819b56ff892483acedfdea4c6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 145340 109c93408c5197be50960cce80c23b7c
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 806640 81e91910683454a4b2444e0ce8e929bc
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 209996 27440ecbe836673f63ae1773e238eb65
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 206098 e77a4b69c1c456f4ca6c03d9105d8552
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 209552 8a23207211e54b138d5a87c15c097908
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 171636 07616e459905bad152a8669c8f670436
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 172408 69300678b2f8b908f90a91de325c7ee2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 93558 d47cdad1593a7332507c7d0388effbf4
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 36532 47800e58ec26a1389005b8120ad3ca3e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 266728 65cd78808f959d9e73a4d5e348bf3e20
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 137934 1493ea26165b34a841da777ed801ca7a
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 865216 a635390e5772dd30dac70f7aba5e620d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 222022 e37ef7d710800e568d838242d3129725
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 217630 53127602a5df28a5d66fdd11e396c346
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 221782 d3e43cef5b90a7e3aa405a5d167ddfb6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 171632 d9f1c242ffeab1b90850a6ffc78f0148
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 172404 51b40f3e6a486ce372844ad24b83ecf5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 104970 0f281f65023f52f0bea2dc54136b6c57
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 36530 c8c4a7e645fe938da23737602589d08c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 284866 ba3e1b09a14d8e5485561118f6eeefb7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 144554 66d17552fd2385cfdf44c5d55ea583c9
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 811380 c2578ed2a96363e7c5fb268933487ccb
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 212602 aab797ade503fec11a36dbf640e1ef08
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 208354 0a571678c269d1da06787dac56567f1c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 212052 90754ccdcd95e652413426376078d223
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 171634 00fbac613f13f1d1e20470ce42703018
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 172414 65e31d4a009a9663212f8cfcfa492c53
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 94100 95bd6b71a6bc1fceeccbc51d2b913bd2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 36532 b4a7ccf0ba37c70b78a950bacbc4a650
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 268776 5b157a4dd55f533a610bc6c111e9d414
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 131000 dda2d34f2e90e0468b02e261ae2c6afe
Updated packages for Ubuntu 7.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1.diff.gz
Size/MD5: 115896 cbb8201fa61844fe02dcc7c2e1e35cf5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1.dsc
Size/MD5: 1128 77143d282e5fc16d3f1dc327b7a4fd87
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3.orig.tar.gz
Size/MD5: 6342475 f72ffb176e2dc7b322be16508c09f63c
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.3-3.2ubuntu2.1_all.deb
Size/MD5: 2199570 be1a62334680ed00d5f5a4c74113d524
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.3-3.2ubuntu2.1_all.deb
Size/MD5: 272460 eb0d9dce34ef9dd4b940fb98c38e529c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.3-3.2ubuntu2.1_all.deb
Size/MD5: 6672646 b3d11c9f4451f75e4ff17e663999a579
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1_all.deb
Size/MD5: 39090 d2db3ef69d13b4ed76493e189174c304
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_amd64.deb
Size/MD5: 450016 f2726571f028c6f228a73faa1b620f63
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_amd64.deb
Size/MD5: 445732 2f791f5e207e2ed047c4ed36572cea6d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_amd64.deb
Size/MD5: 449602 a67b291ea2270e9c46f8eaecef65f7c6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_amd64.deb
Size/MD5: 403950 bc7a8419daa6c451decbb5640241df32
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_amd64.deb
Size/MD5: 404518 099bb7f53ae885bd7e8157c781c5b50b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_amd64.deb
Size/MD5: 341726 0aed173b3eb2db83ddd6ddb49bab7c4e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_amd64.deb
Size/MD5: 971426 30db1106dfea5106da54d2287c02a380
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_i386.deb
Size/MD5: 433320 03d3aa003bf777f1f1ae9d8f814caac1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_i386.deb
Size/MD5: 429248 e49f5accb8764204a2a759ea8b2dea55
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_i386.deb
Size/MD5: 432706 a3c32680004d3e0b460513d426006bb0
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_i386.deb
Size/MD5: 403964 63c77d5009e715094d21c273b57c04d0
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_i386.deb
Size/MD5: 404530 f4b9eb26fa058eaec8f75ae956cbc852
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_i386.deb
Size/MD5: 340810 e5d63edb8c0f2baccf9a2b072d1c3d74
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_i386.deb
Size/MD5: 929546 828b8224e2540d7bc4e462d5b2b1f8af
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_powerpc.deb
Size/MD5: 451914 b1057076382cb22727fa0bcd202c57dd
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_powerpc.deb
Size/MD5: 447340 44e26684bd3a09f2ed6969d2c540f5ae
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_powerpc.deb
Size/MD5: 451324 2c029a48b2242e1fdf137a6cec3af09d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_powerpc.deb
Size/MD5: 403974 65a11cfaee921517445cf74ed04df701
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_powerpc.deb
Size/MD5: 404538 d27226fdeac7d193651a2cb2bd4b61e8
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_powerpc.deb
Size/MD5: 360936 058bbb5e05afc0ca08805ca71a713a42
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_powerpc.deb
Size/MD5: 1073822 0f9dda867e9131cc5418dd40ec579d38
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_sparc.deb
Size/MD5: 434804 ff6361811108a9be8b45dd255b84c376
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_sparc.deb
Size/MD5: 430968 367e708f82317b657439fc9e70dfb3eb
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_sparc.deb
Size/MD5: 434308 2073137bb138dc52bbace666714f4e14
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_sparc.deb
Size/MD5: 403952 f0ed9c92b917d1749825e64be61d8822
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_sparc.deb
Size/MD5: 404520 fa7ce800de2eb5719c479a7506798b88
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_sparc.deb
Size/MD5: 343774 880faca3543426734431c29de77c3048
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_sparc.deb
Size/MD5: 938534 3e9075d30b9cedd73a936a14b8b84374
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1.diff.gz
Size/MD5: 121669 dd7399c1dacd25d2153af25d3e9c3ea5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1.dsc
Size/MD5: 1241 9b9bd27a1cfe3fc33d63b0b13d345e98
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4.orig.tar.gz
Size/MD5: 6365535 3add41e0b924d4bb53c2dee55a38c09e
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.4-3ubuntu0.1_all.deb
Size/MD5: 2211118 6da81663b251e862bb665d9627271b9f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.4-3ubuntu0.1_all.deb
Size/MD5: 278032 4f8270cff0a532bd059741b366047da9
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.4-3ubuntu0.1_all.deb
Size/MD5: 6700348 b133a1244f39b3f64fdd47cdd4a64480
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1_all.deb
Size/MD5: 42192 3f0351337b9c5d21ceea4b92a3911040
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_amd64.deb
Size/MD5: 456628 d85a3cbc0eef82e845a8327180136469
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_amd64.deb
Size/MD5: 452408 8dd9341af4b538e6c9f8f70faf5fd2f2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_amd64.deb
Size/MD5: 456134 f6bcb10663b0c13cdf68c6d0e83c6342
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_amd64.deb
Size/MD5: 410020 036c44117688999e0eaa7a6cfc1b5a11
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_amd64.deb
Size/MD5: 410604 cbb1e906a74fb2a34f41a3243ffa8010
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_amd64.deb
Size/MD5: 347444 63413a914cb4546704032ab8f7f16a80
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_amd64.deb
Size/MD5: 989366 b0c2d84f421fcb331efcec2a7b0711d1
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_i386.deb
Size/MD5: 439730 46888aaf742cdcc30bcf7983d31c0158
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_i386.deb
Size/MD5: 435354 f3557e1a87154424e9144cf672110e93
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_i386.deb
Size/MD5: 439062 3469e523d93cfc20b71271b1f24daea1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_i386.deb
Size/MD5: 410026 fafeb6f9433f595e1a634505f78d2bd1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_i386.deb
Size/MD5: 410606 29b01db3883e5d12a5992c22cadfbe7a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_i386.deb
Size/MD5: 346490 6581362eebd73d91d1f74ebd9941c890
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_i386.deb
Size/MD5: 944816 a1f598ad168bf49f12f8b0cf08ab7908
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_powerpc.deb
Size/MD5: 458126 f08b8b1f2673fdfcbd849bc913006408
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_powerpc.deb
Size/MD5: 453546 f52c55b92d5b1c42cb4cfcfee774b1bd
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_powerpc.deb
Size/MD5: 457466 f7b948be666100a7f5631cbafe2255dd
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_powerpc.deb
Size/MD5: 410024 3bba352e3a2d8730a23d04fdcea5abd9
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_powerpc.deb
Size/MD5: 410606 b95af66f260d1291e92986790b7d2f0f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_powerpc.deb
Size/MD5: 366550 c2f8906ce78396a240e37c08aa2cc197
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_powerpc.deb
Size/MD5: 1091688 f214016a736f7743a28dfd03e09753e2
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_sparc.deb
Size/MD5: 440954 f1a98acdf576d3e7c9576501f7886d30
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_sparc.deb
Size/MD5: 437166 36b4878e0e9593b5d28c743eb093784a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_sparc.deb
Size/MD5: 440446 46d56f1a8d1b10cc937c8252648a583e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_sparc.deb
Size/MD5: 410028 0c28e9654530a4ecf363d998b78e1fd5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_sparc.deb
Size/MD5: 410608 8e22b403b2315b190263f8ba2c8f98dd
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_sparc.deb
Size/MD5: 349678 fe7ce515de30be0ef1ddf865cae5dd49
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_sparc.deb
Size/MD5: 956316 009e48ea5e94d39830b3e9ba21aa55c8
. An error has been discovered in the recall_headers() function in mod_mem_cache (CVE-2007-1862). The mod_cache module does not properly sanitize requests before processing them (CVE-2007-1863). The Prefork module does not properly check PID values before sending signals (CVE-2007-3304). The mod_proxy module does not correctly check headers before processing them (CVE-2007-3847).
Workaround
There is no known workaround at this time.
Resolution
All Apache users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-servers/apache-2.0.59-r5"
References
[ 1 ] CVE-2006-5752 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752 [ 2 ] CVE-2007-1862 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1862 [ 3 ] CVE-2007-1863 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863 [ 4 ] CVE-2007-3304 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304 [ 5 ] CVE-2007-3847 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847 [ 6 ] CVE-2007-4465 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4465
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200711-06.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUPPORT COMMUNICATION - SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01182588 Version: 1
HPSBUX02273 SSRT071476 rev. 1 - HP-UX running Apache, Remote Unauthorized Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2007-10-10 Last Updated: 2007-10-10
Potential Security Impact: Remote Unauthorized Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP-UX Apache version 2.0.59. The vulnerability could be exploited remotely to create a Denial of Service (DoS).
References: CVE-2007-3847, CVE-2007-3304
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running Apache 2.0.59.00
BACKGROUND
To determine if a system has an affected version, search the output of "swlist -a revision -l fileset" for an affected fileset. Then determine if the recommended action has been taken.
AFFECTED VERSIONS
For IPv4: HP-UX B.11.11 ============= hpuxwsAPACHE action: install revision B.2.0.59.00.0 or subsequent restart Apache URL: ftp://ssrt1476:ssrt1476@hprc.external.hp.com
For IPv6: HP-UX B.11.11 HP-UX B.11.23 HP-UX B.11.31 ============= hpuxwsAPACHE,revision=B.1.0.00.01 hpuxwsAPACHE,revision=B.1.0.07.01 hpuxwsAPACHE,revision=B.1.0.08.01 hpuxwsAPACHE,revision=B.1.0.09.01 hpuxwsAPACHE,revision=B.1.0.10.01 hpuxwsAPACHE,revision=B.2.0.48.00 hpuxwsAPACHE,revision=B.2.0.49.00 hpuxwsAPACHE,revision=B.2.0.50.00 hpuxwsAPACHE,revision=B.2.0.51.00 hpuxwsAPACHE,revision=B.2.0.52.00 hpuxwsAPACHE,revision=B.2.0.53.00 hpuxwsAPACHE,revision=B.2.0.54.00 hpuxwsAPACHE,revision=B.2.0.55.00 hpuxwsAPACHE,revision=B.2.0.56.00 hpuxwsAPACHE,revision=B.2.0.58.00 hpuxwsAPACHE,revision=B.2.0.58.01 hpuxwsAPACHE,revision=B.2.0.59.00
action: install revision B.2.0.59.00.0 or subsequent restart Apache URL: ftp://ssrt1476:ssrt1476@hprc.external.hp.com
END AFFECTED VERSIONS
RESOLUTION HP has made the following available to resolve the vulnerability.
OS Release Depot name MD5 Sum
B.11.11 (IPv4) HPUXWSA-B218-01-1111ipv4.depot eb3bb933baac0f05e1e0809ef1e84eb2
B.11.11 (IPv6) HPUXWSA-B218-01-1111ipv6.depot 540a56b155699336bcbfac0eaf87e3ce
B.11.23 PA-32 HPUXWSA-B218-01-1123-32.depot 2900a0cbea01b6905dc768680fbd5381
B.11.23 IA-64 HPUXWSA-B218-01-1123-64.depot 3be084d96e8a509692e37c71c0184014
B.11.31 PA-32 HPUXWSA-B218-01-1131-32.depot 861122eef70f1b53d68c5adafc64cdb5
B.11.31 IA-64 HPUXWSA-B218-01-1131-64.depot 8dc57222257fe27fb5994da16e91f9a4
The updates are available from: ftp://ssrt1476:ssrt1476@hprc.external.hp.com/ ftp://ssrt1476:ssrt1476@192.170.19.100/
MANUAL ACTIONS: Yes - Update Install Apache 2.0.59.00.0 or subsequent.
PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all HP-issued Security Bulletins and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
HISTORY Revision: 1 (rev.1) - 10 October 2007 Initial release
Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
- The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux
TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
\xa9Copyright 2007 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: PGP 8.1
iQA/AwUBRw4UMuAfOvwtKn1ZEQLDowCgnVZZuBkuV66atvv6mh6sxARqYYkAmQEy 7CP41v96ckMOtfU4yeG76pv2 =VMzd -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
VMware Security Advisory
Advisory ID: VMSA-2009-0010 Synopsis: VMware Hosted products update libpng and Apache HTTP Server Issue date: 2009-08-20 Updated on: 2009-08-20 (initial release of advisory) CVE numbers: CVE-2009-0040 CVE-2007-3847 CVE-2007-1863 CVE-2006-5752 CVE-2007-3304 CVE-2007-6388 CVE-2007-5000 CVE-2008-0005
- Summary
Updated VMware Hosted products address security issues in libpng and the Apace HTTP Server.
- Relevant releases
VMware Workstation 6.5.2 and earlier, VMware Player 2.5.2 and earlier, VMware ACE 2.5.2 and earlier
- Problem Description
a. Third Party Library libpng Updated to 1.2.35
Several flaws were discovered in the way third party library libpng
handled uninitialized pointers. An attacker could create a PNG image
file in such a way, that when loaded by an application linked to
libpng, it could cause the application to crash or execute arbitrary
code at the privilege level of the user that runs the application.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2009-0040 to this issue.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
Workstation 6.5.x any 6.5.3 build 185404 or later
Player 2.5.x any 2.5.3 build 185404 or later
ACE 2.5.x any 2.5.3 build 185404 or later
Server 2.x any patch pending
Server 1.x any patch pending
Fusion 2.x Mac OS/X not affected
Fusion 1.x Mac OS/X not affected
ESXi 4.0 ESXi not affected
ESXi 3.5 ESXi not affected
ESX 4.0 ESX not affected
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
ESX 3.0.2 ESX not affected
ESX 2.5.5 ESX not affected *
* The libpng update for the Service Console of ESX 2.5.5 is
documented in VMSA-2009-0007.
b. Apache HTTP Server updated to 2.0.63
The new version of ACE updates the Apache HTTP Server on Windows
hosts to version 2.0.63 which addresses multiple security issues
that existed in the previous versions of this server.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2007-3847, CVE-2007-1863, CVE-2006-5752,
CVE-2007-3304, CVE-2007-6388, CVE-2007-5000, CVE-2008-0005 to the
issues that have been addressed by this update.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
Workstation 6.5.x any not affected
Player 2.5.x any not affected
ACE 2.5.x Windows 2.5.3 build 185404 or later
ACE 2.5.x Linux update Apache on host system *
Server 2.x any not affected
Server 1.x any not affected
Fusion 2.x Mac OS/X not affected
Fusion 1.x Mac OS/X not affected
ESXi 4.0 ESXi not affected
ESXi 3.5 ESXi not affected
ESX 4.0 ESX not affected
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
ESX 3.0.2 ESX not affected
ESX 2.5.5 ESX not affected
* The Apache HTTP Server is not part of an ACE install on a Linux
host. Update the Apache HTTP Server on the host system to version
2.0.63 in order to remediate the vulnerabilities listed above.
- Solution
Please review the patch/release notes for your product and version and verify the md5sum and/or the sha1sum of your downloaded file.
VMware Workstation 6.5.3
http://www.vmware.com/download/ws/ Release notes: http://www.vmware.com/support/ws65/doc/releasenotes_ws653.html
For Windows
Workstation for Windows 32-bit and 64-bit Windows 32-bit and 64-bit .exe md5sum: 7565d16b7d7e0173b90c3b76ca4656bc sha1sum: 9f687afd8b0f39cde40aeceb3213a91be487aad1
For Linux
Workstation for Linux 32-bit Linux 32-bit .rpm md5sum: 4d55c491bd008ded0ea19f373d1d1fd4 sha1sum: 1f43131c960e76a530390d3b6984c78dfc2da23e
Workstation for Linux 32-bit Linux 32-bit .bundle md5sum: d4a721c1918c0e8a87c6fa4bad49ad35 sha1sum: c0c6f9b56e70bd3ffdb5467ee176110e283a69e5
Workstation for Linux 64-bit Linux 64-bit .rpm md5sum: 72adfdb03de4959f044fcb983412ae7c sha1sum: ba16163c8d9b5aa572526b34a7b63dc6e68f9bbb
Workstation for Linux 64-bit Linux 64-bit .bundle md5sum: 83e1f0c94d6974286256c4d3b559e854 sha1sum: 8763f250a3ac5fc4698bd26319b93fecb498d542
VMware Player 2.5.3
http://www.vmware.com/download/player/ Release notes: http://www.vmware.com/support/player25/doc/releasenotes_player253.html
Player for Windows binary
http://download3.vmware.com/software/vmplayer/VMware-player-2.5.3-185404.exe md5sum: fe28f193374c9457752ee16cd6cad4e7 sha1sum: 13bd3ff93c04fa272544d3ef6de5ae746708af04
Player for Linux (.rpm)
http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.i386.rpm md5sum: c99cd65f19fdfc7651bcb7f328b73bc2 sha1sum: a33231b26e2358a72d16e1b4e2656a5873fe637e
Player for Linux (.bundle)
http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.i386.bundle md5sum: 210f4cb5615bd3b2171bc054b9b2bac5 sha1sum: 2f6497890b17b37480165bab9f430e8645edae9b
Player for Linux - 64-bit (.rpm)
http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.x86_64.rpm md5sum: f91576ef90b322d83225117ae9335968 sha1sum: f492fa9cf26ee2818f164aac04cde1680c25d974
Player for Linux - 64-bit (.bundle)
http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.x86_64.bundle md5sum: 595d44d7945c129b1aeb679d2f001b05 sha1sum: acd69fcb0c6bc49fd4af748c65c7fb730ab1e8c4
VMware ACE 2.5.3
http://www.vmware.com/download/ace/ Release notes: http://www.vmware.com/support/ace25/doc/releasenotes_ace253.html
ACE Management Server Virtual Appliance AMS Virtual Appliance .zip md5sum: 44cc7b86353047f02cf6ea0653e38418 sha1sum: 9f44b15e6681a6e58dd20784f829c68091a62cd1
VMware ACE for Windows 32-bit and 64-bit Windows 32-bit and 64-bit .exe md5sum: 0779da73408c5e649e0fd1c62d23820f sha1sum: 2b2e4963adc89f3b642874685f490222523b63ef
ACE Management Server for Windows Windows .exe md5sum: 0779da73408c5e649e0fd1c62d23820f sha1sum: 2b2e4963adc89f3b642874685f490222523b63ef
ACE Management Server for SUSE Enterprise Linux 9 SLES 9 .rpm md5sum: a4fc92d7197f0d569361cdf4b8cca642 sha1sum: af8a135cca398cacaa82c8c3c325011c6cd3ed75
ACE Management Server for Red Hat Enterprise Linux 4 RHEL 4 .rpm md5sum: 841005151338c8b954f08d035815fd58 sha1sum: 67e48624dba20e6be9e41ec9a5aba407dd8cc01e
- References
CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0040 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005
- Change log
2009-08-20 VMSA-2009-0010 Initial security advisory after release of Workstation 6.5.3, Player 2.5.3, and ACE 2.5.3 on 2009-08-20.
- Contact
E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
- security-announce at lists.vmware.com
- bugtraq at securityfocus.com
- full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055
VMware Security Center http://www.vmware.com/security
VMware security response policy http://www.vmware.com/support/policies/security_response.html
General support life cycle policy http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html
Copyright 2009 VMware Inc. All rights reserved. Likewise, a similar crash could occur on sites with a forward proxy configured if a user could be persuaded to visit a malicious site using the proxy (CVE-2007-3847). On sites where directory listings are used and the AddDefaultCharset directive was removed from the configuration, a cross-site-scripting attack could be possible against browsers that to not correctly derive the response character set according to the rules in RGC 2616 (CVE-2007-4465).
The updated packages have been patched to correct this issue.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4465
Updated Packages:
Mandriva Linux 2007.0: 9bb73822e8ae92ba87aa8baa21d467d1 2007.0/i586/apache-base-2.2.3-1.2mdv2007.0.i586.rpm 1949631d7fc0f87c91ba5dd9e738e036 2007.0/i586/apache-devel-2.2.3-1.2mdv2007.0.i586.rpm 3fed692d7b2eefe64bdd5f557fb0d838 2007.0/i586/apache-htcacheclean-2.2.3-1.2mdv2007.0.i586.rpm 86b32442b40c9e8ee9ba4bc1def61157 2007.0/i586/apache-mod_authn_dbd-2.2.3-1.2mdv2007.0.i586.rpm a6ca98077bee65a270a7777f6a3f3b60 2007.0/i586/apache-mod_cache-2.2.3-1.2mdv2007.0.i586.rpm 3bf50ab09740de6e718dc38e5320a3f7 2007.0/i586/apache-mod_dav-2.2.3-1.2mdv2007.0.i586.rpm 11e3dde4beab554a1523261979852fee 2007.0/i586/apache-mod_dbd-2.2.3-1.2mdv2007.0.i586.rpm 993926a12a2b5192059961a8bcbf4e2c 2007.0/i586/apache-mod_deflate-2.2.3-1.2mdv2007.0.i586.rpm 8553d309d0b537732375fbf0ab6c3187 2007.0/i586/apache-mod_disk_cache-2.2.3-1.2mdv2007.0.i586.rpm 83a1fce76091ea660989b5b310d545ab 2007.0/i586/apache-mod_file_cache-2.2.3-1.2mdv2007.0.i586.rpm c7799b98922ee0e2f5bd114a3b2f3816 2007.0/i586/apache-mod_ldap-2.2.3-1.2mdv2007.0.i586.rpm b3e79d78c26282b39322910be91cd410 2007.0/i586/apache-mod_mem_cache-2.2.3-1.2mdv2007.0.i586.rpm 6c72e3c58cb10447304328c2f863651a 2007.0/i586/apache-mod_proxy-2.2.3-1.2mdv2007.0.i586.rpm a6d09de71a6b7bf7bb1cafc187777be7 2007.0/i586/apache-mod_proxy_ajp-2.2.3-1.2mdv2007.0.i586.rpm 05eee18af88226fb76766a9b88d843a8 2007.0/i586/apache-mod_ssl-2.2.3-1.2mdv2007.0.i586.rpm c499609426acef2255940cab04a28b5c 2007.0/i586/apache-mod_userdir-2.2.3-1.2mdv2007.0.i586.rpm bcd0563b948d8958de5a8da12e5ecd85 2007.0/i586/apache-modules-2.2.3-1.2mdv2007.0.i586.rpm 5c4777a2db7fd28b233d1bcc1d570a70 2007.0/i586/apache-mpm-prefork-2.2.3-1.2mdv2007.0.i586.rpm fa38945281388cfd4d37d2f98187a0b0 2007.0/i586/apache-mpm-worker-2.2.3-1.2mdv2007.0.i586.rpm 30e14fac38a58a8ab4bf59a6ecb59f9a 2007.0/i586/apache-source-2.2.3-1.2mdv2007.0.i586.rpm 9bf612bc66eff80fe93f34151959eede 2007.0/SRPMS/apache-2.2.3-1.2mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64: 3301ff7aa05c7cb14eecfc82d1d7fe33 2007.0/x86_64/apache-base-2.2.3-1.2mdv2007.0.x86_64.rpm f0f6cc2cc841959558ab0222d975a9cc 2007.0/x86_64/apache-devel-2.2.3-1.2mdv2007.0.x86_64.rpm 7bf4dbf62cd08717fc3704798d0c839d 2007.0/x86_64/apache-htcacheclean-2.2.3-1.2mdv2007.0.x86_64.rpm ecb3772fac317f54303d1d67c2b1c7a2 2007.0/x86_64/apache-mod_authn_dbd-2.2.3-1.2mdv2007.0.x86_64.rpm c6cb91541e0f7a24b337da09ee7eb248 2007.0/x86_64/apache-mod_cache-2.2.3-1.2mdv2007.0.x86_64.rpm f39c5879ff62c5d8dcc41ae73d1ca0cd 2007.0/x86_64/apache-mod_dav-2.2.3-1.2mdv2007.0.x86_64.rpm 562dc2a4e6246fa7dde9986af40ec847 2007.0/x86_64/apache-mod_dbd-2.2.3-1.2mdv2007.0.x86_64.rpm 7be58654d28b2fc0207c3e44370cd118 2007.0/x86_64/apache-mod_deflate-2.2.3-1.2mdv2007.0.x86_64.rpm 6e4314853613d0d9fdd048c8ee96a510 2007.0/x86_64/apache-mod_disk_cache-2.2.3-1.2mdv2007.0.x86_64.rpm 5fd5dc78b84bb5579291d27f626cb660 2007.0/x86_64/apache-mod_file_cache-2.2.3-1.2mdv2007.0.x86_64.rpm d5eecb080611220807820106c24b1e22 2007.0/x86_64/apache-mod_ldap-2.2.3-1.2mdv2007.0.x86_64.rpm bed61f6dcb6311d99fb97225a0b48849 2007.0/x86_64/apache-mod_mem_cache-2.2.3-1.2mdv2007.0.x86_64.rpm f0d3bb15ba884824380ef1cf0bd129b8 2007.0/x86_64/apache-mod_proxy-2.2.3-1.2mdv2007.0.x86_64.rpm 8f8969581110089a51cf506b8566315e 2007.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.2mdv2007.0.x86_64.rpm 1a40d73c8fbbae8868f09ef947407dad 2007.0/x86_64/apache-mod_ssl-2.2.3-1.2mdv2007.0.x86_64.rpm 0cd432c837a9ba4795bda96b1d3cc98c 2007.0/x86_64/apache-mod_userdir-2.2.3-1.2mdv2007.0.x86_64.rpm f05d88bc8f9c163ca787c30e7bd84e52 2007.0/x86_64/apache-modules-2.2.3-1.2mdv2007.0.x86_64.rpm f5431063918c470fa1ccd6e23db4c70d 2007.0/x86_64/apache-mpm-prefork-2.2.3-1.2mdv2007.0.x86_64.rpm 0db10b3a236c2f59a93eb2bc6ee6c35d 2007.0/x86_64/apache-mpm-worker-2.2.3-1.2mdv2007.0.x86_64.rpm 71f52e6e3afba9d1d923cc64291eb98f 2007.0/x86_64/apache-source-2.2.3-1.2mdv2007.0.x86_64.rpm 9bf612bc66eff80fe93f34151959eede 2007.0/SRPMS/apache-2.2.3-1.2mdv2007.0.src.rpm
Mandriva Linux 2007.1: e443a21ce0b058aede2aaf82d12d22f7 2007.1/i586/apache-base-2.2.4-6.3mdv2007.1.i586.rpm 6d17234fb69995d52c012bb22f52bab3 2007.1/i586/apache-devel-2.2.4-6.3mdv2007.1.i586.rpm 6a44621592a2320b6d0e9549eceea6a9 2007.1/i586/apache-htcacheclean-2.2.4-6.3mdv2007.1.i586.rpm d0405211b42d562933cd2f802a4276bc 2007.1/i586/apache-mod_authn_dbd-2.2.4-6.3mdv2007.1.i586.rpm 3fd09fafa06eb4e08ad975f9972f28f8 2007.1/i586/apache-mod_cache-2.2.4-6.3mdv2007.1.i586.rpm d61498465662a9c4a7f77f2dcc9438a7 2007.1/i586/apache-mod_dav-2.2.4-6.3mdv2007.1.i586.rpm fbb6c3ccfd793a8f2b9889ed399d5aad 2007.1/i586/apache-mod_dbd-2.2.4-6.3mdv2007.1.i586.rpm 0e67be9eaacb5f8686acdd95d26b8b47 2007.1/i586/apache-mod_deflate-2.2.4-6.3mdv2007.1.i586.rpm f1a050f23e3bc518b8aecd3c6cd5fd91 2007.1/i586/apache-mod_disk_cache-2.2.4-6.3mdv2007.1.i586.rpm d95079c4a7627fe47d529dbe99549023 2007.1/i586/apache-mod_file_cache-2.2.4-6.3mdv2007.1.i586.rpm b24dcaec7dc26c107ff0962d46c7b3a1 2007.1/i586/apache-mod_ldap-2.2.4-6.3mdv2007.1.i586.rpm 98e97b3bd11ca7939aef2bae47c2c497 2007.1/i586/apache-mod_mem_cache-2.2.4-6.3mdv2007.1.i586.rpm bffefef1346635e79f04d0ae56169ab1 2007.1/i586/apache-mod_proxy-2.2.4-6.3mdv2007.1.i586.rpm 0c5881d9e76e9ae20470a954200465ae 2007.1/i586/apache-mod_proxy_ajp-2.2.4-6.3mdv2007.1.i586.rpm 21f665113f11b4b88330b887254023f8 2007.1/i586/apache-mod_ssl-2.2.4-6.3mdv2007.1.i586.rpm 192801a60a254a58b57e2f1377ce42c4 2007.1/i586/apache-mod_userdir-2.2.4-6.3mdv2007.1.i586.rpm 51fc25858a4ee79d2fd2cfe460c90708 2007.1/i586/apache-modules-2.2.4-6.3mdv2007.1.i586.rpm d6256083a3df248847340d3c14ecb9ff 2007.1/i586/apache-mpm-event-2.2.4-6.3mdv2007.1.i586.rpm 1359ad128d2d7a24d9211cf7f0276e15 2007.1/i586/apache-mpm-itk-2.2.4-6.3mdv2007.1.i586.rpm d65ac7009e90022455c79debf48cdbdb 2007.1/i586/apache-mpm-prefork-2.2.4-6.3mdv2007.1.i586.rpm f1d8883b5e633cbb6e3832e7b3c4a4cb 2007.1/i586/apache-mpm-worker-2.2.4-6.3mdv2007.1.i586.rpm 947251a0ac81cb912bc4c900bb80e6e7 2007.1/i586/apache-source-2.2.4-6.3mdv2007.1.i586.rpm 299d821f2388c0b4eb49992472225564 2007.1/SRPMS/apache-2.2.4-6.3mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64: 444c86d0a5711e30534400781c0cbcf1 2007.1/x86_64/apache-base-2.2.4-6.3mdv2007.1.x86_64.rpm 02514acbf20766b1486389ce4d3e1ed0 2007.1/x86_64/apache-devel-2.2.4-6.3mdv2007.1.x86_64.rpm f6f4126d5a414d7ca686395173aaa3b4 2007.1/x86_64/apache-htcacheclean-2.2.4-6.3mdv2007.1.x86_64.rpm 1a45be10e44347c913d6493a0d3ad25f 2007.1/x86_64/apache-mod_authn_dbd-2.2.4-6.3mdv2007.1.x86_64.rpm 5e6df108e6fb0083ffe96810f41bc9ea 2007.1/x86_64/apache-mod_cache-2.2.4-6.3mdv2007.1.x86_64.rpm 31877eb202cbc9cf0869a3d7bc51b47a 2007.1/x86_64/apache-mod_dav-2.2.4-6.3mdv2007.1.x86_64.rpm 33a4ce4f105fbed60b2cdfc73fd524c6 2007.1/x86_64/apache-mod_dbd-2.2.4-6.3mdv2007.1.x86_64.rpm e093528141ed7cd178ae27743ed4ea69 2007.1/x86_64/apache-mod_deflate-2.2.4-6.3mdv2007.1.x86_64.rpm 697a3930734d4570db3aeadc0aac2032 2007.1/x86_64/apache-mod_disk_cache-2.2.4-6.3mdv2007.1.x86_64.rpm c8a20e21d7b07363c8efc8b23078a5e8 2007.1/x86_64/apache-mod_file_cache-2.2.4-6.3mdv2007.1.x86_64.rpm d42e4f3cc5ca6ac006d3e4bb7a750273 2007.1/x86_64/apache-mod_ldap-2.2.4-6.3mdv2007.1.x86_64.rpm e8fc195d18dbb431257dd816bdfa7845 2007.1/x86_64/apache-mod_mem_cache-2.2.4-6.3mdv2007.1.x86_64.rpm ce7184cd8abf4aa7c98d47a64133c19f 2007.1/x86_64/apache-mod_proxy-2.2.4-6.3mdv2007.1.x86_64.rpm 98957b99a54cb32d6ba055d5f059b7ec 2007.1/x86_64/apache-mod_proxy_ajp-2.2.4-6.3mdv2007.1.x86_64.rpm 17b824837cf63210790e6201154cb94a 2007.1/x86_64/apache-mod_ssl-2.2.4-6.3mdv2007.1.x86_64.rpm 5a2d9f93603eebdde04f8967a07b063d 2007.1/x86_64/apache-mod_userdir-2.2.4-6.3mdv2007.1.x86_64.rpm 44f0ad99c93ae8905a2d32b799dc1520 2007.1/x86_64/apache-modules-2.2.4-6.3mdv2007.1.x86_64.rpm c5c469771e2f25683ddba3f694e28968 2007.1/x86_64/apache-mpm-event-2.2.4-6.3mdv2007.1.x86_64.rpm b691f2e760bdd30c797e46269842a437 2007.1/x86_64/apache-mpm-itk-2.2.4-6.3mdv2007.1.x86_64.rpm fa3551d06a7af5a31a040f90dd215a1d 2007.1/x86_64/apache-mpm-prefork-2.2.4-6.3mdv2007.1.x86_64.rpm 8d2a09ba2b175cd36bbc0dc6dc4c18ea 2007.1/x86_64/apache-mpm-worker-2.2.4-6.3mdv2007.1.x86_64.rpm 7037cb86ca137f40364749a0933b432c 2007.1/x86_64/apache-source-2.2.4-6.3mdv2007.1.x86_64.rpm 299d821f2388c0b4eb49992472225564 2007.1/SRPMS/apache-2.2.4-6.3mdv2007.1.src.rpm
Corporate 3.0: 5bbdb8ac0d8133c1b09d373cbe35f5ea corporate/3.0/i586/apache2-2.0.48-6.15.C30mdk.i586.rpm e14dfcec88913b5245d683502ff684d1 corporate/3.0/i586/apache2-common-2.0.48-6.15.C30mdk.i586.rpm 642b4136b2e2915db59801888b41d1e6 corporate/3.0/i586/apache2-devel-2.0.48-6.15.C30mdk.i586.rpm c8824d8aa09e4917f9b35b1c659b5181 corporate/3.0/i586/apache2-manual-2.0.48-6.15.C30mdk.i586.rpm 09af9e7945caec7163a12be1a14302ee corporate/3.0/i586/apache2-mod_cache-2.0.48-6.15.C30mdk.i586.rpm 374a782a9211ee321f31a4e716d6bb97 corporate/3.0/i586/apache2-mod_dav-2.0.48-6.15.C30mdk.i586.rpm 88a31c94bc077aa0a91f000b839d4b69 corporate/3.0/i586/apache2-mod_deflate-2.0.48-6.15.C30mdk.i586.rpm 8e55a5d1949805b0a6a4f84d571ab4ff corporate/3.0/i586/apache2-mod_disk_cache-2.0.48-6.15.C30mdk.i586.rpm 16b573b8a914ab130ac660cce8bddfdb corporate/3.0/i586/apache2-mod_file_cache-2.0.48-6.15.C30mdk.i586.rpm 68fdee10fc216a354849a6fc5d89e7cf corporate/3.0/i586/apache2-mod_ldap-2.0.48-6.15.C30mdk.i586.rpm 9e75fe104df971a7a707efb0d6735288 corporate/3.0/i586/apache2-mod_mem_cache-2.0.48-6.15.C30mdk.i586.rpm 006f66a419a5f81085bc6fd74e4c1235 corporate/3.0/i586/apache2-mod_proxy-2.0.48-6.15.C30mdk.i586.rpm f0910407a4042202cec58ebdb74127d3 corporate/3.0/i586/apache2-mod_ssl-2.0.48-6.15.C30mdk.i586.rpm 43578ffa09c88aa636c6df329cebe81a corporate/3.0/i586/apache2-modules-2.0.48-6.15.C30mdk.i586.rpm c5c8b21b0bbc8e57f81baa317ccba3f3 corporate/3.0/i586/apache2-source-2.0.48-6.15.C30mdk.i586.rpm f38fcbb77b956304d63d36ad7b003b05 corporate/3.0/i586/libapr0-2.0.48-6.15.C30mdk.i586.rpm aab66cf8d305132c45dfa6b8b5fced4d corporate/3.0/SRPMS/apache2-2.0.48-6.15.C30mdk.src.rpm
Corporate 3.0/X86_64: 52f3a65b7c0e82d517e66d4b176aa33e corporate/3.0/x86_64/apache2-2.0.48-6.15.C30mdk.x86_64.rpm b54119aca1142e9e9a848cbc18f2a5d0 corporate/3.0/x86_64/apache2-common-2.0.48-6.15.C30mdk.x86_64.rpm e5ac1fdacf86a8214105cc13d3c439aa corporate/3.0/x86_64/apache2-devel-2.0.48-6.15.C30mdk.x86_64.rpm 1bc73ab39962a806585f1c669b8c1f7e corporate/3.0/x86_64/apache2-manual-2.0.48-6.15.C30mdk.x86_64.rpm 87af39a3721856a710383cd51815fbaf corporate/3.0/x86_64/apache2-mod_cache-2.0.48-6.15.C30mdk.x86_64.rpm c03c3c1774c1baafaf44a4bb17ca74c6 corporate/3.0/x86_64/apache2-mod_dav-2.0.48-6.15.C30mdk.x86_64.rpm 0ef802c1187c979d48db6ae4672fb21b corporate/3.0/x86_64/apache2-mod_deflate-2.0.48-6.15.C30mdk.x86_64.rpm c7d6772332baffc85fd1472e018f5546 corporate/3.0/x86_64/apache2-mod_disk_cache-2.0.48-6.15.C30mdk.x86_64.rpm 45965308167632623ff93de397d4041d corporate/3.0/x86_64/apache2-mod_file_cache-2.0.48-6.15.C30mdk.x86_64.rpm 17e2a48cc23d7983351706745c7cd553 corporate/3.0/x86_64/apache2-mod_ldap-2.0.48-6.15.C30mdk.x86_64.rpm 5b047d484852dd9a2000028d8dcfb7e6 corporate/3.0/x86_64/apache2-mod_mem_cache-2.0.48-6.15.C30mdk.x86_64.rpm a5f32074ec310263bc03648b81d44173 corporate/3.0/x86_64/apache2-mod_proxy-2.0.48-6.15.C30mdk.x86_64.rpm 79c4a90fa0ab3bfa8dbe9b12daeff4cd corporate/3.0/x86_64/apache2-mod_ssl-2.0.48-6.15.C30mdk.x86_64.rpm 15af8e5591d5ff99f5c157a0c01d4174 corporate/3.0/x86_64/apache2-modules-2.0.48-6.15.C30mdk.x86_64.rpm 462316c74fff690d2e98116ddf614d54 corporate/3.0/x86_64/apache2-source-2.0.48-6.15.C30mdk.x86_64.rpm 20553b85bf243e5986af1a3551549ed8 corporate/3.0/x86_64/lib64apr0-2.0.48-6.15.C30mdk.x86_64.rpm aab66cf8d305132c45dfa6b8b5fced4d corporate/3.0/SRPMS/apache2-2.0.48-6.15.C30mdk.src.rpm
Corporate 4.0: 7d50fe1ac32dec6c4d57dd850950bdb1 corporate/4.0/i586/apache-base-2.2.3-1.2.20060mlcs4.i586.rpm 775785cf1a22f45a64d800fdfcc4a8bc corporate/4.0/i586/apache-devel-2.2.3-1.2.20060mlcs4.i586.rpm 79b64bb1793933f1c8b83e7eee2d4cfa corporate/4.0/i586/apache-htcacheclean-2.2.3-1.2.20060mlcs4.i586.rpm eac03081a34897376d542b7032dd03c2 corporate/4.0/i586/apache-mod_authn_dbd-2.2.3-1.2.20060mlcs4.i586.rpm 2c223bb1645aadfba8e6d1d6a2c8756c corporate/4.0/i586/apache-mod_cache-2.2.3-1.2.20060mlcs4.i586.rpm e4c4c07473f9644fc146e2f4d9ce95c8 corporate/4.0/i586/apache-mod_dav-2.2.3-1.2.20060mlcs4.i586.rpm 13f85bc068b14e497873c6028520580a corporate/4.0/i586/apache-mod_dbd-2.2.3-1.2.20060mlcs4.i586.rpm aaa52a86e4a6d3e5322fa140edc5535a corporate/4.0/i586/apache-mod_deflate-2.2.3-1.2.20060mlcs4.i586.rpm 574e07826a89f78883f2cfb3ca224e8c corporate/4.0/i586/apache-mod_disk_cache-2.2.3-1.2.20060mlcs4.i586.rpm 451efb60480fd0680b6c4f955c46ccf4 corporate/4.0/i586/apache-mod_file_cache-2.2.3-1.2.20060mlcs4.i586.rpm 73fa350b85ea63a5b3f69d8d387474aa corporate/4.0/i586/apache-mod_ldap-2.2.3-1.2.20060mlcs4.i586.rpm d2364f995210cdbbe324df10d49bef98 corporate/4.0/i586/apache-mod_mem_cache-2.2.3-1.2.20060mlcs4.i586.rpm 145b17e675a42bed7b3a8c5ee883cf45 corporate/4.0/i586/apache-mod_proxy-2.2.3-1.2.20060mlcs4.i586.rpm 92b82835be476736295c15954f2a9eb6 corporate/4.0/i586/apache-mod_proxy_ajp-2.2.3-1.2.20060mlcs4.i586.rpm 0dd6c7df0e3ea475b6b2d50ef4aa5ac0 corporate/4.0/i586/apache-mod_ssl-2.2.3-1.2.20060mlcs4.i586.rpm d579208689ec9a72a599bf3510bdf942 corporate/4.0/i586/apache-mod_userdir-2.2.3-1.2.20060mlcs4.i586.rpm 6fd43dfcfc649c8bcd4692ba9ebeee07 corporate/4.0/i586/apache-modules-2.2.3-1.2.20060mlcs4.i586.rpm 9fbf1dde58f17e3f0f29a8c3f1e1b6b6 corporate/4.0/i586/apache-mpm-prefork-2.2.3-1.2.20060mlcs4.i586.rpm 72f26a52381b68a8bbc6e2fcc9c0ac8c corporate/4.0/i586/apache-mpm-worker-2.2.3-1.2.20060mlcs4.i586.rpm 99a935e7047a27043159b6555d3444c7 corporate/4.0/i586/apache-source-2.2.3-1.2.20060mlcs4.i586.rpm 07d86b59ebeb3596997f6c3a64242d45 corporate/4.0/SRPMS/apache-2.2.3-1.2.20060mlcs4.src.rpm
Corporate 4.0/X86_64: 35a789ac173ed3cc0dda52270a194bad corporate/4.0/x86_64/apache-base-2.2.3-1.2.20060mlcs4.x86_64.rpm e9df753a94dfb136780651ac743e50eb corporate/4.0/x86_64/apache-devel-2.2.3-1.2.20060mlcs4.x86_64.rpm 3964c83541baaf5af0ccc828282a1954 corporate/4.0/x86_64/apache-htcacheclean-2.2.3-1.2.20060mlcs4.x86_64.rpm 554ea610010d5f361bcc87d75d8d0f6f corporate/4.0/x86_64/apache-mod_authn_dbd-2.2.3-1.2.20060mlcs4.x86_64.rpm 051c20e0f062d50a01c51ebad7dcb96d corporate/4.0/x86_64/apache-mod_cache-2.2.3-1.2.20060mlcs4.x86_64.rpm 59a05bd258ba6b4729238885d2fc0273 corporate/4.0/x86_64/apache-mod_dav-2.2.3-1.2.20060mlcs4.x86_64.rpm ceb391b54796f3ea763b81c5085da16c corporate/4.0/x86_64/apache-mod_dbd-2.2.3-1.2.20060mlcs4.x86_64.rpm 307726e1c4dfcca90093c19e3d17f504 corporate/4.0/x86_64/apache-mod_deflate-2.2.3-1.2.20060mlcs4.x86_64.rpm 1500f6520843c6604192e4a621d5b9f1 corporate/4.0/x86_64/apache-mod_disk_cache-2.2.3-1.2.20060mlcs4.x86_64.rpm e0ac5eb68e21253d33928fa28f0acb25 corporate/4.0/x86_64/apache-mod_file_cache-2.2.3-1.2.20060mlcs4.x86_64.rpm 21c68fdaf26b13ed2177bf458979df1e corporate/4.0/x86_64/apache-mod_ldap-2.2.3-1.2.20060mlcs4.x86_64.rpm 28ef0171caf2d11cca8fe4f0bf2473db corporate/4.0/x86_64/apache-mod_mem_cache-2.2.3-1.2.20060mlcs4.x86_64.rpm 019893e83acbfb730f79a8eb364ea042 corporate/4.0/x86_64/apache-mod_proxy-2.2.3-1.2.20060mlcs4.x86_64.rpm 202b1fc0dd2d9364530abbbb13f799b0 corporate/4.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.2.20060mlcs4.x86_64.rpm 5cd3084106482b3f01b41cd716c702b8 corporate/4.0/x86_64/apache-mod_ssl-2.2.3-1.2.20060mlcs4.x86_64.rpm 6a18ec0935144ead6f037f41e852a892 corporate/4.0/x86_64/apache-mod_userdir-2.2.3-1.2.20060mlcs4.x86_64.rpm 622bb60b53fb48aef1b5a7fc94be3298 corporate/4.0/x86_64/apache-modules-2.2.3-1.2.20060mlcs4.x86_64.rpm f573d1aef5f29f14f8764fce5ea31a1d corporate/4.0/x86_64/apache-mpm-prefork-2.2.3-1.2.20060mlcs4.x86_64.rpm 842d5d6ef1c73fcb0b41b9ff18a75960 corporate/4.0/x86_64/apache-mpm-worker-2.2.3-1.2.20060mlcs4.x86_64.rpm 1cae994b8a6fb2d2aa9a803d7bb3178d corporate/4.0/x86_64/apache-source-2.2.3-1.2.20060mlcs4.x86_64.rpm 07d86b59ebeb3596997f6c3a64242d45 corporate/4.0/SRPMS/apache-2.2.3-1.2.20060mlcs4.src.rpm
Multi Network Firewall 2.0: 463f2a0de557bfcf7ae0655e5381b22f mnf/2.0/i586/apache2-2.0.48-6.16.M20mdk.i586.rpm 56117551a5480c85920263bcefb32c09 mnf/2.0/i586/apache2-common-2.0.48-6.16.M20mdk.i586.rpm c7496b0bb82f802cd8d17819ee1308bc mnf/2.0/i586/apache2-devel-2.0.48-6.16.M20mdk.i586.rpm 6be15ca61d9a7cc4cc4c7e4e55c4ffd1 mnf/2.0/i586/apache2-manual-2.0.48-6.16.M20mdk.i586.rpm 766a15298990769f14e5ad00745b9c7f mnf/2.0/i586/apache2-mod_cache-2.0.48-6.16.M20mdk.i586.rpm 21d7b83f3e1b80874c5c007c6659c470 mnf/2.0/i586/apache2-mod_dav-2.0.48-6.16.M20mdk.i586.rpm 417055a9758a47db50fcd7ec0a7d4047 mnf/2.0/i586/apache2-mod_deflate-2.0.48-6.16.M20mdk.i586.rpm 90d4aa462e8edf12c52216fa4eeac6a1 mnf/2.0/i586/apache2-mod_disk_cache-2.0.48-6.16.M20mdk.i586.rpm fbeb5bc02ada67198541cb4e1c2b1b27 mnf/2.0/i586/apache2-mod_file_cache-2.0.48-6.16.M20mdk.i586.rpm 0f2e617217d9f418182ca89bab9703f0 mnf/2.0/i586/apache2-mod_ldap-2.0.48-6.16.M20mdk.i586.rpm 50e9dc2b73be1f0f3a45ca7da1adbcbf mnf/2.0/i586/apache2-mod_mem_cache-2.0.48-6.16.M20mdk.i586.rpm 8352541a45d2c76ab840ca6f4b070ffb mnf/2.0/i586/apache2-mod_proxy-2.0.48-6.16.M20mdk.i586.rpm 5744f88c6e59f26418f1f3f531f30734 mnf/2.0/i586/apache2-mod_ssl-2.0.48-6.16.M20mdk.i586.rpm 874dc6a00a02630401f7efeadc93935e mnf/2.0/i586/apache2-modules-2.0.48-6.16.M20mdk.i586.rpm efbd0f5ac6f292474d29f83d36bf86eb mnf/2.0/i586/apache2-source-2.0.48-6.16.M20mdk.i586.rpm 15bd1fcd65bd487b6fd5bba0a8ec530d mnf/2.0/i586/libapr0-2.0.48-6.16.M20mdk.i586.rpm 0e6b7bac08407b02457479763d27e885 mnf/2.0/SRPMS/apache2-2.0.48-6.16.M20mdk.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFHVGk3mqjQ0CJFipgRAi2wAKCPuJzkUkyI8lcVRJ3Vu6IbvxMFrQCg3Qxf w5lEeF1m8B+hT513FJVA1po= =c4oi -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200708-0612", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "6.06" }, { "model": "http server", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "2.2.0" }, { "model": "fedora core", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "6" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "7.10" }, { "model": "http server", "scope": "lt", "trust": 1.0, "vendor": "apache", "version": "2.2.6" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "7" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "6.10" }, { "model": "http server", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "2.0.35" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "7.04" }, { "model": "http server", "scope": "lt", "trust": 1.0, "vendor": "apache", "version": "2.0.61" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "3.0" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 5" }, { "model": "http server", "scope": "lte", "trust": 0.8, "vendor": "apache", "version": "2.0.59 and earlier" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "3 (x86-64)" }, { "model": "web server", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "rhel desktop workstation", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (client)" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "3 (x86)" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4 (ws)" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4 (es)" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "st ard" }, { "model": "interstage application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage apworks", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.5.2" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "enterprise" }, { "model": "cosminexus server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "web edition version 4" }, { "model": "cosminexus server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "web edition" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.23" }, { "model": "cosminexus server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "enterprise edition" }, { "model": "http server", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "1.3.28" }, { "model": "interstage application framework suite", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "http server", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "6.1.0.13" }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "enterprise version 6" }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 5" }, { "model": "cosminexus server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "st ard edition" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "3 (as)" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.4.11" }, { "model": "http server", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "2.0.47" }, { "model": "systemwalker resource coordinator", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "http server", "scope": "lte", "trust": 0.8, "vendor": "apache", "version": "2.2.4 and earlier" }, { "model": "http server", "scope": "lt", "trust": 0.8, "vendor": "ibm", "version": "version" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "st ard version 6" }, { "model": "http server", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "6.0.2.23" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional version 6" }, { "model": "cosminexus server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "st ard edition version 4" }, { "model": "interstage web server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4 (as)" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "light" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4.0" }, { "model": "interstage studio", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "3.0" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "3.0 (x86-64)" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "st ard" }, { "model": "interstage business application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "light version 6" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "3 (es)" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.11" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.31" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "4.0 (x86-64)" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.4.11" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (server)" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5.0 (client)" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "3 (ws)" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional" }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "st ard version 6" }, { "model": "ucosminexus service", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "architect" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "4.0" }, { "model": "ucosminexus service", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "platform" }, { "model": "http server", "scope": null, "trust": 0.8, "vendor": "oracle", "version": null }, { "model": "interstage job workload server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.3.0" }, { "model": "workstation", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "6.5.2" }, { "model": "workstation", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "6.5.1" }, { "model": "player", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.5.2" }, { "model": "player", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.5.1" }, { "model": "ace", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.5.2" }, { "model": "ace", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.5.1" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "7.10" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "7.10" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "7.10" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "7.10" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "7.04" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "7.04" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "7.04" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "7.04" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.10" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.10" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.10" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.10" }, { "model": "linux lts sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.06" }, { "model": "linux lts powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.06" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.06" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.06" }, { "model": "server", "scope": "eq", "trust": 0.3, "vendor": "turbolinux", "version": "10.0x86" }, { "model": "server", "scope": "eq", "trust": 0.3, "vendor": "turbolinux", "version": "10.0.0x64" }, { "model": "fuji", "scope": "eq", "trust": 0.3, "vendor": "turbolinux", "version": "0" }, { "model": "appliance server", "scope": "eq", "trust": 0.3, "vendor": "turbolinux", "version": "2.0" }, { "model": "linux enterprise server", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "9" }, { "model": "linux enterprise server sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "linux enterprise sdk 10.sp1", "scope": null, "trust": 0.3, "vendor": "suse", "version": null }, { "model": "linux enterprise sdk", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10.3" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "10.2" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "10.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "10.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "9.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "9.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "8.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "11.0" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.2" }, { "model": "open-enterprise-server", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "0" }, { "model": "novell linux pos", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "9" }, { "model": "novell linux desktop sdk", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "9.0" }, { "model": "novell linux desktop", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "9.0" }, { "model": "linux professional oss", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.0" }, { "model": "linux professional", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.1" }, { "model": "linux personal oss", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.0" }, { "model": "linux personal", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "rpath", "version": "1" }, { "model": "enterprise linux ws", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "enterprise linux ws", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "3" }, { "model": "enterprise linux es", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "enterprise linux es", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "3" }, { "model": "enterprise linux desktop workstation client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4.0" }, { "model": "desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "3.0" }, { "model": "certificate server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7.3" }, { "model": "application stack", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "v20" }, { "model": "application stack for enterprise linux es", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "v14" }, { "model": "application stack for enterprise linux as", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "v14" }, { "model": "hat fedora core7", "scope": null, "trust": 0.3, "vendor": "red", "version": null }, { "model": "hat fedora core6", "scope": null, "trust": 0.3, "vendor": "red", "version": null }, { "model": "hat enterprise linux desktop client", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "hat enterprise linux as", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "4" }, { "model": "hat enterprise linux as", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "3" }, { "model": "hat enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2007.1" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2007.1" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2007.0" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2007.0" }, { "model": "multi network firewall", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "2.0" }, { "model": "corporate server x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "4.0" }, { "model": "corporate server x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "3.0" }, { "model": "corporate server", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "3.0" }, { "model": "corporate server", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "4.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.9" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.8" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.7" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.6" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.5" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.4" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.3" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.2" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.11" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.1" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.47.1" }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "hp-ux b.11.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "interstage studio standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage studio standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "interstage studio enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage studio enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "interstage job workload server", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.1" }, { "model": "interstage business application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.0" }, { "model": "interstage apworks standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0" }, { "model": "interstage apworks modelers-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage apworks modelers-j edition 6.0a", "scope": null, "trust": 0.3, "vendor": "fujitsu", "version": null }, { "model": "interstage apworks modelers-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage apworks enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0" }, { "model": "interstage application server web-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "interstage application server standard-j edition a", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.2" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0" }, { "model": "interstage application server standard edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "interstage application server plus developer", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0.1" }, { "model": "interstage application server plus developer", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage application server plus developer", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0.1" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0.1" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server enterprise edition a", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.2" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0.1" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0.1" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage application server enterprise edition 6.0a", "scope": null, "trust": 0.3, "vendor": "fujitsu", "version": null }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "messaging storage server mm3.0", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "message networking mn", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1" }, { "model": "intuity audix lx", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1" }, { "model": "communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1.1" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1.4" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1.3" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.11" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.10" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.9" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.8" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.7" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.6" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.5" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.11" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.10" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.9" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.7" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.4" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.3" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.2" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.59" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.58" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.55" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.54" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.53" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.52" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.51" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.50" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.49" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.48" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.47" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.46" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.45" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.44" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.43" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.42" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.40" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.39" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.37" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.36" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.35" }, { "model": "software foundation apache", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": "1.3.41" }, { "model": "software foundation apache 2.2.6-dev", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": null }, { "model": "software foundation apache 2.0.61-dev", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": null } ], "sources": [ { "db": "BID", "id": "25489" }, { "db": "JVNDB", "id": "JVNDB-2007-000638" }, { "db": "CNNVD", "id": "CNNVD-200708-391" }, { "db": "NVD", "id": "CVE-2007-3847" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:apache:http_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:ibm:http_server", "vulnerable": true }, { "cpe22Uri": "cpe:/o:apple:mac_os_x", "vulnerable": true }, { "cpe22Uri": "cpe:/o:apple:mac_os_x_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:oracle:http_server", "vulnerable": true }, { "cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server", "vulnerable": true }, { "cpe22Uri": "cpe:/o:hp:hp-ux", "vulnerable": true }, { "cpe22Uri": "cpe:/o:redhat:enterprise_linux", "vulnerable": true }, { "cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop", "vulnerable": true }, { "cpe22Uri": "cpe:/o:redhat:rhel_desktop_workstation", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_developer", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:hitachi_web_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_service", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_framework_suite", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_apworks", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_job_workload_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_studio", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_web_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_resource_coordinator", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2007-000638" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The vendor disclosed this vulnerability.", "sources": [ { "db": "BID", "id": "25489" }, { "db": "CNNVD", "id": "CNNVD-200708-391" } ], "trust": 0.9 }, "cve": "CVE-2007-3847", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2007-3847", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2007-3847", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2007-3847", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-200708-391", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2007-3847", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2007-3847" }, { "db": "JVNDB", "id": "JVNDB-2007-000638" }, { "db": "CNNVD", "id": "CNNVD-200708-391" }, { "db": "NVD", "id": "CVE-2007-3847" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read. Apache HTTP Server of mod_proxy The module includes modules/proxy/proxy_util.c When an invalid data header is processed in the service, the read operation is executed beyond the buffer area, resulting in an interruption in service operation. (DoS) There is a vulnerability that becomes a condition.When processing a specially crafted data header by a third party, the proxy server cache processing crashes and disrupts service operation (DoS) It may be in a state. The Apache mod_proxy module is prone to a denial-of-service vulnerability. \nA remote attacker may be able to exploit this issue to crash the child process. This could lead to denial-of-service conditions if the server is using a multithreaded Multi-Processing Module (MPM). =========================================================== \nUbuntu Security Notice USN-575-1 February 04, 2008\napache2 vulnerabilities\nCVE-2006-3918, CVE-2007-3847, CVE-2007-4465, CVE-2007-5000,\nCVE-2007-6388, CVE-2007-6421, CVE-2007-6422, CVE-2008-0005\n===========================================================\n\nA security issue affects the following Ubuntu releases:\n\nUbuntu 6.06 LTS\nUbuntu 6.10\nUbuntu 7.04\nUbuntu 7.10\n\nThis advisory also applies to the corresponding versions of\nKubuntu, Edubuntu, and Xubuntu. \n\nThe problem can be corrected by upgrading your system to the\nfollowing package versions:\n\nUbuntu 6.06 LTS:\n apache2-mpm-perchild 2.0.55-4ubuntu2.3\n apache2-mpm-prefork 2.0.55-4ubuntu2.3\n apache2-mpm-worker 2.0.55-4ubuntu2.3\n\nUbuntu 6.10:\n apache2-mpm-perchild 2.0.55-4ubuntu4.2\n apache2-mpm-prefork 2.0.55-4ubuntu4.2\n apache2-mpm-worker 2.0.55-4ubuntu4.2\n\nUbuntu 7.04:\n apache2-mpm-event 2.2.3-3.2ubuntu2.1\n apache2-mpm-perchild 2.2.3-3.2ubuntu2.1\n apache2-mpm-prefork 2.2.3-3.2ubuntu2.1\n apache2-mpm-worker 2.2.3-3.2ubuntu2.1\n\nUbuntu 7.10:\n apache2-mpm-event 2.2.4-3ubuntu0.1\n apache2-mpm-perchild 2.2.4-3ubuntu0.1\n apache2-mpm-prefork 2.2.4-3ubuntu0.1\n apache2-mpm-worker 2.2.4-3ubuntu0.1\n\nIn general, a standard system upgrade is sufficient to effect the\nnecessary changes. \n\nDetails follow:\n\nIt was discovered that Apache did not sanitize the Expect header from\nan HTTP request when it is reflected back in an error message, which\ncould result in browsers becoming vulnerable to cross-site scripting\nattacks when processing the output. With cross-site scripting\nvulnerabilities, if a user were tricked into viewing server output\nduring a crafted server request, a remote attacker could exploit this\nto modify the contents, or steal confidential data (such as passwords),\nwithin the same domain. This was only vulnerable in Ubuntu 6.06. \n(CVE-2006-3918)\n\nIt was discovered that when configured as a proxy server and using a\nthreaded MPM, Apache did not properly sanitize its input. By default, mod_proxy is disabled in\nUbuntu. (CVE-2007-3847)\n\nIt was discovered that mod_autoindex did not force a character set,\nwhich could result in browsers becoming vulnerable to cross-site\nscripting attacks when processing the output. (CVE-2007-4465)\n\nIt was discovered that mod_imap/mod_imagemap did not force a\ncharacter set, which could result in browsers becoming vulnerable\nto cross-site scripting attacks when processing the output. By\ndefault, mod_imap/mod_imagemap is disabled in Ubuntu. (CVE-2007-5000)\n\nIt was discovered that mod_status when status pages were available,\nallowed for cross-site scripting attacks. By default, mod_status is\ndisabled in Ubuntu. (CVE-2007-6388)\n\nIt was discovered that mod_proxy_balancer did not sanitize its input,\nwhich could result in browsers becoming vulnerable to cross-site\nscripting attacks when processing the output. By default,\nmod_proxy_balancer is disabled in Ubuntu. This was only vulnerable\nin Ubuntu 7.04 and 7.10. (CVE-2007-6421)\n\nIt was discovered that mod_proxy_balancer could be made to\ndereference a NULL pointer. By\ndefault, mod_proxy_balancer is disabled in Ubuntu. This was only\nvulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-6422)\n\nIt was discovered that mod_proxy_ftp did not force a character set,\nwhich could result in browsers becoming vulnerable to cross-site\nscripting attacks when processing the output. By default,\nmod_proxy_ftp is disabled in Ubuntu. (CVE-2008-0005)\n\n\nUpdated packages for Ubuntu 6.06 LTS:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3.diff.gz\n Size/MD5: 121305 10359a467847b63f8d6603081450fece\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3.dsc\n Size/MD5: 1148 923d0e3dcb5afba32a130aed96ac7214\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz\n Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.3_all.deb\n Size/MD5: 2124588 2befe634f0a889cc2241772f2a7d7164\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 832842 032c077cfeb6ffbc3989c54c27cb729a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 228206 771457a0b555eef325be270e1c22c0c2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 223236 77988570570b779ebf92fcc3dc7dc198\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 227904 945d30797a27c7ac28a96d9c1793b80d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 171402 3b7567107864cf36953e7911a4851738\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 172186 85a591ea061cbc727fc261b046781502\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 94240 b80027348754c493312269f7410b38fe\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 36228 2821ca9410c9cd287e756f05b0f6930c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 285664 76f4879738a0a788414316581ac2010b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 144250 3cd8327429958569a306257da57e8be0\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 786052 7bdddb451607eeb2abb9706641675397\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 202862 a88456a5949fe1da4ad3f6c969d3a886\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 198746 aa72459cae4f5765ccd1b58d275961bc\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 202338 13bbe75f89aeedb6dec9be929528df48\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 171408 34209e19f6ef01cb08aa75c1b3045495\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 172176 4521336ea6f4d87391ee96d70b79f887\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 92182 d8a3310073c017cdc7d3ffd1046a50cf\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 36220 0ae71bd4efdd0fb325864f46ba4f16e7\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 261736 476e8d909e279fac698baf9cf0d62300\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 132160 3efb3c11dd844fbc429eff5818dcdae2\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 859014 a8c42d748bfd616f6a6f1bbbf2224205\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 220254 84f7c2678fbab6b303361d32f1a741a8\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 215932 bee4a6e00371117203647fd3a311658a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 219800 aaf4968deba24912e4981f35a367a086\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 171410 a15c13c0a2ec49e805f9ae83e5db4ae7\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 172198 4e411b4b16daab9a0ddc9ea3651f448d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 103940 dca02b7f5bc6848fa1dc8aa530f04910\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 36222 619ee3ea1064d11a02de092690bfb1e1\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 281280 9325dbc26f57d76254ceca78bee4cff2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 141398 668d7fb9dd196e82601ca6d43a326813\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 803242 120feec10c0dcc370894e2a3bdcd399b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 210668 062841f2fd30c07ff1f5b101a7c1e196\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 206266 35b3b9d4b34844b01576ca7963b5edda\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 209954 4f99e4d02fc93222cb541edb09358b79\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 171404 bd728a86c1a8984d60caeee35da0c451\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 172184 1794886b8aca59cf28cbe28d853f42ae\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 93282 1ae6def788c74750d79055784c0d8006\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 36230 5f1d8e4d19324674a1f5748601431758\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 267832 96c149638daeb993250b18c9f4285abf\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 130082 7a62f71e679a233ca118cb9813ffd3e3\n\nUpdated packages for Ubuntu 6.10:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2.diff.gz\n Size/MD5: 121671 775c3b2d53630ddfb4386cbfdb954861\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2.dsc\n Size/MD5: 1148 a5dd357e0bef2dc308656c6c0af5ca1c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz\n Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu4.2_all.deb\n Size/MD5: 2124902 baf4147b4e4d939a08f20c8ac987abf7\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 836086 e04fced4fc1efd4a192a4016f679bc38\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 227790 27c558402837f9d4c85315dcdde2f4e1\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 222698 a33ef1566dcd4793b0aa633435e8ee44\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 227296 4b3c5e771574d858dd655a9e0a7a5d8c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 171640 bd8fbcd40f5431e6688156ba4b17e960\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 172412 0520836bca78eb64bc97d4a8cc481487\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 94518 8b35759996e50046eca8154ebc63fc1f\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 36530 1b08b4418ff0f7ba90940433116cf6d8\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 286876 1426b92819b56ff892483acedfdea4c6\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 145340 109c93408c5197be50960cce80c23b7c\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 806640 81e91910683454a4b2444e0ce8e929bc\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 209996 27440ecbe836673f63ae1773e238eb65\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 206098 e77a4b69c1c456f4ca6c03d9105d8552\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 209552 8a23207211e54b138d5a87c15c097908\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 171636 07616e459905bad152a8669c8f670436\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 172408 69300678b2f8b908f90a91de325c7ee2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 93558 d47cdad1593a7332507c7d0388effbf4\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 36532 47800e58ec26a1389005b8120ad3ca3e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 266728 65cd78808f959d9e73a4d5e348bf3e20\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 137934 1493ea26165b34a841da777ed801ca7a\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 865216 a635390e5772dd30dac70f7aba5e620d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 222022 e37ef7d710800e568d838242d3129725\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 217630 53127602a5df28a5d66fdd11e396c346\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 221782 d3e43cef5b90a7e3aa405a5d167ddfb6\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 171632 d9f1c242ffeab1b90850a6ffc78f0148\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 172404 51b40f3e6a486ce372844ad24b83ecf5\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 104970 0f281f65023f52f0bea2dc54136b6c57\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 36530 c8c4a7e645fe938da23737602589d08c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 284866 ba3e1b09a14d8e5485561118f6eeefb7\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 144554 66d17552fd2385cfdf44c5d55ea583c9\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 811380 c2578ed2a96363e7c5fb268933487ccb\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 212602 aab797ade503fec11a36dbf640e1ef08\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 208354 0a571678c269d1da06787dac56567f1c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 212052 90754ccdcd95e652413426376078d223\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 171634 00fbac613f13f1d1e20470ce42703018\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 172414 65e31d4a009a9663212f8cfcfa492c53\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 94100 95bd6b71a6bc1fceeccbc51d2b913bd2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 36532 b4a7ccf0ba37c70b78a950bacbc4a650\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 268776 5b157a4dd55f533a610bc6c111e9d414\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 131000 dda2d34f2e90e0468b02e261ae2c6afe\n\nUpdated packages for Ubuntu 7.04:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1.diff.gz\n Size/MD5: 115896 cbb8201fa61844fe02dcc7c2e1e35cf5\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1.dsc\n Size/MD5: 1128 77143d282e5fc16d3f1dc327b7a4fd87\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3.orig.tar.gz\n Size/MD5: 6342475 f72ffb176e2dc7b322be16508c09f63c\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.3-3.2ubuntu2.1_all.deb\n Size/MD5: 2199570 be1a62334680ed00d5f5a4c74113d524\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.3-3.2ubuntu2.1_all.deb\n Size/MD5: 272460 eb0d9dce34ef9dd4b940fb98c38e529c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.3-3.2ubuntu2.1_all.deb\n Size/MD5: 6672646 b3d11c9f4451f75e4ff17e663999a579\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1_all.deb\n Size/MD5: 39090 d2db3ef69d13b4ed76493e189174c304\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_amd64.deb\n Size/MD5: 450016 f2726571f028c6f228a73faa1b620f63\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_amd64.deb\n Size/MD5: 445732 2f791f5e207e2ed047c4ed36572cea6d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_amd64.deb\n Size/MD5: 449602 a67b291ea2270e9c46f8eaecef65f7c6\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_amd64.deb\n Size/MD5: 403950 bc7a8419daa6c451decbb5640241df32\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_amd64.deb\n Size/MD5: 404518 099bb7f53ae885bd7e8157c781c5b50b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_amd64.deb\n Size/MD5: 341726 0aed173b3eb2db83ddd6ddb49bab7c4e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_amd64.deb\n Size/MD5: 971426 30db1106dfea5106da54d2287c02a380\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_i386.deb\n Size/MD5: 433320 03d3aa003bf777f1f1ae9d8f814caac1\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_i386.deb\n Size/MD5: 429248 e49f5accb8764204a2a759ea8b2dea55\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_i386.deb\n Size/MD5: 432706 a3c32680004d3e0b460513d426006bb0\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_i386.deb\n Size/MD5: 403964 63c77d5009e715094d21c273b57c04d0\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_i386.deb\n Size/MD5: 404530 f4b9eb26fa058eaec8f75ae956cbc852\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_i386.deb\n Size/MD5: 340810 e5d63edb8c0f2baccf9a2b072d1c3d74\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_i386.deb\n Size/MD5: 929546 828b8224e2540d7bc4e462d5b2b1f8af\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_powerpc.deb\n Size/MD5: 451914 b1057076382cb22727fa0bcd202c57dd\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_powerpc.deb\n Size/MD5: 447340 44e26684bd3a09f2ed6969d2c540f5ae\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_powerpc.deb\n Size/MD5: 451324 2c029a48b2242e1fdf137a6cec3af09d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_powerpc.deb\n Size/MD5: 403974 65a11cfaee921517445cf74ed04df701\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_powerpc.deb\n Size/MD5: 404538 d27226fdeac7d193651a2cb2bd4b61e8\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_powerpc.deb\n Size/MD5: 360936 058bbb5e05afc0ca08805ca71a713a42\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_powerpc.deb\n Size/MD5: 1073822 0f9dda867e9131cc5418dd40ec579d38\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_sparc.deb\n Size/MD5: 434804 ff6361811108a9be8b45dd255b84c376\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_sparc.deb\n Size/MD5: 430968 367e708f82317b657439fc9e70dfb3eb\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_sparc.deb\n Size/MD5: 434308 2073137bb138dc52bbace666714f4e14\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_sparc.deb\n Size/MD5: 403952 f0ed9c92b917d1749825e64be61d8822\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_sparc.deb\n Size/MD5: 404520 fa7ce800de2eb5719c479a7506798b88\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_sparc.deb\n Size/MD5: 343774 880faca3543426734431c29de77c3048\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_sparc.deb\n Size/MD5: 938534 3e9075d30b9cedd73a936a14b8b84374\n\nUpdated packages for Ubuntu 7.10:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1.diff.gz\n Size/MD5: 121669 dd7399c1dacd25d2153af25d3e9c3ea5\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1.dsc\n Size/MD5: 1241 9b9bd27a1cfe3fc33d63b0b13d345e98\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4.orig.tar.gz\n Size/MD5: 6365535 3add41e0b924d4bb53c2dee55a38c09e\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.4-3ubuntu0.1_all.deb\n Size/MD5: 2211118 6da81663b251e862bb665d9627271b9f\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.4-3ubuntu0.1_all.deb\n Size/MD5: 278032 4f8270cff0a532bd059741b366047da9\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.4-3ubuntu0.1_all.deb\n Size/MD5: 6700348 b133a1244f39b3f64fdd47cdd4a64480\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1_all.deb\n Size/MD5: 42192 3f0351337b9c5d21ceea4b92a3911040\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_amd64.deb\n Size/MD5: 456628 d85a3cbc0eef82e845a8327180136469\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_amd64.deb\n Size/MD5: 452408 8dd9341af4b538e6c9f8f70faf5fd2f2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_amd64.deb\n Size/MD5: 456134 f6bcb10663b0c13cdf68c6d0e83c6342\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_amd64.deb\n Size/MD5: 410020 036c44117688999e0eaa7a6cfc1b5a11\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_amd64.deb\n Size/MD5: 410604 cbb1e906a74fb2a34f41a3243ffa8010\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_amd64.deb\n Size/MD5: 347444 63413a914cb4546704032ab8f7f16a80\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_amd64.deb\n Size/MD5: 989366 b0c2d84f421fcb331efcec2a7b0711d1\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_i386.deb\n Size/MD5: 439730 46888aaf742cdcc30bcf7983d31c0158\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_i386.deb\n Size/MD5: 435354 f3557e1a87154424e9144cf672110e93\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_i386.deb\n Size/MD5: 439062 3469e523d93cfc20b71271b1f24daea1\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_i386.deb\n Size/MD5: 410026 fafeb6f9433f595e1a634505f78d2bd1\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_i386.deb\n Size/MD5: 410606 29b01db3883e5d12a5992c22cadfbe7a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_i386.deb\n Size/MD5: 346490 6581362eebd73d91d1f74ebd9941c890\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_i386.deb\n Size/MD5: 944816 a1f598ad168bf49f12f8b0cf08ab7908\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_powerpc.deb\n Size/MD5: 458126 f08b8b1f2673fdfcbd849bc913006408\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_powerpc.deb\n Size/MD5: 453546 f52c55b92d5b1c42cb4cfcfee774b1bd\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_powerpc.deb\n Size/MD5: 457466 f7b948be666100a7f5631cbafe2255dd\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_powerpc.deb\n Size/MD5: 410024 3bba352e3a2d8730a23d04fdcea5abd9\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_powerpc.deb\n Size/MD5: 410606 b95af66f260d1291e92986790b7d2f0f\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_powerpc.deb\n Size/MD5: 366550 c2f8906ce78396a240e37c08aa2cc197\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_powerpc.deb\n Size/MD5: 1091688 f214016a736f7743a28dfd03e09753e2\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_sparc.deb\n Size/MD5: 440954 f1a98acdf576d3e7c9576501f7886d30\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_sparc.deb\n Size/MD5: 437166 36b4878e0e9593b5d28c743eb093784a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_sparc.deb\n Size/MD5: 440446 46d56f1a8d1b10cc937c8252648a583e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_sparc.deb\n Size/MD5: 410028 0c28e9654530a4ecf363d998b78e1fd5\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_sparc.deb\n Size/MD5: 410608 8e22b403b2315b190263f8ba2c8f98dd\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_sparc.deb\n Size/MD5: 349678 fe7ce515de30be0ef1ddf865cae5dd49\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_sparc.deb\n Size/MD5: 956316 009e48ea5e94d39830b3e9ba21aa55c8\n\n. An error\nhas been discovered in the recall_headers() function in mod_mem_cache\n(CVE-2007-1862). The mod_cache module does not properly sanitize\nrequests before processing them (CVE-2007-1863). The Prefork module\ndoes not properly check PID values before sending signals\n(CVE-2007-3304). The mod_proxy module does not correctly check headers\nbefore processing them (CVE-2007-3847). \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Apache users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/apache-2.0.59-r5\"\n\nReferences\n==========\n\n [ 1 ] CVE-2006-5752\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752\n [ 2 ] CVE-2007-1862\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1862\n [ 3 ] CVE-2007-1863\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863\n [ 4 ] CVE-2007-3304\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304\n [ 5 ] CVE-2007-3847\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847\n [ 6 ] CVE-2007-4465\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4465\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-200711-06.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2007 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c01182588\nVersion: 1\n\nHPSBUX02273 SSRT071476 rev. 1 - HP-UX running Apache, Remote Unauthorized Denial of Service (DoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2007-10-10\nLast Updated: 2007-10-10\n\nPotential Security Impact: Remote Unauthorized Denial of Service (DoS) \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security vulnerability has been identified with HP-UX Apache version 2.0.59. The vulnerability could be exploited remotely to create a Denial of Service (DoS). \n\nReferences: CVE-2007-3847, CVE-2007-3304\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, B.11.31 running Apache 2.0.59.00\n\nBACKGROUND\n\nTo determine if a system has an affected version, search the output of \"swlist -a revision -l fileset\" for an affected fileset. Then determine if the recommended action has been taken. \n\nAFFECTED VERSIONS \n\nFor IPv4: \nHP-UX B.11.11 \n============= \nhpuxwsAPACHE \naction: install revision B.2.0.59.00.0 or subsequent \nrestart Apache \nURL: ftp://ssrt1476:ssrt1476@hprc.external.hp.com \n\nFor IPv6: \nHP-UX B.11.11 \nHP-UX B.11.23 \nHP-UX B.11.31 \n============= \nhpuxwsAPACHE,revision=B.1.0.00.01 \nhpuxwsAPACHE,revision=B.1.0.07.01 \nhpuxwsAPACHE,revision=B.1.0.08.01 \nhpuxwsAPACHE,revision=B.1.0.09.01 \nhpuxwsAPACHE,revision=B.1.0.10.01 \nhpuxwsAPACHE,revision=B.2.0.48.00 \nhpuxwsAPACHE,revision=B.2.0.49.00 \nhpuxwsAPACHE,revision=B.2.0.50.00 \nhpuxwsAPACHE,revision=B.2.0.51.00 \nhpuxwsAPACHE,revision=B.2.0.52.00 \nhpuxwsAPACHE,revision=B.2.0.53.00 \nhpuxwsAPACHE,revision=B.2.0.54.00 \nhpuxwsAPACHE,revision=B.2.0.55.00 \nhpuxwsAPACHE,revision=B.2.0.56.00 \nhpuxwsAPACHE,revision=B.2.0.58.00 \nhpuxwsAPACHE,revision=B.2.0.58.01 \nhpuxwsAPACHE,revision=B.2.0.59.00 \n\naction: install revision B.2.0.59.00.0 or subsequent \nrestart Apache \nURL: ftp://ssrt1476:ssrt1476@hprc.external.hp.com \n\nEND AFFECTED VERSIONS \n\n\nRESOLUTION\nHP has made the following available to resolve the vulnerability. \n\nOS Release \n Depot name \n MD5 Sum \n \nB.11.11 (IPv4)\n HPUXWSA-B218-01-1111ipv4.depot\n eb3bb933baac0f05e1e0809ef1e84eb2\n \nB.11.11 (IPv6) \n HPUXWSA-B218-01-1111ipv6.depot\n 540a56b155699336bcbfac0eaf87e3ce\n \nB.11.23 PA-32\n HPUXWSA-B218-01-1123-32.depot\n 2900a0cbea01b6905dc768680fbd5381\n \nB.11.23 IA-64\n HPUXWSA-B218-01-1123-64.depot\n 3be084d96e8a509692e37c71c0184014\n \nB.11.31 PA-32\n HPUXWSA-B218-01-1131-32.depot\n 861122eef70f1b53d68c5adafc64cdb5\n \nB.11.31 IA-64\n HPUXWSA-B218-01-1131-64.depot\n 8dc57222257fe27fb5994da16e91f9a4\n \n\nThe updates are available from: \nftp://ssrt1476:ssrt1476@hprc.external.hp.com/ \nftp://ssrt1476:ssrt1476@192.170.19.100/ \n\nMANUAL ACTIONS: Yes - Update \nInstall Apache 2.0.59.00.0 or subsequent. \n\nPRODUCT SPECIFIC INFORMATION \nHP-UX Software Assistant: \nHP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all HP-issued Security Bulletins and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. \nFor more information see: https://www.hp.com/go/swa \n\nHISTORY \nRevision: 1 (rev.1) - 10 October 2007 Initial release \n\nThird Party Security Patches: \nThird party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com \nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n To: security-alert@hp.com \n Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email: \nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC \nOn the web page: ITRC security bulletins and patch sign-up \nUnder Step1: your ITRC security bulletins and patches \n -check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems \n -verify your operating system selections are checked and save. \n\n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php \nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do \n\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: \n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS \nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\n\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n \n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 8.1\n\niQA/AwUBRw4UMuAfOvwtKn1ZEQLDowCgnVZZuBkuV66atvv6mh6sxARqYYkAmQEy\n7CP41v96ckMOtfU4yeG76pv2\n=VMzd\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- ------------------------------------------------------------------------\n VMware Security Advisory\n\nAdvisory ID: VMSA-2009-0010\nSynopsis: VMware Hosted products update libpng and Apache HTTP\n Server\nIssue date: 2009-08-20\nUpdated on: 2009-08-20 (initial release of advisory)\nCVE numbers: CVE-2009-0040 CVE-2007-3847 CVE-2007-1863\n CVE-2006-5752 CVE-2007-3304 CVE-2007-6388\n CVE-2007-5000 CVE-2008-0005\n- ------------------------------------------------------------------------\n\n1. Summary\n\n Updated VMware Hosted products address security issues in libpng and\n the Apace HTTP Server. \n\n2. Relevant releases\n\n VMware Workstation 6.5.2 and earlier,\n VMware Player 2.5.2 and earlier,\n VMware ACE 2.5.2 and earlier\n\n3. Problem Description\n\n a. Third Party Library libpng Updated to 1.2.35\n\n Several flaws were discovered in the way third party library libpng\n handled uninitialized pointers. An attacker could create a PNG image\n file in such a way, that when loaded by an application linked to\n libpng, it could cause the application to crash or execute arbitrary\n code at the privilege level of the user that runs the application. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2009-0040 to this issue. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n VirtualCenter any Windows not affected\n\n Workstation 6.5.x any 6.5.3 build 185404 or later\n\n Player 2.5.x any 2.5.3 build 185404 or later\n\n ACE 2.5.x any 2.5.3 build 185404 or later\n\n Server 2.x any patch pending\n Server 1.x any patch pending\n\n Fusion 2.x Mac OS/X not affected\n Fusion 1.x Mac OS/X not affected\n\n ESXi 4.0 ESXi not affected\n ESXi 3.5 ESXi not affected\n\n ESX 4.0 ESX not affected\n ESX 3.5 ESX not affected\n ESX 3.0.3 ESX not affected\n ESX 3.0.2 ESX not affected\n ESX 2.5.5 ESX not affected *\n\n * The libpng update for the Service Console of ESX 2.5.5 is\n documented in VMSA-2009-0007. \n\n b. Apache HTTP Server updated to 2.0.63\n\n The new version of ACE updates the Apache HTTP Server on Windows\n hosts to version 2.0.63 which addresses multiple security issues\n that existed in the previous versions of this server. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2007-3847, CVE-2007-1863, CVE-2006-5752,\n CVE-2007-3304, CVE-2007-6388, CVE-2007-5000, CVE-2008-0005 to the\n issues that have been addressed by this update. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n VirtualCenter any Windows not affected\n\n Workstation 6.5.x any not affected\n\n Player 2.5.x any not affected\n\n ACE 2.5.x Windows 2.5.3 build 185404 or later\n ACE 2.5.x Linux update Apache on host system *\n\n Server 2.x any not affected\n Server 1.x any not affected\n\n Fusion 2.x Mac OS/X not affected\n Fusion 1.x Mac OS/X not affected\n\n ESXi 4.0 ESXi not affected\n ESXi 3.5 ESXi not affected\n\n ESX 4.0 ESX not affected\n ESX 3.5 ESX not affected\n ESX 3.0.3 ESX not affected\n ESX 3.0.2 ESX not affected\n ESX 2.5.5 ESX not affected\n\n * The Apache HTTP Server is not part of an ACE install on a Linux\n host. Update the Apache HTTP Server on the host system to version\n 2.0.63 in order to remediate the vulnerabilities listed above. \n\n4. Solution\n\n Please review the patch/release notes for your product and version\n and verify the md5sum and/or the sha1sum of your downloaded file. \n\n VMware Workstation 6.5.3\n ------------------------\n http://www.vmware.com/download/ws/\n Release notes:\n http://www.vmware.com/support/ws65/doc/releasenotes_ws653.html\n\n For Windows\n\n Workstation for Windows 32-bit and 64-bit\n Windows 32-bit and 64-bit .exe\n md5sum: 7565d16b7d7e0173b90c3b76ca4656bc\n sha1sum: 9f687afd8b0f39cde40aeceb3213a91be487aad1\n\n For Linux\n\n Workstation for Linux 32-bit\n Linux 32-bit .rpm\n md5sum: 4d55c491bd008ded0ea19f373d1d1fd4\n sha1sum: 1f43131c960e76a530390d3b6984c78dfc2da23e\n\n Workstation for Linux 32-bit\n Linux 32-bit .bundle\n md5sum: d4a721c1918c0e8a87c6fa4bad49ad35\n sha1sum: c0c6f9b56e70bd3ffdb5467ee176110e283a69e5\n\n Workstation for Linux 64-bit\n Linux 64-bit .rpm\n md5sum: 72adfdb03de4959f044fcb983412ae7c\n sha1sum: ba16163c8d9b5aa572526b34a7b63dc6e68f9bbb\n\n Workstation for Linux 64-bit\n Linux 64-bit .bundle\n md5sum: 83e1f0c94d6974286256c4d3b559e854\n sha1sum: 8763f250a3ac5fc4698bd26319b93fecb498d542\n\n\n VMware Player 2.5.3\n -------------------\n http://www.vmware.com/download/player/\n Release notes:\n http://www.vmware.com/support/player25/doc/releasenotes_player253.html\n\n Player for Windows binary\n\nhttp://download3.vmware.com/software/vmplayer/VMware-player-2.5.3-185404.exe\n md5sum: fe28f193374c9457752ee16cd6cad4e7\n sha1sum: 13bd3ff93c04fa272544d3ef6de5ae746708af04\n\n Player for Linux (.rpm)\n\nhttp://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.i386.rpm\n md5sum: c99cd65f19fdfc7651bcb7f328b73bc2\n sha1sum: a33231b26e2358a72d16e1b4e2656a5873fe637e\n\n Player for Linux (.bundle)\n\nhttp://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.i386.bundle\n md5sum: 210f4cb5615bd3b2171bc054b9b2bac5\n sha1sum: 2f6497890b17b37480165bab9f430e8645edae9b\n\n Player for Linux - 64-bit (.rpm)\n\nhttp://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.x86_64.rpm\n md5sum: f91576ef90b322d83225117ae9335968\n sha1sum: f492fa9cf26ee2818f164aac04cde1680c25d974\n\n Player for Linux - 64-bit (.bundle)\n\nhttp://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.x86_64.bundle\n md5sum: 595d44d7945c129b1aeb679d2f001b05\n sha1sum: acd69fcb0c6bc49fd4af748c65c7fb730ab1e8c4\n\n\n VMware ACE 2.5.3\n ----------------\n http://www.vmware.com/download/ace/\n Release notes:\n http://www.vmware.com/support/ace25/doc/releasenotes_ace253.html\n\n ACE Management Server Virtual Appliance\n AMS Virtual Appliance .zip\n md5sum: 44cc7b86353047f02cf6ea0653e38418\n sha1sum: 9f44b15e6681a6e58dd20784f829c68091a62cd1\n\n VMware ACE for Windows 32-bit and 64-bit\n Windows 32-bit and 64-bit .exe\n md5sum: 0779da73408c5e649e0fd1c62d23820f\n sha1sum: 2b2e4963adc89f3b642874685f490222523b63ef\n\n ACE Management Server for Windows\n Windows .exe\n md5sum: 0779da73408c5e649e0fd1c62d23820f\n sha1sum: 2b2e4963adc89f3b642874685f490222523b63ef\n\n ACE Management Server for SUSE Enterprise Linux 9\n SLES 9 .rpm\n md5sum: a4fc92d7197f0d569361cdf4b8cca642\n sha1sum: af8a135cca398cacaa82c8c3c325011c6cd3ed75\n\n ACE Management Server for Red Hat Enterprise Linux 4\n RHEL 4 .rpm\n md5sum: 841005151338c8b954f08d035815fd58\n sha1sum: 67e48624dba20e6be9e41ec9a5aba407dd8cc01e\n\n\n5. References\n\n CVE numbers\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0040\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005\n\n- ------------------------------------------------------------------------\n6. Change log\n\n2009-08-20 VMSA-2009-0010\nInitial security advisory after release of Workstation 6.5.3,\nPlayer 2.5.3, and ACE 2.5.3 on 2009-08-20. \n\n\n- ------------------------------------------------------------------------\n7. Contact\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n * security-announce at lists.vmware.com\n * bugtraq at securityfocus.com\n * full-disclosure at lists.grok.org.uk\n\nE-mail: security at vmware.com\nPGP key at: http://kb.vmware.com/kb/1055\n\nVMware Security Center\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2009 VMware Inc. All rights reserved. Likewise, a similar crash\n could occur on sites with a forward proxy configured if a user could\n be persuaded to visit a malicious site using the proxy (CVE-2007-3847). On sites where\n directory listings are used and the AddDefaultCharset directive was\n removed from the configuration, a cross-site-scripting attack could\n be possible against browsers that to not correctly derive the response\n character set according to the rules in RGC 2616 (CVE-2007-4465). \n \n The updated packages have been patched to correct this issue. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4465\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2007.0:\n 9bb73822e8ae92ba87aa8baa21d467d1 2007.0/i586/apache-base-2.2.3-1.2mdv2007.0.i586.rpm\n 1949631d7fc0f87c91ba5dd9e738e036 2007.0/i586/apache-devel-2.2.3-1.2mdv2007.0.i586.rpm\n 3fed692d7b2eefe64bdd5f557fb0d838 2007.0/i586/apache-htcacheclean-2.2.3-1.2mdv2007.0.i586.rpm\n 86b32442b40c9e8ee9ba4bc1def61157 2007.0/i586/apache-mod_authn_dbd-2.2.3-1.2mdv2007.0.i586.rpm\n a6ca98077bee65a270a7777f6a3f3b60 2007.0/i586/apache-mod_cache-2.2.3-1.2mdv2007.0.i586.rpm\n 3bf50ab09740de6e718dc38e5320a3f7 2007.0/i586/apache-mod_dav-2.2.3-1.2mdv2007.0.i586.rpm\n 11e3dde4beab554a1523261979852fee 2007.0/i586/apache-mod_dbd-2.2.3-1.2mdv2007.0.i586.rpm\n 993926a12a2b5192059961a8bcbf4e2c 2007.0/i586/apache-mod_deflate-2.2.3-1.2mdv2007.0.i586.rpm\n 8553d309d0b537732375fbf0ab6c3187 2007.0/i586/apache-mod_disk_cache-2.2.3-1.2mdv2007.0.i586.rpm\n 83a1fce76091ea660989b5b310d545ab 2007.0/i586/apache-mod_file_cache-2.2.3-1.2mdv2007.0.i586.rpm\n c7799b98922ee0e2f5bd114a3b2f3816 2007.0/i586/apache-mod_ldap-2.2.3-1.2mdv2007.0.i586.rpm\n b3e79d78c26282b39322910be91cd410 2007.0/i586/apache-mod_mem_cache-2.2.3-1.2mdv2007.0.i586.rpm\n 6c72e3c58cb10447304328c2f863651a 2007.0/i586/apache-mod_proxy-2.2.3-1.2mdv2007.0.i586.rpm\n a6d09de71a6b7bf7bb1cafc187777be7 2007.0/i586/apache-mod_proxy_ajp-2.2.3-1.2mdv2007.0.i586.rpm\n 05eee18af88226fb76766a9b88d843a8 2007.0/i586/apache-mod_ssl-2.2.3-1.2mdv2007.0.i586.rpm\n c499609426acef2255940cab04a28b5c 2007.0/i586/apache-mod_userdir-2.2.3-1.2mdv2007.0.i586.rpm\n bcd0563b948d8958de5a8da12e5ecd85 2007.0/i586/apache-modules-2.2.3-1.2mdv2007.0.i586.rpm\n 5c4777a2db7fd28b233d1bcc1d570a70 2007.0/i586/apache-mpm-prefork-2.2.3-1.2mdv2007.0.i586.rpm\n fa38945281388cfd4d37d2f98187a0b0 2007.0/i586/apache-mpm-worker-2.2.3-1.2mdv2007.0.i586.rpm\n 30e14fac38a58a8ab4bf59a6ecb59f9a 2007.0/i586/apache-source-2.2.3-1.2mdv2007.0.i586.rpm \n 9bf612bc66eff80fe93f34151959eede 2007.0/SRPMS/apache-2.2.3-1.2mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n 3301ff7aa05c7cb14eecfc82d1d7fe33 2007.0/x86_64/apache-base-2.2.3-1.2mdv2007.0.x86_64.rpm\n f0f6cc2cc841959558ab0222d975a9cc 2007.0/x86_64/apache-devel-2.2.3-1.2mdv2007.0.x86_64.rpm\n 7bf4dbf62cd08717fc3704798d0c839d 2007.0/x86_64/apache-htcacheclean-2.2.3-1.2mdv2007.0.x86_64.rpm\n ecb3772fac317f54303d1d67c2b1c7a2 2007.0/x86_64/apache-mod_authn_dbd-2.2.3-1.2mdv2007.0.x86_64.rpm\n c6cb91541e0f7a24b337da09ee7eb248 2007.0/x86_64/apache-mod_cache-2.2.3-1.2mdv2007.0.x86_64.rpm\n f39c5879ff62c5d8dcc41ae73d1ca0cd 2007.0/x86_64/apache-mod_dav-2.2.3-1.2mdv2007.0.x86_64.rpm\n 562dc2a4e6246fa7dde9986af40ec847 2007.0/x86_64/apache-mod_dbd-2.2.3-1.2mdv2007.0.x86_64.rpm\n 7be58654d28b2fc0207c3e44370cd118 2007.0/x86_64/apache-mod_deflate-2.2.3-1.2mdv2007.0.x86_64.rpm\n 6e4314853613d0d9fdd048c8ee96a510 2007.0/x86_64/apache-mod_disk_cache-2.2.3-1.2mdv2007.0.x86_64.rpm\n 5fd5dc78b84bb5579291d27f626cb660 2007.0/x86_64/apache-mod_file_cache-2.2.3-1.2mdv2007.0.x86_64.rpm\n d5eecb080611220807820106c24b1e22 2007.0/x86_64/apache-mod_ldap-2.2.3-1.2mdv2007.0.x86_64.rpm\n bed61f6dcb6311d99fb97225a0b48849 2007.0/x86_64/apache-mod_mem_cache-2.2.3-1.2mdv2007.0.x86_64.rpm\n f0d3bb15ba884824380ef1cf0bd129b8 2007.0/x86_64/apache-mod_proxy-2.2.3-1.2mdv2007.0.x86_64.rpm\n 8f8969581110089a51cf506b8566315e 2007.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.2mdv2007.0.x86_64.rpm\n 1a40d73c8fbbae8868f09ef947407dad 2007.0/x86_64/apache-mod_ssl-2.2.3-1.2mdv2007.0.x86_64.rpm\n 0cd432c837a9ba4795bda96b1d3cc98c 2007.0/x86_64/apache-mod_userdir-2.2.3-1.2mdv2007.0.x86_64.rpm\n f05d88bc8f9c163ca787c30e7bd84e52 2007.0/x86_64/apache-modules-2.2.3-1.2mdv2007.0.x86_64.rpm\n f5431063918c470fa1ccd6e23db4c70d 2007.0/x86_64/apache-mpm-prefork-2.2.3-1.2mdv2007.0.x86_64.rpm\n 0db10b3a236c2f59a93eb2bc6ee6c35d 2007.0/x86_64/apache-mpm-worker-2.2.3-1.2mdv2007.0.x86_64.rpm\n 71f52e6e3afba9d1d923cc64291eb98f 2007.0/x86_64/apache-source-2.2.3-1.2mdv2007.0.x86_64.rpm \n 9bf612bc66eff80fe93f34151959eede 2007.0/SRPMS/apache-2.2.3-1.2mdv2007.0.src.rpm\n\n Mandriva Linux 2007.1:\n e443a21ce0b058aede2aaf82d12d22f7 2007.1/i586/apache-base-2.2.4-6.3mdv2007.1.i586.rpm\n 6d17234fb69995d52c012bb22f52bab3 2007.1/i586/apache-devel-2.2.4-6.3mdv2007.1.i586.rpm\n 6a44621592a2320b6d0e9549eceea6a9 2007.1/i586/apache-htcacheclean-2.2.4-6.3mdv2007.1.i586.rpm\n d0405211b42d562933cd2f802a4276bc 2007.1/i586/apache-mod_authn_dbd-2.2.4-6.3mdv2007.1.i586.rpm\n 3fd09fafa06eb4e08ad975f9972f28f8 2007.1/i586/apache-mod_cache-2.2.4-6.3mdv2007.1.i586.rpm\n d61498465662a9c4a7f77f2dcc9438a7 2007.1/i586/apache-mod_dav-2.2.4-6.3mdv2007.1.i586.rpm\n fbb6c3ccfd793a8f2b9889ed399d5aad 2007.1/i586/apache-mod_dbd-2.2.4-6.3mdv2007.1.i586.rpm\n 0e67be9eaacb5f8686acdd95d26b8b47 2007.1/i586/apache-mod_deflate-2.2.4-6.3mdv2007.1.i586.rpm\n f1a050f23e3bc518b8aecd3c6cd5fd91 2007.1/i586/apache-mod_disk_cache-2.2.4-6.3mdv2007.1.i586.rpm\n d95079c4a7627fe47d529dbe99549023 2007.1/i586/apache-mod_file_cache-2.2.4-6.3mdv2007.1.i586.rpm\n b24dcaec7dc26c107ff0962d46c7b3a1 2007.1/i586/apache-mod_ldap-2.2.4-6.3mdv2007.1.i586.rpm\n 98e97b3bd11ca7939aef2bae47c2c497 2007.1/i586/apache-mod_mem_cache-2.2.4-6.3mdv2007.1.i586.rpm\n bffefef1346635e79f04d0ae56169ab1 2007.1/i586/apache-mod_proxy-2.2.4-6.3mdv2007.1.i586.rpm\n 0c5881d9e76e9ae20470a954200465ae 2007.1/i586/apache-mod_proxy_ajp-2.2.4-6.3mdv2007.1.i586.rpm\n 21f665113f11b4b88330b887254023f8 2007.1/i586/apache-mod_ssl-2.2.4-6.3mdv2007.1.i586.rpm\n 192801a60a254a58b57e2f1377ce42c4 2007.1/i586/apache-mod_userdir-2.2.4-6.3mdv2007.1.i586.rpm\n 51fc25858a4ee79d2fd2cfe460c90708 2007.1/i586/apache-modules-2.2.4-6.3mdv2007.1.i586.rpm\n d6256083a3df248847340d3c14ecb9ff 2007.1/i586/apache-mpm-event-2.2.4-6.3mdv2007.1.i586.rpm\n 1359ad128d2d7a24d9211cf7f0276e15 2007.1/i586/apache-mpm-itk-2.2.4-6.3mdv2007.1.i586.rpm\n d65ac7009e90022455c79debf48cdbdb 2007.1/i586/apache-mpm-prefork-2.2.4-6.3mdv2007.1.i586.rpm\n f1d8883b5e633cbb6e3832e7b3c4a4cb 2007.1/i586/apache-mpm-worker-2.2.4-6.3mdv2007.1.i586.rpm\n 947251a0ac81cb912bc4c900bb80e6e7 2007.1/i586/apache-source-2.2.4-6.3mdv2007.1.i586.rpm \n 299d821f2388c0b4eb49992472225564 2007.1/SRPMS/apache-2.2.4-6.3mdv2007.1.src.rpm\n\n Mandriva Linux 2007.1/X86_64:\n 444c86d0a5711e30534400781c0cbcf1 2007.1/x86_64/apache-base-2.2.4-6.3mdv2007.1.x86_64.rpm\n 02514acbf20766b1486389ce4d3e1ed0 2007.1/x86_64/apache-devel-2.2.4-6.3mdv2007.1.x86_64.rpm\n f6f4126d5a414d7ca686395173aaa3b4 2007.1/x86_64/apache-htcacheclean-2.2.4-6.3mdv2007.1.x86_64.rpm\n 1a45be10e44347c913d6493a0d3ad25f 2007.1/x86_64/apache-mod_authn_dbd-2.2.4-6.3mdv2007.1.x86_64.rpm\n 5e6df108e6fb0083ffe96810f41bc9ea 2007.1/x86_64/apache-mod_cache-2.2.4-6.3mdv2007.1.x86_64.rpm\n 31877eb202cbc9cf0869a3d7bc51b47a 2007.1/x86_64/apache-mod_dav-2.2.4-6.3mdv2007.1.x86_64.rpm\n 33a4ce4f105fbed60b2cdfc73fd524c6 2007.1/x86_64/apache-mod_dbd-2.2.4-6.3mdv2007.1.x86_64.rpm\n e093528141ed7cd178ae27743ed4ea69 2007.1/x86_64/apache-mod_deflate-2.2.4-6.3mdv2007.1.x86_64.rpm\n 697a3930734d4570db3aeadc0aac2032 2007.1/x86_64/apache-mod_disk_cache-2.2.4-6.3mdv2007.1.x86_64.rpm\n c8a20e21d7b07363c8efc8b23078a5e8 2007.1/x86_64/apache-mod_file_cache-2.2.4-6.3mdv2007.1.x86_64.rpm\n d42e4f3cc5ca6ac006d3e4bb7a750273 2007.1/x86_64/apache-mod_ldap-2.2.4-6.3mdv2007.1.x86_64.rpm\n e8fc195d18dbb431257dd816bdfa7845 2007.1/x86_64/apache-mod_mem_cache-2.2.4-6.3mdv2007.1.x86_64.rpm\n ce7184cd8abf4aa7c98d47a64133c19f 2007.1/x86_64/apache-mod_proxy-2.2.4-6.3mdv2007.1.x86_64.rpm\n 98957b99a54cb32d6ba055d5f059b7ec 2007.1/x86_64/apache-mod_proxy_ajp-2.2.4-6.3mdv2007.1.x86_64.rpm\n 17b824837cf63210790e6201154cb94a 2007.1/x86_64/apache-mod_ssl-2.2.4-6.3mdv2007.1.x86_64.rpm\n 5a2d9f93603eebdde04f8967a07b063d 2007.1/x86_64/apache-mod_userdir-2.2.4-6.3mdv2007.1.x86_64.rpm\n 44f0ad99c93ae8905a2d32b799dc1520 2007.1/x86_64/apache-modules-2.2.4-6.3mdv2007.1.x86_64.rpm\n c5c469771e2f25683ddba3f694e28968 2007.1/x86_64/apache-mpm-event-2.2.4-6.3mdv2007.1.x86_64.rpm\n b691f2e760bdd30c797e46269842a437 2007.1/x86_64/apache-mpm-itk-2.2.4-6.3mdv2007.1.x86_64.rpm\n fa3551d06a7af5a31a040f90dd215a1d 2007.1/x86_64/apache-mpm-prefork-2.2.4-6.3mdv2007.1.x86_64.rpm\n 8d2a09ba2b175cd36bbc0dc6dc4c18ea 2007.1/x86_64/apache-mpm-worker-2.2.4-6.3mdv2007.1.x86_64.rpm\n 7037cb86ca137f40364749a0933b432c 2007.1/x86_64/apache-source-2.2.4-6.3mdv2007.1.x86_64.rpm \n 299d821f2388c0b4eb49992472225564 2007.1/SRPMS/apache-2.2.4-6.3mdv2007.1.src.rpm\n\n Corporate 3.0:\n 5bbdb8ac0d8133c1b09d373cbe35f5ea corporate/3.0/i586/apache2-2.0.48-6.15.C30mdk.i586.rpm\n e14dfcec88913b5245d683502ff684d1 corporate/3.0/i586/apache2-common-2.0.48-6.15.C30mdk.i586.rpm\n 642b4136b2e2915db59801888b41d1e6 corporate/3.0/i586/apache2-devel-2.0.48-6.15.C30mdk.i586.rpm\n c8824d8aa09e4917f9b35b1c659b5181 corporate/3.0/i586/apache2-manual-2.0.48-6.15.C30mdk.i586.rpm\n 09af9e7945caec7163a12be1a14302ee corporate/3.0/i586/apache2-mod_cache-2.0.48-6.15.C30mdk.i586.rpm\n 374a782a9211ee321f31a4e716d6bb97 corporate/3.0/i586/apache2-mod_dav-2.0.48-6.15.C30mdk.i586.rpm\n 88a31c94bc077aa0a91f000b839d4b69 corporate/3.0/i586/apache2-mod_deflate-2.0.48-6.15.C30mdk.i586.rpm\n 8e55a5d1949805b0a6a4f84d571ab4ff corporate/3.0/i586/apache2-mod_disk_cache-2.0.48-6.15.C30mdk.i586.rpm\n 16b573b8a914ab130ac660cce8bddfdb corporate/3.0/i586/apache2-mod_file_cache-2.0.48-6.15.C30mdk.i586.rpm\n 68fdee10fc216a354849a6fc5d89e7cf corporate/3.0/i586/apache2-mod_ldap-2.0.48-6.15.C30mdk.i586.rpm\n 9e75fe104df971a7a707efb0d6735288 corporate/3.0/i586/apache2-mod_mem_cache-2.0.48-6.15.C30mdk.i586.rpm\n 006f66a419a5f81085bc6fd74e4c1235 corporate/3.0/i586/apache2-mod_proxy-2.0.48-6.15.C30mdk.i586.rpm\n f0910407a4042202cec58ebdb74127d3 corporate/3.0/i586/apache2-mod_ssl-2.0.48-6.15.C30mdk.i586.rpm\n 43578ffa09c88aa636c6df329cebe81a corporate/3.0/i586/apache2-modules-2.0.48-6.15.C30mdk.i586.rpm\n c5c8b21b0bbc8e57f81baa317ccba3f3 corporate/3.0/i586/apache2-source-2.0.48-6.15.C30mdk.i586.rpm\n f38fcbb77b956304d63d36ad7b003b05 corporate/3.0/i586/libapr0-2.0.48-6.15.C30mdk.i586.rpm \n aab66cf8d305132c45dfa6b8b5fced4d corporate/3.0/SRPMS/apache2-2.0.48-6.15.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n 52f3a65b7c0e82d517e66d4b176aa33e corporate/3.0/x86_64/apache2-2.0.48-6.15.C30mdk.x86_64.rpm\n b54119aca1142e9e9a848cbc18f2a5d0 corporate/3.0/x86_64/apache2-common-2.0.48-6.15.C30mdk.x86_64.rpm\n e5ac1fdacf86a8214105cc13d3c439aa corporate/3.0/x86_64/apache2-devel-2.0.48-6.15.C30mdk.x86_64.rpm\n 1bc73ab39962a806585f1c669b8c1f7e corporate/3.0/x86_64/apache2-manual-2.0.48-6.15.C30mdk.x86_64.rpm\n 87af39a3721856a710383cd51815fbaf corporate/3.0/x86_64/apache2-mod_cache-2.0.48-6.15.C30mdk.x86_64.rpm\n c03c3c1774c1baafaf44a4bb17ca74c6 corporate/3.0/x86_64/apache2-mod_dav-2.0.48-6.15.C30mdk.x86_64.rpm\n 0ef802c1187c979d48db6ae4672fb21b corporate/3.0/x86_64/apache2-mod_deflate-2.0.48-6.15.C30mdk.x86_64.rpm\n c7d6772332baffc85fd1472e018f5546 corporate/3.0/x86_64/apache2-mod_disk_cache-2.0.48-6.15.C30mdk.x86_64.rpm\n 45965308167632623ff93de397d4041d corporate/3.0/x86_64/apache2-mod_file_cache-2.0.48-6.15.C30mdk.x86_64.rpm\n 17e2a48cc23d7983351706745c7cd553 corporate/3.0/x86_64/apache2-mod_ldap-2.0.48-6.15.C30mdk.x86_64.rpm\n 5b047d484852dd9a2000028d8dcfb7e6 corporate/3.0/x86_64/apache2-mod_mem_cache-2.0.48-6.15.C30mdk.x86_64.rpm\n a5f32074ec310263bc03648b81d44173 corporate/3.0/x86_64/apache2-mod_proxy-2.0.48-6.15.C30mdk.x86_64.rpm\n 79c4a90fa0ab3bfa8dbe9b12daeff4cd corporate/3.0/x86_64/apache2-mod_ssl-2.0.48-6.15.C30mdk.x86_64.rpm\n 15af8e5591d5ff99f5c157a0c01d4174 corporate/3.0/x86_64/apache2-modules-2.0.48-6.15.C30mdk.x86_64.rpm\n 462316c74fff690d2e98116ddf614d54 corporate/3.0/x86_64/apache2-source-2.0.48-6.15.C30mdk.x86_64.rpm\n 20553b85bf243e5986af1a3551549ed8 corporate/3.0/x86_64/lib64apr0-2.0.48-6.15.C30mdk.x86_64.rpm \n aab66cf8d305132c45dfa6b8b5fced4d corporate/3.0/SRPMS/apache2-2.0.48-6.15.C30mdk.src.rpm\n\n Corporate 4.0:\n 7d50fe1ac32dec6c4d57dd850950bdb1 corporate/4.0/i586/apache-base-2.2.3-1.2.20060mlcs4.i586.rpm\n 775785cf1a22f45a64d800fdfcc4a8bc corporate/4.0/i586/apache-devel-2.2.3-1.2.20060mlcs4.i586.rpm\n 79b64bb1793933f1c8b83e7eee2d4cfa corporate/4.0/i586/apache-htcacheclean-2.2.3-1.2.20060mlcs4.i586.rpm\n eac03081a34897376d542b7032dd03c2 corporate/4.0/i586/apache-mod_authn_dbd-2.2.3-1.2.20060mlcs4.i586.rpm\n 2c223bb1645aadfba8e6d1d6a2c8756c corporate/4.0/i586/apache-mod_cache-2.2.3-1.2.20060mlcs4.i586.rpm\n e4c4c07473f9644fc146e2f4d9ce95c8 corporate/4.0/i586/apache-mod_dav-2.2.3-1.2.20060mlcs4.i586.rpm\n 13f85bc068b14e497873c6028520580a corporate/4.0/i586/apache-mod_dbd-2.2.3-1.2.20060mlcs4.i586.rpm\n aaa52a86e4a6d3e5322fa140edc5535a corporate/4.0/i586/apache-mod_deflate-2.2.3-1.2.20060mlcs4.i586.rpm\n 574e07826a89f78883f2cfb3ca224e8c corporate/4.0/i586/apache-mod_disk_cache-2.2.3-1.2.20060mlcs4.i586.rpm\n 451efb60480fd0680b6c4f955c46ccf4 corporate/4.0/i586/apache-mod_file_cache-2.2.3-1.2.20060mlcs4.i586.rpm\n 73fa350b85ea63a5b3f69d8d387474aa corporate/4.0/i586/apache-mod_ldap-2.2.3-1.2.20060mlcs4.i586.rpm\n d2364f995210cdbbe324df10d49bef98 corporate/4.0/i586/apache-mod_mem_cache-2.2.3-1.2.20060mlcs4.i586.rpm\n 145b17e675a42bed7b3a8c5ee883cf45 corporate/4.0/i586/apache-mod_proxy-2.2.3-1.2.20060mlcs4.i586.rpm\n 92b82835be476736295c15954f2a9eb6 corporate/4.0/i586/apache-mod_proxy_ajp-2.2.3-1.2.20060mlcs4.i586.rpm\n 0dd6c7df0e3ea475b6b2d50ef4aa5ac0 corporate/4.0/i586/apache-mod_ssl-2.2.3-1.2.20060mlcs4.i586.rpm\n d579208689ec9a72a599bf3510bdf942 corporate/4.0/i586/apache-mod_userdir-2.2.3-1.2.20060mlcs4.i586.rpm\n 6fd43dfcfc649c8bcd4692ba9ebeee07 corporate/4.0/i586/apache-modules-2.2.3-1.2.20060mlcs4.i586.rpm\n 9fbf1dde58f17e3f0f29a8c3f1e1b6b6 corporate/4.0/i586/apache-mpm-prefork-2.2.3-1.2.20060mlcs4.i586.rpm\n 72f26a52381b68a8bbc6e2fcc9c0ac8c corporate/4.0/i586/apache-mpm-worker-2.2.3-1.2.20060mlcs4.i586.rpm\n 99a935e7047a27043159b6555d3444c7 corporate/4.0/i586/apache-source-2.2.3-1.2.20060mlcs4.i586.rpm \n 07d86b59ebeb3596997f6c3a64242d45 corporate/4.0/SRPMS/apache-2.2.3-1.2.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n 35a789ac173ed3cc0dda52270a194bad corporate/4.0/x86_64/apache-base-2.2.3-1.2.20060mlcs4.x86_64.rpm\n e9df753a94dfb136780651ac743e50eb corporate/4.0/x86_64/apache-devel-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 3964c83541baaf5af0ccc828282a1954 corporate/4.0/x86_64/apache-htcacheclean-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 554ea610010d5f361bcc87d75d8d0f6f corporate/4.0/x86_64/apache-mod_authn_dbd-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 051c20e0f062d50a01c51ebad7dcb96d corporate/4.0/x86_64/apache-mod_cache-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 59a05bd258ba6b4729238885d2fc0273 corporate/4.0/x86_64/apache-mod_dav-2.2.3-1.2.20060mlcs4.x86_64.rpm\n ceb391b54796f3ea763b81c5085da16c corporate/4.0/x86_64/apache-mod_dbd-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 307726e1c4dfcca90093c19e3d17f504 corporate/4.0/x86_64/apache-mod_deflate-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 1500f6520843c6604192e4a621d5b9f1 corporate/4.0/x86_64/apache-mod_disk_cache-2.2.3-1.2.20060mlcs4.x86_64.rpm\n e0ac5eb68e21253d33928fa28f0acb25 corporate/4.0/x86_64/apache-mod_file_cache-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 21c68fdaf26b13ed2177bf458979df1e corporate/4.0/x86_64/apache-mod_ldap-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 28ef0171caf2d11cca8fe4f0bf2473db corporate/4.0/x86_64/apache-mod_mem_cache-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 019893e83acbfb730f79a8eb364ea042 corporate/4.0/x86_64/apache-mod_proxy-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 202b1fc0dd2d9364530abbbb13f799b0 corporate/4.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 5cd3084106482b3f01b41cd716c702b8 corporate/4.0/x86_64/apache-mod_ssl-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 6a18ec0935144ead6f037f41e852a892 corporate/4.0/x86_64/apache-mod_userdir-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 622bb60b53fb48aef1b5a7fc94be3298 corporate/4.0/x86_64/apache-modules-2.2.3-1.2.20060mlcs4.x86_64.rpm\n f573d1aef5f29f14f8764fce5ea31a1d corporate/4.0/x86_64/apache-mpm-prefork-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 842d5d6ef1c73fcb0b41b9ff18a75960 corporate/4.0/x86_64/apache-mpm-worker-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 1cae994b8a6fb2d2aa9a803d7bb3178d corporate/4.0/x86_64/apache-source-2.2.3-1.2.20060mlcs4.x86_64.rpm \n 07d86b59ebeb3596997f6c3a64242d45 corporate/4.0/SRPMS/apache-2.2.3-1.2.20060mlcs4.src.rpm\n\n Multi Network Firewall 2.0:\n 463f2a0de557bfcf7ae0655e5381b22f mnf/2.0/i586/apache2-2.0.48-6.16.M20mdk.i586.rpm\n 56117551a5480c85920263bcefb32c09 mnf/2.0/i586/apache2-common-2.0.48-6.16.M20mdk.i586.rpm\n c7496b0bb82f802cd8d17819ee1308bc mnf/2.0/i586/apache2-devel-2.0.48-6.16.M20mdk.i586.rpm\n 6be15ca61d9a7cc4cc4c7e4e55c4ffd1 mnf/2.0/i586/apache2-manual-2.0.48-6.16.M20mdk.i586.rpm\n 766a15298990769f14e5ad00745b9c7f mnf/2.0/i586/apache2-mod_cache-2.0.48-6.16.M20mdk.i586.rpm\n 21d7b83f3e1b80874c5c007c6659c470 mnf/2.0/i586/apache2-mod_dav-2.0.48-6.16.M20mdk.i586.rpm\n 417055a9758a47db50fcd7ec0a7d4047 mnf/2.0/i586/apache2-mod_deflate-2.0.48-6.16.M20mdk.i586.rpm\n 90d4aa462e8edf12c52216fa4eeac6a1 mnf/2.0/i586/apache2-mod_disk_cache-2.0.48-6.16.M20mdk.i586.rpm\n fbeb5bc02ada67198541cb4e1c2b1b27 mnf/2.0/i586/apache2-mod_file_cache-2.0.48-6.16.M20mdk.i586.rpm\n 0f2e617217d9f418182ca89bab9703f0 mnf/2.0/i586/apache2-mod_ldap-2.0.48-6.16.M20mdk.i586.rpm\n 50e9dc2b73be1f0f3a45ca7da1adbcbf mnf/2.0/i586/apache2-mod_mem_cache-2.0.48-6.16.M20mdk.i586.rpm\n 8352541a45d2c76ab840ca6f4b070ffb mnf/2.0/i586/apache2-mod_proxy-2.0.48-6.16.M20mdk.i586.rpm\n 5744f88c6e59f26418f1f3f531f30734 mnf/2.0/i586/apache2-mod_ssl-2.0.48-6.16.M20mdk.i586.rpm\n 874dc6a00a02630401f7efeadc93935e mnf/2.0/i586/apache2-modules-2.0.48-6.16.M20mdk.i586.rpm\n efbd0f5ac6f292474d29f83d36bf86eb mnf/2.0/i586/apache2-source-2.0.48-6.16.M20mdk.i586.rpm\n 15bd1fcd65bd487b6fd5bba0a8ec530d mnf/2.0/i586/libapr0-2.0.48-6.16.M20mdk.i586.rpm \n 0e6b7bac08407b02457479763d27e885 mnf/2.0/SRPMS/apache2-2.0.48-6.16.M20mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (GNU/Linux)\n\niD8DBQFHVGk3mqjQ0CJFipgRAi2wAKCPuJzkUkyI8lcVRJ3Vu6IbvxMFrQCg3Qxf\nw5lEeF1m8B+hT513FJVA1po=\n=c4oi\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it", "sources": [ { "db": "NVD", "id": "CVE-2007-3847" }, { "db": "JVNDB", "id": "JVNDB-2007-000638" }, { "db": "BID", "id": "25489" }, { "db": "VULMON", "id": "CVE-2007-3847" }, { "db": "PACKETSTORM", "id": "63262" }, { "db": "PACKETSTORM", "id": "60759" }, { "db": "PACKETSTORM", "id": "60039" }, { "db": "PACKETSTORM", "id": "80533" }, { "db": "PACKETSTORM", "id": "61459" } ], "trust": 2.43 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2007-3847", "trust": 3.3 }, { "db": "BID", "id": "25489", "trust": 2.8 }, { "db": "USCERT", "id": "TA08-150A", "trust": 2.5 }, { "db": "SECUNIA", "id": "26636", "trust": 2.5 }, { "db": "VUPEN", "id": "ADV-2007-3955", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2007-3283", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2007-3095", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2007-3020", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2008-0233", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2008-0924", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2007-3494", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2008-1697", "trust": 1.7 }, { "db": "SECUNIA", "id": "27593", "trust": 1.7 }, { "db": "SECUNIA", "id": "27732", "trust": 1.7 }, { "db": "SECUNIA", "id": "28922", "trust": 1.7 }, { "db": "SECUNIA", "id": "29420", "trust": 1.7 }, { "db": "SECUNIA", "id": "26993", "trust": 1.7 }, { "db": "SECUNIA", "id": "28606", "trust": 1.7 }, { "db": "SECUNIA", "id": "26842", "trust": 1.7 }, { "db": "SECUNIA", "id": "26790", "trust": 1.7 }, { "db": "SECUNIA", "id": "27971", "trust": 1.7 }, { "db": "SECUNIA", "id": "27563", "trust": 1.7 }, { "db": "SECUNIA", "id": "27209", "trust": 1.7 }, { "db": "SECUNIA", "id": "26952", "trust": 1.7 }, { "db": "SECUNIA", "id": "27882", "trust": 1.7 }, { "db": "SECUNIA", "id": "30430", "trust": 1.7 }, { "db": "SECUNIA", "id": "28749", "trust": 1.7 }, { "db": "SECUNIA", "id": "28467", "trust": 1.7 }, { "db": "SECUNIA", "id": "26722", "trust": 1.7 }, { "db": "SECTRACK", "id": "1018633", "trust": 1.7 }, { "db": "USCERT", "id": "SA08-150A", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2007-000638", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-200708-391", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2007-3847", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "63262", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "60759", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "60039", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "80533", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "61459", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2007-3847" }, { "db": "BID", "id": "25489" }, { "db": "JVNDB", "id": "JVNDB-2007-000638" }, { "db": "PACKETSTORM", "id": "63262" }, { "db": "PACKETSTORM", "id": "60759" }, { "db": "PACKETSTORM", "id": "60039" }, { "db": "PACKETSTORM", "id": "80533" }, { "db": "PACKETSTORM", "id": "61459" }, { "db": "CNNVD", "id": "CNNVD-200708-391" }, { "db": "NVD", "id": "CVE-2007-3847" } ] }, "id": "VAR-200708-0612", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.16519225 }, "last_update_date": "2024-11-29T20:16:52.518000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Fixed in Apache httpd 2.0.61-dev", "trust": 0.8, "url": "http://httpd.apache.org/security/vulnerabilities_20.html#2.0.61-dev" }, { "title": "Fixed in Apache httpd 2.2.6-dev", "trust": 0.8, "url": "http://httpd.apache.org/security/vulnerabilities_22.html#2.2.6-dev" }, { "title": "Security Update 2008-003", "trust": 0.8, "url": "http://support.apple.com/kb/HT1897" }, { "title": "Security Update 2008-002", "trust": 0.8, "url": "http://support.apple.com/kb/HT1249" }, { "title": "Security Update 2008-003", "trust": 0.8, "url": "http://support.apple.com/kb/HT1897?viewlocale=ja_JP" }, { "title": "Security Update 2008-002", "trust": 0.8, "url": "http://support.apple.com/kb/HT1249?viewlocale=ja_JP" }, { "title": "httpd-2.2.3-11.1AX", "trust": 0.8, "url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=71" }, { "title": "HS07-039", "trust": 0.8, "url": "http://www.hitachi-support.com/security_e/vuls_e/HS07-039_e/index-e.html" }, { "title": "HPSBUX02273", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01182588" }, { "title": "HPSBUX02273", "trust": 0.8, "url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/HP-UX/HPSBUX02273.html" }, { "title": "PK55141", "trust": 0.8, "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK55141" }, { "title": "Fix Pack 13 (6.1.0.13)", "trust": 0.8, "url": "http://www-1.ibm.com/support/docview.wss?uid=swg27007951#61013" }, { "title": "PK50469", "trust": 0.8, "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK50469" }, { "title": "4017141", "trust": 0.8, "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24017141" }, { "title": "4017303", "trust": 0.8, "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24017303" }, { "title": "httpd (V4.0)", "trust": 0.8, "url": "http://www.miraclelinux.com/update/linux/list.php?errata_id=1190" }, { "title": "httpd (V3.0)", "trust": 0.8, "url": "http://www.miraclelinux.com/update/linux/list.php?errata_id=1224" }, { "title": "Oracle Critical Patch Update Advisory - July 2013", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html" }, { "title": "Text Form of Oracle Critical Patch Update - July 2013 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013verbose-1899830.html" }, { "title": "RHSA-2007:0746", "trust": 0.8, "url": "https://rhn.redhat.com/errata/RHSA-2007-0746.html" }, { "title": "RHSA-2007:0747", "trust": 0.8, "url": "https://rhn.redhat.com/errata/RHSA-2007-0747.html" }, { "title": "RHSA-2008:0005", "trust": 0.8, "url": "https://rhn.redhat.com/errata/RHSA-2008-0005.html" }, { "title": "July 2013 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/july_2013_critical_patch_update" }, { "title": "HS07-039", "trust": 0.8, "url": "http://www.hitachi-support.com/security/vuls/HS07-039/index.html" }, { "title": "RHSA-2007:0746", "trust": 0.8, "url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2007-0746J.html" }, { "title": "RHSA-2008:0005", "trust": 0.8, "url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2008-0005J.html" }, { "title": "RHSA-2007:0747", "trust": 0.8, "url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2007-0747J.html" }, { "title": "interstage_as_200802", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_200802.html" }, { "title": "Debian CVElist Bug Report Logs: CVE-2007-3847: apache2 denial of service vulnerability (for threaded MPMs) in mod_proxy", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=0e9801bee76cc4795aeabe2ccbf7d7f4" }, { "title": "Ubuntu Security Notice: apache2 vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-575-1" }, { "title": "", "trust": 0.1, "url": "https://github.com/Live-Hack-CVE/CVE-2007-3847 " }, { "title": "", "trust": 0.1, "url": "https://github.com/kasem545/vulnsearch " } ], "sources": [ { "db": "VULMON", "id": "CVE-2007-3847" }, { "db": "JVNDB", "id": "JVNDB-2007-000638" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-125", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2007-3847" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.6, "url": "http://www.securityfocus.com/bid/25489" }, { "trust": 2.5, "url": "http://www.us-cert.gov/cas/techalerts/ta08-150a.html" }, { "trust": 2.0, "url": "http://marc.info/?l=apache-cvs\u0026m=118592992309395\u0026w=2" }, { "trust": 2.0, "url": "http://support.avaya.com/elmodocs2/security/asa-2007-500.htm" }, { "trust": 2.0, "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1pk50469" }, { "trust": 2.0, "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1pk52702" }, { "trust": 2.0, "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.html" }, { "trust": 1.8, "url": "http://security.gentoo.org/glsa/glsa-200711-06.xml" }, { "trust": 1.7, "url": "https://issues.rpath.com/browse/rpl-1710" }, { "trust": 1.7, "url": "http://bugs.gentoo.org/show_bug.cgi?id=186219" }, { "trust": 1.7, "url": "http://www.redhat.com/archives/fedora-package-announce/2007-september/msg00320.html" }, { "trust": 1.7, "url": "https://www.redhat.com/archives/fedora-package-announce/2007-september/msg00353.html" }, { "trust": 1.7, "url": "http://www.mandriva.com/security/advisories?name=mdksa-2007:235" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2007-0911.html" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2007-0746.html" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2007-0747.html" }, { "trust": 1.7, "url": "http://www.novell.com/linux/security/advisories/2007_61_apache2.html" }, { "trust": 1.7, "url": "http://www.securitytracker.com/id?1018633" }, { "trust": 1.7, "url": "http://secunia.com/advisories/26636" }, { "trust": 1.7, "url": "http://secunia.com/advisories/26722" }, { "trust": 1.7, "url": "http://secunia.com/advisories/26790" }, { "trust": 1.7, "url": "http://secunia.com/advisories/26842" }, { "trust": 1.7, "url": "http://secunia.com/advisories/26952" }, { "trust": 1.7, "url": "http://secunia.com/advisories/26993" }, { "trust": 1.7, "url": "http://secunia.com/advisories/27209" }, { "trust": 1.7, "url": "http://secunia.com/advisories/27563" }, { "trust": 1.7, "url": "http://secunia.com/advisories/27593" }, { "trust": 1.7, "url": "http://secunia.com/advisories/27732" }, { "trust": 1.7, "url": "http://secunia.com/advisories/27882" }, { "trust": 1.7, "url": "http://secunia.com/advisories/27971" }, { "trust": 1.7, "url": "http://www-1.ibm.com/support/docview.wss?rs=180\u0026uid=swg27007951" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2008-0005.html" }, { "trust": 1.7, "url": "http://secunia.com/advisories/28467" }, { "trust": 1.7, "url": "http://www.ubuntu.com/usn/usn-575-1" }, { "trust": 1.7, "url": "http://secunia.com/advisories/28749" }, { "trust": 1.7, "url": "http://secunia.com/advisories/28606" }, { "trust": 1.7, "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.595748" }, { "trust": 1.7, "url": "http://secunia.com/advisories/28922" }, { "trust": 1.7, "url": "http://docs.info.apple.com/article.html?artnum=307562" }, { "trust": 1.7, "url": "http://lists.apple.com/archives/security-announce/2008/mar/msg00001.html" }, { "trust": 1.7, "url": "http://secunia.com/advisories/29420" }, { "trust": 1.7, "url": "http://lists.apple.com/archives/security-announce/2008//may/msg00001.html" }, { "trust": 1.7, "url": "http://secunia.com/advisories/30430" }, { "trust": 1.7, "url": "http://lists.vmware.com/pipermail/security-announce/2009/000062.html" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2008/0233" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2008/1697" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2007/3494" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2007/3020" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2008/0924/references" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2007/3955" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2007/3095" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2007/3283" }, { "trust": 1.7, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01182588" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html" }, { "trust": 1.7, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10525" }, { "trust": 1.7, "url": "http://www.securityfocus.com/archive/1/505990/100/0/threaded" }, { "trust": 1.4, "url": "http://httpd.apache.org/security/vulnerabilities_20.html" }, { "trust": 1.4, "url": "http://httpd.apache.org/security/vulnerabilities_22.html" }, { "trust": 1.1, "url": "http://marc.info/?l=apache-httpd-dev\u0026m=118595556504202\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=apache-httpd-dev\u0026m=118595953217856\u0026w=2" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3847" }, { "trust": 0.8, "url": "http://www.frsirt.com/english/advisories/2007/3020" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnta08-150a/" }, { "trust": 0.8, "url": "http://jvn.jp/tr/trta08-150a/index.html" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-3847" }, { "trust": 0.8, "url": "http://secunia.com/advisories/26636/" }, { "trust": 0.8, "url": "http://www.us-cert.gov/cas/alerts/sa08-150a.html" }, { "trust": 0.6, "url": "https://access.redhat.com/errata/rhsa-2007:0746" }, { "trust": 0.6, "url": "httpd.apache.org%3e" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3ccvs." }, { "trust": 0.6, "url": "https://access.redhat.com/errata/rhsa-2007:0747" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840@%3ccvs." }, { "trust": 0.6, "url": "httpd-dev\u0026m=118595556504202\u0026w=2" }, { "trust": 0.6, "url": "http://marc.info/?l=apache-" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3ccvs." }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2007-3847" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3ccvs." }, { "trust": 0.6, "url": "httpd.apache.org/security/vulnerabilities_22.html" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs." }, { "trust": 0.6, "url": "httpd.apache.org/security/vulnerabilities_20.html" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3ccvs." }, { "trust": 0.6, "url": "https://access.redhat.com/errata/rhsa-2010:0602" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3ccvs." }, { "trust": 0.6, "url": "https://access.redhat.com/errata/rhsa-2008:0005" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3ccvs." }, { "trust": 0.6, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=250731" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3ccvs." }, { "trust": 0.6, "url": "https://access.redhat.com/errata/rhsa-2007:0911" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3ccvs." }, { "trust": 0.6, "url": "httpd-dev\u0026m=118595953217856\u0026w=2" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-3847" }, { "trust": 0.3, "url": "http://www-1.ibm.com/support/docview.wss?rs=180\u0026uid=swg24017334" }, { "trust": 0.3, "url": "http://httpd.apache.org/" }, { "trust": 0.3, "url": "http://www-1.ibm.com/support/docview.wss?rs=180\u0026uid=swg27010985#new" }, { "trust": 0.3, "url": "http://www-1.ibm.com/support/docview.wss?rs=180\u0026uid=swg27004980#ver61" }, { "trust": 0.3, "url": "/archive/1/482486" }, { "trust": 0.3, "url": "http://www.apache.org/dist/httpd/announcement1.3.html" }, { "trust": 0.3, "url": "http://support.avaya.com/elmodocs2/security/asa-2008-026.htm" }, { "trust": 0.3, "url": "https://rhn.redhat.com/errata/rhsa-2007-0746.html" }, { "trust": 0.3, "url": "http://rhn.redhat.com/errata/rhsa-2007-0747.html" }, { "trust": 0.3, "url": "https://rhn.redhat.com/errata/rhsa-2007-0911.html" }, { "trust": 0.3, "url": "http://rhn.redhat.com/errata/rhsa-2008-0005.html" }, { "trust": 0.3, "url": "http://rhn.redhat.com/errata/rhsa-2008-0006.html" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-4465" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-3304" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6388" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0005" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5000" }, { "trust": 0.2, "url": "http://secunia.com/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-1863" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1863" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4465" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5752" }, { "trust": 0.2, "url": "http://lists.grok.org.uk/full-disclosure-charter.html" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3304" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2006-5752" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/125.html" }, { "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2007-3847" }, { "trust": 0.1, "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=441845" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/575-1/" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.4-3ubuntu0.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2.dsc" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3.orig.tar.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.4-3ubuntu0.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.3-3.2ubuntu2.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4.orig.tar.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3.dsc" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.4-3ubuntu0.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.3-3.2ubuntu2.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu4.2_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.3-3.2ubuntu2.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_powerpc.deb" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3918" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1.dsc" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_i386.deb" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6422" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1.diff.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2.diff.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_i386.deb" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6421" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1.dsc" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3.diff.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.3_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1.diff.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_powerpc.deb" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1862" }, { "trust": 0.1, "url": "http://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://enigmail.mozdev.org" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-1862" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do" }, { "trust": 0.1, "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc" }, { "trust": 0.1, "url": "https://www.hp.com/go/swa" }, { "trust": 0.1, "url": "http://h30046.www3.hp.com/subsignin.php" }, { "trust": 0.1, "url": "http://download3.vmware.com/software/vmplayer/vmware-player-2.5.3-185404.i386.rpm" }, { "trust": 0.1, "url": "http://www.vmware.com/support/ace25/doc/releasenotes_ace253.html" }, { "trust": 0.1, "url": "http://www.vmware.com/support/player25/doc/releasenotes_player253.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5000" }, { "trust": 0.1, "url": "http://www.vmware.com/download/ace/" }, { "trust": 0.1, "url": "http://www.vmware.com/download/player/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6388" }, { "trust": 0.1, "url": "http://www.vmware.com/security" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/1055" }, { "trust": 0.1, "url": "http://www.vmware.com/support/ws65/doc/releasenotes_ws653.html" }, { "trust": 0.1, "url": "http://www.vmware.com/download/ws/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0040" }, { "trust": 0.1, "url": "http://www.vmware.com/support/policies/security_response.html" }, { "trust": 0.1, "url": "http://download3.vmware.com/software/vmplayer/vmware-player-2.5.3-185404.x86_64.rpm" }, { "trust": 0.1, "url": "http://www.vmware.com/support/policies/eos.html" }, { "trust": 0.1, "url": "http://download3.vmware.com/software/vmplayer/vmware-player-2.5.3-185404.exe" }, { "trust": 0.1, "url": "http://download3.vmware.com/software/vmplayer/vmware-player-2.5.3-185404.i386.bundle" }, { "trust": 0.1, "url": "http://download3.vmware.com/software/vmplayer/vmware-player-2.5.3-185404.x86_64.bundle" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0040" }, { "trust": 0.1, "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce" }, { "trust": 0.1, "url": "http://www.vmware.com/support/policies/eos_vi.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0005" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/advisories" } ], "sources": [ { "db": "VULMON", "id": "CVE-2007-3847" }, { "db": "BID", "id": "25489" }, { "db": "JVNDB", "id": "JVNDB-2007-000638" }, { "db": "PACKETSTORM", "id": "63262" }, { "db": "PACKETSTORM", "id": "60759" }, { "db": "PACKETSTORM", "id": "60039" }, { "db": "PACKETSTORM", "id": "80533" }, { "db": "PACKETSTORM", "id": "61459" }, { "db": "CNNVD", "id": "CNNVD-200708-391" }, { "db": "NVD", "id": "CVE-2007-3847" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2007-3847" }, { "db": "BID", "id": "25489" }, { "db": "JVNDB", "id": "JVNDB-2007-000638" }, { "db": "PACKETSTORM", "id": "63262" }, { "db": "PACKETSTORM", "id": "60759" }, { "db": "PACKETSTORM", "id": "60039" }, { "db": "PACKETSTORM", "id": "80533" }, { "db": "PACKETSTORM", "id": "61459" }, { "db": "CNNVD", "id": "CNNVD-200708-391" }, { "db": "NVD", "id": "CVE-2007-3847" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2007-08-23T00:00:00", "db": "VULMON", "id": "CVE-2007-3847" }, { "date": "2007-08-30T00:00:00", "db": "BID", "id": "25489" }, { "date": "2007-09-05T00:00:00", "db": "JVNDB", "id": "JVNDB-2007-000638" }, { "date": "2008-02-05T00:41:56", "db": "PACKETSTORM", "id": "63262" }, { "date": "2007-11-07T20:27:55", "db": "PACKETSTORM", "id": "60759" }, { "date": "2007-10-12T04:41:53", "db": "PACKETSTORM", "id": "60039" }, { "date": "2009-08-23T16:31:17", "db": "PACKETSTORM", "id": "80533" }, { "date": "2007-12-04T05:30:30", "db": "PACKETSTORM", "id": "61459" }, { "date": "2007-08-23T00:00:00", "db": "CNNVD", "id": "CNNVD-200708-391" }, { "date": "2007-08-23T22:17:00", "db": "NVD", "id": "CVE-2007-3847" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-02-13T00:00:00", "db": "VULMON", "id": "CVE-2007-3847" }, { "date": "2010-08-05T21:45:00", "db": "BID", "id": "25489" }, { "date": "2013-07-18T00:00:00", "db": "JVNDB", "id": "JVNDB-2007-000638" }, { "date": "2023-05-06T00:00:00", "db": "CNNVD", "id": "CNNVD-200708-391" }, { "date": "2024-11-21T00:34:12.950000", "db": "NVD", "id": "CVE-2007-3847" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "61459" }, { "db": "CNNVD", "id": "CNNVD-200708-391" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache HTTP Server of mod_proxy Service disruption in modules (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2007-000638" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-200708-391" } ], "trust": 0.6 } }
var-200712-0594
Vulnerability from variot
Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Apache is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. This issue affects the following: - The 'mod_imagemap' module in Apache 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, and 2.2.0 - The 'mod_imap' module in Apache 1.3.39, 1.3.37, 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, and 1.3.0. =========================================================== Ubuntu Security Notice USN-575-1 February 04, 2008 apache2 vulnerabilities CVE-2006-3918, CVE-2007-3847, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388, CVE-2007-6421, CVE-2007-6422, CVE-2008-0005 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 6.06 LTS: apache2-mpm-perchild 2.0.55-4ubuntu2.3 apache2-mpm-prefork 2.0.55-4ubuntu2.3 apache2-mpm-worker 2.0.55-4ubuntu2.3
Ubuntu 6.10: apache2-mpm-perchild 2.0.55-4ubuntu4.2 apache2-mpm-prefork 2.0.55-4ubuntu4.2 apache2-mpm-worker 2.0.55-4ubuntu4.2
Ubuntu 7.04: apache2-mpm-event 2.2.3-3.2ubuntu2.1 apache2-mpm-perchild 2.2.3-3.2ubuntu2.1 apache2-mpm-prefork 2.2.3-3.2ubuntu2.1 apache2-mpm-worker 2.2.3-3.2ubuntu2.1
Ubuntu 7.10: apache2-mpm-event 2.2.4-3ubuntu0.1 apache2-mpm-perchild 2.2.4-3ubuntu0.1 apache2-mpm-prefork 2.2.4-3ubuntu0.1 apache2-mpm-worker 2.2.4-3ubuntu0.1
In general, a standard system upgrade is sufficient to effect the necessary changes.
Details follow:
It was discovered that Apache did not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. This was only vulnerable in Ubuntu 6.06. A remote attacker could send Apache crafted date headers and cause a denial of service via application crash. By default, mod_proxy is disabled in Ubuntu. (CVE-2007-3847)
It was discovered that mod_autoindex did not force a character set, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. (CVE-2007-4465)
It was discovered that mod_imap/mod_imagemap did not force a character set, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. By default, mod_imap/mod_imagemap is disabled in Ubuntu. (CVE-2007-5000)
It was discovered that mod_status when status pages were available, allowed for cross-site scripting attacks. By default, mod_status is disabled in Ubuntu. By default, mod_proxy_balancer is disabled in Ubuntu. This was only vulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-6421)
It was discovered that mod_proxy_balancer could be made to dereference a NULL pointer. A remote attacker could send a crafted request and cause a denial of service via application crash. By default, mod_proxy_balancer is disabled in Ubuntu. This was only vulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-6422)
It was discovered that mod_proxy_ftp did not force a character set, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. By default, mod_proxy_ftp is disabled in Ubuntu. (CVE-2008-0005)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3.diff.gz
Size/MD5: 121305 10359a467847b63f8d6603081450fece
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3.dsc
Size/MD5: 1148 923d0e3dcb5afba32a130aed96ac7214
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz
Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.3_all.deb
Size/MD5: 2124588 2befe634f0a889cc2241772f2a7d7164
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 832842 032c077cfeb6ffbc3989c54c27cb729a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 228206 771457a0b555eef325be270e1c22c0c2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 223236 77988570570b779ebf92fcc3dc7dc198
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 227904 945d30797a27c7ac28a96d9c1793b80d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 171402 3b7567107864cf36953e7911a4851738
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 172186 85a591ea061cbc727fc261b046781502
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 94240 b80027348754c493312269f7410b38fe
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 36228 2821ca9410c9cd287e756f05b0f6930c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 285664 76f4879738a0a788414316581ac2010b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 144250 3cd8327429958569a306257da57e8be0
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 786052 7bdddb451607eeb2abb9706641675397
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 202862 a88456a5949fe1da4ad3f6c969d3a886
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 198746 aa72459cae4f5765ccd1b58d275961bc
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 202338 13bbe75f89aeedb6dec9be929528df48
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 171408 34209e19f6ef01cb08aa75c1b3045495
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 172176 4521336ea6f4d87391ee96d70b79f887
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 92182 d8a3310073c017cdc7d3ffd1046a50cf
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 36220 0ae71bd4efdd0fb325864f46ba4f16e7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 261736 476e8d909e279fac698baf9cf0d62300
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 132160 3efb3c11dd844fbc429eff5818dcdae2
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 859014 a8c42d748bfd616f6a6f1bbbf2224205
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 220254 84f7c2678fbab6b303361d32f1a741a8
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 215932 bee4a6e00371117203647fd3a311658a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 219800 aaf4968deba24912e4981f35a367a086
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 171410 a15c13c0a2ec49e805f9ae83e5db4ae7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 172198 4e411b4b16daab9a0ddc9ea3651f448d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 103940 dca02b7f5bc6848fa1dc8aa530f04910
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 36222 619ee3ea1064d11a02de092690bfb1e1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 281280 9325dbc26f57d76254ceca78bee4cff2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 141398 668d7fb9dd196e82601ca6d43a326813
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 803242 120feec10c0dcc370894e2a3bdcd399b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 210668 062841f2fd30c07ff1f5b101a7c1e196
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 206266 35b3b9d4b34844b01576ca7963b5edda
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 209954 4f99e4d02fc93222cb541edb09358b79
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 171404 bd728a86c1a8984d60caeee35da0c451
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 172184 1794886b8aca59cf28cbe28d853f42ae
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 93282 1ae6def788c74750d79055784c0d8006
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 36230 5f1d8e4d19324674a1f5748601431758
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 267832 96c149638daeb993250b18c9f4285abf
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 130082 7a62f71e679a233ca118cb9813ffd3e3
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2.diff.gz
Size/MD5: 121671 775c3b2d53630ddfb4386cbfdb954861
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2.dsc
Size/MD5: 1148 a5dd357e0bef2dc308656c6c0af5ca1c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz
Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu4.2_all.deb
Size/MD5: 2124902 baf4147b4e4d939a08f20c8ac987abf7
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 836086 e04fced4fc1efd4a192a4016f679bc38
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 227790 27c558402837f9d4c85315dcdde2f4e1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 222698 a33ef1566dcd4793b0aa633435e8ee44
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 227296 4b3c5e771574d858dd655a9e0a7a5d8c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 171640 bd8fbcd40f5431e6688156ba4b17e960
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 172412 0520836bca78eb64bc97d4a8cc481487
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 94518 8b35759996e50046eca8154ebc63fc1f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 36530 1b08b4418ff0f7ba90940433116cf6d8
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 286876 1426b92819b56ff892483acedfdea4c6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 145340 109c93408c5197be50960cce80c23b7c
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 806640 81e91910683454a4b2444e0ce8e929bc
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 209996 27440ecbe836673f63ae1773e238eb65
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 206098 e77a4b69c1c456f4ca6c03d9105d8552
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 209552 8a23207211e54b138d5a87c15c097908
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 171636 07616e459905bad152a8669c8f670436
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 172408 69300678b2f8b908f90a91de325c7ee2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 93558 d47cdad1593a7332507c7d0388effbf4
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 36532 47800e58ec26a1389005b8120ad3ca3e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 266728 65cd78808f959d9e73a4d5e348bf3e20
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 137934 1493ea26165b34a841da777ed801ca7a
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 865216 a635390e5772dd30dac70f7aba5e620d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 222022 e37ef7d710800e568d838242d3129725
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 217630 53127602a5df28a5d66fdd11e396c346
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 221782 d3e43cef5b90a7e3aa405a5d167ddfb6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 171632 d9f1c242ffeab1b90850a6ffc78f0148
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 172404 51b40f3e6a486ce372844ad24b83ecf5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 104970 0f281f65023f52f0bea2dc54136b6c57
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 36530 c8c4a7e645fe938da23737602589d08c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 284866 ba3e1b09a14d8e5485561118f6eeefb7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 144554 66d17552fd2385cfdf44c5d55ea583c9
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 811380 c2578ed2a96363e7c5fb268933487ccb
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 212602 aab797ade503fec11a36dbf640e1ef08
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 208354 0a571678c269d1da06787dac56567f1c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 212052 90754ccdcd95e652413426376078d223
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 171634 00fbac613f13f1d1e20470ce42703018
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 172414 65e31d4a009a9663212f8cfcfa492c53
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 94100 95bd6b71a6bc1fceeccbc51d2b913bd2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 36532 b4a7ccf0ba37c70b78a950bacbc4a650
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 268776 5b157a4dd55f533a610bc6c111e9d414
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 131000 dda2d34f2e90e0468b02e261ae2c6afe
Updated packages for Ubuntu 7.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1.diff.gz
Size/MD5: 115896 cbb8201fa61844fe02dcc7c2e1e35cf5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1.dsc
Size/MD5: 1128 77143d282e5fc16d3f1dc327b7a4fd87
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3.orig.tar.gz
Size/MD5: 6342475 f72ffb176e2dc7b322be16508c09f63c
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.3-3.2ubuntu2.1_all.deb
Size/MD5: 2199570 be1a62334680ed00d5f5a4c74113d524
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.3-3.2ubuntu2.1_all.deb
Size/MD5: 272460 eb0d9dce34ef9dd4b940fb98c38e529c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.3-3.2ubuntu2.1_all.deb
Size/MD5: 6672646 b3d11c9f4451f75e4ff17e663999a579
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1_all.deb
Size/MD5: 39090 d2db3ef69d13b4ed76493e189174c304
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_amd64.deb
Size/MD5: 450016 f2726571f028c6f228a73faa1b620f63
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_amd64.deb
Size/MD5: 445732 2f791f5e207e2ed047c4ed36572cea6d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_amd64.deb
Size/MD5: 449602 a67b291ea2270e9c46f8eaecef65f7c6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_amd64.deb
Size/MD5: 403950 bc7a8419daa6c451decbb5640241df32
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_amd64.deb
Size/MD5: 404518 099bb7f53ae885bd7e8157c781c5b50b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_amd64.deb
Size/MD5: 341726 0aed173b3eb2db83ddd6ddb49bab7c4e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_amd64.deb
Size/MD5: 971426 30db1106dfea5106da54d2287c02a380
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_i386.deb
Size/MD5: 433320 03d3aa003bf777f1f1ae9d8f814caac1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_i386.deb
Size/MD5: 429248 e49f5accb8764204a2a759ea8b2dea55
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_i386.deb
Size/MD5: 432706 a3c32680004d3e0b460513d426006bb0
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_i386.deb
Size/MD5: 403964 63c77d5009e715094d21c273b57c04d0
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_i386.deb
Size/MD5: 404530 f4b9eb26fa058eaec8f75ae956cbc852
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_i386.deb
Size/MD5: 340810 e5d63edb8c0f2baccf9a2b072d1c3d74
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_i386.deb
Size/MD5: 929546 828b8224e2540d7bc4e462d5b2b1f8af
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_powerpc.deb
Size/MD5: 451914 b1057076382cb22727fa0bcd202c57dd
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_powerpc.deb
Size/MD5: 447340 44e26684bd3a09f2ed6969d2c540f5ae
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_powerpc.deb
Size/MD5: 451324 2c029a48b2242e1fdf137a6cec3af09d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_powerpc.deb
Size/MD5: 403974 65a11cfaee921517445cf74ed04df701
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_powerpc.deb
Size/MD5: 404538 d27226fdeac7d193651a2cb2bd4b61e8
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_powerpc.deb
Size/MD5: 360936 058bbb5e05afc0ca08805ca71a713a42
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_powerpc.deb
Size/MD5: 1073822 0f9dda867e9131cc5418dd40ec579d38
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_sparc.deb
Size/MD5: 434804 ff6361811108a9be8b45dd255b84c376
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_sparc.deb
Size/MD5: 430968 367e708f82317b657439fc9e70dfb3eb
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_sparc.deb
Size/MD5: 434308 2073137bb138dc52bbace666714f4e14
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_sparc.deb
Size/MD5: 403952 f0ed9c92b917d1749825e64be61d8822
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_sparc.deb
Size/MD5: 404520 fa7ce800de2eb5719c479a7506798b88
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_sparc.deb
Size/MD5: 343774 880faca3543426734431c29de77c3048
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_sparc.deb
Size/MD5: 938534 3e9075d30b9cedd73a936a14b8b84374
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1.diff.gz
Size/MD5: 121669 dd7399c1dacd25d2153af25d3e9c3ea5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1.dsc
Size/MD5: 1241 9b9bd27a1cfe3fc33d63b0b13d345e98
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4.orig.tar.gz
Size/MD5: 6365535 3add41e0b924d4bb53c2dee55a38c09e
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.4-3ubuntu0.1_all.deb
Size/MD5: 2211118 6da81663b251e862bb665d9627271b9f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.4-3ubuntu0.1_all.deb
Size/MD5: 278032 4f8270cff0a532bd059741b366047da9
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.4-3ubuntu0.1_all.deb
Size/MD5: 6700348 b133a1244f39b3f64fdd47cdd4a64480
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1_all.deb
Size/MD5: 42192 3f0351337b9c5d21ceea4b92a3911040
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_amd64.deb
Size/MD5: 456628 d85a3cbc0eef82e845a8327180136469
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_amd64.deb
Size/MD5: 452408 8dd9341af4b538e6c9f8f70faf5fd2f2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_amd64.deb
Size/MD5: 456134 f6bcb10663b0c13cdf68c6d0e83c6342
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_amd64.deb
Size/MD5: 410020 036c44117688999e0eaa7a6cfc1b5a11
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_amd64.deb
Size/MD5: 410604 cbb1e906a74fb2a34f41a3243ffa8010
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_amd64.deb
Size/MD5: 347444 63413a914cb4546704032ab8f7f16a80
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_amd64.deb
Size/MD5: 989366 b0c2d84f421fcb331efcec2a7b0711d1
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_i386.deb
Size/MD5: 439730 46888aaf742cdcc30bcf7983d31c0158
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_i386.deb
Size/MD5: 435354 f3557e1a87154424e9144cf672110e93
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_i386.deb
Size/MD5: 439062 3469e523d93cfc20b71271b1f24daea1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_i386.deb
Size/MD5: 410026 fafeb6f9433f595e1a634505f78d2bd1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_i386.deb
Size/MD5: 410606 29b01db3883e5d12a5992c22cadfbe7a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_i386.deb
Size/MD5: 346490 6581362eebd73d91d1f74ebd9941c890
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_i386.deb
Size/MD5: 944816 a1f598ad168bf49f12f8b0cf08ab7908
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_powerpc.deb
Size/MD5: 458126 f08b8b1f2673fdfcbd849bc913006408
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_powerpc.deb
Size/MD5: 453546 f52c55b92d5b1c42cb4cfcfee774b1bd
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_powerpc.deb
Size/MD5: 457466 f7b948be666100a7f5631cbafe2255dd
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_powerpc.deb
Size/MD5: 410024 3bba352e3a2d8730a23d04fdcea5abd9
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_powerpc.deb
Size/MD5: 410606 b95af66f260d1291e92986790b7d2f0f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_powerpc.deb
Size/MD5: 366550 c2f8906ce78396a240e37c08aa2cc197
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_powerpc.deb
Size/MD5: 1091688 f214016a736f7743a28dfd03e09753e2
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_sparc.deb
Size/MD5: 440954 f1a98acdf576d3e7c9576501f7886d30
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_sparc.deb
Size/MD5: 437166 36b4878e0e9593b5d28c743eb093784a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_sparc.deb
Size/MD5: 440446 46d56f1a8d1b10cc937c8252648a583e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_sparc.deb
Size/MD5: 410028 0c28e9654530a4ecf363d998b78e1fd5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_sparc.deb
Size/MD5: 410608 8e22b403b2315b190263f8ba2c8f98dd
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_sparc.deb
Size/MD5: 349678 fe7ce515de30be0ef1ddf865cae5dd49
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_sparc.deb
Size/MD5: 956316 009e48ea5e94d39830b3e9ba21aa55c8
. The HP Business Availability Center v8.02 kit is available on the HP Software Support Online portal at: http://support.openview.hp.com/support.jsp . Summary
Updated VMware Hosted products address security issues in libpng and the Apace HTTP Server.
- Relevant releases
VMware Workstation 6.5.2 and earlier, VMware Player 2.5.2 and earlier, VMware ACE 2.5.2 and earlier
- Problem Description
a. Third Party Library libpng Updated to 1.2.35
Several flaws were discovered in the way third party library libpng
handled uninitialized pointers. An attacker could create a PNG image
file in such a way, that when loaded by an application linked to
libpng, it could cause the application to crash or execute arbitrary
code at the privilege level of the user that runs the application.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2009-0040 to this issue.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
Workstation 6.5.x any 6.5.3 build 185404 or later
Player 2.5.x any 2.5.3 build 185404 or later
ACE 2.5.x any 2.5.3 build 185404 or later
Server 2.x any patch pending
Server 1.x any patch pending
Fusion 2.x Mac OS/X not affected
Fusion 1.x Mac OS/X not affected
ESXi 4.0 ESXi not affected
ESXi 3.5 ESXi not affected
ESX 4.0 ESX not affected
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
ESX 3.0.2 ESX not affected
ESX 2.5.5 ESX not affected *
* The libpng update for the Service Console of ESX 2.5.5 is
documented in VMSA-2009-0007.
b.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2007-3847, CVE-2007-1863, CVE-2006-5752,
CVE-2007-3304, CVE-2007-6388, CVE-2007-5000, CVE-2008-0005 to the
issues that have been addressed by this update.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
Workstation 6.5.x any not affected
Player 2.5.x any not affected
ACE 2.5.x Windows 2.5.3 build 185404 or later
ACE 2.5.x Linux update Apache on host system *
Server 2.x any not affected
Server 1.x any not affected
Fusion 2.x Mac OS/X not affected
Fusion 1.x Mac OS/X not affected
ESXi 4.0 ESXi not affected
ESXi 3.5 ESXi not affected
ESX 4.0 ESX not affected
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
ESX 3.0.2 ESX not affected
ESX 2.5.5 ESX not affected
* The Apache HTTP Server is not part of an ACE install on a Linux
host.
- Solution
Please review the patch/release notes for your product and version and verify the md5sum and/or the sha1sum of your downloaded file.
VMware Workstation 6.5.3
http://www.vmware.com/download/ws/ Release notes: http://www.vmware.com/support/ws65/doc/releasenotes_ws653.html
For Windows
Workstation for Windows 32-bit and 64-bit Windows 32-bit and 64-bit .exe md5sum: 7565d16b7d7e0173b90c3b76ca4656bc sha1sum: 9f687afd8b0f39cde40aeceb3213a91be487aad1
For Linux
Workstation for Linux 32-bit Linux 32-bit .rpm md5sum: 4d55c491bd008ded0ea19f373d1d1fd4 sha1sum: 1f43131c960e76a530390d3b6984c78dfc2da23e
Workstation for Linux 32-bit Linux 32-bit .bundle md5sum: d4a721c1918c0e8a87c6fa4bad49ad35 sha1sum: c0c6f9b56e70bd3ffdb5467ee176110e283a69e5
Workstation for Linux 64-bit Linux 64-bit .rpm md5sum: 72adfdb03de4959f044fcb983412ae7c sha1sum: ba16163c8d9b5aa572526b34a7b63dc6e68f9bbb
Workstation for Linux 64-bit Linux 64-bit .bundle md5sum: 83e1f0c94d6974286256c4d3b559e854 sha1sum: 8763f250a3ac5fc4698bd26319b93fecb498d542
VMware Player 2.5.3
http://www.vmware.com/download/player/ Release notes: http://www.vmware.com/support/player25/doc/releasenotes_player253.html
Player for Windows binary
http://download3.vmware.com/software/vmplayer/VMware-player-2.5.3-185404.exe md5sum: fe28f193374c9457752ee16cd6cad4e7 sha1sum: 13bd3ff93c04fa272544d3ef6de5ae746708af04
Player for Linux (.rpm)
http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.i386.rpm md5sum: c99cd65f19fdfc7651bcb7f328b73bc2 sha1sum: a33231b26e2358a72d16e1b4e2656a5873fe637e
Player for Linux (.bundle)
http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.i386.bundle md5sum: 210f4cb5615bd3b2171bc054b9b2bac5 sha1sum: 2f6497890b17b37480165bab9f430e8645edae9b
Player for Linux - 64-bit (.rpm)
http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.x86_64.rpm md5sum: f91576ef90b322d83225117ae9335968 sha1sum: f492fa9cf26ee2818f164aac04cde1680c25d974
Player for Linux - 64-bit (.bundle)
http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.x86_64.bundle md5sum: 595d44d7945c129b1aeb679d2f001b05 sha1sum: acd69fcb0c6bc49fd4af748c65c7fb730ab1e8c4
VMware ACE 2.5.3
http://www.vmware.com/download/ace/ Release notes: http://www.vmware.com/support/ace25/doc/releasenotes_ace253.html
ACE Management Server Virtual Appliance AMS Virtual Appliance .zip md5sum: 44cc7b86353047f02cf6ea0653e38418 sha1sum: 9f44b15e6681a6e58dd20784f829c68091a62cd1
VMware ACE for Windows 32-bit and 64-bit Windows 32-bit and 64-bit .exe md5sum: 0779da73408c5e649e0fd1c62d23820f sha1sum: 2b2e4963adc89f3b642874685f490222523b63ef
ACE Management Server for Windows Windows .exe md5sum: 0779da73408c5e649e0fd1c62d23820f sha1sum: 2b2e4963adc89f3b642874685f490222523b63ef
ACE Management Server for SUSE Enterprise Linux 9 SLES 9 .rpm md5sum: a4fc92d7197f0d569361cdf4b8cca642 sha1sum: af8a135cca398cacaa82c8c3c325011c6cd3ed75
ACE Management Server for Red Hat Enterprise Linux 4 RHEL 4 .rpm md5sum: 841005151338c8b954f08d035815fd58 sha1sum: 67e48624dba20e6be9e41ec9a5aba407dd8cc01e
- References
CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0040 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005
- Change log
2009-08-20 VMSA-2009-0010 Initial security advisory after release of Workstation 6.5.3, Player 2.5.3, and ACE 2.5.3 on 2009-08-20.
- Contact
E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
- security-announce at lists.vmware.com
- bugtraq at securityfocus.com
- full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055
VMware Security Center http://www.vmware.com/security
VMware security response policy http://www.vmware.com/support/policies/security_response.html
General support life cycle policy http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html
Copyright 2009 VMware Inc. All rights reserved.
The updated packages have been patched to correct these issues.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6421 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6422 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005
Updated Packages:
Mandriva Linux 2007.0: 912f61ea5210fbb94d71eef7bb634903 2007.0/i586/apache-base-2.2.3-1.3mdv2007.0.i586.rpm cb04a945da63abf56db5b444a3360916 2007.0/i586/apache-devel-2.2.3-1.3mdv2007.0.i586.rpm f4c419b30cd6f6520d9c995b9edf7098 2007.0/i586/apache-htcacheclean-2.2.3-1.3mdv2007.0.i586.rpm 1a40e9af24dce5bec34c4264ae1bdce2 2007.0/i586/apache-mod_authn_dbd-2.2.3-1.3mdv2007.0.i586.rpm 333f116f1036dcc4a95612179f7a34bd 2007.0/i586/apache-mod_cache-2.2.3-1.3mdv2007.0.i586.rpm 717feaa8449934514872fde1dfb26ff8 2007.0/i586/apache-mod_dav-2.2.3-1.3mdv2007.0.i586.rpm 15d3661edb2fa693fcc16e890f2b25a1 2007.0/i586/apache-mod_dbd-2.2.3-1.3mdv2007.0.i586.rpm 90bdaeaea54a973f5e813a495d82b14b 2007.0/i586/apache-mod_deflate-2.2.3-1.3mdv2007.0.i586.rpm 52a5ee95962b1153467443fb608eb3d8 2007.0/i586/apache-mod_disk_cache-2.2.3-1.3mdv2007.0.i586.rpm 8a0a950bfe0ce68ca498761e120d05da 2007.0/i586/apache-mod_file_cache-2.2.3-1.3mdv2007.0.i586.rpm 4f6b84375fd94d4467a3e3088de26a80 2007.0/i586/apache-mod_ldap-2.2.3-1.3mdv2007.0.i586.rpm fa98d84669215b56d3f64450af0d0f5d 2007.0/i586/apache-mod_mem_cache-2.2.3-1.3mdv2007.0.i586.rpm 665f988fa0cc99b4b55b01565a2d3075 2007.0/i586/apache-mod_proxy-2.2.3-1.3mdv2007.0.i586.rpm a22e15e33709ec0fff4c453643094031 2007.0/i586/apache-mod_proxy_ajp-2.2.3-1.3mdv2007.0.i586.rpm cca659746b2601dc61f8382c64d40206 2007.0/i586/apache-mod_ssl-2.2.3-1.3mdv2007.0.i586.rpm 208d8db690290b848c266593324c2a75 2007.0/i586/apache-mod_userdir-2.2.3-1.3mdv2007.0.i586.rpm 92a1be6ec8e7a0b274666ea7b2c8c47f 2007.0/i586/apache-modules-2.2.3-1.3mdv2007.0.i586.rpm 71670f17ade1c090567f4850c796bdef 2007.0/i586/apache-mpm-prefork-2.2.3-1.3mdv2007.0.i586.rpm dd78ed04d011e11e8872c606d4edfa93 2007.0/i586/apache-mpm-worker-2.2.3-1.3mdv2007.0.i586.rpm eb5785a9e04f14ac7788d43d18c39fcc 2007.0/i586/apache-source-2.2.3-1.3mdv2007.0.i586.rpm f066c405e8993de4fa506d8c05d37b9e 2007.0/SRPMS/apache-2.2.3-1.3mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64: b25f0ae69e8be8c807afb36a5b58e4a7 2007.0/x86_64/apache-base-2.2.3-1.3mdv2007.0.x86_64.rpm ec93723ef9b7a5e62dc6704461e2b034 2007.0/x86_64/apache-devel-2.2.3-1.3mdv2007.0.x86_64.rpm 200fac36fbd67d6cd1857272aa5147e7 2007.0/x86_64/apache-htcacheclean-2.2.3-1.3mdv2007.0.x86_64.rpm ac7ec3a712d56ce1a076f29439c042d4 2007.0/x86_64/apache-mod_authn_dbd-2.2.3-1.3mdv2007.0.x86_64.rpm 126f880a37723b316f13f01c612883c5 2007.0/x86_64/apache-mod_cache-2.2.3-1.3mdv2007.0.x86_64.rpm 69460daf3173b6c9f0d9f84c3597d81a 2007.0/x86_64/apache-mod_dav-2.2.3-1.3mdv2007.0.x86_64.rpm 52cf72324ae29121fe2e2c955808791f 2007.0/x86_64/apache-mod_dbd-2.2.3-1.3mdv2007.0.x86_64.rpm 17517cc4f69dec1f4ba1c08b242526e4 2007.0/x86_64/apache-mod_deflate-2.2.3-1.3mdv2007.0.x86_64.rpm a5a27827a3f488b9f31a231aad43eae7 2007.0/x86_64/apache-mod_disk_cache-2.2.3-1.3mdv2007.0.x86_64.rpm f413791db00e648dc0fae00336340bf0 2007.0/x86_64/apache-mod_file_cache-2.2.3-1.3mdv2007.0.x86_64.rpm 9d74a9b5ff153557cf361ca1726fd9b1 2007.0/x86_64/apache-mod_ldap-2.2.3-1.3mdv2007.0.x86_64.rpm b8fde6545785d79344d5a85b7bd88903 2007.0/x86_64/apache-mod_mem_cache-2.2.3-1.3mdv2007.0.x86_64.rpm da3a732c1e41e62207085aefcd0fb99c 2007.0/x86_64/apache-mod_proxy-2.2.3-1.3mdv2007.0.x86_64.rpm df716921b9736859a712dea86b22c3f5 2007.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.3mdv2007.0.x86_64.rpm c69fd37756dbe81df897396e6c6413de 2007.0/x86_64/apache-mod_ssl-2.2.3-1.3mdv2007.0.x86_64.rpm a24b51c168be4a5d57a1d1b5a1401f83 2007.0/x86_64/apache-mod_userdir-2.2.3-1.3mdv2007.0.x86_64.rpm e481d9ceb7ffa6a6299417a6f7874c07 2007.0/x86_64/apache-modules-2.2.3-1.3mdv2007.0.x86_64.rpm 0917c7d2edab62a4c62e4dd6136dec93 2007.0/x86_64/apache-mpm-prefork-2.2.3-1.3mdv2007.0.x86_64.rpm a98b13300b903a0219dc9de626ea1bbe 2007.0/x86_64/apache-mpm-worker-2.2.3-1.3mdv2007.0.x86_64.rpm e83551cd2c8365788b767f90c204a13d 2007.0/x86_64/apache-source-2.2.3-1.3mdv2007.0.x86_64.rpm f066c405e8993de4fa506d8c05d37b9e 2007.0/SRPMS/apache-2.2.3-1.3mdv2007.0.src.rpm
Mandriva Linux 2007.1: cb95db6136cbe28610e3e9baab45abeb 2007.1/i586/apache-base-2.2.4-6.4mdv2007.1.i586.rpm 6f9a4f9e658d51acdb9b8230a3ff8d10 2007.1/i586/apache-devel-2.2.4-6.4mdv2007.1.i586.rpm 71499b6f32722a7af4b664849eac6320 2007.1/i586/apache-htcacheclean-2.2.4-6.4mdv2007.1.i586.rpm 4c747fdb75063c7bb9bd50c0dbc59a5b 2007.1/i586/apache-mod_authn_dbd-2.2.4-6.4mdv2007.1.i586.rpm a3cae606ac80d807f84177c60e8455c8 2007.1/i586/apache-mod_cache-2.2.4-6.4mdv2007.1.i586.rpm 0f518e3f63d47d1c5a8193d95030f52d 2007.1/i586/apache-mod_dav-2.2.4-6.4mdv2007.1.i586.rpm 3ad5c633a0dcc187aad028f48dfb5b92 2007.1/i586/apache-mod_dbd-2.2.4-6.4mdv2007.1.i586.rpm 5fa41f5ac0caecb71c639f78222d8cee 2007.1/i586/apache-mod_deflate-2.2.4-6.4mdv2007.1.i586.rpm 1b4b5d31d1596eaa30987921d0ab07be 2007.1/i586/apache-mod_disk_cache-2.2.4-6.4mdv2007.1.i586.rpm 597eb4248325c05c1fafae90378425d6 2007.1/i586/apache-mod_file_cache-2.2.4-6.4mdv2007.1.i586.rpm f868cb2c42e06ae77fe349c7d31e0958 2007.1/i586/apache-mod_ldap-2.2.4-6.4mdv2007.1.i586.rpm a8696226c9930799d1fbad199c5e7084 2007.1/i586/apache-mod_mem_cache-2.2.4-6.4mdv2007.1.i586.rpm 2b62f69a3f58f1c572cbd8e961c11043 2007.1/i586/apache-mod_proxy-2.2.4-6.4mdv2007.1.i586.rpm bea2a28dc594b5fb8ef0591a7bb91714 2007.1/i586/apache-mod_proxy_ajp-2.2.4-6.4mdv2007.1.i586.rpm 9719faa4845deef9dc95f4ceeefce0e6 2007.1/i586/apache-mod_ssl-2.2.4-6.4mdv2007.1.i586.rpm 938e503476cac7f68b57322494e8f471 2007.1/i586/apache-mod_userdir-2.2.4-6.4mdv2007.1.i586.rpm cd01ff99ebacfe90c317d253d7ac11c4 2007.1/i586/apache-modules-2.2.4-6.4mdv2007.1.i586.rpm 5d830472142486b008e84851f5befdf9 2007.1/i586/apache-mpm-event-2.2.4-6.4mdv2007.1.i586.rpm 48ec7cbe8edbd745cc8446f2d274d8b7 2007.1/i586/apache-mpm-itk-2.2.4-6.4mdv2007.1.i586.rpm ada3666e18e2c49eb4849afbdad60f75 2007.1/i586/apache-mpm-prefork-2.2.4-6.4mdv2007.1.i586.rpm 7830123c1e76e8d02ca0a140c2b5f6c6 2007.1/i586/apache-mpm-worker-2.2.4-6.4mdv2007.1.i586.rpm 6498cc5113689f513cbdcfae0a2a3ad4 2007.1/i586/apache-source-2.2.4-6.4mdv2007.1.i586.rpm a716565584726e4d2d94ca4796c1d403 2007.1/SRPMS/apache-2.2.4-6.4mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64: 839816f464191d3aff0882eac70cea40 2007.1/x86_64/apache-base-2.2.4-6.4mdv2007.1.x86_64.rpm ac4910f34cbf168df34cd123604b044b 2007.1/x86_64/apache-devel-2.2.4-6.4mdv2007.1.x86_64.rpm a4b4f9d518ed8621348527938f6a8230 2007.1/x86_64/apache-htcacheclean-2.2.4-6.4mdv2007.1.x86_64.rpm d554aa06a52bd72e20f035beedd50dcf 2007.1/x86_64/apache-mod_authn_dbd-2.2.4-6.4mdv2007.1.x86_64.rpm 68659f413d0b1102c220b1b4824489b6 2007.1/x86_64/apache-mod_cache-2.2.4-6.4mdv2007.1.x86_64.rpm d92ec9a9deb7d188e644075a18951ae6 2007.1/x86_64/apache-mod_dav-2.2.4-6.4mdv2007.1.x86_64.rpm 07b06f6de52f0f107106cead6f47de2c 2007.1/x86_64/apache-mod_dbd-2.2.4-6.4mdv2007.1.x86_64.rpm 6bf077871aa95d08c934eacac7f1291e 2007.1/x86_64/apache-mod_deflate-2.2.4-6.4mdv2007.1.x86_64.rpm b16f793759b09e75b7e162a5d858d835 2007.1/x86_64/apache-mod_disk_cache-2.2.4-6.4mdv2007.1.x86_64.rpm 635452cc08657fa5da5b65dc40bf2c1b 2007.1/x86_64/apache-mod_file_cache-2.2.4-6.4mdv2007.1.x86_64.rpm 7a238972b773975493d8931d573233ec 2007.1/x86_64/apache-mod_ldap-2.2.4-6.4mdv2007.1.x86_64.rpm 46704ca76800a5b967a4dd6e8efef986 2007.1/x86_64/apache-mod_mem_cache-2.2.4-6.4mdv2007.1.x86_64.rpm 3c23cff577f9697b719c90918ef91b44 2007.1/x86_64/apache-mod_proxy-2.2.4-6.4mdv2007.1.x86_64.rpm c4ea096a86cdab894cb59bb868b849f0 2007.1/x86_64/apache-mod_proxy_ajp-2.2.4-6.4mdv2007.1.x86_64.rpm 01f40dde7c3c93606c82681af472815f 2007.1/x86_64/apache-mod_ssl-2.2.4-6.4mdv2007.1.x86_64.rpm 9ade922fc7d52d73a47ca5f3cb2c7525 2007.1/x86_64/apache-mod_userdir-2.2.4-6.4mdv2007.1.x86_64.rpm 5e7e44ef5703f1e4fe5a952e5a3f5239 2007.1/x86_64/apache-modules-2.2.4-6.4mdv2007.1.x86_64.rpm e1b06e559e600461e19f9ab0f21d94be 2007.1/x86_64/apache-mpm-event-2.2.4-6.4mdv2007.1.x86_64.rpm 9903bcc1c12a86a9c2f9483d0ef9685e 2007.1/x86_64/apache-mpm-itk-2.2.4-6.4mdv2007.1.x86_64.rpm ce244cc42b6c411d2e3264c6ac6e1a76 2007.1/x86_64/apache-mpm-prefork-2.2.4-6.4mdv2007.1.x86_64.rpm 5989a935f4a0e20ac2844982e81cda83 2007.1/x86_64/apache-mpm-worker-2.2.4-6.4mdv2007.1.x86_64.rpm 339fccde52210eca1bf7e3cf05b9ce0e 2007.1/x86_64/apache-source-2.2.4-6.4mdv2007.1.x86_64.rpm a716565584726e4d2d94ca4796c1d403 2007.1/SRPMS/apache-2.2.4-6.4mdv2007.1.src.rpm
Mandriva Linux 2008.0: cb013d3f4f40e2dfe6a90e0a2a7cdd74 2008.0/i586/apache-base-2.2.6-8.1mdv2008.0.i586.rpm f2e8d6e8191794fac34ddc7fc0f38588 2008.0/i586/apache-devel-2.2.6-8.1mdv2008.0.i586.rpm 8456184db4de115db70e603dbe252456 2008.0/i586/apache-htcacheclean-2.2.6-8.1mdv2008.0.i586.rpm 9e8861daffdf9d6b0ab431b1c3c1fac9 2008.0/i586/apache-mod_authn_dbd-2.2.6-8.1mdv2008.0.i586.rpm de1f407b2eb4d84140686375d3497006 2008.0/i586/apache-mod_cache-2.2.6-8.1mdv2008.0.i586.rpm eaf010272f97a507f37a6145bb9de809 2008.0/i586/apache-mod_dav-2.2.6-8.1mdv2008.0.i586.rpm 4d1073009151607b47ffcedc96cdb834 2008.0/i586/apache-mod_dbd-2.2.6-8.1mdv2008.0.i586.rpm cfc6f2958ef8d117d1070e422078cdfa 2008.0/i586/apache-mod_deflate-2.2.6-8.1mdv2008.0.i586.rpm 3c423e687c0afc1b224e6535e16ec279 2008.0/i586/apache-mod_disk_cache-2.2.6-8.1mdv2008.0.i586.rpm ef790e64feeaf1a9ee5c58fd7e3b359d 2008.0/i586/apache-mod_file_cache-2.2.6-8.1mdv2008.0.i586.rpm 8f86f4c499dfa14fb2daf4f8b578e150 2008.0/i586/apache-mod_ldap-2.2.6-8.1mdv2008.0.i586.rpm 21b1fc690f38b779ee79bed31c5fa3a2 2008.0/i586/apache-mod_mem_cache-2.2.6-8.1mdv2008.0.i586.rpm 0ec954d20d7a080cc9a19c2146480897 2008.0/i586/apache-mod_proxy-2.2.6-8.1mdv2008.0.i586.rpm 50a87c9099f0c094c9fbb763e334fae9 2008.0/i586/apache-mod_proxy_ajp-2.2.6-8.1mdv2008.0.i586.rpm 9d4e1c4a6614e70b77cd2e03e3baeaea 2008.0/i586/apache-mod_ssl-2.2.6-8.1mdv2008.0.i586.rpm 29346499f10a850f8011191b0d242709 2008.0/i586/apache-mod_userdir-2.2.6-8.1mdv2008.0.i586.rpm 21c5bc6f2861cc532c8b5dae3f3e1ee2 2008.0/i586/apache-modules-2.2.6-8.1mdv2008.0.i586.rpm 944b6d2f395f4d26deeef93f9ce55c5b 2008.0/i586/apache-mpm-event-2.2.6-8.1mdv2008.0.i586.rpm 0fc46d4eae684b21a9a98a6c876960b3 2008.0/i586/apache-mpm-itk-2.2.6-8.1mdv2008.0.i586.rpm ab00a26cd43e9045e66da620e9678412 2008.0/i586/apache-mpm-prefork-2.2.6-8.1mdv2008.0.i586.rpm 785499e86b70da53c76a7d3321da1b30 2008.0/i586/apache-mpm-worker-2.2.6-8.1mdv2008.0.i586.rpm c1ccaf747ebe4bd71f875f70c969d4e7 2008.0/i586/apache-source-2.2.6-8.1mdv2008.0.i586.rpm 2d535ab37b9a247e827054766219f7e6 2008.0/SRPMS/apache-2.2.6-8.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64: 56b868f5c7a86b68666af13fe2a5c925 2008.0/x86_64/apache-base-2.2.6-8.1mdv2008.0.x86_64.rpm 16ca885969a1bd9d7f6d4a00a7c33095 2008.0/x86_64/apache-devel-2.2.6-8.1mdv2008.0.x86_64.rpm 76bcdbe509c56ec471ff767f5f7f925f 2008.0/x86_64/apache-htcacheclean-2.2.6-8.1mdv2008.0.x86_64.rpm 36fc978398d6b8f406f0913ecac5576e 2008.0/x86_64/apache-mod_authn_dbd-2.2.6-8.1mdv2008.0.x86_64.rpm d6644c5729325e3a0f7bda5ffe12523c 2008.0/x86_64/apache-mod_cache-2.2.6-8.1mdv2008.0.x86_64.rpm 98e86f62995310727dc7b7343776c948 2008.0/x86_64/apache-mod_dav-2.2.6-8.1mdv2008.0.x86_64.rpm 7aa7da7cb9fc4f29071535620de42023 2008.0/x86_64/apache-mod_dbd-2.2.6-8.1mdv2008.0.x86_64.rpm 8cb681d914e9619adf261dca86154538 2008.0/x86_64/apache-mod_deflate-2.2.6-8.1mdv2008.0.x86_64.rpm 1ebc35b8050495230d6809f97dd89731 2008.0/x86_64/apache-mod_disk_cache-2.2.6-8.1mdv2008.0.x86_64.rpm 7db7d64521dc4253edc59645e79a5e57 2008.0/x86_64/apache-mod_file_cache-2.2.6-8.1mdv2008.0.x86_64.rpm 5624b75d6d1eb311e6332c6a7e10e42f 2008.0/x86_64/apache-mod_ldap-2.2.6-8.1mdv2008.0.x86_64.rpm e7049015c893a5a75d0c4bbc68e18615 2008.0/x86_64/apache-mod_mem_cache-2.2.6-8.1mdv2008.0.x86_64.rpm 910e8bcb28e00501ebd39aa9c30e3cad 2008.0/x86_64/apache-mod_proxy-2.2.6-8.1mdv2008.0.x86_64.rpm 2451f7726434398f715bac328422faa8 2008.0/x86_64/apache-mod_proxy_ajp-2.2.6-8.1mdv2008.0.x86_64.rpm c6a102776378eecfbe64f87d2a4f261b 2008.0/x86_64/apache-mod_ssl-2.2.6-8.1mdv2008.0.x86_64.rpm 27a79220cf963ba1dfe6f17d6e66d3f5 2008.0/x86_64/apache-mod_userdir-2.2.6-8.1mdv2008.0.x86_64.rpm e87a2f8d0e8cf23fe0cc3a7a44195f68 2008.0/x86_64/apache-modules-2.2.6-8.1mdv2008.0.x86_64.rpm 6224d03ea5169e71fd588ddff0b95f16 2008.0/x86_64/apache-mpm-event-2.2.6-8.1mdv2008.0.x86_64.rpm e61bcd69bd997a5cddacc2f58dd1f1b9 2008.0/x86_64/apache-mpm-itk-2.2.6-8.1mdv2008.0.x86_64.rpm 304a7257ba0104bb799c3ab6a09cb977 2008.0/x86_64/apache-mpm-prefork-2.2.6-8.1mdv2008.0.x86_64.rpm d19f57238828efc73f24ff69c1dca341 2008.0/x86_64/apache-mpm-worker-2.2.6-8.1mdv2008.0.x86_64.rpm e72351edf865715beac70996ca1ea09b 2008.0/x86_64/apache-source-2.2.6-8.1mdv2008.0.x86_64.rpm 2d535ab37b9a247e827054766219f7e6 2008.0/SRPMS/apache-2.2.6-8.1mdv2008.0.src.rpm
Corporate 4.0: 0c36f90139943f6564058fb6c9a0028c corporate/4.0/i586/apache-base-2.2.3-1.3.20060mlcs4.i586.rpm 2c23db7c0c820a6d05cf9e89e10d437b corporate/4.0/i586/apache-devel-2.2.3-1.3.20060mlcs4.i586.rpm 6729c4c238ea40547ca8ad4ad34fac39 corporate/4.0/i586/apache-htcacheclean-2.2.3-1.3.20060mlcs4.i586.rpm 8c6b35f7192abf90e6af6a07c27099d0 corporate/4.0/i586/apache-mod_authn_dbd-2.2.3-1.3.20060mlcs4.i586.rpm 6f3ae30580187b440261747c0f975ec6 corporate/4.0/i586/apache-mod_cache-2.2.3-1.3.20060mlcs4.i586.rpm 56dd118e6e37165e6638baab4e58d08e corporate/4.0/i586/apache-mod_dav-2.2.3-1.3.20060mlcs4.i586.rpm 6e3512489622cf59e0f32458d943f65b corporate/4.0/i586/apache-mod_dbd-2.2.3-1.3.20060mlcs4.i586.rpm 7946432730bdac3ec21ca376f8f8ca12 corporate/4.0/i586/apache-mod_deflate-2.2.3-1.3.20060mlcs4.i586.rpm eeac05dfe0a57512de566f6a2e1e105e corporate/4.0/i586/apache-mod_disk_cache-2.2.3-1.3.20060mlcs4.i586.rpm b50af44b3084fcff0bc6cff1ac50023f corporate/4.0/i586/apache-mod_file_cache-2.2.3-1.3.20060mlcs4.i586.rpm a92816a879182cbca50ebace4bb5f193 corporate/4.0/i586/apache-mod_ldap-2.2.3-1.3.20060mlcs4.i586.rpm 2ca6a18de738a817cb346f1eb31bf76a corporate/4.0/i586/apache-mod_mem_cache-2.2.3-1.3.20060mlcs4.i586.rpm b984ff19a2458f844f62be84635060d1 corporate/4.0/i586/apache-mod_proxy-2.2.3-1.3.20060mlcs4.i586.rpm b816b9c09345b92da5a0216f5e9db932 corporate/4.0/i586/apache-mod_proxy_ajp-2.2.3-1.3.20060mlcs4.i586.rpm 240fb4ea33d91846fc083def26b19465 corporate/4.0/i586/apache-mod_ssl-2.2.3-1.3.20060mlcs4.i586.rpm afcda5d86a48edba71a81a8fda0d0f75 corporate/4.0/i586/apache-mod_userdir-2.2.3-1.3.20060mlcs4.i586.rpm 76705f36eb869b9a1520df0c09a7d1e9 corporate/4.0/i586/apache-modules-2.2.3-1.3.20060mlcs4.i586.rpm eb5bc900fa99aab700c29af7978ca44f corporate/4.0/i586/apache-mpm-prefork-2.2.3-1.3.20060mlcs4.i586.rpm 57a7cb6d3fc97eca6c46685f606a3618 corporate/4.0/i586/apache-mpm-worker-2.2.3-1.3.20060mlcs4.i586.rpm 804752d26fd2db2088cbc73ee9aee8f5 corporate/4.0/i586/apache-source-2.2.3-1.3.20060mlcs4.i586.rpm ece351bfa879df71f200f00d143779b9 corporate/4.0/SRPMS/apache-2.2.3-1.3.20060mlcs4.src.rpm
Corporate 4.0/X86_64: 74d411bb422230857a8971a9ce428c0e corporate/4.0/x86_64/apache-base-2.2.3-1.3.20060mlcs4.x86_64.rpm 5ede29fb5e502fdc96dbb4722b69bb26 corporate/4.0/x86_64/apache-devel-2.2.3-1.3.20060mlcs4.x86_64.rpm dcecf6dece1ec0c083f924b8e545b864 corporate/4.0/x86_64/apache-htcacheclean-2.2.3-1.3.20060mlcs4.x86_64.rpm b7bf0d94f575d6e1e42296b69e5d056b corporate/4.0/x86_64/apache-mod_authn_dbd-2.2.3-1.3.20060mlcs4.x86_64.rpm 6718af7bd108e06d8e6be0046473ce69 corporate/4.0/x86_64/apache-mod_cache-2.2.3-1.3.20060mlcs4.x86_64.rpm fce075627de036b3d71a93ceafa6105e corporate/4.0/x86_64/apache-mod_dav-2.2.3-1.3.20060mlcs4.x86_64.rpm 973a484aed44fd0281c34a0227131400 corporate/4.0/x86_64/apache-mod_dbd-2.2.3-1.3.20060mlcs4.x86_64.rpm 359ad6bfc294b82d14788ea3f2fb5b1f corporate/4.0/x86_64/apache-mod_deflate-2.2.3-1.3.20060mlcs4.x86_64.rpm ce014700683860f81922680ab29d335b corporate/4.0/x86_64/apache-mod_disk_cache-2.2.3-1.3.20060mlcs4.x86_64.rpm b918e9b9eeb06303a8b3f26f63666f74 corporate/4.0/x86_64/apache-mod_file_cache-2.2.3-1.3.20060mlcs4.x86_64.rpm 969c3cf38987f91d576de441e5781b5d corporate/4.0/x86_64/apache-mod_ldap-2.2.3-1.3.20060mlcs4.x86_64.rpm e3c4128b336c45e9470e57a1439cead9 corporate/4.0/x86_64/apache-mod_mem_cache-2.2.3-1.3.20060mlcs4.x86_64.rpm e6c07bd0bed38660852db97807e0b3dd corporate/4.0/x86_64/apache-mod_proxy-2.2.3-1.3.20060mlcs4.x86_64.rpm d6b2621b48abe4c74ecd5e24e7c3c9f9 corporate/4.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.3.20060mlcs4.x86_64.rpm 166b443903e18e77afee950f368ae763 corporate/4.0/x86_64/apache-mod_ssl-2.2.3-1.3.20060mlcs4.x86_64.rpm bcbd01a168655d57ad7dcbf424b4d91a corporate/4.0/x86_64/apache-mod_userdir-2.2.3-1.3.20060mlcs4.x86_64.rpm 3723d163f681e478e677c75a286f352e corporate/4.0/x86_64/apache-modules-2.2.3-1.3.20060mlcs4.x86_64.rpm f17cbd7d765045b30dd43f62efb7cfd3 corporate/4.0/x86_64/apache-mpm-prefork-2.2.3-1.3.20060mlcs4.x86_64.rpm 6e704ce4a8ab0b5817273af16b997ea2 corporate/4.0/x86_64/apache-mpm-worker-2.2.3-1.3.20060mlcs4.x86_64.rpm f35f2e3795dba910451ac03ec63f8898 corporate/4.0/x86_64/apache-source-2.2.3-1.3.20060mlcs4.x86_64.rpm ece351bfa879df71f200f00d143779b9 corporate/4.0/SRPMS/apache-2.2.3-1.3.20060mlcs4.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFHjmhKmqjQ0CJFipgRAkyLAJ4jEFMu2rAIE8XH60UDFYapm8fGgwCfaHL0 O/KXRt/gdgAAug5/9/aFGGA= =YkQ1 -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . The vulnerabilities could be remotely exploited to create a Denial of Service (DoS), unauthorized access, unauthorized disclosure of information, or unauthorized modifications.
Kit Name Location
HP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. HP-UX B.11.11, B.11.23, B.11.31 running Apache v2.0.59.00.1 or earlier. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01607570 Version: 1
HPSBMA02388 SSRT080059 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Cross Site Scripting (XSS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2008-11-19 Last Updated: 2008-11-19
Potential Security Impact: Remote cross site scripting (XSS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). The vulnerabilities could be exploited remotely to allow cross site scripting (XSS).
References: CVE-2007-6388, CVE-2007-5000
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP OpenView Network Node Manager (OV NNM) v7.01, v7.51, v7.53 running on HP-UX, Linux, and Solaris
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2007-6388 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2007-5000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 =============================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002.
RESOLUTION
HP has made patches available to resolve the vulnerabilities.
The patches are available from http://itrc.hp.com
OV NNM v7.53
Operating_System - HP-UX (IA) Resolved in Patch - PHSS_38148 or subsequent
Operating_System - HP-UX (PA) Resolved in Patch - PHSS_38147 or subsequent
Operating_System - Linux RedHatAS2.1 Resolved in Patch - LXOV_00085 or subsequent
Operating_System - Linux RedHat4AS-x86_64 Resolved in Patch - LXOV_00086 or subsequent
Operating_System - Solaris Resolved in Patch - PSOV_03514 or subsequent
OV NNM v7.51
Upgrade to NNM v7.53 and install the patches listed above.
OV NNM v7.01
Operating_System - HP-UX (PA) Resolved in Patch - PHSS_38761 or subsequent
Operating_System - Solaris Resolved in Patch - PSOV_03516 or subsequent
MANUAL ACTIONS: Yes - NonUpdate Apply the appropriate file as described in the Resolution.
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS (for HP-UX)
For HP-UX OV NNM 7.53 HP-UX B.11.31 HP-UX B.11.23 (IA) ============= OVNNMgr.OVNNM-RUN action: install PHSS_38148 or subsequent URL: http://itrc.hp.com
HP-UX B.11.23 (PA) HP-UX B.11.11 ============= OVNNMgr.OVNNM-RUN action: install PHSS_38147 or subsequent URL: http://itrc.hp.com
For HP-UX OV NNM 7.51 HP-UX B.11.31 HP-UX B.11.23 HP-UX B.11.11 ============= OVNNMgr.OVNNM-RUN action: upgrade NNM v7.51 to NNM v7.53 and apply the appropriate patches
For HP-UX OV NNM 7.01 HP-UX B.11.00 HP-UX B.11.11 ============= OVNNMgr.OVNNM-RUN action: install PHSS_38761 or subsequent URL: http://itrc.hp.com
END AFFECTED VERSIONS (for HP-UX)
HISTORY Version:1 (rev.1) - 19 November 2008 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
- The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
\xa9Copyright 2008 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: PGP 8.1
iQA/AwUBSSQhVOAfOvwtKn1ZEQIlVQCg4n4fABzC24c9qQ5gz68oPLMVKI0AoMbs A2UIaH3YB7z+o42Tm7Eg7ahn =lskD -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200712-0594", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "http server", "scope": "eq", "trust": 2.1, "vendor": "oracle", "version": "10.1.3.5.0" }, { "model": "http server", "scope": "lte", "trust": 1.8, "vendor": "apache", "version": "1.3.39" }, { "model": "http server", "scope": "lte", "trust": 1.8, "vendor": "apache", "version": "2.0.61" }, { "model": "http server", "scope": "lte", "trust": 1.8, "vendor": "apache", "version": "2.2.6" }, { "model": "linux enterprise server", "scope": "eq", "trust": 1.3, "vendor": "suse", "version": "9" }, { "model": "server", "scope": "eq", "trust": 1.1, "vendor": "turbolinux", "version": "11" }, { "model": "personal", "scope": null, "trust": 1.1, "vendor": "turbolinux", "version": null }, { "model": "fuji", "scope": null, "trust": 1.1, "vendor": "turbolinux", "version": null }, { "model": "appliance server", "scope": "eq", "trust": 1.1, "vendor": "turbolinux", "version": "2.0" }, { "model": "http server", "scope": "eq", "trust": 1.1, "vendor": "ibm", "version": "2.0.47.1" }, { "model": "http server", "scope": "eq", "trust": 1.1, "vendor": "ibm", "version": "6.0.2.27" }, { "model": "http server", "scope": "eq", "trust": 1.1, "vendor": "ibm", "version": "1.3.28.1" }, { "model": "multimedia", "scope": null, "trust": 1.1, "vendor": "turbolinux", "version": null }, { "model": "opensuse", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "10.3" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "8" }, { "model": "linux enterprise server", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "10" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "6.06" }, { "model": "http server", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "2.2.0" }, { "model": "opensuse", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "10.2" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "7.10" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "7" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "6.10" }, { "model": "linux enterprise desktop", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "9" }, { "model": "http server", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "2.0.35" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "7.04" }, { "model": "http server", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "1.3.0" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.4.11" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.5.2" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.4.11" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.5.2" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "2.0" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "2.1" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "3 (x86)" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "3 (x86-64)" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "3.0" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "3.0 (x86-64)" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "4.0" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "4.0 (x86-64)" }, { "model": "interstage application framework suite", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage apworks", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage business application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage job workload server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage studio", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage web server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker resource coordinator", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard l p", "version": "11.11" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard l p", "version": "11.23" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard l p", "version": "11.31" }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "enterprise version 6" }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard version 6" }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 5" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "light version 6" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional version 6" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard version 6" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 5" }, { "model": "cosminexus server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "enterprise edition" }, { "model": "cosminexus server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard edition" }, { "model": "cosminexus server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard edition version 4" }, { "model": "cosminexus server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "web edition" }, { "model": "cosminexus server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "web edition version 4" }, { "model": "web server", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "enterprise" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "light" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard" }, { "model": "ucosminexus service", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "architect" }, { "model": "ucosminexus service", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "platform" }, { "model": "http server", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "6.1.0.15" }, { "model": "wanbooster", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "application stack", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "v1 for enterprise linux as (v.4)" }, { "model": "application stack", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "v1 for enterprise linux es (v.4)" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "2.1 (as)" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "2.1 (es)" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "2.1 (ws)" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "3 (as)" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "3 (es)" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "3 (ws)" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4 (as)" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4 (es)" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4 (ws)" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (server)" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "3.0" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4.0" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5.0 (client)" }, { "model": "linux advanced workstation", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "2.1" }, { "model": "rhel desktop workstation", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (client)" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "10 (sparc)" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "10 (x86)" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "8 (sparc)" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "8 (x86)" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "9 (sparc)" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "9 (x86)" }, { "model": "appliance server", "scope": "eq", "trust": 0.8, "vendor": "turbolinux", "version": "1.0 (hosting)" }, { "model": "appliance server", "scope": "eq", "trust": 0.8, "vendor": "turbolinux", "version": "1.0 (workgroup)" }, { "model": "server", "scope": "eq", "trust": 0.8, "vendor": "turbolinux", "version": "10" }, { "model": "server", "scope": "eq", "trust": 0.8, "vendor": "turbolinux", "version": "10 (x64)" }, { "model": "server", "scope": "eq", "trust": 0.8, "vendor": "turbolinux", "version": "11 (x64)" }, { "model": "server", "scope": "eq", "trust": 0.8, "vendor": "turbolinux", "version": "8" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.2.4" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.0.60" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.2.3" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.2.2" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.0.59" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.2.6" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.2" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.2.5" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.0.61" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.2.1" }, { "model": "interstage job workload server", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.1" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2007.0" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.49" }, { "model": "interstage studio enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "certificate server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7.3" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "openvms secure web server", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "2.2" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.3" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.35" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0.1" }, { "model": "multi network firewall", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "2.0" }, { "model": "hp-ux b.11.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "enterprise linux ws", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2.1" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage apworks modelers-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "server", "scope": "eq", "trust": 0.3, "vendor": "turbolinux", "version": "11x64" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "12.0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.50" }, { "model": "workstation", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "6.5.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.10" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0" }, { "model": "2.2.7-dev", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": null }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0.1" }, { "model": "interstage application server plus developer", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "10.0" }, { "model": "-dev", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.56" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.2.13" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.6" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "rpath", "version": "1" }, { "model": "corporate server x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "4.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "9.0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.5" }, { "model": "linux lts powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.06" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.34" }, { "model": "interstage studio standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.28" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10.1x86" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.39" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.10" }, { "model": "workstation", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "6.5.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.5" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.32" }, { "model": "ccs", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1.2" }, { "model": "enterprise linux es", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "enterprise linux es", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "3" }, { "model": "linux enterprise sdk 10.sp1", "scope": null, "trust": 0.3, "vendor": "suse", "version": null }, { "model": "appliance server hosting edition", "scope": "eq", "trust": 0.3, "vendor": "turbolinux", "version": "1.0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.51" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "7.04" }, { "model": "ccs", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1.1" }, { "model": "interstage studio enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2007.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.1" }, { "model": "advanced workstation for the itanium processor", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.4" }, { "model": "ccs", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.2" }, { "model": "player", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.5.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.6" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.35" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.22" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "novell linux desktop sdk", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "9.0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.9" }, { "model": "enterprise linux desktop client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "7.04" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0.1" }, { "model": "red hat network satellite server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5.0" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.11" }, { "model": "1.3.40-dev", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": null }, { "model": "enterprise linux ws ia64", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "11.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.8" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.53" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.9" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.3" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.06" }, { "model": "interstage application server plus developer", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0.1" }, { "model": "messaging storage server mm3.0", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.43" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2008.0" }, { "model": "interstage apworks modelers-j edition 6.0a", "scope": null, "trust": 0.3, "vendor": "fujitsu", "version": null }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.47" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.10" }, { "model": "openview network node manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.51" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.2" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.55" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.10" }, { "model": "solaris 8 sparc", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.20" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.06" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.26" }, { "model": "interstage business application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.0" }, { "model": "player", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.5.2" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.37" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2007.1" }, { "model": "openview network node manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.53" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.14" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.2.19" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.10" }, { "model": "linux ppc", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10.1" }, { "model": "hardware management console for pseries r1.3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "linux -current", "scope": null, "trust": 0.3, "vendor": "slackware", "version": null }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.7" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.33" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.11" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.4" }, { "model": "enterprise linux es", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2.1" }, { "model": "interstage apworks standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.1" }, { "model": "linux enterprise server sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "8.1" }, { "model": "desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.2" }, { "model": "fuji", "scope": "eq", "trust": 0.3, "vendor": "turbolinux", "version": "0" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2007.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "12.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.3" }, { "model": "corporate server x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "3.0" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.15" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.36" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "7.10" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "9.1" }, { "model": "hardware management console for iseries r1.3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "interstage apworks modelers-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "application stack for enterprise linux as", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "v14" }, { "model": "linux lts sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.06" }, { "model": "corporate server", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "4.0" }, { "model": "openview network node manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.01" }, { "model": "appliance server workgroup edition", "scope": "eq", "trust": 0.3, "vendor": "turbolinux", "version": "1.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "10.1" }, { "model": "advanced workstation for the itanium processor ia64", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2.1" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "server", "scope": "eq", "trust": 0.3, "vendor": "turbolinux", "version": "8.0" }, { "model": "solaris 8 x86", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "10.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.10" }, { "model": "solaris 10 sparc", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.48" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.45" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.12" }, { "model": "communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.0" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "7.10" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1.1" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.1" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.38" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "appliance platform linux service", "scope": "eq", "trust": 0.3, "vendor": "rpath", "version": "1" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.47" }, { "model": "interstage application server web-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "2.0.61-dev", "scope": null, "trust": 0.3, "vendor": "apache", "version": null }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.46" }, { "model": "2.0.62-dev", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": null }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.5" }, { "model": "interstage application server plus developer", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "ace", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.5.2" }, { "model": "communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1" }, { "model": "server", "scope": "eq", "trust": 0.3, "vendor": "turbolinux", "version": "10.0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.44" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.24" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "beta", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.28" }, { "model": "apache", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": "2.0.63" }, { "model": "enterprise linux as ia64", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2.1" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.40" }, { "model": "communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.4" }, { "model": "application stack for enterprise linux es", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "v14" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.6" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "network proxy (for rhel", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4)5.0" }, { "model": "novell linux pos", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "9" }, { "model": "business availability center", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.01" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3" }, { "model": "openvms secure web server", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1-1" }, { "model": "message networking mn", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.39" }, { "model": "open-enterprise-server", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "0" }, { "model": "enterprise linux as", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "enterprise linux as", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "3" }, { "model": "fedora", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.8" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.4" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.19" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1.3" }, { "model": "ace", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.5.1" }, { "model": "openvms secure web server", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.2" }, { "model": "ccs", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "a9", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.27" }, { "model": "novell linux desktop", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "9.0" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "7.10" }, { "model": "interstage application server enterprise edition a", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.2" }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.9" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2" }, { "model": "enterprise linux ws", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "enterprise linux ws", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "3" }, { "model": "solaris 10 x86", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "3.0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.58" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.54" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "7.10" }, { "model": "enterprise linux desktop workstation client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.42" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.28" }, { "model": "openvms secure web server", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.1-1" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.3" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.37" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2008.0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.52" }, { "model": "intuity audix lx", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "solaris 9 x86", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0.1" }, { "model": "interstage application server standard-j edition a", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "corporate server", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "3.0" }, { "model": "solaris 9 sparc", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.36" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10.1x86-64" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.32" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "7.04" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.2.12" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.41" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1.4" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.29" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.6" }, { "model": "2.0.60-dev", "scope": null, "trust": 0.3, "vendor": "apache", "version": null }, { "model": "interstage apworks enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.7" }, { "model": "server", "scope": "eq", "trust": 0.3, "vendor": "turbolinux", "version": "10.0.0x64" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.17" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.3" }, { "model": "enterprise linux es ia64", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2.1" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.13" }, { "model": "interstage studio standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "apache", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": "1.3.41" }, { "model": "enterprise linux as", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2.1" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.2.23" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.11" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.31" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.59" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "7.04" } ], "sources": [ { "db": "BID", "id": "26838" }, { "db": "JVNDB", "id": "JVNDB-2007-000819" }, { "db": "CNNVD", "id": "CNNVD-200712-135" }, { "db": "NVD", "id": "CVE-2007-5000" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:apache:http_server", "vulnerable": true }, { "cpe22Uri": "cpe:/o:apple:mac_os_x", "vulnerable": true }, { "cpe22Uri": "cpe:/o:apple:mac_os_x_server", "vulnerable": true }, { "cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_framework_suite", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_apworks", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_job_workload_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_studio", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_web_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_resource_coordinator", "vulnerable": true }, { "cpe22Uri": "cpe:/o:hp:hp-ux", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_developer", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:hitachi_web_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_service", "vulnerable": true }, { "cpe22Uri": "cpe:/a:ibm:http_server", "vulnerable": true }, { "cpe22Uri": "cpe:/h:nec:wanbooster", "vulnerable": true }, { "cpe22Uri": "cpe:/a:oracle:http_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:rhel_application_stack", "vulnerable": true }, { "cpe22Uri": "cpe:/o:redhat:enterprise_linux", "vulnerable": true }, { "cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop", "vulnerable": true }, { "cpe22Uri": "cpe:/o:redhat:linux_advanced_workstation", "vulnerable": true }, { "cpe22Uri": "cpe:/o:redhat:rhel_desktop_workstation", "vulnerable": true }, { "cpe22Uri": "cpe:/o:sun:solaris", "vulnerable": true }, { "cpe22Uri": "cpe:/o:turbolinux:turbolinux_appliance_server", "vulnerable": true }, { "cpe22Uri": "cpe:/o:turbolinux:turbolinux_fuji", "vulnerable": true }, { "cpe22Uri": "cpe:/o:turbolinux:turbolinux_multimedia", "vulnerable": true }, { "cpe22Uri": "cpe:/o:turbolinux:turbolinux_personal", "vulnerable": true }, { "cpe22Uri": "cpe:/o:turbolinux:turbolinux_server", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2007-000819" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache Software Foundation", "sources": [ { "db": "CNNVD", "id": "CNNVD-200712-135" } ], "trust": 0.6 }, "cve": "CVE-2007-5000", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "CVE-2007-5000", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "IPA", "availabilityImpact": "None", "baseScore": 4.3, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2007-000819", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2007-5000", "trust": 1.0, "value": "MEDIUM" }, { "author": "IPA", "id": "JVNDB-2007-000819", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-200712-135", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2007-5000", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2007-5000" }, { "db": "JVNDB", "id": "JVNDB-2007-000819" }, { "db": "CNNVD", "id": "CNNVD-200712-135" }, { "db": "NVD", "id": "CVE-2007-5000" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Apache is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. \nThis issue affects the following:\n- The \u0027mod_imagemap\u0027 module in Apache 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, and 2.2.0\n- The \u0027mod_imap\u0027 module in Apache 1.3.39, 1.3.37, 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, and 1.3.0. =========================================================== \nUbuntu Security Notice USN-575-1 February 04, 2008\napache2 vulnerabilities\nCVE-2006-3918, CVE-2007-3847, CVE-2007-4465, CVE-2007-5000,\nCVE-2007-6388, CVE-2007-6421, CVE-2007-6422, CVE-2008-0005\n===========================================================\n\nA security issue affects the following Ubuntu releases:\n\nUbuntu 6.06 LTS\nUbuntu 6.10\nUbuntu 7.04\nUbuntu 7.10\n\nThis advisory also applies to the corresponding versions of\nKubuntu, Edubuntu, and Xubuntu. \n\nThe problem can be corrected by upgrading your system to the\nfollowing package versions:\n\nUbuntu 6.06 LTS:\n apache2-mpm-perchild 2.0.55-4ubuntu2.3\n apache2-mpm-prefork 2.0.55-4ubuntu2.3\n apache2-mpm-worker 2.0.55-4ubuntu2.3\n\nUbuntu 6.10:\n apache2-mpm-perchild 2.0.55-4ubuntu4.2\n apache2-mpm-prefork 2.0.55-4ubuntu4.2\n apache2-mpm-worker 2.0.55-4ubuntu4.2\n\nUbuntu 7.04:\n apache2-mpm-event 2.2.3-3.2ubuntu2.1\n apache2-mpm-perchild 2.2.3-3.2ubuntu2.1\n apache2-mpm-prefork 2.2.3-3.2ubuntu2.1\n apache2-mpm-worker 2.2.3-3.2ubuntu2.1\n\nUbuntu 7.10:\n apache2-mpm-event 2.2.4-3ubuntu0.1\n apache2-mpm-perchild 2.2.4-3ubuntu0.1\n apache2-mpm-prefork 2.2.4-3ubuntu0.1\n apache2-mpm-worker 2.2.4-3ubuntu0.1\n\nIn general, a standard system upgrade is sufficient to effect the\nnecessary changes. \n\nDetails follow:\n\nIt was discovered that Apache did not sanitize the Expect header from\nan HTTP request when it is reflected back in an error message, which\ncould result in browsers becoming vulnerable to cross-site scripting\nattacks when processing the output. With cross-site scripting\nvulnerabilities, if a user were tricked into viewing server output\nduring a crafted server request, a remote attacker could exploit this\nto modify the contents, or steal confidential data (such as passwords),\nwithin the same domain. This was only vulnerable in Ubuntu 6.06. A remote\nattacker could send Apache crafted date headers and cause a denial of\nservice via application crash. By default, mod_proxy is disabled in\nUbuntu. (CVE-2007-3847)\n\nIt was discovered that mod_autoindex did not force a character set,\nwhich could result in browsers becoming vulnerable to cross-site\nscripting attacks when processing the output. (CVE-2007-4465)\n\nIt was discovered that mod_imap/mod_imagemap did not force a\ncharacter set, which could result in browsers becoming vulnerable\nto cross-site scripting attacks when processing the output. By\ndefault, mod_imap/mod_imagemap is disabled in Ubuntu. (CVE-2007-5000)\n\nIt was discovered that mod_status when status pages were available,\nallowed for cross-site scripting attacks. By default, mod_status is\ndisabled in Ubuntu. By default,\nmod_proxy_balancer is disabled in Ubuntu. This was only vulnerable\nin Ubuntu 7.04 and 7.10. (CVE-2007-6421)\n\nIt was discovered that mod_proxy_balancer could be made to\ndereference a NULL pointer. A remote attacker could send a crafted\nrequest and cause a denial of service via application crash. By\ndefault, mod_proxy_balancer is disabled in Ubuntu. This was only\nvulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-6422)\n\nIt was discovered that mod_proxy_ftp did not force a character set,\nwhich could result in browsers becoming vulnerable to cross-site\nscripting attacks when processing the output. By default,\nmod_proxy_ftp is disabled in Ubuntu. (CVE-2008-0005)\n\n\nUpdated packages for Ubuntu 6.06 LTS:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3.diff.gz\n Size/MD5: 121305 10359a467847b63f8d6603081450fece\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3.dsc\n Size/MD5: 1148 923d0e3dcb5afba32a130aed96ac7214\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz\n Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.3_all.deb\n Size/MD5: 2124588 2befe634f0a889cc2241772f2a7d7164\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 832842 032c077cfeb6ffbc3989c54c27cb729a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 228206 771457a0b555eef325be270e1c22c0c2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 223236 77988570570b779ebf92fcc3dc7dc198\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 227904 945d30797a27c7ac28a96d9c1793b80d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 171402 3b7567107864cf36953e7911a4851738\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 172186 85a591ea061cbc727fc261b046781502\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 94240 b80027348754c493312269f7410b38fe\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 36228 2821ca9410c9cd287e756f05b0f6930c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 285664 76f4879738a0a788414316581ac2010b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 144250 3cd8327429958569a306257da57e8be0\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 786052 7bdddb451607eeb2abb9706641675397\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 202862 a88456a5949fe1da4ad3f6c969d3a886\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 198746 aa72459cae4f5765ccd1b58d275961bc\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 202338 13bbe75f89aeedb6dec9be929528df48\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 171408 34209e19f6ef01cb08aa75c1b3045495\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 172176 4521336ea6f4d87391ee96d70b79f887\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 92182 d8a3310073c017cdc7d3ffd1046a50cf\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 36220 0ae71bd4efdd0fb325864f46ba4f16e7\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 261736 476e8d909e279fac698baf9cf0d62300\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 132160 3efb3c11dd844fbc429eff5818dcdae2\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 859014 a8c42d748bfd616f6a6f1bbbf2224205\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 220254 84f7c2678fbab6b303361d32f1a741a8\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 215932 bee4a6e00371117203647fd3a311658a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 219800 aaf4968deba24912e4981f35a367a086\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 171410 a15c13c0a2ec49e805f9ae83e5db4ae7\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 172198 4e411b4b16daab9a0ddc9ea3651f448d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 103940 dca02b7f5bc6848fa1dc8aa530f04910\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 36222 619ee3ea1064d11a02de092690bfb1e1\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 281280 9325dbc26f57d76254ceca78bee4cff2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 141398 668d7fb9dd196e82601ca6d43a326813\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 803242 120feec10c0dcc370894e2a3bdcd399b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 210668 062841f2fd30c07ff1f5b101a7c1e196\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 206266 35b3b9d4b34844b01576ca7963b5edda\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 209954 4f99e4d02fc93222cb541edb09358b79\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 171404 bd728a86c1a8984d60caeee35da0c451\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 172184 1794886b8aca59cf28cbe28d853f42ae\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 93282 1ae6def788c74750d79055784c0d8006\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 36230 5f1d8e4d19324674a1f5748601431758\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 267832 96c149638daeb993250b18c9f4285abf\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 130082 7a62f71e679a233ca118cb9813ffd3e3\n\nUpdated packages for Ubuntu 6.10:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2.diff.gz\n Size/MD5: 121671 775c3b2d53630ddfb4386cbfdb954861\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2.dsc\n Size/MD5: 1148 a5dd357e0bef2dc308656c6c0af5ca1c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz\n Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu4.2_all.deb\n Size/MD5: 2124902 baf4147b4e4d939a08f20c8ac987abf7\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 836086 e04fced4fc1efd4a192a4016f679bc38\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 227790 27c558402837f9d4c85315dcdde2f4e1\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 222698 a33ef1566dcd4793b0aa633435e8ee44\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 227296 4b3c5e771574d858dd655a9e0a7a5d8c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 171640 bd8fbcd40f5431e6688156ba4b17e960\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 172412 0520836bca78eb64bc97d4a8cc481487\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 94518 8b35759996e50046eca8154ebc63fc1f\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 36530 1b08b4418ff0f7ba90940433116cf6d8\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 286876 1426b92819b56ff892483acedfdea4c6\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 145340 109c93408c5197be50960cce80c23b7c\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 806640 81e91910683454a4b2444e0ce8e929bc\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 209996 27440ecbe836673f63ae1773e238eb65\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 206098 e77a4b69c1c456f4ca6c03d9105d8552\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 209552 8a23207211e54b138d5a87c15c097908\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 171636 07616e459905bad152a8669c8f670436\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 172408 69300678b2f8b908f90a91de325c7ee2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 93558 d47cdad1593a7332507c7d0388effbf4\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 36532 47800e58ec26a1389005b8120ad3ca3e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 266728 65cd78808f959d9e73a4d5e348bf3e20\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 137934 1493ea26165b34a841da777ed801ca7a\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 865216 a635390e5772dd30dac70f7aba5e620d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 222022 e37ef7d710800e568d838242d3129725\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 217630 53127602a5df28a5d66fdd11e396c346\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 221782 d3e43cef5b90a7e3aa405a5d167ddfb6\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 171632 d9f1c242ffeab1b90850a6ffc78f0148\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 172404 51b40f3e6a486ce372844ad24b83ecf5\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 104970 0f281f65023f52f0bea2dc54136b6c57\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 36530 c8c4a7e645fe938da23737602589d08c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 284866 ba3e1b09a14d8e5485561118f6eeefb7\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 144554 66d17552fd2385cfdf44c5d55ea583c9\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 811380 c2578ed2a96363e7c5fb268933487ccb\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 212602 aab797ade503fec11a36dbf640e1ef08\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 208354 0a571678c269d1da06787dac56567f1c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 212052 90754ccdcd95e652413426376078d223\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 171634 00fbac613f13f1d1e20470ce42703018\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 172414 65e31d4a009a9663212f8cfcfa492c53\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 94100 95bd6b71a6bc1fceeccbc51d2b913bd2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 36532 b4a7ccf0ba37c70b78a950bacbc4a650\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 268776 5b157a4dd55f533a610bc6c111e9d414\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 131000 dda2d34f2e90e0468b02e261ae2c6afe\n\nUpdated packages for Ubuntu 7.04:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1.diff.gz\n Size/MD5: 115896 cbb8201fa61844fe02dcc7c2e1e35cf5\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1.dsc\n Size/MD5: 1128 77143d282e5fc16d3f1dc327b7a4fd87\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3.orig.tar.gz\n Size/MD5: 6342475 f72ffb176e2dc7b322be16508c09f63c\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.3-3.2ubuntu2.1_all.deb\n Size/MD5: 2199570 be1a62334680ed00d5f5a4c74113d524\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.3-3.2ubuntu2.1_all.deb\n Size/MD5: 272460 eb0d9dce34ef9dd4b940fb98c38e529c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.3-3.2ubuntu2.1_all.deb\n Size/MD5: 6672646 b3d11c9f4451f75e4ff17e663999a579\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1_all.deb\n Size/MD5: 39090 d2db3ef69d13b4ed76493e189174c304\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_amd64.deb\n Size/MD5: 450016 f2726571f028c6f228a73faa1b620f63\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_amd64.deb\n Size/MD5: 445732 2f791f5e207e2ed047c4ed36572cea6d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_amd64.deb\n Size/MD5: 449602 a67b291ea2270e9c46f8eaecef65f7c6\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_amd64.deb\n Size/MD5: 403950 bc7a8419daa6c451decbb5640241df32\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_amd64.deb\n Size/MD5: 404518 099bb7f53ae885bd7e8157c781c5b50b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_amd64.deb\n Size/MD5: 341726 0aed173b3eb2db83ddd6ddb49bab7c4e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_amd64.deb\n Size/MD5: 971426 30db1106dfea5106da54d2287c02a380\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_i386.deb\n Size/MD5: 433320 03d3aa003bf777f1f1ae9d8f814caac1\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_i386.deb\n Size/MD5: 429248 e49f5accb8764204a2a759ea8b2dea55\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_i386.deb\n Size/MD5: 432706 a3c32680004d3e0b460513d426006bb0\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_i386.deb\n Size/MD5: 403964 63c77d5009e715094d21c273b57c04d0\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_i386.deb\n Size/MD5: 404530 f4b9eb26fa058eaec8f75ae956cbc852\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_i386.deb\n Size/MD5: 340810 e5d63edb8c0f2baccf9a2b072d1c3d74\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_i386.deb\n Size/MD5: 929546 828b8224e2540d7bc4e462d5b2b1f8af\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_powerpc.deb\n Size/MD5: 451914 b1057076382cb22727fa0bcd202c57dd\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_powerpc.deb\n Size/MD5: 447340 44e26684bd3a09f2ed6969d2c540f5ae\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_powerpc.deb\n Size/MD5: 451324 2c029a48b2242e1fdf137a6cec3af09d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_powerpc.deb\n Size/MD5: 403974 65a11cfaee921517445cf74ed04df701\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_powerpc.deb\n Size/MD5: 404538 d27226fdeac7d193651a2cb2bd4b61e8\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_powerpc.deb\n Size/MD5: 360936 058bbb5e05afc0ca08805ca71a713a42\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_powerpc.deb\n Size/MD5: 1073822 0f9dda867e9131cc5418dd40ec579d38\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_sparc.deb\n Size/MD5: 434804 ff6361811108a9be8b45dd255b84c376\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_sparc.deb\n Size/MD5: 430968 367e708f82317b657439fc9e70dfb3eb\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_sparc.deb\n Size/MD5: 434308 2073137bb138dc52bbace666714f4e14\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_sparc.deb\n Size/MD5: 403952 f0ed9c92b917d1749825e64be61d8822\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_sparc.deb\n Size/MD5: 404520 fa7ce800de2eb5719c479a7506798b88\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_sparc.deb\n Size/MD5: 343774 880faca3543426734431c29de77c3048\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_sparc.deb\n Size/MD5: 938534 3e9075d30b9cedd73a936a14b8b84374\n\nUpdated packages for Ubuntu 7.10:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1.diff.gz\n Size/MD5: 121669 dd7399c1dacd25d2153af25d3e9c3ea5\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1.dsc\n Size/MD5: 1241 9b9bd27a1cfe3fc33d63b0b13d345e98\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4.orig.tar.gz\n Size/MD5: 6365535 3add41e0b924d4bb53c2dee55a38c09e\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.4-3ubuntu0.1_all.deb\n Size/MD5: 2211118 6da81663b251e862bb665d9627271b9f\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.4-3ubuntu0.1_all.deb\n Size/MD5: 278032 4f8270cff0a532bd059741b366047da9\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.4-3ubuntu0.1_all.deb\n Size/MD5: 6700348 b133a1244f39b3f64fdd47cdd4a64480\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1_all.deb\n Size/MD5: 42192 3f0351337b9c5d21ceea4b92a3911040\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_amd64.deb\n Size/MD5: 456628 d85a3cbc0eef82e845a8327180136469\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_amd64.deb\n Size/MD5: 452408 8dd9341af4b538e6c9f8f70faf5fd2f2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_amd64.deb\n Size/MD5: 456134 f6bcb10663b0c13cdf68c6d0e83c6342\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_amd64.deb\n Size/MD5: 410020 036c44117688999e0eaa7a6cfc1b5a11\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_amd64.deb\n Size/MD5: 410604 cbb1e906a74fb2a34f41a3243ffa8010\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_amd64.deb\n Size/MD5: 347444 63413a914cb4546704032ab8f7f16a80\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_amd64.deb\n Size/MD5: 989366 b0c2d84f421fcb331efcec2a7b0711d1\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_i386.deb\n Size/MD5: 439730 46888aaf742cdcc30bcf7983d31c0158\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_i386.deb\n Size/MD5: 435354 f3557e1a87154424e9144cf672110e93\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_i386.deb\n Size/MD5: 439062 3469e523d93cfc20b71271b1f24daea1\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_i386.deb\n Size/MD5: 410026 fafeb6f9433f595e1a634505f78d2bd1\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_i386.deb\n Size/MD5: 410606 29b01db3883e5d12a5992c22cadfbe7a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_i386.deb\n Size/MD5: 346490 6581362eebd73d91d1f74ebd9941c890\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_i386.deb\n Size/MD5: 944816 a1f598ad168bf49f12f8b0cf08ab7908\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_powerpc.deb\n Size/MD5: 458126 f08b8b1f2673fdfcbd849bc913006408\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_powerpc.deb\n Size/MD5: 453546 f52c55b92d5b1c42cb4cfcfee774b1bd\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_powerpc.deb\n Size/MD5: 457466 f7b948be666100a7f5631cbafe2255dd\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_powerpc.deb\n Size/MD5: 410024 3bba352e3a2d8730a23d04fdcea5abd9\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_powerpc.deb\n Size/MD5: 410606 b95af66f260d1291e92986790b7d2f0f\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_powerpc.deb\n Size/MD5: 366550 c2f8906ce78396a240e37c08aa2cc197\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_powerpc.deb\n Size/MD5: 1091688 f214016a736f7743a28dfd03e09753e2\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_sparc.deb\n Size/MD5: 440954 f1a98acdf576d3e7c9576501f7886d30\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_sparc.deb\n Size/MD5: 437166 36b4878e0e9593b5d28c743eb093784a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_sparc.deb\n Size/MD5: 440446 46d56f1a8d1b10cc937c8252648a583e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_sparc.deb\n Size/MD5: 410028 0c28e9654530a4ecf363d998b78e1fd5\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_sparc.deb\n Size/MD5: 410608 8e22b403b2315b190263f8ba2c8f98dd\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_sparc.deb\n Size/MD5: 349678 fe7ce515de30be0ef1ddf865cae5dd49\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_sparc.deb\n Size/MD5: 956316 009e48ea5e94d39830b3e9ba21aa55c8\n\n. The HP Business Availability Center v8.02 kit is available on the HP Software Support Online portal at: http://support.openview.hp.com/support.jsp . Summary\n\n Updated VMware Hosted products address security issues in libpng and\n the Apace HTTP Server. \n\n2. Relevant releases\n\n VMware Workstation 6.5.2 and earlier,\n VMware Player 2.5.2 and earlier,\n VMware ACE 2.5.2 and earlier\n\n3. Problem Description\n\n a. Third Party Library libpng Updated to 1.2.35\n\n Several flaws were discovered in the way third party library libpng\n handled uninitialized pointers. An attacker could create a PNG image\n file in such a way, that when loaded by an application linked to\n libpng, it could cause the application to crash or execute arbitrary\n code at the privilege level of the user that runs the application. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2009-0040 to this issue. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n VirtualCenter any Windows not affected\n\n Workstation 6.5.x any 6.5.3 build 185404 or later\n\n Player 2.5.x any 2.5.3 build 185404 or later\n\n ACE 2.5.x any 2.5.3 build 185404 or later\n\n Server 2.x any patch pending\n Server 1.x any patch pending\n\n Fusion 2.x Mac OS/X not affected\n Fusion 1.x Mac OS/X not affected\n\n ESXi 4.0 ESXi not affected\n ESXi 3.5 ESXi not affected\n\n ESX 4.0 ESX not affected\n ESX 3.5 ESX not affected\n ESX 3.0.3 ESX not affected\n ESX 3.0.2 ESX not affected\n ESX 2.5.5 ESX not affected *\n\n * The libpng update for the Service Console of ESX 2.5.5 is\n documented in VMSA-2009-0007. \n\n b. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2007-3847, CVE-2007-1863, CVE-2006-5752,\n CVE-2007-3304, CVE-2007-6388, CVE-2007-5000, CVE-2008-0005 to the\n issues that have been addressed by this update. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n VirtualCenter any Windows not affected\n\n Workstation 6.5.x any not affected\n\n Player 2.5.x any not affected\n\n ACE 2.5.x Windows 2.5.3 build 185404 or later\n ACE 2.5.x Linux update Apache on host system *\n\n Server 2.x any not affected\n Server 1.x any not affected\n\n Fusion 2.x Mac OS/X not affected\n Fusion 1.x Mac OS/X not affected\n\n ESXi 4.0 ESXi not affected\n ESXi 3.5 ESXi not affected\n\n ESX 4.0 ESX not affected\n ESX 3.5 ESX not affected\n ESX 3.0.3 ESX not affected\n ESX 3.0.2 ESX not affected\n ESX 2.5.5 ESX not affected\n\n * The Apache HTTP Server is not part of an ACE install on a Linux\n host. \n\n4. Solution\n\n Please review the patch/release notes for your product and version\n and verify the md5sum and/or the sha1sum of your downloaded file. \n\n VMware Workstation 6.5.3\n ------------------------\n http://www.vmware.com/download/ws/\n Release notes:\n http://www.vmware.com/support/ws65/doc/releasenotes_ws653.html\n\n For Windows\n\n Workstation for Windows 32-bit and 64-bit\n Windows 32-bit and 64-bit .exe\n md5sum: 7565d16b7d7e0173b90c3b76ca4656bc\n sha1sum: 9f687afd8b0f39cde40aeceb3213a91be487aad1\n\n For Linux\n\n Workstation for Linux 32-bit\n Linux 32-bit .rpm\n md5sum: 4d55c491bd008ded0ea19f373d1d1fd4\n sha1sum: 1f43131c960e76a530390d3b6984c78dfc2da23e\n\n Workstation for Linux 32-bit\n Linux 32-bit .bundle\n md5sum: d4a721c1918c0e8a87c6fa4bad49ad35\n sha1sum: c0c6f9b56e70bd3ffdb5467ee176110e283a69e5\n\n Workstation for Linux 64-bit\n Linux 64-bit .rpm\n md5sum: 72adfdb03de4959f044fcb983412ae7c\n sha1sum: ba16163c8d9b5aa572526b34a7b63dc6e68f9bbb\n\n Workstation for Linux 64-bit\n Linux 64-bit .bundle\n md5sum: 83e1f0c94d6974286256c4d3b559e854\n sha1sum: 8763f250a3ac5fc4698bd26319b93fecb498d542\n\n\n VMware Player 2.5.3\n -------------------\n http://www.vmware.com/download/player/\n Release notes:\n http://www.vmware.com/support/player25/doc/releasenotes_player253.html\n\n Player for Windows binary\n\nhttp://download3.vmware.com/software/vmplayer/VMware-player-2.5.3-185404.exe\n md5sum: fe28f193374c9457752ee16cd6cad4e7\n sha1sum: 13bd3ff93c04fa272544d3ef6de5ae746708af04\n\n Player for Linux (.rpm)\n\nhttp://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.i386.rpm\n md5sum: c99cd65f19fdfc7651bcb7f328b73bc2\n sha1sum: a33231b26e2358a72d16e1b4e2656a5873fe637e\n\n Player for Linux (.bundle)\n\nhttp://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.i386.bundle\n md5sum: 210f4cb5615bd3b2171bc054b9b2bac5\n sha1sum: 2f6497890b17b37480165bab9f430e8645edae9b\n\n Player for Linux - 64-bit (.rpm)\n\nhttp://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.x86_64.rpm\n md5sum: f91576ef90b322d83225117ae9335968\n sha1sum: f492fa9cf26ee2818f164aac04cde1680c25d974\n\n Player for Linux - 64-bit (.bundle)\n\nhttp://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.x86_64.bundle\n md5sum: 595d44d7945c129b1aeb679d2f001b05\n sha1sum: acd69fcb0c6bc49fd4af748c65c7fb730ab1e8c4\n\n\n VMware ACE 2.5.3\n ----------------\n http://www.vmware.com/download/ace/\n Release notes:\n http://www.vmware.com/support/ace25/doc/releasenotes_ace253.html\n\n ACE Management Server Virtual Appliance\n AMS Virtual Appliance .zip\n md5sum: 44cc7b86353047f02cf6ea0653e38418\n sha1sum: 9f44b15e6681a6e58dd20784f829c68091a62cd1\n\n VMware ACE for Windows 32-bit and 64-bit\n Windows 32-bit and 64-bit .exe\n md5sum: 0779da73408c5e649e0fd1c62d23820f\n sha1sum: 2b2e4963adc89f3b642874685f490222523b63ef\n\n ACE Management Server for Windows\n Windows .exe\n md5sum: 0779da73408c5e649e0fd1c62d23820f\n sha1sum: 2b2e4963adc89f3b642874685f490222523b63ef\n\n ACE Management Server for SUSE Enterprise Linux 9\n SLES 9 .rpm\n md5sum: a4fc92d7197f0d569361cdf4b8cca642\n sha1sum: af8a135cca398cacaa82c8c3c325011c6cd3ed75\n\n ACE Management Server for Red Hat Enterprise Linux 4\n RHEL 4 .rpm\n md5sum: 841005151338c8b954f08d035815fd58\n sha1sum: 67e48624dba20e6be9e41ec9a5aba407dd8cc01e\n\n\n5. References\n\n CVE numbers\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0040\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005\n\n- ------------------------------------------------------------------------\n6. Change log\n\n2009-08-20 VMSA-2009-0010\nInitial security advisory after release of Workstation 6.5.3,\nPlayer 2.5.3, and ACE 2.5.3 on 2009-08-20. \n\n\n- ------------------------------------------------------------------------\n7. Contact\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n * security-announce at lists.vmware.com\n * bugtraq at securityfocus.com\n * full-disclosure at lists.grok.org.uk\n\nE-mail: security at vmware.com\nPGP key at: http://kb.vmware.com/kb/1055\n\nVMware Security Center\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2009 VMware Inc. All rights reserved. \n \n The updated packages have been patched to correct these issues. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6421\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6422\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2007.0:\n 912f61ea5210fbb94d71eef7bb634903 2007.0/i586/apache-base-2.2.3-1.3mdv2007.0.i586.rpm\n cb04a945da63abf56db5b444a3360916 2007.0/i586/apache-devel-2.2.3-1.3mdv2007.0.i586.rpm\n f4c419b30cd6f6520d9c995b9edf7098 2007.0/i586/apache-htcacheclean-2.2.3-1.3mdv2007.0.i586.rpm\n 1a40e9af24dce5bec34c4264ae1bdce2 2007.0/i586/apache-mod_authn_dbd-2.2.3-1.3mdv2007.0.i586.rpm\n 333f116f1036dcc4a95612179f7a34bd 2007.0/i586/apache-mod_cache-2.2.3-1.3mdv2007.0.i586.rpm\n 717feaa8449934514872fde1dfb26ff8 2007.0/i586/apache-mod_dav-2.2.3-1.3mdv2007.0.i586.rpm\n 15d3661edb2fa693fcc16e890f2b25a1 2007.0/i586/apache-mod_dbd-2.2.3-1.3mdv2007.0.i586.rpm\n 90bdaeaea54a973f5e813a495d82b14b 2007.0/i586/apache-mod_deflate-2.2.3-1.3mdv2007.0.i586.rpm\n 52a5ee95962b1153467443fb608eb3d8 2007.0/i586/apache-mod_disk_cache-2.2.3-1.3mdv2007.0.i586.rpm\n 8a0a950bfe0ce68ca498761e120d05da 2007.0/i586/apache-mod_file_cache-2.2.3-1.3mdv2007.0.i586.rpm\n 4f6b84375fd94d4467a3e3088de26a80 2007.0/i586/apache-mod_ldap-2.2.3-1.3mdv2007.0.i586.rpm\n fa98d84669215b56d3f64450af0d0f5d 2007.0/i586/apache-mod_mem_cache-2.2.3-1.3mdv2007.0.i586.rpm\n 665f988fa0cc99b4b55b01565a2d3075 2007.0/i586/apache-mod_proxy-2.2.3-1.3mdv2007.0.i586.rpm\n a22e15e33709ec0fff4c453643094031 2007.0/i586/apache-mod_proxy_ajp-2.2.3-1.3mdv2007.0.i586.rpm\n cca659746b2601dc61f8382c64d40206 2007.0/i586/apache-mod_ssl-2.2.3-1.3mdv2007.0.i586.rpm\n 208d8db690290b848c266593324c2a75 2007.0/i586/apache-mod_userdir-2.2.3-1.3mdv2007.0.i586.rpm\n 92a1be6ec8e7a0b274666ea7b2c8c47f 2007.0/i586/apache-modules-2.2.3-1.3mdv2007.0.i586.rpm\n 71670f17ade1c090567f4850c796bdef 2007.0/i586/apache-mpm-prefork-2.2.3-1.3mdv2007.0.i586.rpm\n dd78ed04d011e11e8872c606d4edfa93 2007.0/i586/apache-mpm-worker-2.2.3-1.3mdv2007.0.i586.rpm\n eb5785a9e04f14ac7788d43d18c39fcc 2007.0/i586/apache-source-2.2.3-1.3mdv2007.0.i586.rpm \n f066c405e8993de4fa506d8c05d37b9e 2007.0/SRPMS/apache-2.2.3-1.3mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n b25f0ae69e8be8c807afb36a5b58e4a7 2007.0/x86_64/apache-base-2.2.3-1.3mdv2007.0.x86_64.rpm\n ec93723ef9b7a5e62dc6704461e2b034 2007.0/x86_64/apache-devel-2.2.3-1.3mdv2007.0.x86_64.rpm\n 200fac36fbd67d6cd1857272aa5147e7 2007.0/x86_64/apache-htcacheclean-2.2.3-1.3mdv2007.0.x86_64.rpm\n ac7ec3a712d56ce1a076f29439c042d4 2007.0/x86_64/apache-mod_authn_dbd-2.2.3-1.3mdv2007.0.x86_64.rpm\n 126f880a37723b316f13f01c612883c5 2007.0/x86_64/apache-mod_cache-2.2.3-1.3mdv2007.0.x86_64.rpm\n 69460daf3173b6c9f0d9f84c3597d81a 2007.0/x86_64/apache-mod_dav-2.2.3-1.3mdv2007.0.x86_64.rpm\n 52cf72324ae29121fe2e2c955808791f 2007.0/x86_64/apache-mod_dbd-2.2.3-1.3mdv2007.0.x86_64.rpm\n 17517cc4f69dec1f4ba1c08b242526e4 2007.0/x86_64/apache-mod_deflate-2.2.3-1.3mdv2007.0.x86_64.rpm\n a5a27827a3f488b9f31a231aad43eae7 2007.0/x86_64/apache-mod_disk_cache-2.2.3-1.3mdv2007.0.x86_64.rpm\n f413791db00e648dc0fae00336340bf0 2007.0/x86_64/apache-mod_file_cache-2.2.3-1.3mdv2007.0.x86_64.rpm\n 9d74a9b5ff153557cf361ca1726fd9b1 2007.0/x86_64/apache-mod_ldap-2.2.3-1.3mdv2007.0.x86_64.rpm\n b8fde6545785d79344d5a85b7bd88903 2007.0/x86_64/apache-mod_mem_cache-2.2.3-1.3mdv2007.0.x86_64.rpm\n da3a732c1e41e62207085aefcd0fb99c 2007.0/x86_64/apache-mod_proxy-2.2.3-1.3mdv2007.0.x86_64.rpm\n df716921b9736859a712dea86b22c3f5 2007.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.3mdv2007.0.x86_64.rpm\n c69fd37756dbe81df897396e6c6413de 2007.0/x86_64/apache-mod_ssl-2.2.3-1.3mdv2007.0.x86_64.rpm\n a24b51c168be4a5d57a1d1b5a1401f83 2007.0/x86_64/apache-mod_userdir-2.2.3-1.3mdv2007.0.x86_64.rpm\n e481d9ceb7ffa6a6299417a6f7874c07 2007.0/x86_64/apache-modules-2.2.3-1.3mdv2007.0.x86_64.rpm\n 0917c7d2edab62a4c62e4dd6136dec93 2007.0/x86_64/apache-mpm-prefork-2.2.3-1.3mdv2007.0.x86_64.rpm\n a98b13300b903a0219dc9de626ea1bbe 2007.0/x86_64/apache-mpm-worker-2.2.3-1.3mdv2007.0.x86_64.rpm\n e83551cd2c8365788b767f90c204a13d 2007.0/x86_64/apache-source-2.2.3-1.3mdv2007.0.x86_64.rpm \n f066c405e8993de4fa506d8c05d37b9e 2007.0/SRPMS/apache-2.2.3-1.3mdv2007.0.src.rpm\n\n Mandriva Linux 2007.1:\n cb95db6136cbe28610e3e9baab45abeb 2007.1/i586/apache-base-2.2.4-6.4mdv2007.1.i586.rpm\n 6f9a4f9e658d51acdb9b8230a3ff8d10 2007.1/i586/apache-devel-2.2.4-6.4mdv2007.1.i586.rpm\n 71499b6f32722a7af4b664849eac6320 2007.1/i586/apache-htcacheclean-2.2.4-6.4mdv2007.1.i586.rpm\n 4c747fdb75063c7bb9bd50c0dbc59a5b 2007.1/i586/apache-mod_authn_dbd-2.2.4-6.4mdv2007.1.i586.rpm\n a3cae606ac80d807f84177c60e8455c8 2007.1/i586/apache-mod_cache-2.2.4-6.4mdv2007.1.i586.rpm\n 0f518e3f63d47d1c5a8193d95030f52d 2007.1/i586/apache-mod_dav-2.2.4-6.4mdv2007.1.i586.rpm\n 3ad5c633a0dcc187aad028f48dfb5b92 2007.1/i586/apache-mod_dbd-2.2.4-6.4mdv2007.1.i586.rpm\n 5fa41f5ac0caecb71c639f78222d8cee 2007.1/i586/apache-mod_deflate-2.2.4-6.4mdv2007.1.i586.rpm\n 1b4b5d31d1596eaa30987921d0ab07be 2007.1/i586/apache-mod_disk_cache-2.2.4-6.4mdv2007.1.i586.rpm\n 597eb4248325c05c1fafae90378425d6 2007.1/i586/apache-mod_file_cache-2.2.4-6.4mdv2007.1.i586.rpm\n f868cb2c42e06ae77fe349c7d31e0958 2007.1/i586/apache-mod_ldap-2.2.4-6.4mdv2007.1.i586.rpm\n a8696226c9930799d1fbad199c5e7084 2007.1/i586/apache-mod_mem_cache-2.2.4-6.4mdv2007.1.i586.rpm\n 2b62f69a3f58f1c572cbd8e961c11043 2007.1/i586/apache-mod_proxy-2.2.4-6.4mdv2007.1.i586.rpm\n bea2a28dc594b5fb8ef0591a7bb91714 2007.1/i586/apache-mod_proxy_ajp-2.2.4-6.4mdv2007.1.i586.rpm\n 9719faa4845deef9dc95f4ceeefce0e6 2007.1/i586/apache-mod_ssl-2.2.4-6.4mdv2007.1.i586.rpm\n 938e503476cac7f68b57322494e8f471 2007.1/i586/apache-mod_userdir-2.2.4-6.4mdv2007.1.i586.rpm\n cd01ff99ebacfe90c317d253d7ac11c4 2007.1/i586/apache-modules-2.2.4-6.4mdv2007.1.i586.rpm\n 5d830472142486b008e84851f5befdf9 2007.1/i586/apache-mpm-event-2.2.4-6.4mdv2007.1.i586.rpm\n 48ec7cbe8edbd745cc8446f2d274d8b7 2007.1/i586/apache-mpm-itk-2.2.4-6.4mdv2007.1.i586.rpm\n ada3666e18e2c49eb4849afbdad60f75 2007.1/i586/apache-mpm-prefork-2.2.4-6.4mdv2007.1.i586.rpm\n 7830123c1e76e8d02ca0a140c2b5f6c6 2007.1/i586/apache-mpm-worker-2.2.4-6.4mdv2007.1.i586.rpm\n 6498cc5113689f513cbdcfae0a2a3ad4 2007.1/i586/apache-source-2.2.4-6.4mdv2007.1.i586.rpm \n a716565584726e4d2d94ca4796c1d403 2007.1/SRPMS/apache-2.2.4-6.4mdv2007.1.src.rpm\n\n Mandriva Linux 2007.1/X86_64:\n 839816f464191d3aff0882eac70cea40 2007.1/x86_64/apache-base-2.2.4-6.4mdv2007.1.x86_64.rpm\n ac4910f34cbf168df34cd123604b044b 2007.1/x86_64/apache-devel-2.2.4-6.4mdv2007.1.x86_64.rpm\n a4b4f9d518ed8621348527938f6a8230 2007.1/x86_64/apache-htcacheclean-2.2.4-6.4mdv2007.1.x86_64.rpm\n d554aa06a52bd72e20f035beedd50dcf 2007.1/x86_64/apache-mod_authn_dbd-2.2.4-6.4mdv2007.1.x86_64.rpm\n 68659f413d0b1102c220b1b4824489b6 2007.1/x86_64/apache-mod_cache-2.2.4-6.4mdv2007.1.x86_64.rpm\n d92ec9a9deb7d188e644075a18951ae6 2007.1/x86_64/apache-mod_dav-2.2.4-6.4mdv2007.1.x86_64.rpm\n 07b06f6de52f0f107106cead6f47de2c 2007.1/x86_64/apache-mod_dbd-2.2.4-6.4mdv2007.1.x86_64.rpm\n 6bf077871aa95d08c934eacac7f1291e 2007.1/x86_64/apache-mod_deflate-2.2.4-6.4mdv2007.1.x86_64.rpm\n b16f793759b09e75b7e162a5d858d835 2007.1/x86_64/apache-mod_disk_cache-2.2.4-6.4mdv2007.1.x86_64.rpm\n 635452cc08657fa5da5b65dc40bf2c1b 2007.1/x86_64/apache-mod_file_cache-2.2.4-6.4mdv2007.1.x86_64.rpm\n 7a238972b773975493d8931d573233ec 2007.1/x86_64/apache-mod_ldap-2.2.4-6.4mdv2007.1.x86_64.rpm\n 46704ca76800a5b967a4dd6e8efef986 2007.1/x86_64/apache-mod_mem_cache-2.2.4-6.4mdv2007.1.x86_64.rpm\n 3c23cff577f9697b719c90918ef91b44 2007.1/x86_64/apache-mod_proxy-2.2.4-6.4mdv2007.1.x86_64.rpm\n c4ea096a86cdab894cb59bb868b849f0 2007.1/x86_64/apache-mod_proxy_ajp-2.2.4-6.4mdv2007.1.x86_64.rpm\n 01f40dde7c3c93606c82681af472815f 2007.1/x86_64/apache-mod_ssl-2.2.4-6.4mdv2007.1.x86_64.rpm\n 9ade922fc7d52d73a47ca5f3cb2c7525 2007.1/x86_64/apache-mod_userdir-2.2.4-6.4mdv2007.1.x86_64.rpm\n 5e7e44ef5703f1e4fe5a952e5a3f5239 2007.1/x86_64/apache-modules-2.2.4-6.4mdv2007.1.x86_64.rpm\n e1b06e559e600461e19f9ab0f21d94be 2007.1/x86_64/apache-mpm-event-2.2.4-6.4mdv2007.1.x86_64.rpm\n 9903bcc1c12a86a9c2f9483d0ef9685e 2007.1/x86_64/apache-mpm-itk-2.2.4-6.4mdv2007.1.x86_64.rpm\n ce244cc42b6c411d2e3264c6ac6e1a76 2007.1/x86_64/apache-mpm-prefork-2.2.4-6.4mdv2007.1.x86_64.rpm\n 5989a935f4a0e20ac2844982e81cda83 2007.1/x86_64/apache-mpm-worker-2.2.4-6.4mdv2007.1.x86_64.rpm\n 339fccde52210eca1bf7e3cf05b9ce0e 2007.1/x86_64/apache-source-2.2.4-6.4mdv2007.1.x86_64.rpm \n a716565584726e4d2d94ca4796c1d403 2007.1/SRPMS/apache-2.2.4-6.4mdv2007.1.src.rpm\n\n Mandriva Linux 2008.0:\n cb013d3f4f40e2dfe6a90e0a2a7cdd74 2008.0/i586/apache-base-2.2.6-8.1mdv2008.0.i586.rpm\n f2e8d6e8191794fac34ddc7fc0f38588 2008.0/i586/apache-devel-2.2.6-8.1mdv2008.0.i586.rpm\n 8456184db4de115db70e603dbe252456 2008.0/i586/apache-htcacheclean-2.2.6-8.1mdv2008.0.i586.rpm\n 9e8861daffdf9d6b0ab431b1c3c1fac9 2008.0/i586/apache-mod_authn_dbd-2.2.6-8.1mdv2008.0.i586.rpm\n de1f407b2eb4d84140686375d3497006 2008.0/i586/apache-mod_cache-2.2.6-8.1mdv2008.0.i586.rpm\n eaf010272f97a507f37a6145bb9de809 2008.0/i586/apache-mod_dav-2.2.6-8.1mdv2008.0.i586.rpm\n 4d1073009151607b47ffcedc96cdb834 2008.0/i586/apache-mod_dbd-2.2.6-8.1mdv2008.0.i586.rpm\n cfc6f2958ef8d117d1070e422078cdfa 2008.0/i586/apache-mod_deflate-2.2.6-8.1mdv2008.0.i586.rpm\n 3c423e687c0afc1b224e6535e16ec279 2008.0/i586/apache-mod_disk_cache-2.2.6-8.1mdv2008.0.i586.rpm\n ef790e64feeaf1a9ee5c58fd7e3b359d 2008.0/i586/apache-mod_file_cache-2.2.6-8.1mdv2008.0.i586.rpm\n 8f86f4c499dfa14fb2daf4f8b578e150 2008.0/i586/apache-mod_ldap-2.2.6-8.1mdv2008.0.i586.rpm\n 21b1fc690f38b779ee79bed31c5fa3a2 2008.0/i586/apache-mod_mem_cache-2.2.6-8.1mdv2008.0.i586.rpm\n 0ec954d20d7a080cc9a19c2146480897 2008.0/i586/apache-mod_proxy-2.2.6-8.1mdv2008.0.i586.rpm\n 50a87c9099f0c094c9fbb763e334fae9 2008.0/i586/apache-mod_proxy_ajp-2.2.6-8.1mdv2008.0.i586.rpm\n 9d4e1c4a6614e70b77cd2e03e3baeaea 2008.0/i586/apache-mod_ssl-2.2.6-8.1mdv2008.0.i586.rpm\n 29346499f10a850f8011191b0d242709 2008.0/i586/apache-mod_userdir-2.2.6-8.1mdv2008.0.i586.rpm\n 21c5bc6f2861cc532c8b5dae3f3e1ee2 2008.0/i586/apache-modules-2.2.6-8.1mdv2008.0.i586.rpm\n 944b6d2f395f4d26deeef93f9ce55c5b 2008.0/i586/apache-mpm-event-2.2.6-8.1mdv2008.0.i586.rpm\n 0fc46d4eae684b21a9a98a6c876960b3 2008.0/i586/apache-mpm-itk-2.2.6-8.1mdv2008.0.i586.rpm\n ab00a26cd43e9045e66da620e9678412 2008.0/i586/apache-mpm-prefork-2.2.6-8.1mdv2008.0.i586.rpm\n 785499e86b70da53c76a7d3321da1b30 2008.0/i586/apache-mpm-worker-2.2.6-8.1mdv2008.0.i586.rpm\n c1ccaf747ebe4bd71f875f70c969d4e7 2008.0/i586/apache-source-2.2.6-8.1mdv2008.0.i586.rpm \n 2d535ab37b9a247e827054766219f7e6 2008.0/SRPMS/apache-2.2.6-8.1mdv2008.0.src.rpm\n\n Mandriva Linux 2008.0/X86_64:\n 56b868f5c7a86b68666af13fe2a5c925 2008.0/x86_64/apache-base-2.2.6-8.1mdv2008.0.x86_64.rpm\n 16ca885969a1bd9d7f6d4a00a7c33095 2008.0/x86_64/apache-devel-2.2.6-8.1mdv2008.0.x86_64.rpm\n 76bcdbe509c56ec471ff767f5f7f925f 2008.0/x86_64/apache-htcacheclean-2.2.6-8.1mdv2008.0.x86_64.rpm\n 36fc978398d6b8f406f0913ecac5576e 2008.0/x86_64/apache-mod_authn_dbd-2.2.6-8.1mdv2008.0.x86_64.rpm\n d6644c5729325e3a0f7bda5ffe12523c 2008.0/x86_64/apache-mod_cache-2.2.6-8.1mdv2008.0.x86_64.rpm\n 98e86f62995310727dc7b7343776c948 2008.0/x86_64/apache-mod_dav-2.2.6-8.1mdv2008.0.x86_64.rpm\n 7aa7da7cb9fc4f29071535620de42023 2008.0/x86_64/apache-mod_dbd-2.2.6-8.1mdv2008.0.x86_64.rpm\n 8cb681d914e9619adf261dca86154538 2008.0/x86_64/apache-mod_deflate-2.2.6-8.1mdv2008.0.x86_64.rpm\n 1ebc35b8050495230d6809f97dd89731 2008.0/x86_64/apache-mod_disk_cache-2.2.6-8.1mdv2008.0.x86_64.rpm\n 7db7d64521dc4253edc59645e79a5e57 2008.0/x86_64/apache-mod_file_cache-2.2.6-8.1mdv2008.0.x86_64.rpm\n 5624b75d6d1eb311e6332c6a7e10e42f 2008.0/x86_64/apache-mod_ldap-2.2.6-8.1mdv2008.0.x86_64.rpm\n e7049015c893a5a75d0c4bbc68e18615 2008.0/x86_64/apache-mod_mem_cache-2.2.6-8.1mdv2008.0.x86_64.rpm\n 910e8bcb28e00501ebd39aa9c30e3cad 2008.0/x86_64/apache-mod_proxy-2.2.6-8.1mdv2008.0.x86_64.rpm\n 2451f7726434398f715bac328422faa8 2008.0/x86_64/apache-mod_proxy_ajp-2.2.6-8.1mdv2008.0.x86_64.rpm\n c6a102776378eecfbe64f87d2a4f261b 2008.0/x86_64/apache-mod_ssl-2.2.6-8.1mdv2008.0.x86_64.rpm\n 27a79220cf963ba1dfe6f17d6e66d3f5 2008.0/x86_64/apache-mod_userdir-2.2.6-8.1mdv2008.0.x86_64.rpm\n e87a2f8d0e8cf23fe0cc3a7a44195f68 2008.0/x86_64/apache-modules-2.2.6-8.1mdv2008.0.x86_64.rpm\n 6224d03ea5169e71fd588ddff0b95f16 2008.0/x86_64/apache-mpm-event-2.2.6-8.1mdv2008.0.x86_64.rpm\n e61bcd69bd997a5cddacc2f58dd1f1b9 2008.0/x86_64/apache-mpm-itk-2.2.6-8.1mdv2008.0.x86_64.rpm\n 304a7257ba0104bb799c3ab6a09cb977 2008.0/x86_64/apache-mpm-prefork-2.2.6-8.1mdv2008.0.x86_64.rpm\n d19f57238828efc73f24ff69c1dca341 2008.0/x86_64/apache-mpm-worker-2.2.6-8.1mdv2008.0.x86_64.rpm\n e72351edf865715beac70996ca1ea09b 2008.0/x86_64/apache-source-2.2.6-8.1mdv2008.0.x86_64.rpm \n 2d535ab37b9a247e827054766219f7e6 2008.0/SRPMS/apache-2.2.6-8.1mdv2008.0.src.rpm\n\n Corporate 4.0:\n 0c36f90139943f6564058fb6c9a0028c corporate/4.0/i586/apache-base-2.2.3-1.3.20060mlcs4.i586.rpm\n 2c23db7c0c820a6d05cf9e89e10d437b corporate/4.0/i586/apache-devel-2.2.3-1.3.20060mlcs4.i586.rpm\n 6729c4c238ea40547ca8ad4ad34fac39 corporate/4.0/i586/apache-htcacheclean-2.2.3-1.3.20060mlcs4.i586.rpm\n 8c6b35f7192abf90e6af6a07c27099d0 corporate/4.0/i586/apache-mod_authn_dbd-2.2.3-1.3.20060mlcs4.i586.rpm\n 6f3ae30580187b440261747c0f975ec6 corporate/4.0/i586/apache-mod_cache-2.2.3-1.3.20060mlcs4.i586.rpm\n 56dd118e6e37165e6638baab4e58d08e corporate/4.0/i586/apache-mod_dav-2.2.3-1.3.20060mlcs4.i586.rpm\n 6e3512489622cf59e0f32458d943f65b corporate/4.0/i586/apache-mod_dbd-2.2.3-1.3.20060mlcs4.i586.rpm\n 7946432730bdac3ec21ca376f8f8ca12 corporate/4.0/i586/apache-mod_deflate-2.2.3-1.3.20060mlcs4.i586.rpm\n eeac05dfe0a57512de566f6a2e1e105e corporate/4.0/i586/apache-mod_disk_cache-2.2.3-1.3.20060mlcs4.i586.rpm\n b50af44b3084fcff0bc6cff1ac50023f corporate/4.0/i586/apache-mod_file_cache-2.2.3-1.3.20060mlcs4.i586.rpm\n a92816a879182cbca50ebace4bb5f193 corporate/4.0/i586/apache-mod_ldap-2.2.3-1.3.20060mlcs4.i586.rpm\n 2ca6a18de738a817cb346f1eb31bf76a corporate/4.0/i586/apache-mod_mem_cache-2.2.3-1.3.20060mlcs4.i586.rpm\n b984ff19a2458f844f62be84635060d1 corporate/4.0/i586/apache-mod_proxy-2.2.3-1.3.20060mlcs4.i586.rpm\n b816b9c09345b92da5a0216f5e9db932 corporate/4.0/i586/apache-mod_proxy_ajp-2.2.3-1.3.20060mlcs4.i586.rpm\n 240fb4ea33d91846fc083def26b19465 corporate/4.0/i586/apache-mod_ssl-2.2.3-1.3.20060mlcs4.i586.rpm\n afcda5d86a48edba71a81a8fda0d0f75 corporate/4.0/i586/apache-mod_userdir-2.2.3-1.3.20060mlcs4.i586.rpm\n 76705f36eb869b9a1520df0c09a7d1e9 corporate/4.0/i586/apache-modules-2.2.3-1.3.20060mlcs4.i586.rpm\n eb5bc900fa99aab700c29af7978ca44f corporate/4.0/i586/apache-mpm-prefork-2.2.3-1.3.20060mlcs4.i586.rpm\n 57a7cb6d3fc97eca6c46685f606a3618 corporate/4.0/i586/apache-mpm-worker-2.2.3-1.3.20060mlcs4.i586.rpm\n 804752d26fd2db2088cbc73ee9aee8f5 corporate/4.0/i586/apache-source-2.2.3-1.3.20060mlcs4.i586.rpm \n ece351bfa879df71f200f00d143779b9 corporate/4.0/SRPMS/apache-2.2.3-1.3.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n 74d411bb422230857a8971a9ce428c0e corporate/4.0/x86_64/apache-base-2.2.3-1.3.20060mlcs4.x86_64.rpm\n 5ede29fb5e502fdc96dbb4722b69bb26 corporate/4.0/x86_64/apache-devel-2.2.3-1.3.20060mlcs4.x86_64.rpm\n dcecf6dece1ec0c083f924b8e545b864 corporate/4.0/x86_64/apache-htcacheclean-2.2.3-1.3.20060mlcs4.x86_64.rpm\n b7bf0d94f575d6e1e42296b69e5d056b corporate/4.0/x86_64/apache-mod_authn_dbd-2.2.3-1.3.20060mlcs4.x86_64.rpm\n 6718af7bd108e06d8e6be0046473ce69 corporate/4.0/x86_64/apache-mod_cache-2.2.3-1.3.20060mlcs4.x86_64.rpm\n fce075627de036b3d71a93ceafa6105e corporate/4.0/x86_64/apache-mod_dav-2.2.3-1.3.20060mlcs4.x86_64.rpm\n 973a484aed44fd0281c34a0227131400 corporate/4.0/x86_64/apache-mod_dbd-2.2.3-1.3.20060mlcs4.x86_64.rpm\n 359ad6bfc294b82d14788ea3f2fb5b1f corporate/4.0/x86_64/apache-mod_deflate-2.2.3-1.3.20060mlcs4.x86_64.rpm\n ce014700683860f81922680ab29d335b corporate/4.0/x86_64/apache-mod_disk_cache-2.2.3-1.3.20060mlcs4.x86_64.rpm\n b918e9b9eeb06303a8b3f26f63666f74 corporate/4.0/x86_64/apache-mod_file_cache-2.2.3-1.3.20060mlcs4.x86_64.rpm\n 969c3cf38987f91d576de441e5781b5d corporate/4.0/x86_64/apache-mod_ldap-2.2.3-1.3.20060mlcs4.x86_64.rpm\n e3c4128b336c45e9470e57a1439cead9 corporate/4.0/x86_64/apache-mod_mem_cache-2.2.3-1.3.20060mlcs4.x86_64.rpm\n e6c07bd0bed38660852db97807e0b3dd corporate/4.0/x86_64/apache-mod_proxy-2.2.3-1.3.20060mlcs4.x86_64.rpm\n d6b2621b48abe4c74ecd5e24e7c3c9f9 corporate/4.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.3.20060mlcs4.x86_64.rpm\n 166b443903e18e77afee950f368ae763 corporate/4.0/x86_64/apache-mod_ssl-2.2.3-1.3.20060mlcs4.x86_64.rpm\n bcbd01a168655d57ad7dcbf424b4d91a corporate/4.0/x86_64/apache-mod_userdir-2.2.3-1.3.20060mlcs4.x86_64.rpm\n 3723d163f681e478e677c75a286f352e corporate/4.0/x86_64/apache-modules-2.2.3-1.3.20060mlcs4.x86_64.rpm\n f17cbd7d765045b30dd43f62efb7cfd3 corporate/4.0/x86_64/apache-mpm-prefork-2.2.3-1.3.20060mlcs4.x86_64.rpm\n 6e704ce4a8ab0b5817273af16b997ea2 corporate/4.0/x86_64/apache-mpm-worker-2.2.3-1.3.20060mlcs4.x86_64.rpm\n f35f2e3795dba910451ac03ec63f8898 corporate/4.0/x86_64/apache-source-2.2.3-1.3.20060mlcs4.x86_64.rpm \n ece351bfa879df71f200f00d143779b9 corporate/4.0/SRPMS/apache-2.2.3-1.3.20060mlcs4.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.8 (GNU/Linux)\n\niD8DBQFHjmhKmqjQ0CJFipgRAkyLAJ4jEFMu2rAIE8XH60UDFYapm8fGgwCfaHL0\nO/KXRt/gdgAAug5/9/aFGGA=\n=YkQ1\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS), unauthorized access, unauthorized disclosure of information, or unauthorized modifications. \n\nKit Name\n Location\n\nHP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. \nHP-UX B.11.11, B.11.23, B.11.31 running Apache v2.0.59.00.1 or earlier. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c01607570\nVersion: 1\n\nHPSBMA02388 SSRT080059 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Cross Site Scripting (XSS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2008-11-19\nLast Updated: 2008-11-19\n\nPotential Security Impact: Remote cross site scripting (XSS)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). The vulnerabilities could be exploited remotely to allow cross site scripting (XSS). \n\nReferences: CVE-2007-6388, CVE-2007-5000\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP OpenView Network Node Manager (OV NNM) v7.01, v7.51, v7.53 running on HP-UX, Linux, and Solaris\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics \n===============================================\nReference Base Vector Base Score \nCVE-2007-6388 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2007-5000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\n===============================================\nInformation on CVSS is documented in HP Customer Notice: HPSN-2008-002. \n\nRESOLUTION\n\nHP has made patches available to resolve the vulnerabilities. \n\nThe patches are available from http://itrc.hp.com \n\nOV NNM v7.53 \n===========\nOperating_System - HP-UX (IA)\nResolved in Patch - PHSS_38148 or subsequent\n \nOperating_System - HP-UX (PA)\nResolved in Patch - PHSS_38147 or subsequent\n \nOperating_System - Linux RedHatAS2.1 \nResolved in Patch - LXOV_00085 or subsequent\n \nOperating_System - Linux RedHat4AS-x86_64 \nResolved in Patch - LXOV_00086 or subsequent\n \nOperating_System - Solaris\nResolved in Patch - PSOV_03514 or subsequent\n \nOV NNM v7.51 \n===========\nUpgrade to NNM v7.53 and install the patches listed above. \n\nOV NNM v7.01 \n===========\nOperating_System - HP-UX (PA)\nResolved in Patch - PHSS_38761 or subsequent\n \nOperating_System - Solaris\nResolved in Patch - PSOV_03516 or subsequent\n \n\nMANUAL ACTIONS: Yes - NonUpdate \nApply the appropriate file as described in the Resolution. \n\nPRODUCT SPECIFIC INFORMATION \n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa \n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS (for HP-UX)\n\nFor HP-UX OV NNM 7.53 \nHP-UX B.11.31 \nHP-UX B.11.23 (IA) \n============= \nOVNNMgr.OVNNM-RUN \naction: install PHSS_38148 or subsequent \nURL: http://itrc.hp.com \n\nHP-UX B.11.23 (PA) \nHP-UX B.11.11 \n============= \nOVNNMgr.OVNNM-RUN \naction: install PHSS_38147 or subsequent \nURL: http://itrc.hp.com \n\nFor HP-UX OV NNM 7.51 \nHP-UX B.11.31 \nHP-UX B.11.23 \nHP-UX B.11.11 \n============= \nOVNNMgr.OVNNM-RUN \naction: upgrade NNM v7.51 to NNM v7.53 and apply the appropriate patches \n\nFor HP-UX OV NNM 7.01 \nHP-UX B.11.00 \nHP-UX B.11.11 \n============= \nOVNNMgr.OVNNM-RUN \naction: install PHSS_38761 or subsequent \nURL: http://itrc.hp.com \n\nEND AFFECTED VERSIONS (for HP-UX)\n\nHISTORY \nVersion:1 (rev.1) - 19 November 2008 Initial release \n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com \nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n To: security-alert@hp.com \n Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email: \nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC \nOn the web page: ITRC security bulletins and patch sign-up \nUnder Step1: your ITRC security bulletins and patches \n - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems \n - verify your operating system selections are checked and save. \n\n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php \nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do \n\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: \n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n \nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2008 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 8.1\n\niQA/AwUBSSQhVOAfOvwtKn1ZEQIlVQCg4n4fABzC24c9qQ5gz68oPLMVKI0AoMbs\nA2UIaH3YB7z+o42Tm7Eg7ahn\n=lskD\n-----END PGP SIGNATURE-----\n", "sources": [ { "db": "NVD", "id": "CVE-2007-5000" }, { "db": "JVNDB", "id": "JVNDB-2007-000819" }, { "db": "BID", "id": "26838" }, { "db": "VULMON", "id": "CVE-2007-5000" }, { "db": "PACKETSTORM", "id": "63262" }, { "db": "PACKETSTORM", "id": "62720" }, { "db": "PACKETSTORM", "id": "89987" }, { "db": "PACKETSTORM", "id": "80533" }, { "db": "PACKETSTORM", "id": "62719" }, { "db": "PACKETSTORM", "id": "62721" }, { "db": "PACKETSTORM", "id": "101257" }, { "db": "PACKETSTORM", "id": "63217" }, { "db": "PACKETSTORM", "id": "72120" } ], "trust": 2.79 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2007-5000", "trust": 3.7 }, { "db": "SECUNIA", "id": "28046", "trust": 2.5 }, { "db": "SECUNIA", "id": "28073", "trust": 2.5 }, { "db": "BID", "id": "26838", "trust": 2.0 }, { "db": "USCERT", "id": "TA08-150A", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2007-4201", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2008-0178", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2008-0809", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2007-4202", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2008-1875", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2008-0084", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2007-4301", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2008-1623", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2008-1224", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2008-0398", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2008-0924", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2008-1697", "trust": 1.7 }, { "db": "SECUNIA", "id": "29988", "trust": 1.7 }, { "db": "SECUNIA", "id": "29420", "trust": 1.7 }, { "db": "SECUNIA", "id": "28081", "trust": 1.7 }, { "db": "SECUNIA", "id": "28471", "trust": 1.7 }, { "db": "SECUNIA", "id": "28375", "trust": 1.7 }, { "db": "SECUNIA", "id": "28749", "trust": 1.7 }, { "db": "SECUNIA", "id": "28467", "trust": 1.7 }, { "db": "SECUNIA", "id": "28526", "trust": 1.7 }, { "db": "SECUNIA", "id": "28922", "trust": 1.7 }, { "db": "SECUNIA", "id": "28750", "trust": 1.7 }, { "db": "SECUNIA", "id": "28607", "trust": 1.7 }, { "db": "SECUNIA", "id": "29640", "trust": 1.7 }, { "db": "SECUNIA", "id": "28525", "trust": 1.7 }, { "db": "SECUNIA", "id": "32800", "trust": 1.7 }, { "db": "SECUNIA", "id": "30732", "trust": 1.7 }, { "db": "SECUNIA", "id": "29806", "trust": 1.7 }, { "db": "SECUNIA", "id": "28977", "trust": 1.7 }, { "db": "SECUNIA", "id": "30430", "trust": 1.7 }, { "db": "SECUNIA", "id": "31142", "trust": 1.7 }, { "db": "SECUNIA", "id": "30356", "trust": 1.7 }, { "db": "SECUNIA", "id": "28196", "trust": 1.7 }, { "db": "SECTRACK", "id": "1019093", "trust": 1.7 }, { "db": "OSVDB", "id": "39134", "trust": 1.7 }, { "db": "JVN", "id": "JVN80057925", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2007-000819", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-200712-135", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2007-5000", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "63262", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "62720", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "89987", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "80533", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "62719", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "62721", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "101257", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "63217", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "72120", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2007-5000" }, { "db": "BID", "id": "26838" }, { "db": "JVNDB", "id": "JVNDB-2007-000819" }, { "db": "PACKETSTORM", "id": "63262" }, { "db": "PACKETSTORM", "id": "62720" }, { "db": "PACKETSTORM", "id": "89987" }, { "db": "PACKETSTORM", "id": "80533" }, { "db": "PACKETSTORM", "id": "62719" }, { "db": "PACKETSTORM", "id": "62721" }, { "db": "PACKETSTORM", "id": "101257" }, { "db": "PACKETSTORM", "id": "63217" }, { "db": "PACKETSTORM", "id": "72120" }, { "db": "CNNVD", "id": "CNNVD-200712-135" }, { "db": "NVD", "id": "CVE-2007-5000" } ] }, "id": "VAR-200712-0594", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.16519225 }, "last_update_date": "2024-11-29T20:29:16.733000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Fixed in Apache httpd 1.3.41", "trust": 0.8, "url": "http://httpd.apache.org/security/vulnerabilities_13.html#1.3.41" }, { "title": "Fixed in Apache httpd 2.0.63", "trust": 0.8, "url": "http://httpd.apache.org/security/vulnerabilities_20.html#2.0.63" }, { "title": "Fixed in Apache httpd 2.2.8", "trust": 0.8, "url": "http://httpd.apache.org/security/vulnerabilities_22.html#2.2.8" }, { "title": "Revision 603282", "trust": 0.8, "url": "http://svn.apache.org/viewvc?view=rev\u0026revision=603282" }, { "title": "Security Update 2008-002", "trust": 0.8, "url": "http://docs.info.apple.com/article.html?artnum=307562-en" }, { "title": "Security Update 2008-003", "trust": 0.8, "url": "http://support.apple.com/kb/HT1897" }, { "title": "httpd-2.2.3-11.3.1AX", "trust": 0.8, "url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=94" }, { "title": "interstage_as_200801", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_200801.html" }, { "title": "JVN#80057925", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/vulnerabilities/jvn-80057925.html" }, { "title": "HS07-042", "trust": 0.8, "url": "http://www.hitachi-support.com/security_e/vuls_e/HS07-042_e/index-e.html" }, { "title": "HPSBUX02308", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01345501" }, { "title": "4019245", "trust": 0.8, "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24019245" }, { "title": "PK58024", "trust": 0.8, "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK58024" }, { "title": "PK65782", "trust": 0.8, "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK65782" }, { "title": "7008517", "trust": 0.8, "url": "http://www-1.ibm.com/support/docview.wss?rs=177\u0026uid=swg27008517#61015" }, { "title": "PK63273", "trust": 0.8, "url": "http://www-1.ibm.com/support/docview.wss?rs=0\u0026context=SSEQTJ\u0026uid=swg1PK63273\u0026loc=en_US\u0026cs=utf-8\u0026cc=US\u0026lang=all" }, { "title": "7005198", "trust": 0.8, "url": "http://www-1.ibm.com/support/docview.wss?uid=swg27005198#60" }, { "title": "7007033", "trust": 0.8, "url": "http://www-1.ibm.com/support/docview.wss?uid=swg27007033#60227" }, { "title": "1205", "trust": 0.8, "url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=1205" }, { "title": "1224", "trust": 0.8, "url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=1224" }, { "title": "1221", "trust": 0.8, "url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=1221" }, { "title": "NV07-013", "trust": 0.8, "url": "http://www.nec.co.jp/security-info/secinfo/nv07-013.html" }, { "title": "Oracle Critical Patch Update Advisory - July 2013", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html" }, { "title": "Text Form of Oracle Critical Patch Update - July 2013 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013verbose-1899830.html" }, { "title": "RHSA-2008:0004", "trust": 0.8, "url": "https://rhn.redhat.com/errata/RHSA-2008-0004.html" }, { "title": "RHSA-2008:0005", "trust": 0.8, "url": "https://rhn.redhat.com/errata/RHSA-2008-0005.html" }, { "title": "RHSA-2008:0006", "trust": 0.8, "url": "https://rhn.redhat.com/errata/RHSA-2008-0006.html" }, { "title": "RHSA-2008:0007", "trust": 0.8, "url": "https://rhn.redhat.com/errata/RHSA-2008-0007.html" }, { "title": "RHSA-2008:0008", "trust": 0.8, "url": "https://rhn.redhat.com/errata/RHSA-2008-0008.html" }, { "title": "July 2013 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/july_2013_critical_patch_update" }, { "title": "233623", "trust": 0.8, "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-233623-1" }, { "title": "TLSA-2007-56", "trust": 0.8, "url": "http://www.turbolinux.com/security/2007/TLSA-2007-56.txt" }, { "title": "Ubuntu Security Notice: apache2 vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-575-1" }, { "title": "Debian CVElist Bug Report Logs: apache2: CVE-2007-4465", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=8a7503dd359ab44b424a9918eb8a6f66" }, { "title": "", "trust": 0.1, "url": "https://github.com/kasem545/vulnsearch " }, { "title": "", "trust": 0.1, "url": "https://github.com/SecureAxom/strike " } ], "sources": [ { "db": "VULMON", "id": "CVE-2007-5000" }, { "db": "JVNDB", "id": "JVNDB-2007-000819" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-79", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2007-000819" }, { "db": "NVD", "id": "CVE-2007-5000" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "http://secunia.com/advisories/28046" }, { "trust": 2.5, "url": "http://secunia.com/advisories/28073" }, { "trust": 2.0, "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1pk58024" }, { "trust": 2.0, "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1pk58074" }, { "trust": 2.0, "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200801e.html" }, { "trust": 2.0, "url": "http://support.avaya.com/elmodocs2/security/asa-2008-032.htm" }, { "trust": 2.0, "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1pk63273" }, { "trust": 2.0, "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24019245" }, { "trust": 2.0, "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html" }, { "trust": 1.8, "url": "http://www.securityfocus.com/bid/26838" }, { "trust": 1.7, "url": "http://securitytracker.com/id?1019093" }, { "trust": 1.7, "url": "http://secunia.com/advisories/28081" }, { "trust": 1.7, "url": "http://secunia.com/advisories/28196" }, { "trust": 1.7, "url": "http://secunia.com/advisories/28375" }, { "trust": 1.7, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2008:014" }, { "trust": 1.7, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2008:015" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2008-0004.html" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2008-0005.html" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2008-0006.html" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2008-0007.html" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2008-0008.html" }, { "trust": 1.7, "url": "http://secunia.com/advisories/28467" }, { "trust": 1.7, "url": "http://secunia.com/advisories/28471" }, { "trust": 1.7, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2008:016" }, { "trust": 1.7, "url": "http://secunia.com/advisories/28525" }, { "trust": 1.7, "url": "http://secunia.com/advisories/28526" }, { "trust": 1.7, "url": "http://secunia.com/advisories/28607" }, { "trust": 1.7, "url": "http://www.ubuntu.com/usn/usn-575-1" }, { "trust": 1.7, "url": "http://secunia.com/advisories/28749" }, { "trust": 1.7, "url": "http://secunia.com/advisories/28750" }, { "trust": 1.7, "url": "http://www.osvdb.org/39134" }, { "trust": 1.7, "url": "https://www.redhat.com/archives/fedora-package-announce/2008-february/msg00562.html" }, { "trust": 1.7, "url": "https://www.redhat.com/archives/fedora-package-announce/2008-february/msg00541.html" }, { "trust": 1.7, "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.595748" }, { "trust": 1.7, "url": "http://secunia.com/advisories/28977" }, { "trust": 1.7, "url": "http://secunia.com/advisories/28922" }, { "trust": 1.7, "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-233623-1" }, { "trust": 1.7, "url": "http://docs.info.apple.com/article.html?artnum=307562" }, { "trust": 1.7, "url": "http://lists.apple.com/archives/security-announce/2008/mar/msg00001.html" }, { "trust": 1.7, "url": "http://secunia.com/advisories/29420" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html" }, { "trust": 1.7, "url": "http://secunia.com/advisories/29640" }, { "trust": 1.7, "url": "http://secunia.com/advisories/29806" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2008-0009.html" }, { "trust": 1.7, "url": "http://secunia.com/advisories/29988" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2008-0261.html" }, { "trust": 1.7, "url": "http://secunia.com/advisories/30356" }, { "trust": 1.7, "url": "http://lists.apple.com/archives/security-announce/2008//may/msg00001.html" }, { "trust": 1.7, "url": "http://www.us-cert.gov/cas/techalerts/ta08-150a.html" }, { "trust": 1.7, "url": "http://secunia.com/advisories/30430" }, { "trust": 1.7, "url": "http://secunia.com/advisories/31142" }, { "trust": 1.7, "url": "http://secunia.com/advisories/30732" }, { "trust": 1.7, "url": "http://lists.vmware.com/pipermail/security-announce/2009/000062.html" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2008/0178" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2007/4202" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2008/1697" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2007/4301" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2008/0924/references" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2008/0809/references" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2008/1224/references" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2007/4201" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2008/1623/references" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2008/0084" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2008/0398" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2008/1875/references" }, { "trust": 1.7, "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2" }, { "trust": 1.7, "url": "http://secunia.com/advisories/32800" }, { "trust": 1.7, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01345501" }, { "trust": 1.7, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39002" }, { "trust": 1.7, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39001" }, { "trust": 1.7, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a9539" }, { "trust": 1.7, "url": "http://www.securityfocus.com/archive/1/505990/100/0/threaded" }, { "trust": 1.7, "url": "http://www.securityfocus.com/archive/1/498523/100/0/threaded" }, { "trust": 1.7, "url": "http://www.securityfocus.com/archive/1/494428/100/0/threaded" }, { "trust": 1.4, "url": "http://httpd.apache.org/security/vulnerabilities_13.html" }, { "trust": 1.4, "url": "http://httpd.apache.org/security/vulnerabilities_20.html" }, { "trust": 1.4, "url": "http://httpd.apache.org/security/vulnerabilities_22.html" }, { "trust": 1.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5000" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3ccvs.httpd.apache.org%3e" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5000" }, { "trust": 0.8, "url": "http://www.frsirt.com/english/advisories/2007/4201" }, { "trust": 0.8, "url": "http://www.frsirt.com/english/advisories/2007/4202" }, { "trust": 0.8, "url": "http://jvn.jp/en/jp/jvn80057925/index.html" }, { "trust": 0.8, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-5000" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6388" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0005" }, { "trust": 0.6, "url": "httpd.apache.org%3e" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3ccvs." }, { "trust": 0.6, "url": "httpd.apache.org/security/vulnerabilities_22.html" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs." }, { "trust": 0.6, "url": "httpd.apache.org/security/vulnerabilities_20.html" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3ccvs." }, { "trust": 0.6, "url": "httpd.apache.org/security/vulnerabilities_13.html" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3ccvs." }, { "trust": 0.4, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6388" }, { "trust": 0.4, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0005" }, { "trust": 0.4, "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do" }, { "trust": 0.4, "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc" }, { "trust": 0.4, "url": "http://h30046.www3.hp.com/subsignin.php" }, { "trust": 0.3, "url": "http://httpd.apache.org/" }, { "trust": 0.3, "url": "https://www13.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c01607570\u0026admit=109447627+1227181083938+28353475" }, { "trust": 0.3, "url": " http://www.phptoys.com/product/micro-news.html" }, { "trust": 0.3, "url": "https://www14.software.ibm.com/webapp/set2/sas/f/hmc/power5/install/v61.readme.html#mh01110" }, { "trust": 0.3, "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-233623-1" }, { "trust": 0.3, "url": "http://www.apache.org/dist/httpd/announcement1.3.html" }, { "trust": 0.3, "url": "http://www.apache.org/dist/httpd/announcement2.0.html" }, { "trust": 0.3, "url": "http://support.avaya.com/elmodocs2/security/asa-2008-026.htm" }, { "trust": 0.3, "url": "http://support.avaya.com/elmodocs2/security/asa-2008-031.htm" }, { "trust": 0.3, "url": "http://alerts.hp.com/r?2.1.3kt.2zr.xg7ek.by3b3q..t.dhzu.1jro.hzoeej00" }, { "trust": 0.3, "url": "http://rhn.redhat.com/errata/rhsa-2008-0004.html" }, { "trust": 0.3, "url": "http://rhn.redhat.com/errata/rhsa-2008-0005.html" }, { "trust": 0.3, "url": "http://rhn.redhat.com/errata/rhsa-2008-0006.html" }, { "trust": 0.3, "url": "http://rhn.redhat.com/errata/rhsa-2008-0007.html" }, { "trust": 0.3, "url": "http://rhn.redhat.com/errata/rhsa-2008-0008.html" }, { "trust": 0.3, "url": "http://rhn.redhat.com/errata/rhsa-2008-0261.html" }, { "trust": 0.3, "url": "http://rhn.redhat.com/errata/rhsa-2008-0263.html" }, { "trust": 0.3, "url": "http://rhn.redhat.com/errata/rhsa-2008-0523.html" }, { "trust": 0.3, "url": "http://rhn.redhat.com/errata/rhsa-2008-0524.html" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6422" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6421" }, { "trust": 0.3, "url": "http://www.mandriva.com/security/" }, { "trust": 0.3, "url": "http://www.mandriva.com/security/advisories" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-4465" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3918" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-3847" }, { "trust": 0.2, "url": "https://www.hp.com/go/swa" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/79.html" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/575-1/" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.4-3ubuntu0.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2.dsc" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3.orig.tar.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.4-3ubuntu0.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.3-3.2ubuntu2.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4.orig.tar.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3.dsc" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.4-3ubuntu0.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.3-3.2ubuntu2.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu4.2_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.3-3.2ubuntu2.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1.dsc" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1.diff.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2.diff.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1.dsc" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3.diff.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.3_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1.diff.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_powerpc.deb" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-2364" }, { "trust": 0.1, "url": "http://support.openview.hp.com/support.jsp" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6420" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-2939" }, { "trust": 0.1, "url": "http://download3.vmware.com/software/vmplayer/vmware-player-2.5.3-185404.i386.rpm" }, { "trust": 0.1, "url": "http://www.vmware.com/support/ace25/doc/releasenotes_ace253.html" }, { "trust": 0.1, "url": "http://www.vmware.com/support/player25/doc/releasenotes_player253.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-1863" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1863" }, { "trust": 0.1, "url": "http://www.vmware.com/download/ace/" }, { "trust": 0.1, "url": "http://www.vmware.com/download/player/" }, { "trust": 0.1, "url": "http://www.vmware.com/security" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/1055" }, { "trust": 0.1, "url": "http://www.vmware.com/support/ws65/doc/releasenotes_ws653.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-3304" }, { "trust": 0.1, "url": "http://www.vmware.com/download/ws/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0040" }, { "trust": 0.1, "url": "http://www.vmware.com/support/policies/security_response.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3304" }, { "trust": 0.1, "url": "http://download3.vmware.com/software/vmplayer/vmware-player-2.5.3-185404.x86_64.rpm" }, { "trust": 0.1, "url": "http://www.vmware.com/support/policies/eos.html" }, { "trust": 0.1, "url": "http://download3.vmware.com/software/vmplayer/vmware-player-2.5.3-185404.exe" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2006-5752" }, { "trust": 0.1, "url": "http://download3.vmware.com/software/vmplayer/vmware-player-2.5.3-185404.i386.bundle" }, { "trust": 0.1, "url": "http://download3.vmware.com/software/vmplayer/vmware-player-2.5.3-185404.x86_64.bundle" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0040" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3847" }, { "trust": 0.1, "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce" }, { "trust": 0.1, "url": "http://www.vmware.com/support/policies/eos_vi.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5752" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4465" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6422" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6421" }, { "trust": 0.1, "url": "http://secunia.com/" }, { "trust": 0.1, "url": "http://lists.grok.org.uk/full-disclosure-charter.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2002-0840" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3293" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2004-0492" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3292" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0010" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2003-0542" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3747" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3291" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2002-0839" }, { "trust": 0.1, "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws_php.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3357" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3352" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2491" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3095" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555" }, { "trust": 0.1, "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1891" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-3378" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-2872" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-4887" }, { "trust": 0.1, "url": "http://itrc.hp.com" } ], "sources": [ { "db": "VULMON", "id": "CVE-2007-5000" }, { "db": "BID", "id": "26838" }, { "db": "JVNDB", "id": "JVNDB-2007-000819" }, { "db": "PACKETSTORM", "id": "63262" }, { "db": "PACKETSTORM", "id": "62720" }, { "db": "PACKETSTORM", "id": "89987" }, { "db": "PACKETSTORM", "id": "80533" }, { "db": "PACKETSTORM", "id": "62719" }, { "db": "PACKETSTORM", "id": "62721" }, { "db": "PACKETSTORM", "id": "101257" }, { "db": "PACKETSTORM", "id": "63217" }, { "db": "PACKETSTORM", "id": "72120" }, { "db": "CNNVD", "id": "CNNVD-200712-135" }, { "db": "NVD", "id": "CVE-2007-5000" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2007-5000" }, { "db": "BID", "id": "26838" }, { "db": "JVNDB", "id": "JVNDB-2007-000819" }, { "db": "PACKETSTORM", "id": "63262" }, { "db": "PACKETSTORM", "id": "62720" }, { "db": "PACKETSTORM", "id": "89987" }, { "db": "PACKETSTORM", "id": "80533" }, { "db": "PACKETSTORM", "id": "62719" }, { "db": "PACKETSTORM", "id": "62721" }, { "db": "PACKETSTORM", "id": "101257" }, { "db": "PACKETSTORM", "id": "63217" }, { "db": "PACKETSTORM", "id": "72120" }, { "db": "CNNVD", "id": "CNNVD-200712-135" }, { "db": "NVD", "id": "CVE-2007-5000" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2007-12-13T00:00:00", "db": "VULMON", "id": "CVE-2007-5000" }, { "date": "2007-12-12T00:00:00", "db": "BID", "id": "26838" }, { "date": "2008-05-21T00:00:00", "db": "JVNDB", "id": "JVNDB-2007-000819" }, { "date": "2008-02-05T00:41:56", "db": "PACKETSTORM", "id": "63262" }, { "date": "2008-01-17T05:57:19", "db": "PACKETSTORM", "id": "62720" }, { "date": "2010-05-27T05:11:37", "db": "PACKETSTORM", "id": "89987" }, { "date": "2009-08-23T16:31:17", "db": "PACKETSTORM", "id": "80533" }, { "date": "2008-01-17T05:56:17", "db": "PACKETSTORM", "id": "62719" }, { "date": "2008-01-17T05:59:17", "db": "PACKETSTORM", "id": "62721" }, { "date": "2011-05-10T00:45:11", "db": "PACKETSTORM", "id": "101257" }, { "date": "2008-02-04T18:22:06", "db": "PACKETSTORM", "id": "63217" }, { "date": "2008-11-20T19:21:09", "db": "PACKETSTORM", "id": "72120" }, { "date": "2007-12-13T00:00:00", "db": "CNNVD", "id": "CNNVD-200712-135" }, { "date": "2007-12-13T18:46:00", "db": "NVD", "id": "CVE-2007-5000" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-03-07T00:00:00", "db": "VULMON", "id": "CVE-2007-5000" }, { "date": "2015-04-13T21:15:00", "db": "BID", "id": "26838" }, { "date": "2013-07-18T00:00:00", "db": "JVNDB", "id": "JVNDB-2007-000819" }, { "date": "2021-06-07T00:00:00", "db": "CNNVD", "id": "CNNVD-200712-135" }, { "date": "2024-11-21T00:36:54.707000", "db": "NVD", "id": "CVE-2007-5000" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-200712-135" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Cross-site scripting vulnerability in Apache HTTP Server \"mod_imap\" and \"mod_imagemap\"", "sources": [ { "db": "JVNDB", "id": "JVNDB-2007-000819" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "xss", "sources": [ { "db": "PACKETSTORM", "id": "63262" }, { "db": "PACKETSTORM", "id": "62720" }, { "db": "PACKETSTORM", "id": "62719" }, { "db": "PACKETSTORM", "id": "62721" }, { "db": "PACKETSTORM", "id": "72120" }, { "db": "CNNVD", "id": "CNNVD-200712-135" } ], "trust": 1.1 } }
var-201405-0502
Vulnerability from variot
CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and modify session state via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0113. This vulnerability CVE-2014-0113 Vulnerability due to insufficient fix for.Through a crafted request by a third party, ClassLoader The " operation " And the session state may change. Apache Struts is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. Apache Struts versions 2.0.0 through 2.3.16.2 are vulnerable
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201405-0502", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "struts", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.3.16.1" }, { "model": "struts", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.3.15.1" }, { "model": "struts", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.3.8" }, { "model": "struts", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.3.7" }, { "model": "struts", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.3.4.1" }, { "model": "struts", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.3.15.3" }, { "model": "struts", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.3.3" }, { "model": "struts", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.3.15.2" }, { "model": "struts", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.3.16.2" }, { "model": "struts", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.3.4" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.1.4" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.8" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.9" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.3" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.3.14.1" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.3.15" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.10" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.3.14.2" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.11" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.1.3" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.3.1.1" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.2" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.1.0" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.3.14" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.1.1" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.5" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.1.8.1" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.0" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.3.1" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.11.1" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.12" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.6" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.1.8" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.1" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.7" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.1" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.4" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.11.2" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.1.1" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.1.2" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.13" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.3.1" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.3" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.3.12" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.1.5" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.3.14.3" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.1.6" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.3.16" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.14" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.3.1.2" }, { "model": "webotx portal", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v9.1" }, { "model": "infocage", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "security risk management v1.0.0 to v2.1.3" }, { "model": "serverview", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "resource orchestrator" }, { "model": "interstage service integrator", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "struts", "scope": "eq", "trust": 0.8, "vendor": "apache", "version": "2.3.16.3" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "web edition v5.1 to v5.2" }, { "model": "interstage application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage apworks", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "connections", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "4.5" }, { "model": "systemwalker software configuration manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "infocage", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "pc security" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v7.1" }, { "model": "symfoware", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "analytics server" }, { "model": "interstage application framework suite", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage application development cycle manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "struts", "scope": "lt", "trust": 0.8, "vendor": "apache", "version": "2.x" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "rfid manager lite v2.0" }, { "model": "interstage", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "business analytics modeling server" }, { "model": "mysql", "scope": "lte", "trust": 0.8, "vendor": "oracle", "version": "enterprise monitor 3.0.10 and earlier" }, { "model": "webotx portal", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v8.3 to v8.4" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "web edition v6.1 to v6.5" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "enterprise edition v6.1 to v6.5" }, { "model": "systemwalker service catalog manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "esmpro/servermanager", "scope": "lte", "trust": 0.8, "vendor": "nec", "version": "ver5.75 and earlier" }, { "model": "cloud infrastructure management software", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "st ard-j edition v5.1 to v5.2" }, { "model": "connections", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "4.0" }, { "model": "mysql", "scope": "lte", "trust": 0.8, "vendor": "oracle", "version": "enterprise monitor 2.3.16 and earlier" }, { "model": "interstage", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "business process manager analytics" }, { "model": "integrated system ha database ready", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "triole", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "cloud middle set b set" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "rfid manager st ard v2.0" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "st ard-j edition v6.1 to v6.5" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "st ard edition v6.1 to v6.5" }, { "model": "connections", "scope": "lte", "trust": 0.8, "vendor": "ibm", "version": "3.0.1.1 and earlier" }, { "model": "interstage studio", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "rfid manager enterprise v7.1" }, { "model": "interstage", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "extreme transaction processing server" }, { "model": "interstage business application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "connections", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "5.0" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "st ard edition v5.1 to v5.2" }, { "model": "webotx developer", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "\"v8.2 to v8.4 (with developers studio only )\"" }, { "model": "interstage", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "mobile manager" }, { "model": "systemwalker service quality coordinator", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "symfoware", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "server" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "enterprise edition v5.1 to v5.2" }, { "model": "webotx developer", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "\"v9.1 to v9.2 (with developers studio only )\"" }, { "model": "interstage job workload server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.11" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.3.1.2" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.11" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.7" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.8" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.2" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.4" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.3" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.6" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.5" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.14" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.3.1" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.9" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.8" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.1" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.3.1.1" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.1" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.3" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.8.1" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.4" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.2" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.5" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.12" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.6" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.13" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.10" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.11.2" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.11.1" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.3" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2" } ], "sources": [ { "db": "BID", "id": "67218" }, { "db": "JVNDB", "id": "JVNDB-2014-002411" }, { "db": "CNNVD", "id": "CNNVD-201405-150" }, { "db": "NVD", "id": "CVE-2014-0116" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:apache:struts", "vulnerable": true }, { "cpe22Uri": "cpe:/a:ibm:connections", "vulnerable": true }, { "cpe22Uri": "cpe:/a:oracle:mysql", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:esmpro_servermanager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:infocage", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:webotx", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:webotx_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:webotx_developer", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:webotx_portal", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:integrated_system_ha_database_ready", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_development_cycle_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_framework_suite", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_apworks", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_job_workload_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_service_integrator", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_studio", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:serverview", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:symfoware", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_service_catalog_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_service_quality_coordinator", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_software_configuration_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:triole", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:cloud_infrastructure_management_software", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-002411" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Zubair Ashraf of IBM X-Force", "sources": [ { "db": "BID", "id": "67218" } ], "trust": 0.3 }, "cve": "CVE-2014-0116", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "CVE-2014-0116", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2014-0116", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2014-0116", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-201405-150", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2014-0116", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-0116" }, { "db": "JVNDB", "id": "JVNDB-2014-002411" }, { "db": "CNNVD", "id": "CNNVD-201405-150" }, { "db": "NVD", "id": "CVE-2014-0116" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to \"manipulate\" the ClassLoader and modify session state via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0113. This vulnerability CVE-2014-0113 Vulnerability due to insufficient fix for.Through a crafted request by a third party, ClassLoader The \" operation \" And the session state may change. Apache Struts is prone to a security-bypass vulnerability. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. \nApache Struts versions 2.0.0 through 2.3.16.2 are vulnerable", "sources": [ { "db": "NVD", "id": "CVE-2014-0116" }, { "db": "JVNDB", "id": "JVNDB-2014-002411" }, { "db": "BID", "id": "67218" }, { "db": "VULMON", "id": "CVE-2014-0116" } ], "trust": 1.98 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2014-0116", "trust": 2.8 }, { "db": "BID", "id": "67218", "trust": 2.0 }, { "db": "SECUNIA", "id": "59816", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2014-002411", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201405-150", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2014-0116", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-0116" }, { "db": "BID", "id": "67218" }, { "db": "JVNDB", "id": "JVNDB-2014-002411" }, { "db": "CNNVD", "id": "CNNVD-201405-150" }, { "db": "NVD", "id": "CVE-2014-0116" } ] }, "id": "VAR-201405-0502", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.1875 }, "last_update_date": "2024-11-23T21:45:09.999000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "1680848", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680848" }, { "title": "1681190", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681190" }, { "title": "NV15-001", "trust": 0.8, "url": "http://jpn.nec.com/security-info/secinfo/nv15-001.html" }, { "title": "Oracle Critical Patch Update Advisory - April 2015", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" }, { "title": "Text Form of Oracle Critical Patch Update - April 2015 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015verbose-2365613.html" }, { "title": "Bug 1094558", "trust": 0.8, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1094558" }, { "title": "Huawei-SA-20140707-01-Struts2", "trust": 0.8, "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm" }, { "title": "April 2015 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/april_2015_critical_patch_update" }, { "title": "S2-022", "trust": 0.8, "url": "http://struts.apache.org/release/2.3.x/docs/s2-022.html" }, { "title": "CVE-2014-0094 \u4ed6 \u306b\u95a2\u3059\u308b\u5f71\u97ff", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/vulnerabilities/cve2014-0094-0114.html" }, { "title": "Symfoware Server\uff08Open\u30a4\u30f3\u30bf\u30d5\u30a7\u30fc\u30b9\uff09: Struts\u306e\u8106\u5f31\u6027(CVE-2014-0094, CVE-2014-0112, CVE-2014-0113, CVE-2014-0116) (2014\u5e746\u67082\u65e5)", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/symfoware_201402.html" }, { "title": "FUJITSU Integrated System HA Database Ready: Struts2\u306e\u8106\u5f31\u6027(CVE-2014-0094,CVE-2014-0112,CVE-2014-0113,CVE-2014-0116) (2014\u5e746\u670819\u65e5)", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/ha_db_ready_201401.html" }, { "title": "Red Hat: CVE-2014-0116", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2014-0116" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - April 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4b527561ba1a5de7a529c8a93679f585" }, { "title": "-maven-security-versions", "trust": 0.1, "url": "https://github.com/nagauker/-maven-security-versions " }, { "title": "maven-security-versions-Travis", "trust": 0.1, "url": "https://github.com/klee94/maven-security-versions-Travis " }, { "title": "maven-security-versions", "trust": 0.1, "url": "https://github.com/victims/maven-security-versions " }, { "title": "victims", "trust": 0.1, "url": "https://github.com/tmpgit3000/victims " }, { "title": "victims", "trust": 0.1, "url": "https://github.com/alexsh88/victims " } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-0116" }, { "db": "JVNDB", "id": "JVNDB-2014-002411" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-264", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-002411" }, { "db": "NVD", "id": "CVE-2014-0116" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "http://struts.apache.org/release/2.3.x/docs/s2-022.html" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/67218" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59816" }, { "trust": 1.7, "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0116" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0116" }, { "trust": 0.3, "url": "http://struts.apache.org/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/264.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=34163" }, { "trust": 0.1, "url": "https://github.com/victims/maven-security-versions" } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-0116" }, { "db": "BID", "id": "67218" }, { "db": "JVNDB", "id": "JVNDB-2014-002411" }, { "db": "CNNVD", "id": "CNNVD-201405-150" }, { "db": "NVD", "id": "CVE-2014-0116" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2014-0116" }, { "db": "BID", "id": "67218" }, { "db": "JVNDB", "id": "JVNDB-2014-002411" }, { "db": "CNNVD", "id": "CNNVD-201405-150" }, { "db": "NVD", "id": "CVE-2014-0116" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-05-08T00:00:00", "db": "VULMON", "id": "CVE-2014-0116" }, { "date": "2014-05-06T00:00:00", "db": "BID", "id": "67218" }, { "date": "2014-05-09T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-002411" }, { "date": "2014-05-09T00:00:00", "db": "CNNVD", "id": "CNNVD-201405-150" }, { "date": "2014-05-08T10:55:02.967000", "db": "NVD", "id": "CVE-2014-0116" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-08-12T00:00:00", "db": "VULMON", "id": "CVE-2014-0116" }, { "date": "2015-04-16T18:14:00", "db": "BID", "id": "67218" }, { "date": "2016-08-02T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-002411" }, { "date": "2019-08-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201405-150" }, { "date": "2024-11-21T02:01:24.537000", "db": "NVD", "id": "CVE-2014-0116" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201405-150" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache Struts of CookieInterceptor In ClassLoader Vulnerability manipulated", "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-002411" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "permissions and access control issues", "sources": [ { "db": "CNNVD", "id": "CNNVD-201405-150" } ], "trust": 0.6 } }
var-200711-0538
Vulnerability from variot
Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918. In order to use this problem to perform cross-site scripting attacks, the attacker is malicious to the user. HTTP It is reported as a prerequisite to have the method submitted. An attacker may exploit this issue to steal cookie-based authentication credentials and launch other attacks. Apache 2.0.46 through 2.2.4 are vulnerable; other versions may also be affected. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Gentoo Linux Security Advisory GLSA 200803-19
http://security.gentoo.org/
Severity: Normal Title: Apache: Multiple vulnerabilities Date: March 11, 2008 Bugs: #201163, #204410, #205195, #209899 ID: 200803-19
Synopsis
Multiple vulnerabilities have been discovered in Apache.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/apache < 2.2.8 >= 2.2.8
Description
Adrian Pastor and Amir Azam (ProCheckUp) reported that the HTTP Method specifier header is not properly sanitized when the HTTP return code is "413 Request Entity too large" (CVE-2007-6203). The mod_proxy_balancer module does not properly check the balancer name before using it (CVE-2007-6422). The mod_proxy_ftp does not define a charset in its answers (CVE-2008-0005). Stefano Di Paola (Minded Security) reported that filenames are not properly sanitized within the mod_negociation module (CVE-2008-0455, CVE-2008-0456).
Workaround
There is no known workaround at this time.
Resolution
All Apache users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-servers/apache-2.2.8"
References
[ 1 ] CVE-2007-6203 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6203 [ 2 ] CVE-2007-6422 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6422 [ 3 ] CVE-2008-0005 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005 [ 4 ] CVE-2008-0455 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0455 [ 5 ] CVE-2008-0456 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0456
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200803-19.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. =========================================================== Ubuntu Security Notice USN-731-1 March 10, 2009 apache2 vulnerabilities CVE-2007-6203, CVE-2007-6420, CVE-2008-1678, CVE-2008-2168, CVE-2008-2364, CVE-2008-2939 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 6.06 LTS: apache2-common 2.0.55-4ubuntu2.4 apache2-mpm-perchild 2.0.55-4ubuntu2.4 apache2-mpm-prefork 2.0.55-4ubuntu2.4 apache2-mpm-worker 2.0.55-4ubuntu2.4
Ubuntu 7.10: apache2-mpm-event 2.2.4-3ubuntu0.2 apache2-mpm-perchild 2.2.4-3ubuntu0.2 apache2-mpm-prefork 2.2.4-3ubuntu0.2 apache2-mpm-worker 2.2.4-3ubuntu0.2 apache2.2-common 2.2.4-3ubuntu0.2
Ubuntu 8.04 LTS: apache2-mpm-event 2.2.8-1ubuntu0.4 apache2-mpm-perchild 2.2.8-1ubuntu0.4 apache2-mpm-prefork 2.2.8-1ubuntu0.4 apache2-mpm-worker 2.2.8-1ubuntu0.4 apache2.2-common 2.2.8-1ubuntu0.4
In general, a standard system upgrade is sufficient to effect the necessary changes. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. This issue only affected Ubuntu 6.06 LTS and 7.10. (CVE-2007-6203)
It was discovered that Apache was vulnerable to a cross-site request forgery (CSRF) in the mod_proxy_balancer balancer manager. If an Apache administrator were tricked into clicking a link on a specially crafted web page, an attacker could trigger commands that could modify the balancer manager configuration. This issue only affected Ubuntu 7.10 and 8.04 LTS. (CVE-2007-6420)
It was discovered that Apache had a memory leak when using mod_ssl with compression. A remote attacker could exploit this to exhaust server memory, leading to a denial of service. This issue only affected Ubuntu 7.10. (CVE-2008-1678)
It was discovered that in certain conditions, Apache did not specify a default character set when returning certain error messages containing UTF-7 encoded data, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. This issue only affected Ubuntu 6.06 LTS and 7.10. (CVE-2008-2168)
It was discovered that when configured as a proxy server, Apache did not limit the number of forwarded interim responses. A malicious remote server could send a large number of interim responses and cause a denial of service via memory exhaustion. (CVE-2008-2364)
It was discovered that mod_proxy_ftp did not sanitize wildcard pathnames when they are returned in directory listings, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. (CVE-2008-2939)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.4.diff.gz
Size/MD5: 123478 7a5b444231dc27ee60c1bd63f42420c6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.4.dsc
Size/MD5: 1156 4f9a0f31d136914cf7d6e1a92656a47b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz
Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.4_all.deb
Size/MD5: 2124948 5153435633998e4190b54eb101afd271
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.4_amd64.deb
Size/MD5: 833336 d5b9ecf82467eb04a94957321c4a95a2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.4_amd64.deb
Size/MD5: 228588 f4b9b82016eb22a60da83ae716fd028a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.4_amd64.deb
Size/MD5: 223600 2cf77e3daaadcc4e07da5e19ecac2867
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.4_amd64.deb
Size/MD5: 228216 60ff106ddefe9b68c055825bcd6ec52f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.4_amd64.deb
Size/MD5: 171724 bae5e3d30111e97d34b25594993ad488
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.4_amd64.deb
Size/MD5: 172508 77bdf00092378c89ae8be7f5139963e0
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.4_amd64.deb
Size/MD5: 94562 f3a168c57db1f5be11cfdba0bdc20062
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.4_amd64.deb
Size/MD5: 36618 a7f34da28f7bae0cffb3fdb73da70143
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.4_amd64.deb
Size/MD5: 286028 a5b380d9c6a651fe043ad2358ef61143
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.4_amd64.deb
Size/MD5: 144590 9a4031c258cfa264fb8baf305bc0cea6
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.4_i386.deb
Size/MD5: 786528 353ed1839a8201d0211ede114565e60d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.4_i386.deb
Size/MD5: 203256 7b0caa06fd47a28a8a92d1b69c0b4667
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.4_i386.deb
Size/MD5: 199114 6a77314579722ca085726e4220be4e9f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.4_i386.deb
Size/MD5: 202654 ffad2838e3c8c79ecd7e21f79aa78216
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.4_i386.deb
Size/MD5: 171716 771492b2b238424e33e3e7853185c0ca
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.4_i386.deb
Size/MD5: 172498 b5f7a4ed03ebafa4c4ff75c05ebf53b7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.4_i386.deb
Size/MD5: 92520 787a673994d746b4ad3788c16516832a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.4_i386.deb
Size/MD5: 36620 4d5f0f18c3035f41cb8234af3cc1092c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.4_i386.deb
Size/MD5: 262082 d6a7111b9f2ed61e1aeb2f18f8713873
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.4_i386.deb
Size/MD5: 132518 5a335222829c066cb9a0ddcaeee8a0da
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.4_powerpc.deb
Size/MD5: 859446 cf555341c1a8b4a39808b8a3bd76e03a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.4_powerpc.deb
Size/MD5: 220622 85b902b9eecf3d40577d9e1e8bf61467
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.4_powerpc.deb
Size/MD5: 216314 146e689e30c6e1681048f6cf1dd659e3
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.4_powerpc.deb
Size/MD5: 220128 10f65b3961a164e070d2f18d610df67b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.4_powerpc.deb
Size/MD5: 171726 9e341f225cb19d5c44f343cc68c0bba5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.4_powerpc.deb
Size/MD5: 172512 331dff8d3de7cd694d8e115417bed4f8
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.4_powerpc.deb
Size/MD5: 104284 7ab80f14cd9072d23389e27f934079f3
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.4_powerpc.deb
Size/MD5: 36620 713bfffcca8ec4e9531c635069f1cd0d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.4_powerpc.deb
Size/MD5: 281600 ad1671807965e2291b5568c7b4e95e14
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.4_powerpc.deb
Size/MD5: 141744 6b04155aa1dbf6f657dbfa27d6086617
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.4_sparc.deb
Size/MD5: 803706 f14be1535acf528f89d301c8ec092015
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.4_sparc.deb
Size/MD5: 211028 28b74d86e10301276cadef208b460658
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.4_sparc.deb
Size/MD5: 206566 6d6b2e1e3e0bbf8fc0a0bcca60a33339
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.4_sparc.deb
Size/MD5: 210280 45690384f2e7e0a2168d7867283f9145
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.4_sparc.deb
Size/MD5: 171732 6595a330344087593a9443b9cdf5e4ba
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.4_sparc.deb
Size/MD5: 172498 f1ac3a442b21db9d2733e8221b218e25
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.4_sparc.deb
Size/MD5: 93606 f229d1c258363d2d0dfb3688ec96638e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.4_sparc.deb
Size/MD5: 36616 6f470e2e17dfc6d587fbe2bf861bfb06
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.4_sparc.deb
Size/MD5: 268178 5a853d01127853405a677c53dc2bf254
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.4_sparc.deb
Size/MD5: 130456 a0a51bb9405224948b88903779347427
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.2.diff.gz
Size/MD5: 125080 c5c1b91f6918d42a75d23e95799b3707
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.2.dsc
Size/MD5: 1333 b028e602b998a666681d1aa73b980c06
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4.orig.tar.gz
Size/MD5: 6365535 3add41e0b924d4bb53c2dee55a38c09e
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.4-3ubuntu0.2_all.deb
Size/MD5: 2211750 9dc3a7e0431fe603bbd82bf647d2d1f5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.4-3ubuntu0.2_all.deb
Size/MD5: 278670 985dd1538d0d2c6bb74c458eaada1cb7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.4-3ubuntu0.2_all.deb
Size/MD5: 6702036 3cdb5e1a9d22d7172adfd066dd42d71a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.2_all.deb
Size/MD5: 42846 ba7b0cbf7f33ac3b6321c132bc2fec71
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.2_amd64.deb
Size/MD5: 457286 b37825dc4bb0215284181aa5dfc9dd44
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.2_amd64.deb
Size/MD5: 453094 380ea917048a64c2c9bc12d768ac2ffa
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.2_amd64.deb
Size/MD5: 456804 b075ef4e563a55c7977af4d82d90e493
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.2_amd64.deb
Size/MD5: 410658 6dff5030f33af340b2100e8591598d9d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.2_amd64.deb
Size/MD5: 411244 9c79a2c0a2d4d8a88fae1b3f10d0e27c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.2_amd64.deb
Size/MD5: 348256 ef1e159b64fe2524dc94b6ab9e22cefb
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.2_amd64.deb
Size/MD5: 992256 0e9bac368bc57637079f839bcce8ebbc
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.2_i386.deb
Size/MD5: 440388 bdb2ced3ca782cda345fcfb109e8b02a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.2_i386.deb
Size/MD5: 436030 44d372ff590a6e42a83bcd1fb5e546fe
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.2_i386.deb
Size/MD5: 439732 5119be595fb6ac6f9dd94d01353da257
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.2_i386.deb
Size/MD5: 410656 01be0eca15fe252bbcab7562462af5ca
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.2_i386.deb
Size/MD5: 411250 10d8929e9d37050488f2906fde13b2fd
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.2_i386.deb
Size/MD5: 347322 d229c56720ae5f1f83645f66e1bfbdf1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.2_i386.deb
Size/MD5: 947460 3dc120127b16134b42e0124a1fdfa4ab
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.2_lpia.deb
Size/MD5: 439896 8e856643ebeed84ffbeb6150f6e917c5
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.2_lpia.deb
Size/MD5: 435524 ce18d9e09185526c93c6af6db7a6b5cf
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.2_lpia.deb
Size/MD5: 439180 9622bf2dfee7941533faedd2e2d4ebbd
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.2_lpia.deb
Size/MD5: 410674 684ad4367bc9250468351b5807dee424
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.2_lpia.deb
Size/MD5: 411258 17f53e8d3898607ce155dc333237690c
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.2_lpia.deb
Size/MD5: 347664 1197aa4145372ae6db497fb157cb0da1
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.2_lpia.deb
Size/MD5: 939924 470a7163e2834781b2db0689750ce0f2
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.2_powerpc.deb
Size/MD5: 458848 4efbbcc96f05a03301a13448f9cb3c01
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.2_powerpc.deb
Size/MD5: 454226 1fe4c7712fd4597ed37730a27df95113
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.2_powerpc.deb
Size/MD5: 458134 5786d901931cecd340cc1879e27bcef7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.2_powerpc.deb
Size/MD5: 410676 9fc94d5b21a8b0f7f8aab9dc60339abf
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.2_powerpc.deb
Size/MD5: 411266 c44cde12a002910f9df02c10cdd26b0c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.2_powerpc.deb
Size/MD5: 367392 612ddcebee145f765163a0b30124393a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.2_powerpc.deb
Size/MD5: 1094288 72fd7d87f4876648d1e14a5022c61b00
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.2_sparc.deb
Size/MD5: 441650 28e5a2c2d18239c0810b6de3584af221
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.2_sparc.deb
Size/MD5: 437796 3ee7408c58fbdf8de6bf681970c1c9ad
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.2_sparc.deb
Size/MD5: 441114 b1b1bb871fe0385ea4418d533f0669aa
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.2_sparc.deb
Size/MD5: 410676 cf7bed097f63e3c24337813621866498
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.2_sparc.deb
Size/MD5: 411252 5a30177f7039f52783576e126cf042d0
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.2_sparc.deb
Size/MD5: 350468 ce216a4e9739966cd2aca4262ba0ea4e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.2_sparc.deb
Size/MD5: 959090 98ad8ee7328f25e1e81e110bbfce10c2
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.4.diff.gz
Size/MD5: 132376 1a3c4e93f08a23c3a3323cb02f5963b6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.4.dsc
Size/MD5: 1379 ed1a1e5de71b0e35100f60b21f959db4
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8.orig.tar.gz
Size/MD5: 6125771 39a755eb0f584c279336387b321e3dfc
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.8-1ubuntu0.4_all.deb
Size/MD5: 1928164 86b52d997fe3e4baf9712be0562eed2d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.8-1ubuntu0.4_all.deb
Size/MD5: 72176 1f4efe37abf317c3c42c4c0a79a4f232
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.8-1ubuntu0.4_all.deb
Size/MD5: 6254152 fe271b0e4aa0cf80e99b866c23707b6a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.4_all.deb
Size/MD5: 45090 3f44651df13cfd495d7c33dda1c709ea
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.4_amd64.deb
Size/MD5: 252272 3d27b0311303e7c5912538fb7d4fc37c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.4_amd64.deb
Size/MD5: 247850 1ce7ff6190c21da119d98b7568f2e5d0
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.4_amd64.deb
Size/MD5: 251658 ac7bc78b449cf8d28d4c10478c6f1409
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.4_amd64.deb
Size/MD5: 204658 66e95c370f2662082f3ec41e4a033877
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.4_amd64.deb
Size/MD5: 205336 6b1e7e0ab97b7dd4470c153275f1109c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.4_amd64.deb
Size/MD5: 140940 cad14e08ab48ca8eb06480c0db686779
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.4_amd64.deb
Size/MD5: 801764 3759103e3417d44bea8866399ba34a66
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.4_i386.deb
Size/MD5: 235194 dddbc62f458d9f1935087a072e1c6f67
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.4_i386.deb
Size/MD5: 230748 db0a1dc277de5886655ad7b1cc5b0f1a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.4_i386.deb
Size/MD5: 234542 0e4997e9ed55d6086c439948cf1347ff
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.4_i386.deb
Size/MD5: 204672 1f58383838b3b9f066e855af9f4e47e0
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.4_i386.deb
Size/MD5: 205348 fa032fc136c5b26ccf364289a93a1cda
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.4_i386.deb
Size/MD5: 139904 b503316d420ccb7efae5082368b95e01
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.4_i386.deb
Size/MD5: 754788 140fddccc1a6d3dc743d37ab422438c2
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.4_lpia.deb
Size/MD5: 234752 bc06d67259257109fe8fc17204bc9950
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.4_lpia.deb
Size/MD5: 230424 9421376c8f6d64e5c87af4f484b8aacf
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.4_lpia.deb
Size/MD5: 233908 179236460d7b7b71dff5e1d1ac9f0509
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.4_lpia.deb
Size/MD5: 204664 764d773d28d032767d697eec6c6fd50a
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.4_lpia.deb
Size/MD5: 205342 2891770939b51b1ca6b8ac8ca9142db1
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.4_lpia.deb
Size/MD5: 140478 4a062088427f1d8b731e06d64eb7e2ea
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.4_lpia.deb
Size/MD5: 748672 b66dbda7126616894cf97eb93a959af9
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.4_powerpc.deb
Size/MD5: 253368 bad43203ed4615216bf28f6da7feb81b
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.4_powerpc.deb
Size/MD5: 248800 aa757fd46cd79543a020dcd3c6aa1b26
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.4_powerpc.deb
Size/MD5: 252904 682a940b7f3d14333037c80f7f01c793
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.4_powerpc.deb
Size/MD5: 204678 30af6c826869b647bc60ed2d99cc30f7
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.4_powerpc.deb
Size/MD5: 205376 cd02ca263703a6049a6fe7e11f72c98a
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.4_powerpc.deb
Size/MD5: 157662 df6cdceecb8ae9d25bbd614142da0151
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.4_powerpc.deb
Size/MD5: 904904 34581d1b3c448a5de72a06393557dd48
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.4_sparc.deb
Size/MD5: 236418 2eda543f97646f966f5678e2f2a0ba90
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.4_sparc.deb
Size/MD5: 232386 69e2419f27867b77d94a652a83478ad7
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.4_sparc.deb
Size/MD5: 235788 414a49286d9e8dd7b343bd9207dc727b
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.4_sparc.deb
Size/MD5: 204668 f7d099cd9d3ebc0baccbdd896c94a88f
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.4_sparc.deb
Size/MD5: 205352 0a5cb5dfd823b4e6708a9bcc633a90cd
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.4_sparc.deb
Size/MD5: 143108 ad78ead4ac992aec97983704b1a3877f
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.4_sparc.deb
Size/MD5: 763946 0d40a8ebecfef8c1a099f2170fcddb73
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01905287 Version: 1
HPSBUX02465 SSRT090192 rev.1 - HP-UX Running Apache-based Web Server, Remote Denial of Service (DoS) Cross-Site Scripting (XSS) Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2009-10-21 Last Updated: 2009-10-21
Potential Security Impact: Remote Denial of Service (DoS), cross-site scripting (XSS), unauthorized access
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX running Apache-based Web Server. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS), cross-site scripting (XSS) or unauthorized access. Apache-based Web Server is contained in the Apache Web Server Suite.
References: CVE-2006-3918, CVE-2007-4465, CVE-2007-6203, CVE-2008-0005, CVE-2008-0599, CVE-2008-2168, CVE-2008-2364, CVE-2008-2371, CVE-2008-2665, CVE-2008-2666, CVE-2008-2829, CVE-2008-2939, CVE-2008-3658, CVE-2008-3659, CVE-2008-3660, CVE-2008-5498, CVE-2008-5557, CVE-2008-5624, CVE-2008-5625, CVE-2008-5658. HP-UX B.11.23, B.11.31 running Apache-based Web Server versions before v2.2.8.05 HP-UX B.11.11, B.11.23, B.11.31 running Apache-based Web Server versions before v2.0.59.12
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2006-3918 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2007-4465 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2007-6203 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-0005 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-0599 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2008-2168 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-2364 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2008-2371 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2008-2665 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2008-2666 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2008-2829 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2008-2939 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-3658 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2008-3659 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4 CVE-2008-3660 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2008-5498 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2008-5557 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2008-5624 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2008-5625 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2008-5658 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following upgrades to resolve these vulnerabilities. The upgrades are available from the following location:
URL http://software.hp.com
Note: HP-UX Web Server Suite v3.06 contains HP-UX Apache-based Web Server v2.2.8.05 Note: HP-UX Web Server Suite v2.27 contains HP-UX Apache-based Web Server v2.0.59.12
Web Server Suite Version HP-UX Release Depot name
Web Server v3.06 B.11.23 and B.11.31 PA-32 HPUX22SATW-1123-32.depot
Web Server v3.06 B.11.23 and B.11.31 IA-64 HPUX22SATW-1123-64.depot
Web Server v2.27 B.11.11 PA-32 HPUXSATW-1111-64-32.depot
Web Server v2.27 B.11.23 PA-32 and IA-64 HPUXWSATW-1123-64-bit.depot
Web Server v2.27 B.11.31 IA-32 and IA-64 HPUXSATW-1131-64.depot
MANUAL ACTIONS: Yes - Update
Install Apache-based Web Server from the Apache Web Server Suite v2.27 or subsequent or Install Apache-based Web Server from the Apache Web Server Suite v3.06 or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
For Web Server Suite before v3.06 HP-UX B.11.23 ================== hpuxws22APACHE.APACHE hpuxws22APACHE.APACHE2 hpuxws22APACHE.AUTH_LDAP hpuxws22APACHE.AUTH_LDAP2 hpuxws22APACHE.MOD_JK hpuxws22APACHE.MOD_JK2 hpuxws22APACHE.MOD_PERL hpuxws22APACHE.MOD_PERL2 hpuxws22APACHE.PHP hpuxws22APACHE.PHP2 action: install revision B.2.2.8.05 or subsequent
HP-UX B.11.31
hpuxws22APCH32.APACHE hpuxws22APCH32.APACHE2 hpuxws22APCH32.AUTH_LDAP hpuxws22APCH32.AUTH_LDAP2 hpuxws22APCH32.MOD_JK hpuxws22APCH32.MOD_JK2 hpuxws22APCH32.MOD_PERL hpuxws22APCH32.MOD_PERL2 hpuxws22APCH32.PHP hpuxws22APCH32.PHP2 hpuxws22APCH32.WEBPROXY hpuxws22APCH32.WEBPROXY2 action: install revision B.2.2.8.05 or subsequent
For Web Server Suite before v2.27 HP-UX B.11.11 ================== hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY action: install revision B.2.0.59.12 or subsequent
HP-UX B.11.23
hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY action: install revision B.2.0.59.12 or subsequent
HP-UX B.11.31
hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY action: install revision B.2.0.59.12 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) 21 October 2009 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
- The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2009 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iEUEARECAAYFAkrguYgACgkQ4B86/C0qfVliOACWIZufVcaJyE/ap8OAmQqT87S7 hQCeKCPftsEV+4JPzQKz4B+EnYzQsJ0= =TAoy -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200711-0538", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "http server", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.1.3" }, { "model": "http server", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.2.4" }, { "model": "http server", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.0.58" }, { "model": "http server", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.1.2" }, { "model": "http server", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.1.1" }, { "model": "http server", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.1.5" }, { "model": "http server", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.2.2" }, { "model": "http server", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.0.59" }, { "model": "http server", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.2.3" }, { "model": "http server", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.1.4" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.46" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.57" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.48" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.50" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.0" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.49" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.52" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.51" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.1.8" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.54" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.1.7" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.47" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.1.6" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.55" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.53" }, { "model": "http server", "scope": "lte", "trust": 0.8, "vendor": "apache", "version": "2.0.62" }, { "model": "http server", "scope": "lte", "trust": 0.8, "vendor": "apache", "version": "2.2.7" }, { "model": "http server", "scope": "lt", "trust": 0.8, "vendor": "ibm", "version": "2.0.47.1" }, { "model": "http server", "scope": "lt", "trust": 0.8, "vendor": "ibm", "version": "6.0.2.27" }, { "model": "http server", "scope": "lt", "trust": 0.8, "vendor": "ibm", "version": "6.1.0.15" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.5.2" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.5.2" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "3.0" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "3.0 (x86-64)" }, { "model": "turbolinux appliance server", "scope": "eq", "trust": 0.8, "vendor": "turbo linux", "version": "2.0" }, { "model": "turbolinux fuji", "scope": null, "trust": 0.8, "vendor": "turbo linux", "version": null }, { "model": "turbolinux multimedia", "scope": null, "trust": 0.8, "vendor": "turbo linux", "version": null }, { "model": "turbolinux personal", "scope": null, "trust": 0.8, "vendor": "turbo linux", "version": null }, { "model": "turbolinux server", "scope": "eq", "trust": 0.8, "vendor": "turbo linux", "version": "10" }, { "model": "turbolinux server", "scope": "eq", "trust": 0.8, "vendor": "turbo linux", "version": "10 (x64)" }, { "model": "turbolinux server", "scope": "eq", "trust": 0.8, "vendor": "turbo linux", "version": "11" }, { "model": "turbolinux server", "scope": "eq", "trust": 0.8, "vendor": "turbo linux", "version": "11 (x64)" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.11" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.23" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.31" }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "enterprise version 6" }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard version 6" }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 5" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "light version 6" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional version 6" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard version 6" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 5" }, { "model": "cosminexus server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "enterprise edition" }, { "model": "cosminexus server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard edition" }, { "model": "cosminexus server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard edition version 4" }, { "model": "cosminexus server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "web edition" }, { "model": "cosminexus server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "web edition version 4" }, { "model": "web server", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "enterprise" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "light" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard" }, { "model": "ucosminexus service", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "architect" }, { "model": "ucosminexus service", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "platform" }, { "model": "interstage application framework suite", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage apworks", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage business application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage job workload server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage studio", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage web server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker resource coordinator", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage job workload server", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.1" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0" }, { "model": "interstage studio enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0.1" }, { "model": "hp-ux b.11.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.58" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.54" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage apworks modelers-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "server", "scope": "eq", "trust": 0.3, "vendor": "turbolinux", "version": "11x64" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.1x86-64" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0.1" }, { "model": "interstage application server plus developer", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.52" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.2.13" }, { "model": "linux lts powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.06" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5" }, { "model": "server", "scope": "eq", "trust": 0.3, "vendor": "turbolinux", "version": "11" }, { "model": "personal", "scope": null, "trust": 0.3, "vendor": "turbolinux", "version": null }, { "model": "linux enterprise sdk 10.sp1", "scope": null, "trust": 0.3, "vendor": "suse", "version": null }, { "model": "software foundation apache", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": "2.2.8" }, { "model": "interstage studio enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.1" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.59" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.2" }, { "model": "linux lts powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.49" }, { "model": "novell linux desktop sdk", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "9.0" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0.1" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.1" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.06" }, { "model": "interstage application server plus developer", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0.1" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.50" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "interstage apworks modelers-j edition 6.0a", "scope": null, "trust": 0.3, "vendor": "fujitsu", "version": null }, { "model": "linux ppc", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.1" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.2" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.1x86" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.8" }, { "model": "linux lts sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.06" }, { "model": "appliance server", "scope": "eq", "trust": 0.3, "vendor": "turbolinux", "version": "2.0" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.4" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "linux lpia", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "7.10" }, { "model": "interstage application server standard edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.2.19" }, { "model": "hardware management console for pseries r1.3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.1" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.1" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.51" }, { "model": "linux enterprise server sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.2" }, { "model": "fuji", "scope": "eq", "trust": 0.3, "vendor": "turbolinux", "version": "0" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.2" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.15" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.53" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "7.10" }, { "model": "hardware management console for iseries r1.3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "interstage apworks modelers-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.1" }, { "model": "linux lts sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.06" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.55" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.7" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "7.10" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.47.1" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.47" }, { "model": "interstage application server web-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5" }, { "model": "interstage application server plus developer", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "linux lts lpia", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "server", "scope": "eq", "trust": 0.3, "vendor": "turbolinux", "version": "10.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.1" }, { "model": "novell linux pos", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "9" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.5" }, { "model": "open-enterprise-server", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "0" }, { "model": "linux enterprise server", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "9" }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.3" }, { "model": "novell linux desktop", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "9.0" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.48" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "7.10" }, { "model": "interstage application server enterprise edition a", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.2" }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.47" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "7.10" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.46" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10.3" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.2" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0.1" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.2.12" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.2" }, { "model": "server", "scope": "eq", "trust": 0.3, "vendor": "turbolinux", "version": "10.0.0x64" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.3" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.4" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.13" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.2.27" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.2.23" }, { "model": "multimedia", "scope": null, "trust": 0.3, "vendor": "turbolinux", "version": null }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.6" } ], "sources": [ { "db": "BID", "id": "26663" }, { "db": "JVNDB", "id": "JVNDB-2007-001017" }, { "db": "CNNVD", "id": "CNNVD-200712-012" }, { "db": "NVD", "id": "CVE-2007-6203" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:apache:http_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:ibm:http_server", "vulnerable": true }, { "cpe22Uri": "cpe:/o:apple:mac_os_x", "vulnerable": true }, { "cpe22Uri": "cpe:/o:apple:mac_os_x_server", "vulnerable": true }, { "cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server", "vulnerable": true }, { "cpe22Uri": "cpe:/o:turbolinux:turbolinux_appliance_server", "vulnerable": true }, { "cpe22Uri": "cpe:/o:turbolinux:turbolinux_fuji", "vulnerable": true }, { "cpe22Uri": "cpe:/o:turbolinux:turbolinux_multimedia", "vulnerable": true }, { "cpe22Uri": "cpe:/o:turbolinux:turbolinux_personal", "vulnerable": true }, { "cpe22Uri": "cpe:/o:turbolinux:turbolinux_server", "vulnerable": true }, { "cpe22Uri": "cpe:/o:hp:hp-ux", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_developer", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:hitachi_web_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_service", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_framework_suite", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_apworks", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_job_workload_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_studio", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_web_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_resource_coordinator", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2007-001017" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Amit Klein Amit.Klein@SanctumInc.com", "sources": [ { "db": "CNNVD", "id": "CNNVD-200712-012" } ], "trust": 0.6 }, "cve": "CVE-2007-6203", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "CVE-2007-6203", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2007-6203", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2007-6203", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-200712-012", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2007-6203", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2007-6203" }, { "db": "JVNDB", "id": "JVNDB-2007-001017" }, { "db": "CNNVD", "id": "CNNVD-200712-012" }, { "db": "NVD", "id": "CVE-2007-6203" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a \"413 Request Entity Too Large\" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918. In order to use this problem to perform cross-site scripting attacks, the attacker is malicious to the user. HTTP It is reported as a prerequisite to have the method submitted. \nAn attacker may exploit this issue to steal cookie-based authentication credentials and launch other attacks. \nApache 2.0.46 through 2.2.4 are vulnerable; other versions may also be affected. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 200803-19\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Apache: Multiple vulnerabilities\n Date: March 11, 2008\n Bugs: #201163, #204410, #205195, #209899\n ID: 200803-19\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been discovered in Apache. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/apache \u003c 2.2.8 \u003e= 2.2.8\n\nDescription\n===========\n\nAdrian Pastor and Amir Azam (ProCheckUp) reported that the HTTP Method\nspecifier header is not properly sanitized when the HTTP return code is\n\"413 Request Entity too large\" (CVE-2007-6203). The mod_proxy_balancer\nmodule does not properly check the balancer name before using it\n(CVE-2007-6422). The mod_proxy_ftp does not define a charset in its\nanswers (CVE-2008-0005). Stefano Di Paola (Minded Security) reported\nthat filenames are not properly sanitized within the mod_negociation\nmodule (CVE-2008-0455, CVE-2008-0456). \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Apache users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/apache-2.2.8\"\n\nReferences\n==========\n\n [ 1 ] CVE-2007-6203\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6203\n [ 2 ] CVE-2007-6422\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6422\n [ 3 ] CVE-2008-0005\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005\n [ 4 ] CVE-2008-0455\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0455\n [ 5 ] CVE-2008-0456\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0456\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-200803-19.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2008 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. ===========================================================\nUbuntu Security Notice USN-731-1 March 10, 2009\napache2 vulnerabilities\nCVE-2007-6203, CVE-2007-6420, CVE-2008-1678, CVE-2008-2168,\nCVE-2008-2364, CVE-2008-2939\n===========================================================\n\nA security issue affects the following Ubuntu releases:\n\nUbuntu 6.06 LTS\nUbuntu 7.10\nUbuntu 8.04 LTS\n\nThis advisory also applies to the corresponding versions of\nKubuntu, Edubuntu, and Xubuntu. \n\nThe problem can be corrected by upgrading your system to the\nfollowing package versions:\n\nUbuntu 6.06 LTS:\n apache2-common 2.0.55-4ubuntu2.4\n apache2-mpm-perchild 2.0.55-4ubuntu2.4\n apache2-mpm-prefork 2.0.55-4ubuntu2.4\n apache2-mpm-worker 2.0.55-4ubuntu2.4\n\nUbuntu 7.10:\n apache2-mpm-event 2.2.4-3ubuntu0.2\n apache2-mpm-perchild 2.2.4-3ubuntu0.2\n apache2-mpm-prefork 2.2.4-3ubuntu0.2\n apache2-mpm-worker 2.2.4-3ubuntu0.2\n apache2.2-common 2.2.4-3ubuntu0.2\n\nUbuntu 8.04 LTS:\n apache2-mpm-event 2.2.8-1ubuntu0.4\n apache2-mpm-perchild 2.2.8-1ubuntu0.4\n apache2-mpm-prefork 2.2.8-1ubuntu0.4\n apache2-mpm-worker 2.2.8-1ubuntu0.4\n apache2.2-common 2.2.8-1ubuntu0.4\n\nIn general, a standard system upgrade is sufficient to effect the\nnecessary changes. With cross-site scripting vulnerabilities, if a user were tricked into\nviewing server output during a crafted server request, a remote attacker could\nexploit this to modify the contents, or steal confidential data (such as\npasswords), within the same domain. This issue only affected Ubuntu 6.06 LTS and\n7.10. (CVE-2007-6203)\n\nIt was discovered that Apache was vulnerable to a cross-site request forgery\n(CSRF) in the mod_proxy_balancer balancer manager. If an Apache administrator\nwere tricked into clicking a link on a specially crafted web page, an attacker\ncould trigger commands that could modify the balancer manager configuration. \nThis issue only affected Ubuntu 7.10 and 8.04 LTS. (CVE-2007-6420)\n\nIt was discovered that Apache had a memory leak when using mod_ssl with\ncompression. A remote attacker could exploit this to exhaust server memory,\nleading to a denial of service. This issue only affected Ubuntu 7.10. \n(CVE-2008-1678)\n\nIt was discovered that in certain conditions, Apache did not specify a default\ncharacter set when returning certain error messages containing UTF-7 encoded\ndata, which could result in browsers becoming vulnerable to cross-site scripting\nattacks when processing the output. This issue only affected Ubuntu 6.06 LTS and\n7.10. (CVE-2008-2168)\n\nIt was discovered that when configured as a proxy server, Apache did not limit\nthe number of forwarded interim responses. A malicious remote server could send\na large number of interim responses and cause a denial of service via memory\nexhaustion. (CVE-2008-2364)\n\nIt was discovered that mod_proxy_ftp did not sanitize wildcard pathnames when\nthey are returned in directory listings, which could result in browsers becoming\nvulnerable to cross-site scripting attacks when processing the output. \n(CVE-2008-2939)\n\n\nUpdated packages for Ubuntu 6.06 LTS:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.4.diff.gz\n Size/MD5: 123478 7a5b444231dc27ee60c1bd63f42420c6\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.4.dsc\n Size/MD5: 1156 4f9a0f31d136914cf7d6e1a92656a47b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz\n Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.4_all.deb\n Size/MD5: 2124948 5153435633998e4190b54eb101afd271\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.4_amd64.deb\n Size/MD5: 833336 d5b9ecf82467eb04a94957321c4a95a2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.4_amd64.deb\n Size/MD5: 228588 f4b9b82016eb22a60da83ae716fd028a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.4_amd64.deb\n Size/MD5: 223600 2cf77e3daaadcc4e07da5e19ecac2867\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.4_amd64.deb\n Size/MD5: 228216 60ff106ddefe9b68c055825bcd6ec52f\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.4_amd64.deb\n Size/MD5: 171724 bae5e3d30111e97d34b25594993ad488\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.4_amd64.deb\n Size/MD5: 172508 77bdf00092378c89ae8be7f5139963e0\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.4_amd64.deb\n Size/MD5: 94562 f3a168c57db1f5be11cfdba0bdc20062\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.4_amd64.deb\n Size/MD5: 36618 a7f34da28f7bae0cffb3fdb73da70143\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.4_amd64.deb\n Size/MD5: 286028 a5b380d9c6a651fe043ad2358ef61143\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.4_amd64.deb\n Size/MD5: 144590 9a4031c258cfa264fb8baf305bc0cea6\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.4_i386.deb\n Size/MD5: 786528 353ed1839a8201d0211ede114565e60d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.4_i386.deb\n Size/MD5: 203256 7b0caa06fd47a28a8a92d1b69c0b4667\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.4_i386.deb\n Size/MD5: 199114 6a77314579722ca085726e4220be4e9f\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.4_i386.deb\n Size/MD5: 202654 ffad2838e3c8c79ecd7e21f79aa78216\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.4_i386.deb\n Size/MD5: 171716 771492b2b238424e33e3e7853185c0ca\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.4_i386.deb\n Size/MD5: 172498 b5f7a4ed03ebafa4c4ff75c05ebf53b7\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.4_i386.deb\n Size/MD5: 92520 787a673994d746b4ad3788c16516832a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.4_i386.deb\n Size/MD5: 36620 4d5f0f18c3035f41cb8234af3cc1092c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.4_i386.deb\n Size/MD5: 262082 d6a7111b9f2ed61e1aeb2f18f8713873\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.4_i386.deb\n Size/MD5: 132518 5a335222829c066cb9a0ddcaeee8a0da\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.4_powerpc.deb\n Size/MD5: 859446 cf555341c1a8b4a39808b8a3bd76e03a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.4_powerpc.deb\n Size/MD5: 220622 85b902b9eecf3d40577d9e1e8bf61467\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.4_powerpc.deb\n Size/MD5: 216314 146e689e30c6e1681048f6cf1dd659e3\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.4_powerpc.deb\n Size/MD5: 220128 10f65b3961a164e070d2f18d610df67b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.4_powerpc.deb\n Size/MD5: 171726 9e341f225cb19d5c44f343cc68c0bba5\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.4_powerpc.deb\n Size/MD5: 172512 331dff8d3de7cd694d8e115417bed4f8\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.4_powerpc.deb\n Size/MD5: 104284 7ab80f14cd9072d23389e27f934079f3\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.4_powerpc.deb\n Size/MD5: 36620 713bfffcca8ec4e9531c635069f1cd0d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.4_powerpc.deb\n Size/MD5: 281600 ad1671807965e2291b5568c7b4e95e14\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.4_powerpc.deb\n Size/MD5: 141744 6b04155aa1dbf6f657dbfa27d6086617\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.4_sparc.deb\n Size/MD5: 803706 f14be1535acf528f89d301c8ec092015\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.4_sparc.deb\n Size/MD5: 211028 28b74d86e10301276cadef208b460658\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.4_sparc.deb\n Size/MD5: 206566 6d6b2e1e3e0bbf8fc0a0bcca60a33339\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.4_sparc.deb\n Size/MD5: 210280 45690384f2e7e0a2168d7867283f9145\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.4_sparc.deb\n Size/MD5: 171732 6595a330344087593a9443b9cdf5e4ba\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.4_sparc.deb\n Size/MD5: 172498 f1ac3a442b21db9d2733e8221b218e25\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.4_sparc.deb\n Size/MD5: 93606 f229d1c258363d2d0dfb3688ec96638e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.4_sparc.deb\n Size/MD5: 36616 6f470e2e17dfc6d587fbe2bf861bfb06\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.4_sparc.deb\n Size/MD5: 268178 5a853d01127853405a677c53dc2bf254\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.4_sparc.deb\n Size/MD5: 130456 a0a51bb9405224948b88903779347427\n\nUpdated packages for Ubuntu 7.10:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.2.diff.gz\n Size/MD5: 125080 c5c1b91f6918d42a75d23e95799b3707\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.2.dsc\n Size/MD5: 1333 b028e602b998a666681d1aa73b980c06\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4.orig.tar.gz\n Size/MD5: 6365535 3add41e0b924d4bb53c2dee55a38c09e\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.4-3ubuntu0.2_all.deb\n Size/MD5: 2211750 9dc3a7e0431fe603bbd82bf647d2d1f5\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.4-3ubuntu0.2_all.deb\n Size/MD5: 278670 985dd1538d0d2c6bb74c458eaada1cb7\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.4-3ubuntu0.2_all.deb\n Size/MD5: 6702036 3cdb5e1a9d22d7172adfd066dd42d71a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.2_all.deb\n Size/MD5: 42846 ba7b0cbf7f33ac3b6321c132bc2fec71\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.2_amd64.deb\n Size/MD5: 457286 b37825dc4bb0215284181aa5dfc9dd44\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.2_amd64.deb\n Size/MD5: 453094 380ea917048a64c2c9bc12d768ac2ffa\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.2_amd64.deb\n Size/MD5: 456804 b075ef4e563a55c7977af4d82d90e493\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.2_amd64.deb\n Size/MD5: 410658 6dff5030f33af340b2100e8591598d9d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.2_amd64.deb\n Size/MD5: 411244 9c79a2c0a2d4d8a88fae1b3f10d0e27c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.2_amd64.deb\n Size/MD5: 348256 ef1e159b64fe2524dc94b6ab9e22cefb\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.2_amd64.deb\n Size/MD5: 992256 0e9bac368bc57637079f839bcce8ebbc\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.2_i386.deb\n Size/MD5: 440388 bdb2ced3ca782cda345fcfb109e8b02a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.2_i386.deb\n Size/MD5: 436030 44d372ff590a6e42a83bcd1fb5e546fe\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.2_i386.deb\n Size/MD5: 439732 5119be595fb6ac6f9dd94d01353da257\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.2_i386.deb\n Size/MD5: 410656 01be0eca15fe252bbcab7562462af5ca\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.2_i386.deb\n Size/MD5: 411250 10d8929e9d37050488f2906fde13b2fd\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.2_i386.deb\n Size/MD5: 347322 d229c56720ae5f1f83645f66e1bfbdf1\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.2_i386.deb\n Size/MD5: 947460 3dc120127b16134b42e0124a1fdfa4ab\n\n lpia architecture (Low Power Intel Architecture):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.2_lpia.deb\n Size/MD5: 439896 8e856643ebeed84ffbeb6150f6e917c5\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.2_lpia.deb\n Size/MD5: 435524 ce18d9e09185526c93c6af6db7a6b5cf\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.2_lpia.deb\n Size/MD5: 439180 9622bf2dfee7941533faedd2e2d4ebbd\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.2_lpia.deb\n Size/MD5: 410674 684ad4367bc9250468351b5807dee424\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.2_lpia.deb\n Size/MD5: 411258 17f53e8d3898607ce155dc333237690c\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.2_lpia.deb\n Size/MD5: 347664 1197aa4145372ae6db497fb157cb0da1\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.2_lpia.deb\n Size/MD5: 939924 470a7163e2834781b2db0689750ce0f2\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.2_powerpc.deb\n Size/MD5: 458848 4efbbcc96f05a03301a13448f9cb3c01\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.2_powerpc.deb\n Size/MD5: 454226 1fe4c7712fd4597ed37730a27df95113\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.2_powerpc.deb\n Size/MD5: 458134 5786d901931cecd340cc1879e27bcef7\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.2_powerpc.deb\n Size/MD5: 410676 9fc94d5b21a8b0f7f8aab9dc60339abf\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.2_powerpc.deb\n Size/MD5: 411266 c44cde12a002910f9df02c10cdd26b0c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.2_powerpc.deb\n Size/MD5: 367392 612ddcebee145f765163a0b30124393a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.2_powerpc.deb\n Size/MD5: 1094288 72fd7d87f4876648d1e14a5022c61b00\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.2_sparc.deb\n Size/MD5: 441650 28e5a2c2d18239c0810b6de3584af221\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.2_sparc.deb\n Size/MD5: 437796 3ee7408c58fbdf8de6bf681970c1c9ad\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.2_sparc.deb\n Size/MD5: 441114 b1b1bb871fe0385ea4418d533f0669aa\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.2_sparc.deb\n Size/MD5: 410676 cf7bed097f63e3c24337813621866498\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.2_sparc.deb\n Size/MD5: 411252 5a30177f7039f52783576e126cf042d0\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.2_sparc.deb\n Size/MD5: 350468 ce216a4e9739966cd2aca4262ba0ea4e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.2_sparc.deb\n Size/MD5: 959090 98ad8ee7328f25e1e81e110bbfce10c2\n\nUpdated packages for Ubuntu 8.04 LTS:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.4.diff.gz\n Size/MD5: 132376 1a3c4e93f08a23c3a3323cb02f5963b6\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.4.dsc\n Size/MD5: 1379 ed1a1e5de71b0e35100f60b21f959db4\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8.orig.tar.gz\n Size/MD5: 6125771 39a755eb0f584c279336387b321e3dfc\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.8-1ubuntu0.4_all.deb\n Size/MD5: 1928164 86b52d997fe3e4baf9712be0562eed2d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.8-1ubuntu0.4_all.deb\n Size/MD5: 72176 1f4efe37abf317c3c42c4c0a79a4f232\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.8-1ubuntu0.4_all.deb\n Size/MD5: 6254152 fe271b0e4aa0cf80e99b866c23707b6a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.4_all.deb\n Size/MD5: 45090 3f44651df13cfd495d7c33dda1c709ea\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.4_amd64.deb\n Size/MD5: 252272 3d27b0311303e7c5912538fb7d4fc37c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.4_amd64.deb\n Size/MD5: 247850 1ce7ff6190c21da119d98b7568f2e5d0\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.4_amd64.deb\n Size/MD5: 251658 ac7bc78b449cf8d28d4c10478c6f1409\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.4_amd64.deb\n Size/MD5: 204658 66e95c370f2662082f3ec41e4a033877\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.4_amd64.deb\n Size/MD5: 205336 6b1e7e0ab97b7dd4470c153275f1109c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.4_amd64.deb\n Size/MD5: 140940 cad14e08ab48ca8eb06480c0db686779\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.4_amd64.deb\n Size/MD5: 801764 3759103e3417d44bea8866399ba34a66\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.4_i386.deb\n Size/MD5: 235194 dddbc62f458d9f1935087a072e1c6f67\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.4_i386.deb\n Size/MD5: 230748 db0a1dc277de5886655ad7b1cc5b0f1a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.4_i386.deb\n Size/MD5: 234542 0e4997e9ed55d6086c439948cf1347ff\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.4_i386.deb\n Size/MD5: 204672 1f58383838b3b9f066e855af9f4e47e0\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.4_i386.deb\n Size/MD5: 205348 fa032fc136c5b26ccf364289a93a1cda\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.4_i386.deb\n Size/MD5: 139904 b503316d420ccb7efae5082368b95e01\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.4_i386.deb\n Size/MD5: 754788 140fddccc1a6d3dc743d37ab422438c2\n\n lpia architecture (Low Power Intel Architecture):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.4_lpia.deb\n Size/MD5: 234752 bc06d67259257109fe8fc17204bc9950\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.4_lpia.deb\n Size/MD5: 230424 9421376c8f6d64e5c87af4f484b8aacf\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.4_lpia.deb\n Size/MD5: 233908 179236460d7b7b71dff5e1d1ac9f0509\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.4_lpia.deb\n Size/MD5: 204664 764d773d28d032767d697eec6c6fd50a\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.4_lpia.deb\n Size/MD5: 205342 2891770939b51b1ca6b8ac8ca9142db1\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.4_lpia.deb\n Size/MD5: 140478 4a062088427f1d8b731e06d64eb7e2ea\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.4_lpia.deb\n Size/MD5: 748672 b66dbda7126616894cf97eb93a959af9\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.4_powerpc.deb\n Size/MD5: 253368 bad43203ed4615216bf28f6da7feb81b\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.4_powerpc.deb\n Size/MD5: 248800 aa757fd46cd79543a020dcd3c6aa1b26\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.4_powerpc.deb\n Size/MD5: 252904 682a940b7f3d14333037c80f7f01c793\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.4_powerpc.deb\n Size/MD5: 204678 30af6c826869b647bc60ed2d99cc30f7\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.4_powerpc.deb\n Size/MD5: 205376 cd02ca263703a6049a6fe7e11f72c98a\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.4_powerpc.deb\n Size/MD5: 157662 df6cdceecb8ae9d25bbd614142da0151\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.4_powerpc.deb\n Size/MD5: 904904 34581d1b3c448a5de72a06393557dd48\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.4_sparc.deb\n Size/MD5: 236418 2eda543f97646f966f5678e2f2a0ba90\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.4_sparc.deb\n Size/MD5: 232386 69e2419f27867b77d94a652a83478ad7\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.4_sparc.deb\n Size/MD5: 235788 414a49286d9e8dd7b343bd9207dc727b\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.4_sparc.deb\n Size/MD5: 204668 f7d099cd9d3ebc0baccbdd896c94a88f\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.4_sparc.deb\n Size/MD5: 205352 0a5cb5dfd823b4e6708a9bcc633a90cd\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.4_sparc.deb\n Size/MD5: 143108 ad78ead4ac992aec97983704b1a3877f\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.4_sparc.deb\n Size/MD5: 763946 0d40a8ebecfef8c1a099f2170fcddb73\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c01905287\nVersion: 1\n\nHPSBUX02465 SSRT090192 rev.1 - HP-UX Running Apache-based Web Server, Remote Denial of Service (DoS) Cross-Site Scripting (XSS) Unauthorized Access\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2009-10-21\nLast Updated: 2009-10-21\n\nPotential Security Impact: Remote Denial of Service (DoS), cross-site scripting (XSS), unauthorized access\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP-UX running Apache-based Web Server. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS), cross-site scripting (XSS) or unauthorized access. Apache-based Web Server is contained in the Apache Web Server Suite. \n\nReferences: CVE-2006-3918, CVE-2007-4465, CVE-2007-6203, CVE-2008-0005, CVE-2008-0599, CVE-2008-2168, CVE-2008-2364, CVE-2008-2371, CVE-2008-2665, CVE-2008-2666, CVE-2008-2829, CVE-2008-2939, CVE-2008-3658, CVE-2008-3659, CVE-2008-3660, CVE-2008-5498, CVE-2008-5557, CVE-2008-5624, CVE-2008-5625, CVE-2008-5658. \nHP-UX B.11.23, B.11.31 running Apache-based Web Server versions before v2.2.8.05\nHP-UX B.11.11, B.11.23, B.11.31 running Apache-based Web Server versions before v2.0.59.12\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2006-3918 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2007-4465 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2007-6203 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2008-0005 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2008-0599 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2008-2168 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2008-2364 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2008-2371 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2008-2665 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2008-2666 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2008-2829 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2008-2939 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2008-3658 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2008-3659 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4\nCVE-2008-3660 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2008-5498 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2008-5557 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2008-5624 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2008-5625 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2008-5658 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following upgrades to resolve these vulnerabilities. \nThe upgrades are available from the following location:\n\nURL http://software.hp.com\n\nNote: HP-UX Web Server Suite v3.06 contains HP-UX Apache-based Web Server v2.2.8.05\nNote: HP-UX Web Server Suite v2.27 contains HP-UX Apache-based Web Server v2.0.59.12\n\nWeb Server Suite Version\n HP-UX Release\n Depot name\n\nWeb Server v3.06\n B.11.23 and B.11.31 PA-32\n HPUX22SATW-1123-32.depot\n\nWeb Server v3.06\n B.11.23 and B.11.31 IA-64\n HPUX22SATW-1123-64.depot\n\nWeb Server v2.27\n B.11.11 PA-32\n HPUXSATW-1111-64-32.depot\n\nWeb Server v2.27\n B.11.23 PA-32 and IA-64\n HPUXWSATW-1123-64-bit.depot\n\nWeb Server v2.27\n B.11.31 IA-32 and IA-64\n HPUXSATW-1131-64.depot\n\nMANUAL ACTIONS: Yes - Update\n\nInstall Apache-based Web Server from the Apache Web Server Suite v2.27 or subsequent\nor\nInstall Apache-based Web Server from the Apache Web Server Suite v3.06 or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nFor Web Server Suite before v3.06\nHP-UX B.11.23\n==================\nhpuxws22APACHE.APACHE\nhpuxws22APACHE.APACHE2\nhpuxws22APACHE.AUTH_LDAP\nhpuxws22APACHE.AUTH_LDAP2\nhpuxws22APACHE.MOD_JK\nhpuxws22APACHE.MOD_JK2\nhpuxws22APACHE.MOD_PERL\nhpuxws22APACHE.MOD_PERL2\nhpuxws22APACHE.PHP\nhpuxws22APACHE.PHP2\naction: install revision B.2.2.8.05 or subsequent\n\nHP-UX B.11.31\n==================\nhpuxws22APCH32.APACHE\nhpuxws22APCH32.APACHE2\nhpuxws22APCH32.AUTH_LDAP\nhpuxws22APCH32.AUTH_LDAP2\nhpuxws22APCH32.MOD_JK\nhpuxws22APCH32.MOD_JK2\nhpuxws22APCH32.MOD_PERL\nhpuxws22APCH32.MOD_PERL2\nhpuxws22APCH32.PHP\nhpuxws22APCH32.PHP2\nhpuxws22APCH32.WEBPROXY\nhpuxws22APCH32.WEBPROXY2\naction: install revision B.2.2.8.05 or subsequent\n\nFor Web Server Suite before v2.27\nHP-UX B.11.11\n==================\nhpuxwsAPACHE.APACHE\nhpuxwsAPACHE.APACHE2\nhpuxwsAPACHE.AUTH_LDAP2\nhpuxwsAPACHE.MOD_JK\nhpuxwsAPACHE.MOD_JK2\nhpuxwsAPACHE.MOD_PERL\nhpuxwsAPACHE.MOD_PERL2\nhpuxwsAPACHE.PHP\nhpuxwsAPACHE.PHP2\nhpuxwsAPACHE.WEBPROXY\naction: install revision B.2.0.59.12 or subsequent\n\nHP-UX B.11.23\n==================\nhpuxwsAPACHE.APACHE\nhpuxwsAPACHE.APACHE2\nhpuxwsAPACHE.AUTH_LDAP\nhpuxwsAPACHE.AUTH_LDAP2\nhpuxwsAPACHE.MOD_JK\nhpuxwsAPACHE.MOD_JK2\nhpuxwsAPACHE.MOD_PERL\nhpuxwsAPACHE.MOD_PERL2\nhpuxwsAPACHE.PHP\nhpuxwsAPACHE.PHP2\nhpuxwsAPACHE.WEBPROXY\naction: install revision B.2.0.59.12 or subsequent\n\nHP-UX B.11.31\n==================\nhpuxwsAPACHE.APACHE\nhpuxwsAPACHE.APACHE2\nhpuxwsAPACHE.AUTH_LDAP\nhpuxwsAPACHE.AUTH_LDAP2\nhpuxwsAPACHE.MOD_JK\nhpuxwsAPACHE.MOD_JK2\nhpuxwsAPACHE.MOD_PERL\nhpuxwsAPACHE.MOD_PERL2\nhpuxwsAPACHE.PHP\nhpuxwsAPACHE.PHP2\nhpuxwsAPACHE.WEBPROXY\naction: install revision B.2.0.59.12 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) 21 October 2009 Initial release\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n To: security-alert@hp.com\n Subject: get key\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n -check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n -verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin\nrelates to is represented by the 5th and 6th characters\nof the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\nCopyright 2009 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niEUEARECAAYFAkrguYgACgkQ4B86/C0qfVliOACWIZufVcaJyE/ap8OAmQqT87S7\nhQCeKCPftsEV+4JPzQKz4B+EnYzQsJ0=\n=TAoy\n-----END PGP SIGNATURE-----\n", "sources": [ { "db": "NVD", "id": "CVE-2007-6203" }, { "db": "JVNDB", "id": "JVNDB-2007-001017" }, { "db": "BID", "id": "26663" }, { "db": "VULMON", "id": "CVE-2007-6203" }, { "db": "PACKETSTORM", "id": "96536" }, { "db": "PACKETSTORM", "id": "64520" }, { "db": "PACKETSTORM", "id": "75604" }, { "db": "PACKETSTORM", "id": "82164" } ], "trust": 2.34 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=30835", "trust": 0.1, "type": "exploit" } ], "sources": [ { "db": "VULMON", "id": "CVE-2007-6203" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2007-6203", "trust": 3.2 }, { "db": "BID", "id": "26663", "trust": 2.8 }, { "db": "SECUNIA", "id": "27906", "trust": 2.5 }, { "db": "SECTRACK", "id": "1019030", "trust": 2.5 }, { "db": "SECUNIA", "id": "29348", "trust": 1.7 }, { "db": "SECUNIA", "id": "33105", "trust": 1.7 }, { "db": "SECUNIA", "id": "30356", "trust": 1.7 }, { "db": "SECUNIA", "id": "29640", "trust": 1.7 }, { "db": "SECUNIA", "id": "28196", "trust": 1.7 }, { "db": "SECUNIA", "id": "30732", "trust": 1.7 }, { "db": "SECUNIA", "id": "29420", "trust": 1.7 }, { "db": "SECUNIA", "id": "34219", "trust": 1.7 }, { "db": "SREASON", "id": "3411", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2007-4301", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2008-1875", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2008-0924", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2008-1623", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2007-4060", "trust": 1.7 }, { "db": "XF", "id": "38800", "trust": 1.4 }, { "db": "USCERT", "id": "TA08-079A", "trust": 0.8 }, { "db": "USCERT", "id": "SA08-079A", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2007-001017", "trust": 0.8 }, { "db": "GENTOO", "id": "GLSA-200803-19", "trust": 0.6 }, { "db": "HP", "id": "SSRT090192", "trust": 0.6 }, { "db": "SUSE", "id": "SUSE-SA:2008:021", "trust": 0.6 }, { "db": "BUGTRAQ", "id": "20071130 PR07-37: XSS ON APACHE HTTP SERVER 413 ERROR PAGES VIA MALFORMED HTTP METHOD", "trust": 0.6 }, { "db": "AIXAPAR", "id": "PK65782", "trust": 0.6 }, { "db": "AIXAPAR", "id": "PK57952", "trust": 0.6 }, { "db": "UBUNTU", "id": "USN-731-1", "trust": 0.6 }, { "db": "XF", "id": "413", "trust": 0.6 }, { "db": "APPLE", "id": "APPLE-SA-2008-03-18", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-200712-012", "trust": 0.6 }, { "db": "EXPLOIT-DB", "id": "30835", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2007-6203", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "96536", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "64520", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "75604", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "82164", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2007-6203" }, { "db": "BID", "id": "26663" }, { "db": "JVNDB", "id": "JVNDB-2007-001017" }, { "db": "PACKETSTORM", "id": "96536" }, { "db": "PACKETSTORM", "id": "64520" }, { "db": "PACKETSTORM", "id": "75604" }, { "db": "PACKETSTORM", "id": "82164" }, { "db": "CNNVD", "id": "CNNVD-200712-012" }, { "db": "NVD", "id": "CVE-2007-6203" } ] }, "id": "VAR-200711-0538", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.16519225 }, "last_update_date": "2024-11-29T21:17:52.799000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "httpd-2.3", "trust": 0.8, "url": "http://httpd.apache.org/dev/devnotes.html" }, { "title": "600645", "trust": 0.8, "url": "http://svn.apache.org/viewvc?view=rev\u0026revision=600645" }, { "title": "Security Update 2008-002", "trust": 0.8, "url": "http://docs.info.apple.com/article.html?artnum=307562-en" }, { "title": "Security Update 2008-002", "trust": 0.8, "url": "http://docs.info.apple.com/article.html?artnum=307562-ja" }, { "title": "Changes with Apache 2.0.62", "trust": 0.8, "url": "http://www.apache.org/dist/httpd/CHANGES_2.0.63" }, { "title": "Changes with Apache 2.2.7", "trust": 0.8, "url": "http://www.apache.org/dist/httpd/CHANGES_2.2.8" }, { "title": "HS08-004", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS08-004/index.html" }, { "title": "HPSBUX02612", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02579879" }, { "title": "HPSBUX02465", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01905287" }, { "title": "7008517", "trust": 0.8, "url": "http://www-1.ibm.com/support/docview.wss?rs=177\u0026uid=swg27008517#61015" }, { "title": " PK65782", "trust": 0.8, "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK65782" }, { "title": "PK57952", "trust": 0.8, "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK57952" }, { "title": "4019245", "trust": 0.8, "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24019245" }, { "title": "1266", "trust": 0.8, "url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=1266" }, { "title": "TLSA-2008-24", "trust": 0.8, "url": "http://www.turbolinux.co.jp/security/2008/TLSA-2008-24j.txt" }, { "title": "HS08-004", "trust": 0.8, "url": "http://www.hitachi-support.com/security/vuls/HS08-004/index.html" }, { "title": "interstage_as_200807", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_200807.html" }, { "title": "Ubuntu Security Notice: apache2 vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-731-1" }, { "title": "Debian CVElist Bug Report Logs: apache2: CVE-2007-4465", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=8a7503dd359ab44b424a9918eb8a6f66" }, { "title": "", "trust": 0.1, "url": "https://github.com/SecureAxom/strike " } ], "sources": [ { "db": "VULMON", "id": "CVE-2007-6203" }, { "db": "JVNDB", "id": "JVNDB-2007-001017" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-79", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2007-001017" }, { "db": "NVD", "id": "CVE-2007-6203" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "http://www.securityfocus.com/bid/26663" }, { "trust": 2.5, "url": "http://www.securitytracker.com/id?1019030" }, { "trust": 2.3, "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2" }, { "trust": 2.0, "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1pk57952" }, { "trust": 2.0, "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24019245" }, { "trust": 2.0, "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html" }, { "trust": 1.8, "url": "http://security.gentoo.org/glsa/glsa-200803-19.xml" }, { "trust": 1.7, "url": "http://procheckup.com/vulnerability_pr07-37.php" }, { "trust": 1.7, "url": "http://secunia.com/advisories/27906" }, { "trust": 1.7, "url": "http://secunia.com/advisories/28196" }, { "trust": 1.7, "url": "http://secunia.com/advisories/29348" }, { "trust": 1.7, "url": "http://docs.info.apple.com/article.html?artnum=307562" }, { "trust": 1.7, "url": "http://lists.apple.com/archives/security-announce/2008/mar/msg00001.html" }, { "trust": 1.7, "url": "http://secunia.com/advisories/29420" }, { "trust": 1.7, "url": "http://securityreason.com/securityalert/3411" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html" }, { "trust": 1.7, "url": "http://secunia.com/advisories/29640" }, { "trust": 1.7, "url": "http://secunia.com/advisories/30356" }, { "trust": 1.7, "url": "http://secunia.com/advisories/30732" }, { "trust": 1.7, "url": "http://secunia.com/advisories/33105" }, { "trust": 1.7, "url": "http://www.ubuntu.com/usn/usn-731-1" }, { "trust": 1.7, "url": "http://secunia.com/advisories/34219" }, { "trust": 1.4, "url": "http://www.frsirt.com/english/advisories/2007/4060" }, { "trust": 1.4, "url": "http://xforce.iss.net/xforce/xfdb/38800" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=129190899612998\u0026w=2" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2007/4301" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2007/4060" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2008/1623/references" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2008/0924/references" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2008/1875/references" }, { "trust": 1.1, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38800" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a12166" }, { "trust": 1.1, "url": "http://www.securityfocus.com/archive/1/484410/100/0/threaded" }, { "trust": 0.9, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6203" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnta08-079a/index.html" }, { "trust": 0.8, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-6203" }, { "trust": 0.8, "url": "http://secunia.com/advisories/27906/" }, { "trust": 0.8, "url": "http://www.us-cert.gov/cas/alerts/sa08-079a.html" }, { "trust": 0.8, "url": "http://www.us-cert.gov/cas/techalerts/ta08-079a.html" }, { "trust": 0.6, "url": "http://www.securityfocus.com/archive/1/archive/1/484410/100/0/threaded" }, { "trust": 0.6, "url": "http://www.frsirt.com/english/advisories/2008/1875/references" }, { "trust": 0.6, "url": "http://www.frsirt.com/english/advisories/2007/4301" }, { "trust": 0.6, "url": "http://www.frsirt.com/english/advisories/2008/1623/references" }, { "trust": 0.6, "url": "http://www.frsirt.com/english/advisories/2008/0924/references" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6203" }, { "trust": 0.3, "url": "http://httpd.apache.org/" }, { "trust": 0.3, "url": "http://issues.apache.org/bugzilla/show_bug.cgi?id=44014" }, { "trust": 0.3, "url": "http://www.apache.org/dist/httpd/changes_2.2.8" }, { "trust": 0.3, "url": "https://www14.software.ibm.com/webapp/set2/sas/f/hmc/power5/install/v61.readme.html#mh01110" }, { "trust": 0.3, "url": "/archive/1/484410" }, { "trust": 0.2, "url": "http://software.hp.com" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3918" }, { "trust": 0.2, "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do" }, { "trust": 0.2, "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc" }, { "trust": 0.2, "url": "https://www.hp.com/go/swa" }, { "trust": 0.2, "url": "http://h30046.www3.hp.com/subsignin.php" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0005" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-2364" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-2939" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-2168" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/79.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.exploit-db.com/exploits/30835/" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/731-1/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0023" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1452" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1956" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1890" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1195" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1955" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1891" }, { "trust": 0.1, "url": "http://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6422" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0456" }, { "trust": 0.1, "url": "http://enigmail.mozdev.org" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0456" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0455" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0455" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6422" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0005" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.4_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.4_amd64.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.4_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.4_i386.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.4_lpia.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.4_amd64.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.4_sparc.deb" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1678" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.4_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.4_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.4_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.4_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.4_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.4_powerpc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.4_lpia.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.8-1ubuntu0.4_all.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.4_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.4_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.4_i386.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.4_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.4-3ubuntu0.2_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.8-1ubuntu0.4_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.2_i386.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.2_lpia.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.4_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.4.diff.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.4_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.4_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.4_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.4_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.4_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.4_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4.orig.tar.gz" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.4_powerpc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.2_lpia.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.4.diff.gz" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.4_lpia.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.4_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.4_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.4_powerpc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.2_lpia.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8.orig.tar.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.4_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.2_i386.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.2_lpia.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.4.dsc" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.4.dsc" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.4_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.4_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.4-3ubuntu0.2_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.4_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.4_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.2_i386.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.2_lpia.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.4_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.4_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.2_sparc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.4_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.4_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.4_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.4_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.4_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.2.dsc" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.4_amd64.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.4_lpia.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.4_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.4_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.4_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.4-3ubuntu0.2_all.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.4_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.4_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.4_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.4_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.4_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.4_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.4_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.2_sparc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.4_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.2_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.4_amd64.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.4_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.4_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.2_amd64.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.4_sparc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.4_sparc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.2_lpia.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.2.diff.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.4_powerpc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.2_lpia.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.8-1ubuntu0.4_all.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.4_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.4_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.4_i386.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.4_lpia.deb" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6420" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.4_powerpc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.4_lpia.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.4_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.4_i386.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.4_lpia.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.4_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.4_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.4_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.4_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.4_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.4_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.4_amd64.deb" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-2371" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-3660" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-5498" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0599" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-2829" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-2665" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-5557" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-5624" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-3659" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-2666" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-3658" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-4465" } ], "sources": [ { "db": "VULMON", "id": "CVE-2007-6203" }, { "db": "BID", "id": "26663" }, { "db": "JVNDB", "id": "JVNDB-2007-001017" }, { "db": "PACKETSTORM", "id": "96536" }, { "db": "PACKETSTORM", "id": "64520" }, { "db": "PACKETSTORM", "id": "75604" }, { "db": "PACKETSTORM", "id": "82164" }, { "db": "CNNVD", "id": "CNNVD-200712-012" }, { "db": "NVD", "id": "CVE-2007-6203" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2007-6203" }, { "db": "BID", "id": "26663" }, { "db": "JVNDB", "id": "JVNDB-2007-001017" }, { "db": "PACKETSTORM", "id": "96536" }, { "db": "PACKETSTORM", "id": "64520" }, { "db": "PACKETSTORM", "id": "75604" }, { "db": "PACKETSTORM", "id": "82164" }, { "db": "CNNVD", "id": "CNNVD-200712-012" }, { "db": "NVD", "id": "CVE-2007-6203" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2007-12-03T00:00:00", "db": "VULMON", "id": "CVE-2007-6203" }, { "date": "2007-11-30T00:00:00", "db": "BID", "id": "26663" }, { "date": "2007-12-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2007-001017" }, { "date": "2010-12-09T12:11:11", "db": "PACKETSTORM", "id": "96536" }, { "date": "2008-03-13T04:49:36", "db": "PACKETSTORM", "id": "64520" }, { "date": "2009-03-10T21:13:00", "db": "PACKETSTORM", "id": "75604" }, { "date": "2009-10-23T18:14:28", "db": "PACKETSTORM", "id": "82164" }, { "date": "2007-11-30T00:00:00", "db": "CNNVD", "id": "CNNVD-200712-012" }, { "date": "2007-12-03T22:46:00", "db": "NVD", "id": "CVE-2007-6203" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-10-15T00:00:00", "db": "VULMON", "id": "CVE-2007-6203" }, { "date": "2014-02-11T00:26:00", "db": "BID", "id": "26663" }, { "date": "2010-12-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2007-001017" }, { "date": "2009-03-20T00:00:00", "db": "CNNVD", "id": "CNNVD-200712-012" }, { "date": "2024-11-21T00:39:36.007000", "db": "NVD", "id": "CVE-2007-6203" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-200712-012" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache HTTP Server of 413 In the error message HTTP Problems not checking the method properly", "sources": [ { "db": "JVNDB", "id": "JVNDB-2007-001017" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "xss", "sources": [ { "db": "PACKETSTORM", "id": "82164" }, { "db": "CNNVD", "id": "CNNVD-200712-012" } ], "trust": 0.7 } }
var-200912-0451
Vulnerability from variot
Fujitsu Interstage and Systemwalker related products have the vulnerabilities listed below: - A buffer overflow vulnerability that can occur when the SSL server verifies the client's certificate. - A vulnerability that makes it possible to make an SSL connection using a server or client certificate issued by the old CA certificate after the CA certificate is renewed, regardless of the settings of the certificate environment variables. - A vulnerability where the depletion of resources, such as file descriptors, can occur on the SSL server.A remote attacker can cause a denial of service (DoS) condition or make an SSL connection using a fake certificate. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability intelligence source on the market.
Implement it through Secunia.
For more information visit: http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com
TITLE: Fujitsu Products SSL Implementation Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA37989
VERIFY ADVISORY: http://secunia.com/advisories/37989/
DESCRIPTION: Some vulnerabilities have been reported in multiple Fujitsu products, which can be exploited by malicious people to bypass certain security restrictions or cause a DoS (Denial of Service).
3) An error in the implementation of the SSL server can be exploited to exhaust e.g. available file descriptors.
Please see the vendor's advisory for a full list of affected products.
SOLUTION: Apply patches. Please see the vendor's advisory for details.
PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.
ORIGINAL ADVISORY: Fujitsu: http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_systemwalker_ssl_200901.html
OTHER REFERENCES: JVN: http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-002358.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200912-0451", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "infodirectory", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "infoprovider pro", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "infoproxy", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "infoproxy for middleware", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage apcoordinator", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage application framework suite", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage apworks", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage business application manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage form coordinator syomei option", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage security director", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage traffic director", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "linkexpress", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "safeauthor", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "safegate", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "safegate client", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "safegate syutyu kanri", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "symfoware universal data interchanger", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker centric manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker centricmgr-a", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker desktop inspection", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker desktop patrol", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker formcoordinator syomei option", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker it budget manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker it budgetmgr", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker software delivery", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker/infodirectory", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "trademaster", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "trmaster", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2009-002358" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:fujitsu:infodirectory", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:infoprovider_pro", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:infoproxy", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:infoproxy_for_middleware", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_apcoordinator", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_framework_suite", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_apworks", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_form_coordinator_syomei_option", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_security_director", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_traffic_director", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:linkexpress", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:safeauthor", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:safegate", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:safegate_client", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:safegate_syutyu_kanri", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:symfoware_universal_data_interchanger", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_centric_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_centricmgr-a", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_desktop_inspection", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_desktop_patrol", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_formcoordinator_syomei_option", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_it_budget_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_it_budgetmgr", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_software_delivery", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_infodirectory", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:trademaster", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:trmaster", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2009-002358" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Secunia", "sources": [ { "db": "PACKETSTORM", "id": "84267" } ], "trust": 0.1 }, "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "IPA", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2009-002358", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "IPA", "id": "JVNDB-2009-002358", "trust": 0.8, "value": "Medium" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2009-002358" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Fujitsu Interstage and Systemwalker related products have the vulnerabilities listed below: - A buffer overflow vulnerability that can occur when the SSL server verifies the client\u0027s certificate. - A vulnerability that makes it possible to make an SSL connection using a server or client certificate issued by the old CA certificate after the CA certificate is renewed, regardless of the settings of the certificate environment variables. - A vulnerability where the depletion of resources, such as file descriptors, can occur on the SSL server.A remote attacker can cause a denial of service (DoS) condition or make an SSL connection using a fake certificate. ----------------------------------------------------------------------\n\nDo you have VARM strategy implemented?\n\n(Vulnerability Assessment Remediation Management) \n\nIf not, then implement it through the most reliable vulnerability\nintelligence source on the market. \n\nImplement it through Secunia. \n\nFor more information visit:\nhttp://secunia.com/advisories/business_solutions/\n\nAlternatively request a call from a Secunia representative today to\ndiscuss how we can help you with our capabilities contact us at:\nsales@secunia.com\n\n----------------------------------------------------------------------\n\nTITLE:\nFujitsu Products SSL Implementation Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA37989\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/37989/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in multiple Fujitsu products,\nwhich can be exploited by malicious people to bypass certain security\nrestrictions or cause a DoS (Denial of Service). \n\n3) An error in the implementation of the SSL server can be exploited\nto exhaust e.g. available file descriptors. \n\nPlease see the vendor\u0027s advisory for a full list of affected\nproducts. \n\nSOLUTION:\nApply patches. Please see the vendor\u0027s advisory for details. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nFujitsu:\nhttp://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_systemwalker_ssl_200901.html\n\nOTHER REFERENCES:\nJVN:\nhttp://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-002358.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n", "sources": [ { "db": "JVNDB", "id": "JVNDB-2009-002358" }, { "db": "PACKETSTORM", "id": "84267" } ], "trust": 0.81 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2009-002358", "trust": 0.9 }, { "db": "SECUNIA", "id": "37989", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "84267", "trust": 0.1 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2009-002358" }, { "db": "PACKETSTORM", "id": "84267" } ] }, "id": "VAR-200912-0451", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.1875 }, "last_update_date": "2022-05-17T22:49:29.265000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "interstage_systemwalker_ssl_200901", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_systemwalker_ssl_200901.html" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2009-002358" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 0.8 }, { "problemtype": "CWE-399", "trust": 0.8 }, { "problemtype": "CWE-287", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2009-002358" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 0.1, "url": "http://secunia.com/advisories/37989/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/business_solutions/" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://jvndb.jvn.jp/en/contents/2009/jvndb-2009-002358.html" }, { "trust": 0.1, "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_systemwalker_ssl_200901.html" }, { "trust": 0.1, "url": "http://secunia.com/advisories/about_secunia_advisories/" } ], "sources": [ { "db": "PACKETSTORM", "id": "84267" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2009-002358" }, { "db": "PACKETSTORM", "id": "84267" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2009-12-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2009-002358" }, { "date": "2009-12-29T10:25:23", "db": "PACKETSTORM", "id": "84267" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2009-12-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2009-002358" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Fujitsu Interstage and Systemwalker SSL Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2009-002358" } ], "trust": 0.8 } }
var-200706-0660
Vulnerability from variot
cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value. The Apache mod_cache module is prone to a denial-of-service vulnerability. A remote attacker may be able to exploit this issue to crash the child process. This could lead to denial-of-service conditions if the server is using a multithreaded Multi-Processing Module (MPM). This could lead to a denial of service if using a threaded MPM (CVE-2007-1863). A local attacker with the ability to run scripts on the server could manipulate the scoreboard and cause arbitrary processes to be terminated (CVE-2007-3304).
Updated packages have been patched to prevent the above issues.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304
Updated Packages:
Mandriva Linux 2007.0: 5f906bba3e1195f5ffbc3fcb2a6bde38 2007.0/i586/apache-base-2.2.3-1.1mdv2007.0.i586.rpm 83a4844cd98ef203958796ce280a71b2 2007.0/i586/apache-devel-2.2.3-1.1mdv2007.0.i586.rpm 2a6853cad61ca0548715486c5d4c8a23 2007.0/i586/apache-htcacheclean-2.2.3-1.1mdv2007.0.i586.rpm bebbc850c030be2ef87ce12d420fb825 2007.0/i586/apache-mod_authn_dbd-2.2.3-1.1mdv2007.0.i586.rpm 9e08e4738b304aab4f90f4f18aa5da45 2007.0/i586/apache-mod_cache-2.2.3-1.1mdv2007.0.i586.rpm 989d0538f7882277053f6d4c89ca581c 2007.0/i586/apache-mod_dav-2.2.3-1.1mdv2007.0.i586.rpm c1c0fc53dd811dd6176800226574efbf 2007.0/i586/apache-mod_dbd-2.2.3-1.1mdv2007.0.i586.rpm e68509c01d66b9d42e676e7974360154 2007.0/i586/apache-mod_deflate-2.2.3-1.1mdv2007.0.i586.rpm 5596cb5359b7919125fc10be83598445 2007.0/i586/apache-mod_disk_cache-2.2.3-1.1mdv2007.0.i586.rpm d71b54240667224fd7da7fec4693c30b 2007.0/i586/apache-mod_file_cache-2.2.3-1.1mdv2007.0.i586.rpm 3571cab041e622f9399c57f377ac3fe3 2007.0/i586/apache-mod_ldap-2.2.3-1.1mdv2007.0.i586.rpm 598fdd7aad80fdc557142c5e9fc00677 2007.0/i586/apache-mod_mem_cache-2.2.3-1.1mdv2007.0.i586.rpm f4ec774478f5d198ad2e3d3384a5ad83 2007.0/i586/apache-mod_proxy-2.2.3-1.1mdv2007.0.i586.rpm ab7726290be59f03a5ade2029a2b02f8 2007.0/i586/apache-mod_proxy_ajp-2.2.3-1.1mdv2007.0.i586.rpm d72ab4173d51da4a0c1df63dbb52ccf5 2007.0/i586/apache-mod_ssl-2.2.3-1.1mdv2007.0.i586.rpm fcde0ec8b64d83402b53f926ec7fa835 2007.0/i586/apache-mod_userdir-2.2.3-1.1mdv2007.0.i586.rpm 58a0628d42d23c9aa5df6567789fad40 2007.0/i586/apache-modules-2.2.3-1.1mdv2007.0.i586.rpm 011487e1afdfb400419303182e5320c7 2007.0/i586/apache-mpm-prefork-2.2.3-1.1mdv2007.0.i586.rpm 7a755b22020153b44f8d00ba153d3d97 2007.0/i586/apache-mpm-worker-2.2.3-1.1mdv2007.0.i586.rpm ef6e11f0d26db492bc9fe83a2dbf53d7 2007.0/i586/apache-source-2.2.3-1.1mdv2007.0.i586.rpm 411b90e42ed304f329e9989d64a9dfc5 2007.0/SRPMS/apache-2.2.3-1.1mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64: 7c5408879073413fb27f2d40854813d0 2007.0/x86_64/apache-base-2.2.3-1.1mdv2007.0.x86_64.rpm c720f2a661616b0bf35bc353d14b9b3b 2007.0/x86_64/apache-devel-2.2.3-1.1mdv2007.0.x86_64.rpm 12164d6d70972cb9ed2fb6581e212bf1 2007.0/x86_64/apache-htcacheclean-2.2.3-1.1mdv2007.0.x86_64.rpm 5278f8d03ce9d59ec4929d4362b04bbe 2007.0/x86_64/apache-mod_authn_dbd-2.2.3-1.1mdv2007.0.x86_64.rpm 40c83185db12d04f4953a374b329ebb3 2007.0/x86_64/apache-mod_cache-2.2.3-1.1mdv2007.0.x86_64.rpm fe37fb1d4378c4bbcfd8d63bd57c3d4d 2007.0/x86_64/apache-mod_dav-2.2.3-1.1mdv2007.0.x86_64.rpm 0830bc5d1718a533e3358a45975596ce 2007.0/x86_64/apache-mod_dbd-2.2.3-1.1mdv2007.0.x86_64.rpm e18c3a6a322258e73b87170766aa7882 2007.0/x86_64/apache-mod_deflate-2.2.3-1.1mdv2007.0.x86_64.rpm fc8c27067e6b04bd549fe0b95579ebaa 2007.0/x86_64/apache-mod_disk_cache-2.2.3-1.1mdv2007.0.x86_64.rpm b31385db2199fd33eeb624c80e9d882a 2007.0/x86_64/apache-mod_file_cache-2.2.3-1.1mdv2007.0.x86_64.rpm 08123786649152eab65e123c75db8e66 2007.0/x86_64/apache-mod_ldap-2.2.3-1.1mdv2007.0.x86_64.rpm 7de4b739d93683648209dcdc69dd5473 2007.0/x86_64/apache-mod_mem_cache-2.2.3-1.1mdv2007.0.x86_64.rpm 85fde2923d945f3849d77f806b8bc55d 2007.0/x86_64/apache-mod_proxy-2.2.3-1.1mdv2007.0.x86_64.rpm b68991944f2989b6d3f89f7272239d76 2007.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.1mdv2007.0.x86_64.rpm 19871683773211daa721957dc5dd565d 2007.0/x86_64/apache-mod_ssl-2.2.3-1.1mdv2007.0.x86_64.rpm 5cf2a97219d6789e4572da1ecddedf16 2007.0/x86_64/apache-mod_userdir-2.2.3-1.1mdv2007.0.x86_64.rpm feede872aaf0ca4bbd86ffe24455e9cd 2007.0/x86_64/apache-modules-2.2.3-1.1mdv2007.0.x86_64.rpm a00a35d4eba8f538cea741b2fc4079f4 2007.0/x86_64/apache-mpm-prefork-2.2.3-1.1mdv2007.0.x86_64.rpm da86251e4417f068d2cafed30e380779 2007.0/x86_64/apache-mpm-worker-2.2.3-1.1mdv2007.0.x86_64.rpm ceb7fd32d3ad933ab6a914085f858911 2007.0/x86_64/apache-source-2.2.3-1.1mdv2007.0.x86_64.rpm 411b90e42ed304f329e9989d64a9dfc5 2007.0/SRPMS/apache-2.2.3-1.1mdv2007.0.src.rpm
Mandriva Linux 2007.1: 9daef91724ded29a3c76e74c261f7766 2007.1/i586/apache-base-2.2.4-6.2mdv2007.1.i586.rpm 9288ee938a0853d6e0072f839c68c1c2 2007.1/i586/apache-devel-2.2.4-6.2mdv2007.1.i586.rpm 613a986f9f654f1ce3432ee6f6db2391 2007.1/i586/apache-htcacheclean-2.2.4-6.2mdv2007.1.i586.rpm 8e0eb376d851d1ddba8850d4233fc3d3 2007.1/i586/apache-mod_authn_dbd-2.2.4-6.2mdv2007.1.i586.rpm 24de68668efa15e4abaaffd690837256 2007.1/i586/apache-mod_cache-2.2.4-6.2mdv2007.1.i586.rpm 288866908d43959c4b31c368346ba65d 2007.1/i586/apache-mod_dav-2.2.4-6.2mdv2007.1.i586.rpm d25838ec739d7a0037148f573262f81c 2007.1/i586/apache-mod_dbd-2.2.4-6.2mdv2007.1.i586.rpm ebad14bcccb73c8f8a27e98a6982a6f1 2007.1/i586/apache-mod_deflate-2.2.4-6.2mdv2007.1.i586.rpm 810d445f2146848b582e798e368b32ab 2007.1/i586/apache-mod_disk_cache-2.2.4-6.2mdv2007.1.i586.rpm 307de93279683b5b3e76ee6d971781cc 2007.1/i586/apache-mod_file_cache-2.2.4-6.2mdv2007.1.i586.rpm f59890e1bc38cfa598a4100705cf4cc6 2007.1/i586/apache-mod_ldap-2.2.4-6.2mdv2007.1.i586.rpm 098a05d1cbaa6bfa2d2707896dd6366c 2007.1/i586/apache-mod_mem_cache-2.2.4-6.2mdv2007.1.i586.rpm 6504f5e57440ff07da16de3d928898f6 2007.1/i586/apache-mod_proxy-2.2.4-6.2mdv2007.1.i586.rpm adc3a611a780e23178e93a6cedf135d4 2007.1/i586/apache-mod_proxy_ajp-2.2.4-6.2mdv2007.1.i586.rpm 659508a67fbe28b5dd9f861384ca1cf1 2007.1/i586/apache-mod_ssl-2.2.4-6.2mdv2007.1.i586.rpm 604eb70716d7e7b6bc6e8399cc4d9f5c 2007.1/i586/apache-mod_userdir-2.2.4-6.2mdv2007.1.i586.rpm 750d7cb431356abc88fe7a031f872b04 2007.1/i586/apache-modules-2.2.4-6.2mdv2007.1.i586.rpm 210be718db221db891452f05a001ee4e 2007.1/i586/apache-mpm-event-2.2.4-6.2mdv2007.1.i586.rpm 482e3d3af6756108c3e9a26ec2a8ac56 2007.1/i586/apache-mpm-itk-2.2.4-6.2mdv2007.1.i586.rpm b76ff4578c127ebd248b21a85a31140a 2007.1/i586/apache-mpm-prefork-2.2.4-6.2mdv2007.1.i586.rpm 2484dee8a4d4e7604a69abcd1b443954 2007.1/i586/apache-mpm-worker-2.2.4-6.2mdv2007.1.i586.rpm 9823f9b97e1829df97999494c3a3d453 2007.1/i586/apache-source-2.2.4-6.2mdv2007.1.i586.rpm ccbd9fad2b29ff86d8601f7201f48d72 2007.1/SRPMS/apache-2.2.4-6.2mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64: 4d043339268bff11fa07897ee3dc2988 2007.1/x86_64/apache-base-2.2.4-6.2mdv2007.1.x86_64.rpm afbae73f408fa95c9e4d25e3aa39583d 2007.1/x86_64/apache-devel-2.2.4-6.2mdv2007.1.x86_64.rpm d92c22ff28fcd919b3a8525f753066c3 2007.1/x86_64/apache-htcacheclean-2.2.4-6.2mdv2007.1.x86_64.rpm abe81d2effd6f4975accbdc8d25d089e 2007.1/x86_64/apache-mod_authn_dbd-2.2.4-6.2mdv2007.1.x86_64.rpm 480d5c31af3289f26953a691f92e2a51 2007.1/x86_64/apache-mod_cache-2.2.4-6.2mdv2007.1.x86_64.rpm 3feae93ade4038e67fcbaa691f2a74aa 2007.1/x86_64/apache-mod_dav-2.2.4-6.2mdv2007.1.x86_64.rpm b60eead7fe808fbc5eff6cb34f1de80b 2007.1/x86_64/apache-mod_dbd-2.2.4-6.2mdv2007.1.x86_64.rpm 023afee3221da629fd8e1d34006b7463 2007.1/x86_64/apache-mod_deflate-2.2.4-6.2mdv2007.1.x86_64.rpm 1180446c8cf65c196352006d6da00e17 2007.1/x86_64/apache-mod_disk_cache-2.2.4-6.2mdv2007.1.x86_64.rpm 0e8c2dfc0e42c23b0afbada9f8868bb6 2007.1/x86_64/apache-mod_file_cache-2.2.4-6.2mdv2007.1.x86_64.rpm 32aa45f45b8893d6c23c6892b7ad7e62 2007.1/x86_64/apache-mod_ldap-2.2.4-6.2mdv2007.1.x86_64.rpm 15c20ffb5fdc8ab2a6fa92157c9f0536 2007.1/x86_64/apache-mod_mem_cache-2.2.4-6.2mdv2007.1.x86_64.rpm f91fd6552f480eb36d030bb2e91d30b4 2007.1/x86_64/apache-mod_proxy-2.2.4-6.2mdv2007.1.x86_64.rpm 2c9d1e35af7adebaeb6284bf5da4dd5f 2007.1/x86_64/apache-mod_proxy_ajp-2.2.4-6.2mdv2007.1.x86_64.rpm caa59aaba47c89d20e799a3f02271afd 2007.1/x86_64/apache-mod_ssl-2.2.4-6.2mdv2007.1.x86_64.rpm 8ac44f8c409ea29492a3acdc1eb44c7f 2007.1/x86_64/apache-mod_userdir-2.2.4-6.2mdv2007.1.x86_64.rpm 0f2198ec988390ff3b7843a1e7090517 2007.1/x86_64/apache-modules-2.2.4-6.2mdv2007.1.x86_64.rpm 2548664fde736f25acf59f46c847d1ff 2007.1/x86_64/apache-mpm-event-2.2.4-6.2mdv2007.1.x86_64.rpm 2434c402bae11969ddf5281f2f042d24 2007.1/x86_64/apache-mpm-itk-2.2.4-6.2mdv2007.1.x86_64.rpm 8a06ecd19726db033496a042c6a6be2f 2007.1/x86_64/apache-mpm-prefork-2.2.4-6.2mdv2007.1.x86_64.rpm e8d339c397409391f3fb36f704c38c6c 2007.1/x86_64/apache-mpm-worker-2.2.4-6.2mdv2007.1.x86_64.rpm 8a6f923428242f7aa1b4d489739e241b 2007.1/x86_64/apache-source-2.2.4-6.2mdv2007.1.x86_64.rpm ccbd9fad2b29ff86d8601f7201f48d72 2007.1/SRPMS/apache-2.2.4-6.2mdv2007.1.src.rpm
Corporate 4.0: 74beb8d1579ce5d5f12c8b15981b6e63 corporate/4.0/i586/apache-base-2.2.3-1.1.20060mlcs4.i586.rpm 326a8259b0d99bc2938bfa6cd85743e7 corporate/4.0/i586/apache-devel-2.2.3-1.1.20060mlcs4.i586.rpm ca305d0928255a65814af781b345a056 corporate/4.0/i586/apache-htcacheclean-2.2.3-1.1.20060mlcs4.i586.rpm 48c2b6a5ee11c3f011b1f6dc60a86479 corporate/4.0/i586/apache-mod_authn_dbd-2.2.3-1.1.20060mlcs4.i586.rpm b81a3077cb88a34af43a61ad6f2559ea corporate/4.0/i586/apache-mod_cache-2.2.3-1.1.20060mlcs4.i586.rpm ba5aee0b2a86182560e54f0cf4d360bd corporate/4.0/i586/apache-mod_dav-2.2.3-1.1.20060mlcs4.i586.rpm b696352106c5a0d1697385523455c767 corporate/4.0/i586/apache-mod_dbd-2.2.3-1.1.20060mlcs4.i586.rpm e79f271f000dd7f3a009cca70fd7e4a2 corporate/4.0/i586/apache-mod_deflate-2.2.3-1.1.20060mlcs4.i586.rpm c7bdb987f61099b64e751639ca02dd8a corporate/4.0/i586/apache-mod_disk_cache-2.2.3-1.1.20060mlcs4.i586.rpm b0303fcc2f43bdcf25419dde56df2297 corporate/4.0/i586/apache-mod_file_cache-2.2.3-1.1.20060mlcs4.i586.rpm f818ff0f890abe230c92069f9d256e5c corporate/4.0/i586/apache-mod_ldap-2.2.3-1.1.20060mlcs4.i586.rpm 4247be23e42c368b3880c7ab5ac13c89 corporate/4.0/i586/apache-mod_mem_cache-2.2.3-1.1.20060mlcs4.i586.rpm e50f1749935c96d3364bdce9af5d22bf corporate/4.0/i586/apache-mod_proxy-2.2.3-1.1.20060mlcs4.i586.rpm a619b4e0130d1db7f77a790fee0917a6 corporate/4.0/i586/apache-mod_proxy_ajp-2.2.3-1.1.20060mlcs4.i586.rpm 8170e0e77256f08d07b02119400a19f9 corporate/4.0/i586/apache-mod_ssl-2.2.3-1.1.20060mlcs4.i586.rpm 4a5d94d4f94295efe48266a1d529486e corporate/4.0/i586/apache-mod_userdir-2.2.3-1.1.20060mlcs4.i586.rpm 7c0c27197d6b44115366eac339c424f2 corporate/4.0/i586/apache-modules-2.2.3-1.1.20060mlcs4.i586.rpm 56351aafc723fdea2f2fac22d5046944 corporate/4.0/i586/apache-mpm-prefork-2.2.3-1.1.20060mlcs4.i586.rpm ccbb2f27b762b5dd564dc7a00aac6db0 corporate/4.0/i586/apache-mpm-worker-2.2.3-1.1.20060mlcs4.i586.rpm a65137ff29ed6a1da1f894d19997faec corporate/4.0/i586/apache-source-2.2.3-1.1.20060mlcs4.i586.rpm 8cdf592a822485abba00dfb6591615ea corporate/4.0/SRPMS/apache-2.2.3-1.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64: 7a9b4f5b3fcf2cac67e4c38022ee2441 corporate/4.0/x86_64/apache-base-2.2.3-1.1.20060mlcs4.x86_64.rpm 5604ba341d957fbe6182bd2eb29a8e9d corporate/4.0/x86_64/apache-devel-2.2.3-1.1.20060mlcs4.x86_64.rpm 8983bda4bbe3b58f9c6c317531eb52b7 corporate/4.0/x86_64/apache-htcacheclean-2.2.3-1.1.20060mlcs4.x86_64.rpm 9baf252cbc8ef8a093ed25e7a0daf25d corporate/4.0/x86_64/apache-mod_authn_dbd-2.2.3-1.1.20060mlcs4.x86_64.rpm 26cc58bcbfd25a83c15051c8f590a36d corporate/4.0/x86_64/apache-mod_cache-2.2.3-1.1.20060mlcs4.x86_64.rpm 941a32aea1b1b3bca1ae343d5d925892 corporate/4.0/x86_64/apache-mod_dav-2.2.3-1.1.20060mlcs4.x86_64.rpm 1d79a7b921ce150de88e22ffbaba4b31 corporate/4.0/x86_64/apache-mod_dbd-2.2.3-1.1.20060mlcs4.x86_64.rpm d80b9ffca3dd024e73d069e55ba7fa3e corporate/4.0/x86_64/apache-mod_deflate-2.2.3-1.1.20060mlcs4.x86_64.rpm 7a7a11645680a7bee9cf88b166b0d32f corporate/4.0/x86_64/apache-mod_disk_cache-2.2.3-1.1.20060mlcs4.x86_64.rpm fcc85c0f9faf1fa08a01f3d4ecb68033 corporate/4.0/x86_64/apache-mod_file_cache-2.2.3-1.1.20060mlcs4.x86_64.rpm 55789d16ff565bcd31dfa522435d4d4b corporate/4.0/x86_64/apache-mod_ldap-2.2.3-1.1.20060mlcs4.x86_64.rpm 7ee708824d65878b71ede35e139ac94d corporate/4.0/x86_64/apache-mod_mem_cache-2.2.3-1.1.20060mlcs4.x86_64.rpm e8579835f848cade641da14354196497 corporate/4.0/x86_64/apache-mod_proxy-2.2.3-1.1.20060mlcs4.x86_64.rpm 6a1e70a638aecf603f3bc2485d14bd78 corporate/4.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.1.20060mlcs4.x86_64.rpm 212f40574d0821b909972ebc36fb697a corporate/4.0/x86_64/apache-mod_ssl-2.2.3-1.1.20060mlcs4.x86_64.rpm 32a8dd886e42c8093be05c9ee4d31855 corporate/4.0/x86_64/apache-mod_userdir-2.2.3-1.1.20060mlcs4.x86_64.rpm 265bccd86baa7fca942f1c6d4d694523 corporate/4.0/x86_64/apache-modules-2.2.3-1.1.20060mlcs4.x86_64.rpm babdb585a6c754f23d91c41fc844a5e2 corporate/4.0/x86_64/apache-mpm-prefork-2.2.3-1.1.20060mlcs4.x86_64.rpm 63274f5c5dc3897d0062f621b1c63e0e corporate/4.0/x86_64/apache-mpm-worker-2.2.3-1.1.20060mlcs4.x86_64.rpm 18782a1fcbcb760d36162ce830ac4cdd corporate/4.0/x86_64/apache-source-2.2.3-1.1.20060mlcs4.x86_64.rpm 8cdf592a822485abba00dfb6591615ea corporate/4.0/SRPMS/apache-2.2.3-1.1.20060mlcs4.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFGjD3WmqjQ0CJFipgRAtGoAKCXMGCKCMbkso0ugvF0TpsWNwkPjgCfVakS Re00IyLecNs4MIGgsrv2qJE= =5EEm -----END PGP SIGNATURE-----
.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/apache < 2.2.6 *>= 2.0.59-r5 >= 2.2.6
Description
Multiple cross-site scripting vulnerabilities have been discovered in mod_status and mod_autoindex (CVE-2006-5752, CVE-2007-4465). An error has been discovered in the recall_headers() function in mod_mem_cache (CVE-2007-1862). The mod_cache module does not properly sanitize requests before processing them (CVE-2007-1863). The Prefork module does not properly check PID values before sending signals (CVE-2007-3304). The mod_proxy module does not correctly check headers before processing them (CVE-2007-3847).
Impact
A remote attacker could exploit one of these vulnerabilities to inject arbitrary script or HTML content, obtain sensitive information or cause a Denial of Service.
Workaround
There is no known workaround at this time.
Resolution
All Apache users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-servers/apache-2.0.59-r5"
References
[ 1 ] CVE-2006-5752 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752 [ 2 ] CVE-2007-1862 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1862 [ 3 ] CVE-2007-1863 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863 [ 4 ] CVE-2007-3304 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304 [ 5 ] CVE-2007-3847 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847 [ 6 ] CVE-2007-4465 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4465
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200711-06.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . Summary
Updated VMware Hosted products address security issues in libpng and the Apace HTTP Server.
- Relevant releases
VMware Workstation 6.5.2 and earlier, VMware Player 2.5.2 and earlier, VMware ACE 2.5.2 and earlier
- Problem Description
a. Third Party Library libpng Updated to 1.2.35
Several flaws were discovered in the way third party library libpng
handled uninitialized pointers. An attacker could create a PNG image
file in such a way, that when loaded by an application linked to
libpng, it could cause the application to crash or execute arbitrary
code at the privilege level of the user that runs the application.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2009-0040 to this issue.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
Workstation 6.5.x any 6.5.3 build 185404 or later
Player 2.5.x any 2.5.3 build 185404 or later
ACE 2.5.x any 2.5.3 build 185404 or later
Server 2.x any patch pending
Server 1.x any patch pending
Fusion 2.x Mac OS/X not affected
Fusion 1.x Mac OS/X not affected
ESXi 4.0 ESXi not affected
ESXi 3.5 ESXi not affected
ESX 4.0 ESX not affected
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
ESX 3.0.2 ESX not affected
ESX 2.5.5 ESX not affected *
* The libpng update for the Service Console of ESX 2.5.5 is
documented in VMSA-2009-0007.
b. Apache HTTP Server updated to 2.0.63
The new version of ACE updates the Apache HTTP Server on Windows
hosts to version 2.0.63 which addresses multiple security issues
that existed in the previous versions of this server.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2007-3847, CVE-2007-1863, CVE-2006-5752,
CVE-2007-3304, CVE-2007-6388, CVE-2007-5000, CVE-2008-0005 to the
issues that have been addressed by this update.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
Workstation 6.5.x any not affected
Player 2.5.x any not affected
ACE 2.5.x Windows 2.5.3 build 185404 or later
ACE 2.5.x Linux update Apache on host system *
Server 2.x any not affected
Server 1.x any not affected
Fusion 2.x Mac OS/X not affected
Fusion 1.x Mac OS/X not affected
ESXi 4.0 ESXi not affected
ESXi 3.5 ESXi not affected
ESX 4.0 ESX not affected
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
ESX 3.0.2 ESX not affected
ESX 2.5.5 ESX not affected
* The Apache HTTP Server is not part of an ACE install on a Linux
host. Update the Apache HTTP Server on the host system to version
2.0.63 in order to remediate the vulnerabilities listed above.
- Solution
Please review the patch/release notes for your product and version and verify the md5sum and/or the sha1sum of your downloaded file.
VMware Workstation 6.5.3
http://www.vmware.com/download/ws/ Release notes: http://www.vmware.com/support/ws65/doc/releasenotes_ws653.html
For Windows
Workstation for Windows 32-bit and 64-bit Windows 32-bit and 64-bit .exe md5sum: 7565d16b7d7e0173b90c3b76ca4656bc sha1sum: 9f687afd8b0f39cde40aeceb3213a91be487aad1
For Linux
Workstation for Linux 32-bit Linux 32-bit .rpm md5sum: 4d55c491bd008ded0ea19f373d1d1fd4 sha1sum: 1f43131c960e76a530390d3b6984c78dfc2da23e
Workstation for Linux 32-bit Linux 32-bit .bundle md5sum: d4a721c1918c0e8a87c6fa4bad49ad35 sha1sum: c0c6f9b56e70bd3ffdb5467ee176110e283a69e5
Workstation for Linux 64-bit Linux 64-bit .rpm md5sum: 72adfdb03de4959f044fcb983412ae7c sha1sum: ba16163c8d9b5aa572526b34a7b63dc6e68f9bbb
Workstation for Linux 64-bit Linux 64-bit .bundle md5sum: 83e1f0c94d6974286256c4d3b559e854 sha1sum: 8763f250a3ac5fc4698bd26319b93fecb498d542
VMware Player 2.5.3
http://www.vmware.com/download/player/ Release notes: http://www.vmware.com/support/player25/doc/releasenotes_player253.html
Player for Windows binary
http://download3.vmware.com/software/vmplayer/VMware-player-2.5.3-185404.exe md5sum: fe28f193374c9457752ee16cd6cad4e7 sha1sum: 13bd3ff93c04fa272544d3ef6de5ae746708af04
Player for Linux (.rpm)
http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.i386.rpm md5sum: c99cd65f19fdfc7651bcb7f328b73bc2 sha1sum: a33231b26e2358a72d16e1b4e2656a5873fe637e
Player for Linux (.bundle)
http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.i386.bundle md5sum: 210f4cb5615bd3b2171bc054b9b2bac5 sha1sum: 2f6497890b17b37480165bab9f430e8645edae9b
Player for Linux - 64-bit (.rpm)
http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.x86_64.rpm md5sum: f91576ef90b322d83225117ae9335968 sha1sum: f492fa9cf26ee2818f164aac04cde1680c25d974
Player for Linux - 64-bit (.bundle)
http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.x86_64.bundle md5sum: 595d44d7945c129b1aeb679d2f001b05 sha1sum: acd69fcb0c6bc49fd4af748c65c7fb730ab1e8c4
VMware ACE 2.5.3
http://www.vmware.com/download/ace/ Release notes: http://www.vmware.com/support/ace25/doc/releasenotes_ace253.html
ACE Management Server Virtual Appliance AMS Virtual Appliance .zip md5sum: 44cc7b86353047f02cf6ea0653e38418 sha1sum: 9f44b15e6681a6e58dd20784f829c68091a62cd1
VMware ACE for Windows 32-bit and 64-bit Windows 32-bit and 64-bit .exe md5sum: 0779da73408c5e649e0fd1c62d23820f sha1sum: 2b2e4963adc89f3b642874685f490222523b63ef
ACE Management Server for Windows Windows .exe md5sum: 0779da73408c5e649e0fd1c62d23820f sha1sum: 2b2e4963adc89f3b642874685f490222523b63ef
ACE Management Server for SUSE Enterprise Linux 9 SLES 9 .rpm md5sum: a4fc92d7197f0d569361cdf4b8cca642 sha1sum: af8a135cca398cacaa82c8c3c325011c6cd3ed75
ACE Management Server for Red Hat Enterprise Linux 4 RHEL 4 .rpm md5sum: 841005151338c8b954f08d035815fd58 sha1sum: 67e48624dba20e6be9e41ec9a5aba407dd8cc01e
- Change log
2009-08-20 VMSA-2009-0010 Initial security advisory after release of Workstation 6.5.3, Player 2.5.3, and ACE 2.5.3 on 2009-08-20.
- Contact
E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
- security-announce at lists.vmware.com
- bugtraq at securityfocus.com
- full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055
VMware Security Center http://www.vmware.com/security
VMware security response policy http://www.vmware.com/support/policies/security_response.html
General support life cycle policy http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html
Copyright 2009 VMware Inc. All rights reserved. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01178795 Version: 1
HPSBUX02262 SSRT071447 rev. 1 - HP-UX running Apache, Remote Arbitrary Code Execution, Cross Site Scripting (XSS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2007-10-02 Last Updated: 2007-10-02
Potential Security Impact: Remote arbitrary code execution, cross site scripting (XSS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Apache running on HP-UX. The vulnerabilities could be exploited remotely via Cross Site Scripting (XSS) to execute arbitrary code.
References: CVE-2005-2090, CVE-2006-5752, CVE-2007-0450, CVE-2007-0774, CVE-2007-1355, CVE-2007-1358, CVE-2007-1860, CVE-2007-1863, CVE-2007-1887, CVE-2007-1900, CVE-2007-2449, CVE-2007-2450, CVE-2007-2756, CVE-2007-2872, CVE-2007-3382, CVE-2007-3385, CVE-2007-3386.
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running Apache
BACKGROUND To determine if a system has an affected version, search the output of "swlist -a revision -l fileset" for an affected fileset. Then determine if the recommended patch or update is installed.
AFFECTED VERSIONS
For IPv4: HP-UX B.11.11 ============= hpuxwsAPACHE action: install revision A.2.0.59.00 or subsequent restart Apache URL: https://www.hp.com/go/softwaredepot/
For IPv6: HP-UX B.11.11 HP-UX B.11.23 HP-UX B.11.31 ============= hpuxwsAPACHE,revision=B.1.0.00.01 hpuxwsAPACHE,revision=B.1.0.07.01 hpuxwsAPACHE,revision=B.1.0.08.01 hpuxwsAPACHE,revision=B.1.0.09.01 hpuxwsAPACHE,revision=B.1.0.10.01 hpuxwsAPACHE,revision=B.2.0.48.00 hpuxwsAPACHE,revision=B.2.0.49.00 hpuxwsAPACHE,revision=B.2.0.50.00 hpuxwsAPACHE,revision=B.2.0.51.00 hpuxwsAPACHE,revision=B.2.0.52.00 hpuxwsAPACHE,revision=B.2.0.53.00 hpuxwsAPACHE,revision=B.2.0.54.00 hpuxwsAPACHE,revision=B.2.0.55.00 hpuxwsAPACHE,revision=B.2.0.56.00 hpuxwsAPACHE,revision=B.2.0.58.00 hpuxwsAPACHE,revision=B.2.0.58.01
action: install revision B.2.0.59.00 or subsequent restart Apache URL: https://www.hp.com/go/softwaredepot/
END AFFECTED VERSIONS
RESOLUTION HP has made the following available to resolve the vulnerability. HP-UX Apache-based Web Server v.2.18 powered by Apache Tomcat Webmin or subsequent. The update is available on https://www.hp.com/go/softwaredepot/ Note: HP-UX Apache-based Web Server v.2.18 powered by Apache Tomcat Webmin contains HP-UX Apache-based Web Server v.2.0.59.00.
MANUAL ACTIONS: Yes - Update Install HP-UX Apache-based Web Server v.2.18 powered by Apache Tomcat Webmin or subsequent.
PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all HP-issued Security Bulletins and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
HISTORY Revision: 1 (rev.1) - 02 October 2007 Initial release
Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
- The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
\xa9Copyright 2007 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: PGP 8.1
iQA/AwUBRwVCruAfOvwtKn1ZEQK1YgCfavU7x1Hs59uLdP26lpZFwMxKofIAn3gJ HHoe3AY1sc6hrW3Xk+B1hcbr =+E1W -----END PGP SIGNATURE----- . =========================================================== Ubuntu Security Notice USN-499-1 August 16, 2007 apache2 vulnerabilities CVE-2006-5752, CVE-2007-1863, CVE-2007-3304 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 6.06 LTS: apache2-common 2.0.55-4ubuntu2.2 apache2-mpm-prefork 2.0.55-4ubuntu2.2 apache2-mpm-worker 2.0.55-4ubuntu2.2
Ubuntu 6.10: apache2-common 2.0.55-4ubuntu4.1 apache2-mpm-prefork 2.0.55-4ubuntu4.1 apache2-mpm-worker 2.0.55-4ubuntu4.1
Ubuntu 7.04: apache2-mpm-prefork 2.2.3-3.2ubuntu0.1 apache2-mpm-worker 2.2.3-3.2ubuntu0.1 apache2.2-common 2.2.3-3.2ubuntu0.1
In general, a standard system upgrade is sufficient to effect the necessary changes.
Details follow:
Stefan Esser discovered that mod_status did not force a character set, which could result in browsers becoming vulnerable to XSS attacks when processing the output. If a user were tricked into viewing server status output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. By default, mod_status is disabled in Ubuntu. (CVE-2006-5752)
Niklas Edmundsson discovered that the mod_cache module could be made to crash using a specially crafted request. A remote user could use this to cause a denial of service if Apache was configured to use a threaded worker. By default, mod_cache is disabled in Ubuntu. (CVE-2007-1863)
A flaw was discovered in the signal handling of Apache. A local attacker could trick Apache into sending SIGUSR1 to other processes. The vulnerable code was only present in Ubuntu Feisty. (CVE-2007-3304)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2.diff.gz
Size/MD5: 115882 e94e45574e3b131d3a9a0e07e193f1e5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2.dsc
Size/MD5: 1148 c2bc143625fbf8ca59fea300845c5a42
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz
Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.2_all.deb
Size/MD5: 2124364 9b8ca5d5757c63f5ee6bbd507f0a8357
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.2_amd64.deb
Size/MD5: 833000 be4c7770c725f5f4401ca06d1347211f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.2_amd64.deb
Size/MD5: 227832 41c12dfe84f109e6544a33e4e1d791a8
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.2_amd64.deb
Size/MD5: 222934 7e4d072bad27239e366a6eda94c09190
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.2_amd64.deb
Size/MD5: 227576 8fc59f78a3fa0e5d6dac81e875039bda
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.2_amd64.deb
Size/MD5: 171082 4318f93373b705563251f377ed398614
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.2_amd64.deb
Size/MD5: 171860 257f4183d70be5a00546c39c5a18f108
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.2_amd64.deb
Size/MD5: 93916 695cee55f91ceb9424abe31d8b6ee1dd
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2_amd64.deb
Size/MD5: 35902 00c1082a77ff1d863f72874c4472a26d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.2_amd64.deb
Size/MD5: 285336 0a8510634b21f56f0d9619aa6fc9cec9
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.2_amd64.deb
Size/MD5: 143952 d75f83ac219bce95a15a8f44b82b8ea7
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.2_i386.deb
Size/MD5: 786186 4e78fa0d438867194f66b11b4eb6fc2e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.2_i386.deb
Size/MD5: 202448 74cf60884e18c1fc93f157010a15b12c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.2_i386.deb
Size/MD5: 198456 209a0b92995fec453ed4c2c181e3e555
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.2_i386.deb
Size/MD5: 202038 6cbd437caf993fa2b2b38369cd3d5863
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.2_i386.deb
Size/MD5: 171074 0a5a26aa58af7aa2d51d1cf5d7c543d6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.2_i386.deb
Size/MD5: 171848 af9ca78febc5bc0c7936296dab958349
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.2_i386.deb
Size/MD5: 91884 2857d60b507b28c736f83815c9f3d1b8
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2_i386.deb
Size/MD5: 35906 202b5b233af0d26e29ca7302cf7fd04c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.2_i386.deb
Size/MD5: 261418 c90342706ac26682d15032a5ba5cb51a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.2_i386.deb
Size/MD5: 131850 951a4573901bc2f10d5febf940d57516
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.2_powerpc.deb
Size/MD5: 859126 afdd8642ca447fc9dc70dfed92be0fa6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.2_powerpc.deb
Size/MD5: 219898 6d9c9f924d2356bf9d3438a280870a7d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.2_powerpc.deb
Size/MD5: 215602 dd554132cdea0f860e01cf5d4e0dbc7c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.2_powerpc.deb
Size/MD5: 219378 7a1f4b325dacef287c901fa66680c04e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.2_powerpc.deb
Size/MD5: 171096 a0e2547d38ef1b84dc419d69e42ffa0b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.2_powerpc.deb
Size/MD5: 171864 200ab662b2c13786658486df37fda881
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.2_powerpc.deb
Size/MD5: 103628 ae36642fbd4698bb362fa4bf9417b0e3
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2_powerpc.deb
Size/MD5: 35910 358027282f2f19451d3aa784dc0474dc
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.2_powerpc.deb
Size/MD5: 280950 0d9b56ec076da25e2a03f6d3c6445057
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.2_powerpc.deb
Size/MD5: 141074 f5d3d5e0e5911e0c0156ae55af50f87b
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.2_sparc.deb
Size/MD5: 803440 d66da6a91c08956c3c5062668349ef41
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.2_sparc.deb
Size/MD5: 209970 57f0a8f823a4502ee9a2608e3181cc81
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.2_sparc.deb
Size/MD5: 205582 1dcfb0df796e85c409f614544ea589fe
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.2_sparc.deb
Size/MD5: 209330 6bf7ae824eea35d3487febef384fce91
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.2_sparc.deb
Size/MD5: 171080 1088337f4abcb6c8f65751b6120c2307
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.2_sparc.deb
Size/MD5: 171868 5cda04cd73a9c6d8dfc18abd55c09ebd
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.2_sparc.deb
Size/MD5: 92972 850ab3bb0904e8fe9b6255c42ba7f84c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2_sparc.deb
Size/MD5: 35904 7af260b95c4faa17ef34810fed888caf
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.2_sparc.deb
Size/MD5: 267550 08182a8a2cab00fc0e6bca2cccf5165f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.2_sparc.deb
Size/MD5: 129760 a60606c6d2f12209b0bdae997be4a13f
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1.diff.gz
Size/MD5: 116265 2732761b18dfb3c2cd1aa0b54c2cf623
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1.dsc
Size/MD5: 1148 4b9c4612469c521db0c5fdbe2f6b9b25
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz
Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu4.1_all.deb
Size/MD5: 2124550 8d5c30342b35f9fd595fb09d7659b6fc
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.1_amd64.deb
Size/MD5: 836342 2c4ba483b0b20fdc2d43819109177941
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.1_amd64.deb
Size/MD5: 227390 e61cc1998f5b8f2c44dce587e59d288a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.1_amd64.deb
Size/MD5: 222376 6bdbff7f7f80fd464d1e3ec52d6e7171
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.1_amd64.deb
Size/MD5: 226848 4356b4caf2b40f364c8893c41b9f9355
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.1_amd64.deb
Size/MD5: 171304 c4395af051e876228541ef5b8037d979
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.1_amd64.deb
Size/MD5: 172074 99dadc4ad0f0947f9368d89f4589d95a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.1_amd64.deb
Size/MD5: 94204 30f3bb8c72575fe93940ecc730b8e4b6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1_amd64.deb
Size/MD5: 36152 ea3cbefcbee7e2f6e5555edb44733ad9
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.1_amd64.deb
Size/MD5: 286544 d555931490d44d93bec31c4bfc19ed12
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.1_amd64.deb
Size/MD5: 145014 3e06ceb0a55598d82f9f781c44e210b3
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.1_i386.deb
Size/MD5: 806938 050bb7665332d3761e1a8e47939fa507
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.1_i386.deb
Size/MD5: 209556 ee530b24aba8838001ebb6c901bc90cd
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.1_i386.deb
Size/MD5: 205718 b52a17c63909eae3c49bad0ab1958f4b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.1_i386.deb
Size/MD5: 209158 1844fa5e09224a90944f8b886ddb5a2a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.1_i386.deb
Size/MD5: 171296 9de8aba41f7e3d60f41536ca712adebb
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.1_i386.deb
Size/MD5: 172078 01ccd554177364747b08e2933f121d2c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.1_i386.deb
Size/MD5: 93240 4573597317416869646eb2ea42cd0945
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1_i386.deb
Size/MD5: 36150 77666d65bade6a91bd58826c79f11dc9
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.1_i386.deb
Size/MD5: 266390 a3963d8e76f6865404f7fadb47880c87
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.1_i386.deb
Size/MD5: 137604 387f6bcdaa58dbbe53082241b3231844
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.1_powerpc.deb
Size/MD5: 865372 27d7f1de1fcb2114d3f3b0a774302488
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.1_powerpc.deb
Size/MD5: 221542 1ae8fa5cf4b77f3b2aa054e2886e587e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.1_powerpc.deb
Size/MD5: 217044 9134983c40107f79fcac8d1eacbc7117
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.1_powerpc.deb
Size/MD5: 221324 b435dc09c63ecbcd564a0923a8f07350
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.1_powerpc.deb
Size/MD5: 171296 6d2a0abfb7a1daaeae56559eeb322dcb
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.1_powerpc.deb
Size/MD5: 172064 ecc2037409554ea43c5a6848aa510c76
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.1_powerpc.deb
Size/MD5: 104654 d0957d8df044c4a34437241792ed97d1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1_powerpc.deb
Size/MD5: 36148 34e102e1d2e1c6a6f31801dfb98cb82a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.1_powerpc.deb
Size/MD5: 284548 c8f325ccc42cbe77191d4ddd9abc2a4e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.1_powerpc.deb
Size/MD5: 144238 82cfbfcec5fc4931078145af8947c035
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.1_sparc.deb
Size/MD5: 811594 d8548e537fd81994bbb638e105dfbf8b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.1_sparc.deb
Size/MD5: 212160 81cd0197ff89b79c967c1074ede9f8d7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.1_sparc.deb
Size/MD5: 207870 5d80ed8dc39b0d4d59fccb747624a684
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.1_sparc.deb
Size/MD5: 211578 9407383d85db831dab728b39cce9acc8
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.1_sparc.deb
Size/MD5: 171294 5e4d695a99bdc1fdfb0bfcef8b91d03d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.1_sparc.deb
Size/MD5: 172064 06e3e765d799e281dba7329ff9d9e138
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.1_sparc.deb
Size/MD5: 93796 1048b47b289fb2047fa9ac7ebbe94a57
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1_sparc.deb
Size/MD5: 36150 0d106a177aa4271b1cfc0e96eec1a748
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.1_sparc.deb
Size/MD5: 268444 3912123e7c71cc638132305ca89fe23b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.1_sparc.deb
Size/MD5: 130626 f4444e0239c2da7d3c31e3486606f95a
Updated packages for Ubuntu 7.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu0.1.diff.gz
Size/MD5: 112120 f7b1a17718aed7ca73da3a6d7aad06b0
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu0.1.dsc
Size/MD5: 1128 e82b1bee591fff50d6673ed1a443e543
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3.orig.tar.gz
Size/MD5: 6342475 f72ffb176e2dc7b322be16508c09f63c
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.3-3.2ubuntu0.1_all.deb
Size/MD5: 2199184 c03756f87cb164213428532f70e0c198
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.3-3.2ubuntu0.1_all.deb
Size/MD5: 272064 5be351f491f8d1aae9a270d1214e93e3
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.3-3.2ubuntu0.1_all.deb
Size/MD5: 6674104 bdbabf8f478562f0e003737e977ffc7b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu0.1_all.deb
Size/MD5: 38668 9f0c7c01e8441285c084002eb4619065
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu0.1_amd64.deb
Size/MD5: 449624 1b54a8000c40eaaa0f9e31527b9bb180
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu0.1_amd64.deb
Size/MD5: 445346 d15625641a3247fbf5d9d9b9aed34968
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu0.1_amd64.deb
Size/MD5: 449208 55f39c28a4de98d53f80231aeb7d6c59
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu0.1_amd64.deb
Size/MD5: 403570 0042c75be8a2d128d62b79398deaefa8
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu0.1_amd64.deb
Size/MD5: 404138 929772b95ea67f338ad423a65b2b7011
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu0.1_amd64.deb
Size/MD5: 341312 906819b0de863209575aa65d39a594a5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu0.1_amd64.deb
Size/MD5: 971462 f85e32c5f6437ce149553aee97ffd934
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu0.1_i386.deb
Size/MD5: 432922 c1b81ac7dc7b7a0b2261fd10d9bcf5c6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu0.1_i386.deb
Size/MD5: 428856 f506f2a9dd2dbd5c2d3f72a476cc3537
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu0.1_i386.deb
Size/MD5: 432314 a5a11947ad8cf14604efa7ddcfd20bfe
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu0.1_i386.deb
Size/MD5: 403574 da84a3a99276f14a11ac892ce7eee170
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu0.1_i386.deb
Size/MD5: 404138 0fdd43a53e6957aa3a348a7bd9c876f5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu0.1_i386.deb
Size/MD5: 340396 88a0ddbc58335416d91c9f10adc9d5f5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu0.1_i386.deb
Size/MD5: 929716 138d58487b882e6002e3c5e4a9489add
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu0.1_powerpc.deb
Size/MD5: 451530 ddc437092ef642fcd396713cd1972f4c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu0.1_powerpc.deb
Size/MD5: 446960 af1b667708e062f81bca4e995355394d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu0.1_powerpc.deb
Size/MD5: 450940 ed9f31ec5045a88446115987c6e97655
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu0.1_powerpc.deb
Size/MD5: 403574 65801ab51335a15dc370b9341a0e50dd
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu0.1_powerpc.deb
Size/MD5: 404146 fd35e65fadd836feb0190b209947b466
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu0.1_powerpc.deb
Size/MD5: 360518 b74bc9eead429cd8f0ebecd6a94e5edb
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu0.1_powerpc.deb
Size/MD5: 1073812 376fe5b1ee383a6d870eea5dd3c6a704
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu0.1_sparc.deb
Size/MD5: 434408 c70ef2e9aed191fe53886ceb3725596e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu0.1_sparc.deb
Size/MD5: 430574 7b690896da23a151ee5e106d596c1143
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu0.1_sparc.deb
Size/MD5: 433918 cc01edfcfc673ba9a86c83fcc66e6870
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu0.1_sparc.deb
Size/MD5: 403568 a7660cff70394403c764cf8f30c7298a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu0.1_sparc.deb
Size/MD5: 404136 b8587d5eba0be59a6576d6cf645b2122
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu0.1_sparc.deb
Size/MD5: 343370 1572a001a612add57d23350210ac1736
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu0.1_sparc.deb
Size/MD5: 938586 b74a91fcfbb0503355e94981310bd1ce
Show details on source website
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200706-0660", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "mac os x server", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3.1" }, { "model": "mac os x server", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.2.8" }, { "model": "mac os x server", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.2.6" }, { "model": "mac os x server", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.2.5" }, { "model": "mac os x server", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3" }, { "model": "mac os x server", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.2.3" }, { "model": "mac os x server", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.2" }, { "model": "mac os x server", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.2.7" }, { "model": "mac os x server", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.2.4" }, { "model": "mac os x server", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3.2" }, { "model": "http server", "scope": "eq", "trust": 1.1, "vendor": "ibm", "version": "6.1.0.13" }, { "model": "http server", "scope": "eq", "trust": 1.1, "vendor": "ibm", "version": "6.0.2.23" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.4.7" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.4.3" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.1.2" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.3.6" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.4.4" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.2.1" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.4.9" }, { "model": "http server", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "2.2.0" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.4.1" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.3.5" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.3.4" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.1.1" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.0" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.1.5" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.3.9" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.4.2" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.4.5" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.1.3" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.2.2" }, { "model": "http server", "scope": "lt", "trust": 1.0, "vendor": "apache", "version": "2.2.6" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.3.8" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.1.4" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.4" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.4.8" }, { "model": "http server", "scope": "lt", "trust": 1.0, "vendor": "apache", "version": "2.0.61" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.3.7" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.1" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.4.6" }, { "model": "http server", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "2.0.37" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.3.3" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "3.0" }, { "model": "http server", "scope": "lte", "trust": 0.8, "vendor": "apache", "version": "2.0.59 and earlier" }, { "model": "rhel desktop workstation", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (client)" }, { "model": "turbolinux fuji", "scope": null, "trust": 0.8, "vendor": "turbo linux", "version": null }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4 (ws)" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4 (es)" }, { "model": "interstage application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage apworks", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.23" }, { "model": "interstage application framework suite", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "3 (as)" }, { "model": "http server", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "2.0.47" }, { "model": "systemwalker resource coordinator", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "2.1" }, { "model": "http server", "scope": "lte", "trust": 0.8, "vendor": "apache", "version": "2.2.4 and earlier" }, { "model": "http server", "scope": "lt", "trust": 0.8, "vendor": "ibm", "version": "version" }, { "model": "interstage web server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4 (as)" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4.0" }, { "model": "turbolinux appliance server", "scope": "eq", "trust": 0.8, "vendor": "turbo linux", "version": "2.0" }, { "model": "interstage studio", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "3.0" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "3.0 (x86-64)" }, { "model": "interstage business application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "3 (es)" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.11" }, { "model": "turbolinux server", "scope": "eq", "trust": 0.8, "vendor": "turbo linux", "version": "10" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "4.0 (x86-64)" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.4.11" }, { "model": "turbolinux server", "scope": "eq", "trust": 0.8, "vendor": "turbo linux", "version": "10 (x64)" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "2.0" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.31" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "3 (ws)" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (server)" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5.0 (client)" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "4.0" }, { "model": "interstage job workload server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "workstation", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "6.5.2" }, { "model": "workstation", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "6.5.1" }, { "model": "player", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.5.2" }, { "model": "player", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.5.1" }, { "model": "ace", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.5.2" }, { "model": "ace", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.5.1" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "7.04" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "7.04" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "7.04" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "7.04" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.10" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.10" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.10" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.10" }, { "model": "linux lts sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.06" }, { "model": "linux lts powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.06" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.06" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.06" }, { "model": "server", "scope": "eq", "trust": 0.3, "vendor": "turbolinux", "version": "10.0x86" }, { "model": "server", "scope": "eq", "trust": 0.3, "vendor": "turbolinux", "version": "10.0" }, { "model": "server", "scope": "eq", "trust": 0.3, "vendor": "turbolinux", "version": "10.0.0x64" }, { "model": "fuji", "scope": "eq", "trust": 0.3, "vendor": "turbolinux", "version": "0" }, { "model": "appliance server", "scope": "eq", "trust": 0.3, "vendor": "turbolinux", "version": "2.0" }, { "model": "secure linux", "scope": "eq", "trust": 0.3, "vendor": "trustix", "version": "3.0.5" }, { "model": "secure linux", "scope": "eq", "trust": 0.3, "vendor": "trustix", "version": "3.0" }, { "model": "secure linux", "scope": "eq", "trust": 0.3, "vendor": "trustix", "version": "2.2" }, { "model": "operating system enterprise server", "scope": "eq", "trust": 0.3, "vendor": "trustix", "version": "2.0" }, { "model": "linux enterprise server", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "9" }, { "model": "linux enterprise server sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "linux enterprise sdk 10.sp1", "scope": null, "trust": 0.3, "vendor": "suse", "version": null }, { "model": "linux enterprise sdk", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "propack sp6", "scope": "eq", "trust": 0.3, "vendor": "sgi", "version": "3.0" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.3" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.2" }, { "model": "open-enterprise-server", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "0" }, { "model": "novell linux pos", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "9" }, { "model": "novell linux desktop", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "9.0" }, { "model": "linux professional oss", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.0" }, { "model": "linux professional", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.1" }, { "model": "linux personal oss", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.0" }, { "model": "linux personal", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "rpath", "version": "1" }, { "model": "fedora core7", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "enterprise linux ws", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "enterprise linux ws", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "3" }, { "model": "enterprise linux es", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "enterprise linux es", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "3" }, { "model": "enterprise linux desktop workstation client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "enterprise linux desktop client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "enterprise linux as", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "enterprise linux as", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "3" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4.0" }, { "model": "desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "3.0" }, { "model": "certificate server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7.3" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2007.1" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2007.1" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2007.0" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2007.0" }, { "model": "multi network firewall", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "2.0" }, { "model": "corporate server x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "4.0" }, { "model": "corporate server x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "3.0" }, { "model": "corporate server", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "3.0" }, { "model": "corporate server", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "4.0" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.2.13" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.1" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.2.12" }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "hp-ux b.11.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "interstage studio standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage studio standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "interstage studio enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage studio enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "interstage job workload server", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.1" }, { "model": "interstage business application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.0" }, { "model": "interstage apworks standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0" }, { "model": "interstage apworks modelers-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage apworks modelers-j edition 6.0a", "scope": null, "trust": 0.3, "vendor": "fujitsu", "version": null }, { "model": "interstage apworks modelers-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage apworks enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0" }, { "model": "interstage application server web-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "interstage application server standard-j edition a", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.2" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0" }, { "model": "interstage application server standard edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "interstage application server plus developer", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0.1" }, { "model": "interstage application server plus developer", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage application server plus developer", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0.1" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0.1" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server enterprise edition a", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.2" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0.1" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0.1" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage application server enterprise edition 6.0a", "scope": null, "trust": 0.3, "vendor": "fujitsu", "version": null }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "messaging storage server mm3.0", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.0" }, { "model": "messaging storage server", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "message networking mn", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1" }, { "model": "message networking", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "emmc", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.021" }, { "model": "emmc", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.017" }, { "model": "emmc", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "0" }, { "model": "communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0.1" }, { "model": "communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1" }, { "model": "communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1.3" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.11" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.11" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.4" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.3" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.8" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.7" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.6" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.5" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.4" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.3" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.2" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.1" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.59" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.58" }, { "model": "-dev", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.56" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.55" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.54" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.53" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.52" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.51" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.50" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.49" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.48" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.47" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.46" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.45" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.44" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.43" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.42" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.41" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.40" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.39" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.38" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.37" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.36" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.35" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.32" }, { "model": "beta", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.28" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.28" }, { "model": "a9", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.37" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.36" }, { "model": "-dev", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.35" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.34" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.33" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.32" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.31" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.29" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.28" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.27" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.26" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.25" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.24" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.23" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.22" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.20" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.19" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.18" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.17" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.14" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.12" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.11" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.9" }, { "model": "-dev", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.7" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.6" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.4" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.3" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.1" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.2.5" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.2" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.1.1" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.1" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.0.5" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.0.3" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.0.2" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.0" }, { "model": "2.2.5-dev", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": null }, { "model": "2.0.60-dev", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": null } ], "sources": [ { "db": "BID", "id": "24649" }, { "db": "JVNDB", "id": "JVNDB-2007-000506" }, { "db": "CNNVD", "id": "CNNVD-200706-496" }, { "db": "NVD", "id": "CVE-2007-1863" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:apache:http_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:ibm:http_server", "vulnerable": true }, { "cpe22Uri": "cpe:/o:apple:mac_os_x_server", "vulnerable": true }, { "cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server", "vulnerable": true }, { "cpe22Uri": "cpe:/o:turbolinux:turbolinux_appliance_server", "vulnerable": true }, { "cpe22Uri": "cpe:/o:turbolinux:turbolinux_fuji", "vulnerable": true }, { "cpe22Uri": "cpe:/o:turbolinux:turbolinux_server", "vulnerable": true }, { "cpe22Uri": "cpe:/o:hp:hp-ux", "vulnerable": true }, { "cpe22Uri": "cpe:/o:redhat:enterprise_linux", "vulnerable": true }, { "cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop", "vulnerable": true }, { "cpe22Uri": "cpe:/o:redhat:rhel_desktop_workstation", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_framework_suite", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_apworks", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_job_workload_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_studio", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_web_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_resource_coordinator", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2007-000506" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Niklas Edmundsson", "sources": [ { "db": "CNNVD", "id": "CNNVD-200706-496" } ], "trust": 0.6 }, "cve": "CVE-2007-1863", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2007-1863", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-25225", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2007-1863", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2007-1863", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-200706-496", "trust": 0.6, "value": "LOW" }, { "author": "VULHUB", "id": "VHN-25225", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-25225" }, { "db": "JVNDB", "id": "JVNDB-2007-000506" }, { "db": "CNNVD", "id": "CNNVD-200706-496" }, { "db": "NVD", "id": "CVE-2007-1863" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value. The Apache mod_cache module is prone to a denial-of-service vulnerability. \nA remote attacker may be able to exploit this issue to crash the child process. This could lead to denial-of-service conditions if the server is using a multithreaded Multi-Processing Module (MPM). This could lead to a denial of service\n if using a threaded MPM (CVE-2007-1863). A local attacker with the\n ability to run scripts on the server could manipulate the scoreboard\n and cause arbitrary processes to be terminated (CVE-2007-3304). \n \n Updated packages have been patched to prevent the above issues. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2007.0:\n 5f906bba3e1195f5ffbc3fcb2a6bde38 2007.0/i586/apache-base-2.2.3-1.1mdv2007.0.i586.rpm\n 83a4844cd98ef203958796ce280a71b2 2007.0/i586/apache-devel-2.2.3-1.1mdv2007.0.i586.rpm\n 2a6853cad61ca0548715486c5d4c8a23 2007.0/i586/apache-htcacheclean-2.2.3-1.1mdv2007.0.i586.rpm\n bebbc850c030be2ef87ce12d420fb825 2007.0/i586/apache-mod_authn_dbd-2.2.3-1.1mdv2007.0.i586.rpm\n 9e08e4738b304aab4f90f4f18aa5da45 2007.0/i586/apache-mod_cache-2.2.3-1.1mdv2007.0.i586.rpm\n 989d0538f7882277053f6d4c89ca581c 2007.0/i586/apache-mod_dav-2.2.3-1.1mdv2007.0.i586.rpm\n c1c0fc53dd811dd6176800226574efbf 2007.0/i586/apache-mod_dbd-2.2.3-1.1mdv2007.0.i586.rpm\n e68509c01d66b9d42e676e7974360154 2007.0/i586/apache-mod_deflate-2.2.3-1.1mdv2007.0.i586.rpm\n 5596cb5359b7919125fc10be83598445 2007.0/i586/apache-mod_disk_cache-2.2.3-1.1mdv2007.0.i586.rpm\n d71b54240667224fd7da7fec4693c30b 2007.0/i586/apache-mod_file_cache-2.2.3-1.1mdv2007.0.i586.rpm\n 3571cab041e622f9399c57f377ac3fe3 2007.0/i586/apache-mod_ldap-2.2.3-1.1mdv2007.0.i586.rpm\n 598fdd7aad80fdc557142c5e9fc00677 2007.0/i586/apache-mod_mem_cache-2.2.3-1.1mdv2007.0.i586.rpm\n f4ec774478f5d198ad2e3d3384a5ad83 2007.0/i586/apache-mod_proxy-2.2.3-1.1mdv2007.0.i586.rpm\n ab7726290be59f03a5ade2029a2b02f8 2007.0/i586/apache-mod_proxy_ajp-2.2.3-1.1mdv2007.0.i586.rpm\n d72ab4173d51da4a0c1df63dbb52ccf5 2007.0/i586/apache-mod_ssl-2.2.3-1.1mdv2007.0.i586.rpm\n fcde0ec8b64d83402b53f926ec7fa835 2007.0/i586/apache-mod_userdir-2.2.3-1.1mdv2007.0.i586.rpm\n 58a0628d42d23c9aa5df6567789fad40 2007.0/i586/apache-modules-2.2.3-1.1mdv2007.0.i586.rpm\n 011487e1afdfb400419303182e5320c7 2007.0/i586/apache-mpm-prefork-2.2.3-1.1mdv2007.0.i586.rpm\n 7a755b22020153b44f8d00ba153d3d97 2007.0/i586/apache-mpm-worker-2.2.3-1.1mdv2007.0.i586.rpm\n ef6e11f0d26db492bc9fe83a2dbf53d7 2007.0/i586/apache-source-2.2.3-1.1mdv2007.0.i586.rpm \n 411b90e42ed304f329e9989d64a9dfc5 2007.0/SRPMS/apache-2.2.3-1.1mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n 7c5408879073413fb27f2d40854813d0 2007.0/x86_64/apache-base-2.2.3-1.1mdv2007.0.x86_64.rpm\n c720f2a661616b0bf35bc353d14b9b3b 2007.0/x86_64/apache-devel-2.2.3-1.1mdv2007.0.x86_64.rpm\n 12164d6d70972cb9ed2fb6581e212bf1 2007.0/x86_64/apache-htcacheclean-2.2.3-1.1mdv2007.0.x86_64.rpm\n 5278f8d03ce9d59ec4929d4362b04bbe 2007.0/x86_64/apache-mod_authn_dbd-2.2.3-1.1mdv2007.0.x86_64.rpm\n 40c83185db12d04f4953a374b329ebb3 2007.0/x86_64/apache-mod_cache-2.2.3-1.1mdv2007.0.x86_64.rpm\n fe37fb1d4378c4bbcfd8d63bd57c3d4d 2007.0/x86_64/apache-mod_dav-2.2.3-1.1mdv2007.0.x86_64.rpm\n 0830bc5d1718a533e3358a45975596ce 2007.0/x86_64/apache-mod_dbd-2.2.3-1.1mdv2007.0.x86_64.rpm\n e18c3a6a322258e73b87170766aa7882 2007.0/x86_64/apache-mod_deflate-2.2.3-1.1mdv2007.0.x86_64.rpm\n fc8c27067e6b04bd549fe0b95579ebaa 2007.0/x86_64/apache-mod_disk_cache-2.2.3-1.1mdv2007.0.x86_64.rpm\n b31385db2199fd33eeb624c80e9d882a 2007.0/x86_64/apache-mod_file_cache-2.2.3-1.1mdv2007.0.x86_64.rpm\n 08123786649152eab65e123c75db8e66 2007.0/x86_64/apache-mod_ldap-2.2.3-1.1mdv2007.0.x86_64.rpm\n 7de4b739d93683648209dcdc69dd5473 2007.0/x86_64/apache-mod_mem_cache-2.2.3-1.1mdv2007.0.x86_64.rpm\n 85fde2923d945f3849d77f806b8bc55d 2007.0/x86_64/apache-mod_proxy-2.2.3-1.1mdv2007.0.x86_64.rpm\n b68991944f2989b6d3f89f7272239d76 2007.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.1mdv2007.0.x86_64.rpm\n 19871683773211daa721957dc5dd565d 2007.0/x86_64/apache-mod_ssl-2.2.3-1.1mdv2007.0.x86_64.rpm\n 5cf2a97219d6789e4572da1ecddedf16 2007.0/x86_64/apache-mod_userdir-2.2.3-1.1mdv2007.0.x86_64.rpm\n feede872aaf0ca4bbd86ffe24455e9cd 2007.0/x86_64/apache-modules-2.2.3-1.1mdv2007.0.x86_64.rpm\n a00a35d4eba8f538cea741b2fc4079f4 2007.0/x86_64/apache-mpm-prefork-2.2.3-1.1mdv2007.0.x86_64.rpm\n da86251e4417f068d2cafed30e380779 2007.0/x86_64/apache-mpm-worker-2.2.3-1.1mdv2007.0.x86_64.rpm\n ceb7fd32d3ad933ab6a914085f858911 2007.0/x86_64/apache-source-2.2.3-1.1mdv2007.0.x86_64.rpm \n 411b90e42ed304f329e9989d64a9dfc5 2007.0/SRPMS/apache-2.2.3-1.1mdv2007.0.src.rpm\n\n Mandriva Linux 2007.1:\n 9daef91724ded29a3c76e74c261f7766 2007.1/i586/apache-base-2.2.4-6.2mdv2007.1.i586.rpm\n 9288ee938a0853d6e0072f839c68c1c2 2007.1/i586/apache-devel-2.2.4-6.2mdv2007.1.i586.rpm\n 613a986f9f654f1ce3432ee6f6db2391 2007.1/i586/apache-htcacheclean-2.2.4-6.2mdv2007.1.i586.rpm\n 8e0eb376d851d1ddba8850d4233fc3d3 2007.1/i586/apache-mod_authn_dbd-2.2.4-6.2mdv2007.1.i586.rpm\n 24de68668efa15e4abaaffd690837256 2007.1/i586/apache-mod_cache-2.2.4-6.2mdv2007.1.i586.rpm\n 288866908d43959c4b31c368346ba65d 2007.1/i586/apache-mod_dav-2.2.4-6.2mdv2007.1.i586.rpm\n d25838ec739d7a0037148f573262f81c 2007.1/i586/apache-mod_dbd-2.2.4-6.2mdv2007.1.i586.rpm\n ebad14bcccb73c8f8a27e98a6982a6f1 2007.1/i586/apache-mod_deflate-2.2.4-6.2mdv2007.1.i586.rpm\n 810d445f2146848b582e798e368b32ab 2007.1/i586/apache-mod_disk_cache-2.2.4-6.2mdv2007.1.i586.rpm\n 307de93279683b5b3e76ee6d971781cc 2007.1/i586/apache-mod_file_cache-2.2.4-6.2mdv2007.1.i586.rpm\n f59890e1bc38cfa598a4100705cf4cc6 2007.1/i586/apache-mod_ldap-2.2.4-6.2mdv2007.1.i586.rpm\n 098a05d1cbaa6bfa2d2707896dd6366c 2007.1/i586/apache-mod_mem_cache-2.2.4-6.2mdv2007.1.i586.rpm\n 6504f5e57440ff07da16de3d928898f6 2007.1/i586/apache-mod_proxy-2.2.4-6.2mdv2007.1.i586.rpm\n adc3a611a780e23178e93a6cedf135d4 2007.1/i586/apache-mod_proxy_ajp-2.2.4-6.2mdv2007.1.i586.rpm\n 659508a67fbe28b5dd9f861384ca1cf1 2007.1/i586/apache-mod_ssl-2.2.4-6.2mdv2007.1.i586.rpm\n 604eb70716d7e7b6bc6e8399cc4d9f5c 2007.1/i586/apache-mod_userdir-2.2.4-6.2mdv2007.1.i586.rpm\n 750d7cb431356abc88fe7a031f872b04 2007.1/i586/apache-modules-2.2.4-6.2mdv2007.1.i586.rpm\n 210be718db221db891452f05a001ee4e 2007.1/i586/apache-mpm-event-2.2.4-6.2mdv2007.1.i586.rpm\n 482e3d3af6756108c3e9a26ec2a8ac56 2007.1/i586/apache-mpm-itk-2.2.4-6.2mdv2007.1.i586.rpm\n b76ff4578c127ebd248b21a85a31140a 2007.1/i586/apache-mpm-prefork-2.2.4-6.2mdv2007.1.i586.rpm\n 2484dee8a4d4e7604a69abcd1b443954 2007.1/i586/apache-mpm-worker-2.2.4-6.2mdv2007.1.i586.rpm\n 9823f9b97e1829df97999494c3a3d453 2007.1/i586/apache-source-2.2.4-6.2mdv2007.1.i586.rpm \n ccbd9fad2b29ff86d8601f7201f48d72 2007.1/SRPMS/apache-2.2.4-6.2mdv2007.1.src.rpm\n\n Mandriva Linux 2007.1/X86_64:\n 4d043339268bff11fa07897ee3dc2988 2007.1/x86_64/apache-base-2.2.4-6.2mdv2007.1.x86_64.rpm\n afbae73f408fa95c9e4d25e3aa39583d 2007.1/x86_64/apache-devel-2.2.4-6.2mdv2007.1.x86_64.rpm\n d92c22ff28fcd919b3a8525f753066c3 2007.1/x86_64/apache-htcacheclean-2.2.4-6.2mdv2007.1.x86_64.rpm\n abe81d2effd6f4975accbdc8d25d089e 2007.1/x86_64/apache-mod_authn_dbd-2.2.4-6.2mdv2007.1.x86_64.rpm\n 480d5c31af3289f26953a691f92e2a51 2007.1/x86_64/apache-mod_cache-2.2.4-6.2mdv2007.1.x86_64.rpm\n 3feae93ade4038e67fcbaa691f2a74aa 2007.1/x86_64/apache-mod_dav-2.2.4-6.2mdv2007.1.x86_64.rpm\n b60eead7fe808fbc5eff6cb34f1de80b 2007.1/x86_64/apache-mod_dbd-2.2.4-6.2mdv2007.1.x86_64.rpm\n 023afee3221da629fd8e1d34006b7463 2007.1/x86_64/apache-mod_deflate-2.2.4-6.2mdv2007.1.x86_64.rpm\n 1180446c8cf65c196352006d6da00e17 2007.1/x86_64/apache-mod_disk_cache-2.2.4-6.2mdv2007.1.x86_64.rpm\n 0e8c2dfc0e42c23b0afbada9f8868bb6 2007.1/x86_64/apache-mod_file_cache-2.2.4-6.2mdv2007.1.x86_64.rpm\n 32aa45f45b8893d6c23c6892b7ad7e62 2007.1/x86_64/apache-mod_ldap-2.2.4-6.2mdv2007.1.x86_64.rpm\n 15c20ffb5fdc8ab2a6fa92157c9f0536 2007.1/x86_64/apache-mod_mem_cache-2.2.4-6.2mdv2007.1.x86_64.rpm\n f91fd6552f480eb36d030bb2e91d30b4 2007.1/x86_64/apache-mod_proxy-2.2.4-6.2mdv2007.1.x86_64.rpm\n 2c9d1e35af7adebaeb6284bf5da4dd5f 2007.1/x86_64/apache-mod_proxy_ajp-2.2.4-6.2mdv2007.1.x86_64.rpm\n caa59aaba47c89d20e799a3f02271afd 2007.1/x86_64/apache-mod_ssl-2.2.4-6.2mdv2007.1.x86_64.rpm\n 8ac44f8c409ea29492a3acdc1eb44c7f 2007.1/x86_64/apache-mod_userdir-2.2.4-6.2mdv2007.1.x86_64.rpm\n 0f2198ec988390ff3b7843a1e7090517 2007.1/x86_64/apache-modules-2.2.4-6.2mdv2007.1.x86_64.rpm\n 2548664fde736f25acf59f46c847d1ff 2007.1/x86_64/apache-mpm-event-2.2.4-6.2mdv2007.1.x86_64.rpm\n 2434c402bae11969ddf5281f2f042d24 2007.1/x86_64/apache-mpm-itk-2.2.4-6.2mdv2007.1.x86_64.rpm\n 8a06ecd19726db033496a042c6a6be2f 2007.1/x86_64/apache-mpm-prefork-2.2.4-6.2mdv2007.1.x86_64.rpm\n e8d339c397409391f3fb36f704c38c6c 2007.1/x86_64/apache-mpm-worker-2.2.4-6.2mdv2007.1.x86_64.rpm\n 8a6f923428242f7aa1b4d489739e241b 2007.1/x86_64/apache-source-2.2.4-6.2mdv2007.1.x86_64.rpm \n ccbd9fad2b29ff86d8601f7201f48d72 2007.1/SRPMS/apache-2.2.4-6.2mdv2007.1.src.rpm\n\n Corporate 4.0:\n 74beb8d1579ce5d5f12c8b15981b6e63 corporate/4.0/i586/apache-base-2.2.3-1.1.20060mlcs4.i586.rpm\n 326a8259b0d99bc2938bfa6cd85743e7 corporate/4.0/i586/apache-devel-2.2.3-1.1.20060mlcs4.i586.rpm\n ca305d0928255a65814af781b345a056 corporate/4.0/i586/apache-htcacheclean-2.2.3-1.1.20060mlcs4.i586.rpm\n 48c2b6a5ee11c3f011b1f6dc60a86479 corporate/4.0/i586/apache-mod_authn_dbd-2.2.3-1.1.20060mlcs4.i586.rpm\n b81a3077cb88a34af43a61ad6f2559ea corporate/4.0/i586/apache-mod_cache-2.2.3-1.1.20060mlcs4.i586.rpm\n ba5aee0b2a86182560e54f0cf4d360bd corporate/4.0/i586/apache-mod_dav-2.2.3-1.1.20060mlcs4.i586.rpm\n b696352106c5a0d1697385523455c767 corporate/4.0/i586/apache-mod_dbd-2.2.3-1.1.20060mlcs4.i586.rpm\n e79f271f000dd7f3a009cca70fd7e4a2 corporate/4.0/i586/apache-mod_deflate-2.2.3-1.1.20060mlcs4.i586.rpm\n c7bdb987f61099b64e751639ca02dd8a corporate/4.0/i586/apache-mod_disk_cache-2.2.3-1.1.20060mlcs4.i586.rpm\n b0303fcc2f43bdcf25419dde56df2297 corporate/4.0/i586/apache-mod_file_cache-2.2.3-1.1.20060mlcs4.i586.rpm\n f818ff0f890abe230c92069f9d256e5c corporate/4.0/i586/apache-mod_ldap-2.2.3-1.1.20060mlcs4.i586.rpm\n 4247be23e42c368b3880c7ab5ac13c89 corporate/4.0/i586/apache-mod_mem_cache-2.2.3-1.1.20060mlcs4.i586.rpm\n e50f1749935c96d3364bdce9af5d22bf corporate/4.0/i586/apache-mod_proxy-2.2.3-1.1.20060mlcs4.i586.rpm\n a619b4e0130d1db7f77a790fee0917a6 corporate/4.0/i586/apache-mod_proxy_ajp-2.2.3-1.1.20060mlcs4.i586.rpm\n 8170e0e77256f08d07b02119400a19f9 corporate/4.0/i586/apache-mod_ssl-2.2.3-1.1.20060mlcs4.i586.rpm\n 4a5d94d4f94295efe48266a1d529486e corporate/4.0/i586/apache-mod_userdir-2.2.3-1.1.20060mlcs4.i586.rpm\n 7c0c27197d6b44115366eac339c424f2 corporate/4.0/i586/apache-modules-2.2.3-1.1.20060mlcs4.i586.rpm\n 56351aafc723fdea2f2fac22d5046944 corporate/4.0/i586/apache-mpm-prefork-2.2.3-1.1.20060mlcs4.i586.rpm\n ccbb2f27b762b5dd564dc7a00aac6db0 corporate/4.0/i586/apache-mpm-worker-2.2.3-1.1.20060mlcs4.i586.rpm\n a65137ff29ed6a1da1f894d19997faec corporate/4.0/i586/apache-source-2.2.3-1.1.20060mlcs4.i586.rpm \n 8cdf592a822485abba00dfb6591615ea corporate/4.0/SRPMS/apache-2.2.3-1.1.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n 7a9b4f5b3fcf2cac67e4c38022ee2441 corporate/4.0/x86_64/apache-base-2.2.3-1.1.20060mlcs4.x86_64.rpm\n 5604ba341d957fbe6182bd2eb29a8e9d corporate/4.0/x86_64/apache-devel-2.2.3-1.1.20060mlcs4.x86_64.rpm\n 8983bda4bbe3b58f9c6c317531eb52b7 corporate/4.0/x86_64/apache-htcacheclean-2.2.3-1.1.20060mlcs4.x86_64.rpm\n 9baf252cbc8ef8a093ed25e7a0daf25d corporate/4.0/x86_64/apache-mod_authn_dbd-2.2.3-1.1.20060mlcs4.x86_64.rpm\n 26cc58bcbfd25a83c15051c8f590a36d corporate/4.0/x86_64/apache-mod_cache-2.2.3-1.1.20060mlcs4.x86_64.rpm\n 941a32aea1b1b3bca1ae343d5d925892 corporate/4.0/x86_64/apache-mod_dav-2.2.3-1.1.20060mlcs4.x86_64.rpm\n 1d79a7b921ce150de88e22ffbaba4b31 corporate/4.0/x86_64/apache-mod_dbd-2.2.3-1.1.20060mlcs4.x86_64.rpm\n d80b9ffca3dd024e73d069e55ba7fa3e corporate/4.0/x86_64/apache-mod_deflate-2.2.3-1.1.20060mlcs4.x86_64.rpm\n 7a7a11645680a7bee9cf88b166b0d32f corporate/4.0/x86_64/apache-mod_disk_cache-2.2.3-1.1.20060mlcs4.x86_64.rpm\n fcc85c0f9faf1fa08a01f3d4ecb68033 corporate/4.0/x86_64/apache-mod_file_cache-2.2.3-1.1.20060mlcs4.x86_64.rpm\n 55789d16ff565bcd31dfa522435d4d4b corporate/4.0/x86_64/apache-mod_ldap-2.2.3-1.1.20060mlcs4.x86_64.rpm\n 7ee708824d65878b71ede35e139ac94d corporate/4.0/x86_64/apache-mod_mem_cache-2.2.3-1.1.20060mlcs4.x86_64.rpm\n e8579835f848cade641da14354196497 corporate/4.0/x86_64/apache-mod_proxy-2.2.3-1.1.20060mlcs4.x86_64.rpm\n 6a1e70a638aecf603f3bc2485d14bd78 corporate/4.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.1.20060mlcs4.x86_64.rpm\n 212f40574d0821b909972ebc36fb697a corporate/4.0/x86_64/apache-mod_ssl-2.2.3-1.1.20060mlcs4.x86_64.rpm\n 32a8dd886e42c8093be05c9ee4d31855 corporate/4.0/x86_64/apache-mod_userdir-2.2.3-1.1.20060mlcs4.x86_64.rpm\n 265bccd86baa7fca942f1c6d4d694523 corporate/4.0/x86_64/apache-modules-2.2.3-1.1.20060mlcs4.x86_64.rpm\n babdb585a6c754f23d91c41fc844a5e2 corporate/4.0/x86_64/apache-mpm-prefork-2.2.3-1.1.20060mlcs4.x86_64.rpm\n 63274f5c5dc3897d0062f621b1c63e0e corporate/4.0/x86_64/apache-mpm-worker-2.2.3-1.1.20060mlcs4.x86_64.rpm\n 18782a1fcbcb760d36162ce830ac4cdd corporate/4.0/x86_64/apache-source-2.2.3-1.1.20060mlcs4.x86_64.rpm \n 8cdf592a822485abba00dfb6591615ea corporate/4.0/SRPMS/apache-2.2.3-1.1.20060mlcs4.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (GNU/Linux)\n\niD8DBQFGjD3WmqjQ0CJFipgRAtGoAKCXMGCKCMbkso0ugvF0TpsWNwkPjgCfVakS\nRe00IyLecNs4MIGgsrv2qJE=\n=5EEm\n-----END PGP SIGNATURE-----\n\n. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/apache \u003c 2.2.6 *\u003e= 2.0.59-r5\n \u003e= 2.2.6\n\nDescription\n===========\n\nMultiple cross-site scripting vulnerabilities have been discovered in\nmod_status and mod_autoindex (CVE-2006-5752, CVE-2007-4465). An error\nhas been discovered in the recall_headers() function in mod_mem_cache\n(CVE-2007-1862). The mod_cache module does not properly sanitize\nrequests before processing them (CVE-2007-1863). The Prefork module\ndoes not properly check PID values before sending signals\n(CVE-2007-3304). The mod_proxy module does not correctly check headers\nbefore processing them (CVE-2007-3847). \n\nImpact\n======\n\nA remote attacker could exploit one of these vulnerabilities to inject\narbitrary script or HTML content, obtain sensitive information or cause\na Denial of Service. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Apache users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/apache-2.0.59-r5\"\n\nReferences\n==========\n\n [ 1 ] CVE-2006-5752\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752\n [ 2 ] CVE-2007-1862\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1862\n [ 3 ] CVE-2007-1863\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863\n [ 4 ] CVE-2007-3304\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304\n [ 5 ] CVE-2007-3847\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847\n [ 6 ] CVE-2007-4465\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4465\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-200711-06.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2007 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. Summary\n\n Updated VMware Hosted products address security issues in libpng and\n the Apace HTTP Server. \n\n2. Relevant releases\n\n VMware Workstation 6.5.2 and earlier,\n VMware Player 2.5.2 and earlier,\n VMware ACE 2.5.2 and earlier\n\n3. Problem Description\n\n a. Third Party Library libpng Updated to 1.2.35\n\n Several flaws were discovered in the way third party library libpng\n handled uninitialized pointers. An attacker could create a PNG image\n file in such a way, that when loaded by an application linked to\n libpng, it could cause the application to crash or execute arbitrary\n code at the privilege level of the user that runs the application. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2009-0040 to this issue. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n VirtualCenter any Windows not affected\n\n Workstation 6.5.x any 6.5.3 build 185404 or later\n\n Player 2.5.x any 2.5.3 build 185404 or later\n\n ACE 2.5.x any 2.5.3 build 185404 or later\n\n Server 2.x any patch pending\n Server 1.x any patch pending\n\n Fusion 2.x Mac OS/X not affected\n Fusion 1.x Mac OS/X not affected\n\n ESXi 4.0 ESXi not affected\n ESXi 3.5 ESXi not affected\n\n ESX 4.0 ESX not affected\n ESX 3.5 ESX not affected\n ESX 3.0.3 ESX not affected\n ESX 3.0.2 ESX not affected\n ESX 2.5.5 ESX not affected *\n\n * The libpng update for the Service Console of ESX 2.5.5 is\n documented in VMSA-2009-0007. \n\n b. Apache HTTP Server updated to 2.0.63\n\n The new version of ACE updates the Apache HTTP Server on Windows\n hosts to version 2.0.63 which addresses multiple security issues\n that existed in the previous versions of this server. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2007-3847, CVE-2007-1863, CVE-2006-5752,\n CVE-2007-3304, CVE-2007-6388, CVE-2007-5000, CVE-2008-0005 to the\n issues that have been addressed by this update. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n VirtualCenter any Windows not affected\n\n Workstation 6.5.x any not affected\n\n Player 2.5.x any not affected\n\n ACE 2.5.x Windows 2.5.3 build 185404 or later\n ACE 2.5.x Linux update Apache on host system *\n\n Server 2.x any not affected\n Server 1.x any not affected\n\n Fusion 2.x Mac OS/X not affected\n Fusion 1.x Mac OS/X not affected\n\n ESXi 4.0 ESXi not affected\n ESXi 3.5 ESXi not affected\n\n ESX 4.0 ESX not affected\n ESX 3.5 ESX not affected\n ESX 3.0.3 ESX not affected\n ESX 3.0.2 ESX not affected\n ESX 2.5.5 ESX not affected\n\n * The Apache HTTP Server is not part of an ACE install on a Linux\n host. Update the Apache HTTP Server on the host system to version\n 2.0.63 in order to remediate the vulnerabilities listed above. \n\n4. Solution\n\n Please review the patch/release notes for your product and version\n and verify the md5sum and/or the sha1sum of your downloaded file. \n\n VMware Workstation 6.5.3\n ------------------------\n http://www.vmware.com/download/ws/\n Release notes:\n http://www.vmware.com/support/ws65/doc/releasenotes_ws653.html\n\n For Windows\n\n Workstation for Windows 32-bit and 64-bit\n Windows 32-bit and 64-bit .exe\n md5sum: 7565d16b7d7e0173b90c3b76ca4656bc\n sha1sum: 9f687afd8b0f39cde40aeceb3213a91be487aad1\n\n For Linux\n\n Workstation for Linux 32-bit\n Linux 32-bit .rpm\n md5sum: 4d55c491bd008ded0ea19f373d1d1fd4\n sha1sum: 1f43131c960e76a530390d3b6984c78dfc2da23e\n\n Workstation for Linux 32-bit\n Linux 32-bit .bundle\n md5sum: d4a721c1918c0e8a87c6fa4bad49ad35\n sha1sum: c0c6f9b56e70bd3ffdb5467ee176110e283a69e5\n\n Workstation for Linux 64-bit\n Linux 64-bit .rpm\n md5sum: 72adfdb03de4959f044fcb983412ae7c\n sha1sum: ba16163c8d9b5aa572526b34a7b63dc6e68f9bbb\n\n Workstation for Linux 64-bit\n Linux 64-bit .bundle\n md5sum: 83e1f0c94d6974286256c4d3b559e854\n sha1sum: 8763f250a3ac5fc4698bd26319b93fecb498d542\n\n\n VMware Player 2.5.3\n -------------------\n http://www.vmware.com/download/player/\n Release notes:\n http://www.vmware.com/support/player25/doc/releasenotes_player253.html\n\n Player for Windows binary\n\nhttp://download3.vmware.com/software/vmplayer/VMware-player-2.5.3-185404.exe\n md5sum: fe28f193374c9457752ee16cd6cad4e7\n sha1sum: 13bd3ff93c04fa272544d3ef6de5ae746708af04\n\n Player for Linux (.rpm)\n\nhttp://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.i386.rpm\n md5sum: c99cd65f19fdfc7651bcb7f328b73bc2\n sha1sum: a33231b26e2358a72d16e1b4e2656a5873fe637e\n\n Player for Linux (.bundle)\n\nhttp://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.i386.bundle\n md5sum: 210f4cb5615bd3b2171bc054b9b2bac5\n sha1sum: 2f6497890b17b37480165bab9f430e8645edae9b\n\n Player for Linux - 64-bit (.rpm)\n\nhttp://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.x86_64.rpm\n md5sum: f91576ef90b322d83225117ae9335968\n sha1sum: f492fa9cf26ee2818f164aac04cde1680c25d974\n\n Player for Linux - 64-bit (.bundle)\n\nhttp://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.x86_64.bundle\n md5sum: 595d44d7945c129b1aeb679d2f001b05\n sha1sum: acd69fcb0c6bc49fd4af748c65c7fb730ab1e8c4\n\n\n VMware ACE 2.5.3\n ----------------\n http://www.vmware.com/download/ace/\n Release notes:\n http://www.vmware.com/support/ace25/doc/releasenotes_ace253.html\n\n ACE Management Server Virtual Appliance\n AMS Virtual Appliance .zip\n md5sum: 44cc7b86353047f02cf6ea0653e38418\n sha1sum: 9f44b15e6681a6e58dd20784f829c68091a62cd1\n\n VMware ACE for Windows 32-bit and 64-bit\n Windows 32-bit and 64-bit .exe\n md5sum: 0779da73408c5e649e0fd1c62d23820f\n sha1sum: 2b2e4963adc89f3b642874685f490222523b63ef\n\n ACE Management Server for Windows\n Windows .exe\n md5sum: 0779da73408c5e649e0fd1c62d23820f\n sha1sum: 2b2e4963adc89f3b642874685f490222523b63ef\n\n ACE Management Server for SUSE Enterprise Linux 9\n SLES 9 .rpm\n md5sum: a4fc92d7197f0d569361cdf4b8cca642\n sha1sum: af8a135cca398cacaa82c8c3c325011c6cd3ed75\n\n ACE Management Server for Red Hat Enterprise Linux 4\n RHEL 4 .rpm\n md5sum: 841005151338c8b954f08d035815fd58\n sha1sum: 67e48624dba20e6be9e41ec9a5aba407dd8cc01e\n\n\n5. Change log\n\n2009-08-20 VMSA-2009-0010\nInitial security advisory after release of Workstation 6.5.3,\nPlayer 2.5.3, and ACE 2.5.3 on 2009-08-20. \n\n\n- ------------------------------------------------------------------------\n7. Contact\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n * security-announce at lists.vmware.com\n * bugtraq at securityfocus.com\n * full-disclosure at lists.grok.org.uk\n\nE-mail: security at vmware.com\nPGP key at: http://kb.vmware.com/kb/1055\n\nVMware Security Center\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2009 VMware Inc. All rights reserved. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c01178795\nVersion: 1\n\nHPSBUX02262 SSRT071447 rev. 1 - HP-UX running Apache, Remote Arbitrary Code Execution, Cross Site Scripting (XSS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2007-10-02\nLast Updated: 2007-10-02\n\nPotential Security Impact: Remote arbitrary code execution, cross site scripting (XSS)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with Apache running on HP-UX. The vulnerabilities could be exploited remotely via Cross Site Scripting (XSS) to execute arbitrary code. \n\nReferences: CVE-2005-2090, CVE-2006-5752, CVE-2007-0450, CVE-2007-0774, CVE-2007-1355, CVE-2007-1358, CVE-2007-1860, CVE-2007-1863, CVE-2007-1887, CVE-2007-1900, CVE-2007-2449, CVE-2007-2450, CVE-2007-2756, CVE-2007-2872, CVE-2007-3382, CVE-2007-3385, CVE-2007-3386. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, B.11.31 running Apache\n\nBACKGROUND\nTo determine if a system has an affected version, search the output of \"swlist -a revision -l fileset\" for an affected fileset. Then determine if the recommended patch or update is installed. \n\nAFFECTED VERSIONS \n\nFor IPv4: \nHP-UX B.11.11 \n============= \nhpuxwsAPACHE \naction: install revision A.2.0.59.00 or subsequent \nrestart Apache \nURL: https://www.hp.com/go/softwaredepot/ \n\nFor IPv6: \nHP-UX B.11.11 \nHP-UX B.11.23 \nHP-UX B.11.31 \n============= \nhpuxwsAPACHE,revision=B.1.0.00.01 \nhpuxwsAPACHE,revision=B.1.0.07.01 \nhpuxwsAPACHE,revision=B.1.0.08.01 \nhpuxwsAPACHE,revision=B.1.0.09.01 \nhpuxwsAPACHE,revision=B.1.0.10.01 \nhpuxwsAPACHE,revision=B.2.0.48.00 \nhpuxwsAPACHE,revision=B.2.0.49.00 \nhpuxwsAPACHE,revision=B.2.0.50.00 \nhpuxwsAPACHE,revision=B.2.0.51.00 \nhpuxwsAPACHE,revision=B.2.0.52.00 \nhpuxwsAPACHE,revision=B.2.0.53.00 \nhpuxwsAPACHE,revision=B.2.0.54.00 \nhpuxwsAPACHE,revision=B.2.0.55.00 \nhpuxwsAPACHE,revision=B.2.0.56.00 \nhpuxwsAPACHE,revision=B.2.0.58.00 \nhpuxwsAPACHE,revision=B.2.0.58.01 \n\naction: install revision B.2.0.59.00 or subsequent \nrestart Apache \nURL: https://www.hp.com/go/softwaredepot/ \n\nEND AFFECTED VERSIONS \n\n\nRESOLUTION\nHP has made the following available to resolve the vulnerability. \nHP-UX Apache-based Web Server v.2.18 powered by Apache Tomcat Webmin or subsequent. \nThe update is available on https://www.hp.com/go/softwaredepot/ \nNote: HP-UX Apache-based Web Server v.2.18 powered by Apache Tomcat Webmin contains HP-UX Apache-based Web Server v.2.0.59.00. \n\nMANUAL ACTIONS: Yes - Update \nInstall HP-UX Apache-based Web Server v.2.18 powered by Apache Tomcat Webmin or subsequent. \n\nPRODUCT SPECIFIC INFORMATION \nHP-UX Software Assistant: \nHP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all HP-issued Security Bulletins and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. \nFor more information see: https://www.hp.com/go/swa \n\nHISTORY \nRevision: 1 (rev.1) - 02 October 2007 Initial release \n\nThird Party Security Patches: \nThird party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com \nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n To: security-alert@hp.com \n Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email: \nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC \nOn the web page: ITRC security bulletins and patch sign-up \nUnder Step1: your ITRC security bulletins and patches \n - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems \n - verify your operating system selections are checked and save. \n\n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php \nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do \n\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: \n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 8.1\n\niQA/AwUBRwVCruAfOvwtKn1ZEQK1YgCfavU7x1Hs59uLdP26lpZFwMxKofIAn3gJ\nHHoe3AY1sc6hrW3Xk+B1hcbr\n=+E1W\n-----END PGP SIGNATURE-----\n. =========================================================== \nUbuntu Security Notice USN-499-1 August 16, 2007\napache2 vulnerabilities\nCVE-2006-5752, CVE-2007-1863, CVE-2007-3304\n===========================================================\n\nA security issue affects the following Ubuntu releases:\n\nUbuntu 6.06 LTS\nUbuntu 6.10\nUbuntu 7.04\n\nThis advisory also applies to the corresponding versions of\nKubuntu, Edubuntu, and Xubuntu. \n\nThe problem can be corrected by upgrading your system to the\nfollowing package versions:\n\nUbuntu 6.06 LTS:\n apache2-common 2.0.55-4ubuntu2.2\n apache2-mpm-prefork 2.0.55-4ubuntu2.2\n apache2-mpm-worker 2.0.55-4ubuntu2.2\n\nUbuntu 6.10:\n apache2-common 2.0.55-4ubuntu4.1\n apache2-mpm-prefork 2.0.55-4ubuntu4.1\n apache2-mpm-worker 2.0.55-4ubuntu4.1\n\nUbuntu 7.04:\n apache2-mpm-prefork 2.2.3-3.2ubuntu0.1\n apache2-mpm-worker 2.2.3-3.2ubuntu0.1\n apache2.2-common 2.2.3-3.2ubuntu0.1\n\nIn general, a standard system upgrade is sufficient to effect the\nnecessary changes. \n\nDetails follow:\n\nStefan Esser discovered that mod_status did not force a character set,\nwhich could result in browsers becoming vulnerable to XSS attacks when\nprocessing the output. If a user were tricked into viewing server\nstatus output during a crafted server request, a remote attacker could\nexploit this to modify the contents, or steal confidential data (such as\npasswords), within the same domain. By default, mod_status is disabled\nin Ubuntu. (CVE-2006-5752)\n\nNiklas Edmundsson discovered that the mod_cache module could be made to\ncrash using a specially crafted request. A remote user could use this\nto cause a denial of service if Apache was configured to use a threaded\nworker. By default, mod_cache is disabled in Ubuntu. (CVE-2007-1863)\n\nA flaw was discovered in the signal handling of Apache. A local\nattacker could trick Apache into sending SIGUSR1 to other processes. \nThe vulnerable code was only present in Ubuntu Feisty. (CVE-2007-3304)\n\n\nUpdated packages for Ubuntu 6.06 LTS:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2.diff.gz\n Size/MD5: 115882 e94e45574e3b131d3a9a0e07e193f1e5\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2.dsc\n Size/MD5: 1148 c2bc143625fbf8ca59fea300845c5a42\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz\n Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.2_all.deb\n Size/MD5: 2124364 9b8ca5d5757c63f5ee6bbd507f0a8357\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon)\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.2_amd64.deb\n Size/MD5: 833000 be4c7770c725f5f4401ca06d1347211f\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.2_amd64.deb\n Size/MD5: 227832 41c12dfe84f109e6544a33e4e1d791a8\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.2_amd64.deb\n Size/MD5: 222934 7e4d072bad27239e366a6eda94c09190\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.2_amd64.deb\n Size/MD5: 227576 8fc59f78a3fa0e5d6dac81e875039bda\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.2_amd64.deb\n Size/MD5: 171082 4318f93373b705563251f377ed398614\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.2_amd64.deb\n Size/MD5: 171860 257f4183d70be5a00546c39c5a18f108\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.2_amd64.deb\n Size/MD5: 93916 695cee55f91ceb9424abe31d8b6ee1dd\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2_amd64.deb\n Size/MD5: 35902 00c1082a77ff1d863f72874c4472a26d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.2_amd64.deb\n Size/MD5: 285336 0a8510634b21f56f0d9619aa6fc9cec9\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.2_amd64.deb\n Size/MD5: 143952 d75f83ac219bce95a15a8f44b82b8ea7\n\n i386 architecture (x86 compatible Intel/AMD)\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.2_i386.deb\n Size/MD5: 786186 4e78fa0d438867194f66b11b4eb6fc2e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.2_i386.deb\n Size/MD5: 202448 74cf60884e18c1fc93f157010a15b12c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.2_i386.deb\n Size/MD5: 198456 209a0b92995fec453ed4c2c181e3e555\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.2_i386.deb\n Size/MD5: 202038 6cbd437caf993fa2b2b38369cd3d5863\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.2_i386.deb\n Size/MD5: 171074 0a5a26aa58af7aa2d51d1cf5d7c543d6\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.2_i386.deb\n Size/MD5: 171848 af9ca78febc5bc0c7936296dab958349\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.2_i386.deb\n Size/MD5: 91884 2857d60b507b28c736f83815c9f3d1b8\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2_i386.deb\n Size/MD5: 35906 202b5b233af0d26e29ca7302cf7fd04c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.2_i386.deb\n Size/MD5: 261418 c90342706ac26682d15032a5ba5cb51a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.2_i386.deb\n Size/MD5: 131850 951a4573901bc2f10d5febf940d57516\n\n powerpc architecture (Apple Macintosh G3/G4/G5)\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.2_powerpc.deb\n Size/MD5: 859126 afdd8642ca447fc9dc70dfed92be0fa6\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.2_powerpc.deb\n Size/MD5: 219898 6d9c9f924d2356bf9d3438a280870a7d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.2_powerpc.deb\n Size/MD5: 215602 dd554132cdea0f860e01cf5d4e0dbc7c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.2_powerpc.deb\n Size/MD5: 219378 7a1f4b325dacef287c901fa66680c04e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.2_powerpc.deb\n Size/MD5: 171096 a0e2547d38ef1b84dc419d69e42ffa0b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.2_powerpc.deb\n Size/MD5: 171864 200ab662b2c13786658486df37fda881\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.2_powerpc.deb\n Size/MD5: 103628 ae36642fbd4698bb362fa4bf9417b0e3\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2_powerpc.deb\n Size/MD5: 35910 358027282f2f19451d3aa784dc0474dc\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.2_powerpc.deb\n Size/MD5: 280950 0d9b56ec076da25e2a03f6d3c6445057\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.2_powerpc.deb\n Size/MD5: 141074 f5d3d5e0e5911e0c0156ae55af50f87b\n\n sparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.2_sparc.deb\n Size/MD5: 803440 d66da6a91c08956c3c5062668349ef41\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.2_sparc.deb\n Size/MD5: 209970 57f0a8f823a4502ee9a2608e3181cc81\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.2_sparc.deb\n Size/MD5: 205582 1dcfb0df796e85c409f614544ea589fe\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.2_sparc.deb\n Size/MD5: 209330 6bf7ae824eea35d3487febef384fce91\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.2_sparc.deb\n Size/MD5: 171080 1088337f4abcb6c8f65751b6120c2307\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.2_sparc.deb\n Size/MD5: 171868 5cda04cd73a9c6d8dfc18abd55c09ebd\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.2_sparc.deb\n Size/MD5: 92972 850ab3bb0904e8fe9b6255c42ba7f84c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2_sparc.deb\n Size/MD5: 35904 7af260b95c4faa17ef34810fed888caf\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.2_sparc.deb\n Size/MD5: 267550 08182a8a2cab00fc0e6bca2cccf5165f\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.2_sparc.deb\n Size/MD5: 129760 a60606c6d2f12209b0bdae997be4a13f\n\nUpdated packages for Ubuntu 6.10:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1.diff.gz\n Size/MD5: 116265 2732761b18dfb3c2cd1aa0b54c2cf623\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1.dsc\n Size/MD5: 1148 4b9c4612469c521db0c5fdbe2f6b9b25\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz\n Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu4.1_all.deb\n Size/MD5: 2124550 8d5c30342b35f9fd595fb09d7659b6fc\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon)\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.1_amd64.deb\n Size/MD5: 836342 2c4ba483b0b20fdc2d43819109177941\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.1_amd64.deb\n Size/MD5: 227390 e61cc1998f5b8f2c44dce587e59d288a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.1_amd64.deb\n Size/MD5: 222376 6bdbff7f7f80fd464d1e3ec52d6e7171\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.1_amd64.deb\n Size/MD5: 226848 4356b4caf2b40f364c8893c41b9f9355\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.1_amd64.deb\n Size/MD5: 171304 c4395af051e876228541ef5b8037d979\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.1_amd64.deb\n Size/MD5: 172074 99dadc4ad0f0947f9368d89f4589d95a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.1_amd64.deb\n Size/MD5: 94204 30f3bb8c72575fe93940ecc730b8e4b6\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1_amd64.deb\n Size/MD5: 36152 ea3cbefcbee7e2f6e5555edb44733ad9\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.1_amd64.deb\n Size/MD5: 286544 d555931490d44d93bec31c4bfc19ed12\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.1_amd64.deb\n Size/MD5: 145014 3e06ceb0a55598d82f9f781c44e210b3\n\n i386 architecture (x86 compatible Intel/AMD)\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.1_i386.deb\n Size/MD5: 806938 050bb7665332d3761e1a8e47939fa507\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.1_i386.deb\n Size/MD5: 209556 ee530b24aba8838001ebb6c901bc90cd\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.1_i386.deb\n Size/MD5: 205718 b52a17c63909eae3c49bad0ab1958f4b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.1_i386.deb\n Size/MD5: 209158 1844fa5e09224a90944f8b886ddb5a2a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.1_i386.deb\n Size/MD5: 171296 9de8aba41f7e3d60f41536ca712adebb\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.1_i386.deb\n Size/MD5: 172078 01ccd554177364747b08e2933f121d2c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.1_i386.deb\n Size/MD5: 93240 4573597317416869646eb2ea42cd0945\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1_i386.deb\n Size/MD5: 36150 77666d65bade6a91bd58826c79f11dc9\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.1_i386.deb\n Size/MD5: 266390 a3963d8e76f6865404f7fadb47880c87\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.1_i386.deb\n Size/MD5: 137604 387f6bcdaa58dbbe53082241b3231844\n\n powerpc architecture (Apple Macintosh G3/G4/G5)\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.1_powerpc.deb\n Size/MD5: 865372 27d7f1de1fcb2114d3f3b0a774302488\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.1_powerpc.deb\n Size/MD5: 221542 1ae8fa5cf4b77f3b2aa054e2886e587e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.1_powerpc.deb\n Size/MD5: 217044 9134983c40107f79fcac8d1eacbc7117\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.1_powerpc.deb\n Size/MD5: 221324 b435dc09c63ecbcd564a0923a8f07350\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.1_powerpc.deb\n Size/MD5: 171296 6d2a0abfb7a1daaeae56559eeb322dcb\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.1_powerpc.deb\n Size/MD5: 172064 ecc2037409554ea43c5a6848aa510c76\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.1_powerpc.deb\n Size/MD5: 104654 d0957d8df044c4a34437241792ed97d1\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1_powerpc.deb\n Size/MD5: 36148 34e102e1d2e1c6a6f31801dfb98cb82a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.1_powerpc.deb\n Size/MD5: 284548 c8f325ccc42cbe77191d4ddd9abc2a4e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.1_powerpc.deb\n Size/MD5: 144238 82cfbfcec5fc4931078145af8947c035\n\n sparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.1_sparc.deb\n Size/MD5: 811594 d8548e537fd81994bbb638e105dfbf8b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.1_sparc.deb\n Size/MD5: 212160 81cd0197ff89b79c967c1074ede9f8d7\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.1_sparc.deb\n Size/MD5: 207870 5d80ed8dc39b0d4d59fccb747624a684\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.1_sparc.deb\n Size/MD5: 211578 9407383d85db831dab728b39cce9acc8\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.1_sparc.deb\n Size/MD5: 171294 5e4d695a99bdc1fdfb0bfcef8b91d03d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.1_sparc.deb\n Size/MD5: 172064 06e3e765d799e281dba7329ff9d9e138\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.1_sparc.deb\n Size/MD5: 93796 1048b47b289fb2047fa9ac7ebbe94a57\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1_sparc.deb\n Size/MD5: 36150 0d106a177aa4271b1cfc0e96eec1a748\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.1_sparc.deb\n Size/MD5: 268444 3912123e7c71cc638132305ca89fe23b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.1_sparc.deb\n Size/MD5: 130626 f4444e0239c2da7d3c31e3486606f95a\n\nUpdated packages for Ubuntu 7.04:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu0.1.diff.gz\n Size/MD5: 112120 f7b1a17718aed7ca73da3a6d7aad06b0\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu0.1.dsc\n Size/MD5: 1128 e82b1bee591fff50d6673ed1a443e543\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3.orig.tar.gz\n Size/MD5: 6342475 f72ffb176e2dc7b322be16508c09f63c\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.3-3.2ubuntu0.1_all.deb\n Size/MD5: 2199184 c03756f87cb164213428532f70e0c198\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.3-3.2ubuntu0.1_all.deb\n Size/MD5: 272064 5be351f491f8d1aae9a270d1214e93e3\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.3-3.2ubuntu0.1_all.deb\n Size/MD5: 6674104 bdbabf8f478562f0e003737e977ffc7b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu0.1_all.deb\n Size/MD5: 38668 9f0c7c01e8441285c084002eb4619065\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon)\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu0.1_amd64.deb\n Size/MD5: 449624 1b54a8000c40eaaa0f9e31527b9bb180\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu0.1_amd64.deb\n Size/MD5: 445346 d15625641a3247fbf5d9d9b9aed34968\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu0.1_amd64.deb\n Size/MD5: 449208 55f39c28a4de98d53f80231aeb7d6c59\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu0.1_amd64.deb\n Size/MD5: 403570 0042c75be8a2d128d62b79398deaefa8\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu0.1_amd64.deb\n Size/MD5: 404138 929772b95ea67f338ad423a65b2b7011\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu0.1_amd64.deb\n Size/MD5: 341312 906819b0de863209575aa65d39a594a5\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu0.1_amd64.deb\n Size/MD5: 971462 f85e32c5f6437ce149553aee97ffd934\n\n i386 architecture (x86 compatible Intel/AMD)\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu0.1_i386.deb\n Size/MD5: 432922 c1b81ac7dc7b7a0b2261fd10d9bcf5c6\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu0.1_i386.deb\n Size/MD5: 428856 f506f2a9dd2dbd5c2d3f72a476cc3537\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu0.1_i386.deb\n Size/MD5: 432314 a5a11947ad8cf14604efa7ddcfd20bfe\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu0.1_i386.deb\n Size/MD5: 403574 da84a3a99276f14a11ac892ce7eee170\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu0.1_i386.deb\n Size/MD5: 404138 0fdd43a53e6957aa3a348a7bd9c876f5\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu0.1_i386.deb\n Size/MD5: 340396 88a0ddbc58335416d91c9f10adc9d5f5\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu0.1_i386.deb\n Size/MD5: 929716 138d58487b882e6002e3c5e4a9489add\n\n powerpc architecture (Apple Macintosh G3/G4/G5)\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu0.1_powerpc.deb\n Size/MD5: 451530 ddc437092ef642fcd396713cd1972f4c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu0.1_powerpc.deb\n Size/MD5: 446960 af1b667708e062f81bca4e995355394d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu0.1_powerpc.deb\n Size/MD5: 450940 ed9f31ec5045a88446115987c6e97655\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu0.1_powerpc.deb\n Size/MD5: 403574 65801ab51335a15dc370b9341a0e50dd\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu0.1_powerpc.deb\n Size/MD5: 404146 fd35e65fadd836feb0190b209947b466\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu0.1_powerpc.deb\n Size/MD5: 360518 b74bc9eead429cd8f0ebecd6a94e5edb\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu0.1_powerpc.deb\n Size/MD5: 1073812 376fe5b1ee383a6d870eea5dd3c6a704\n\n sparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu0.1_sparc.deb\n Size/MD5: 434408 c70ef2e9aed191fe53886ceb3725596e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu0.1_sparc.deb\n Size/MD5: 430574 7b690896da23a151ee5e106d596c1143\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu0.1_sparc.deb\n Size/MD5: 433918 cc01edfcfc673ba9a86c83fcc66e6870\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu0.1_sparc.deb\n Size/MD5: 403568 a7660cff70394403c764cf8f30c7298a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu0.1_sparc.deb\n Size/MD5: 404136 b8587d5eba0be59a6576d6cf645b2122\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu0.1_sparc.deb\n Size/MD5: 343370 1572a001a612add57d23350210ac1736\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu0.1_sparc.deb\n Size/MD5: 938586 b74a91fcfbb0503355e94981310bd1ce\n\n", "sources": [ { "db": "NVD", "id": "CVE-2007-1863" }, { "db": "JVNDB", "id": "JVNDB-2007-000506" }, { "db": "BID", "id": "24649" }, { "db": "VULHUB", "id": "VHN-25225" }, { "db": "PACKETSTORM", "id": "57506" }, { "db": "PACKETSTORM", "id": "57505" }, { "db": "PACKETSTORM", "id": "60759" }, { "db": "PACKETSTORM", "id": "80533" }, { "db": "PACKETSTORM", "id": "59939" }, { "db": "PACKETSTORM", "id": "58667" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2007-1863", "trust": 3.4 }, { "db": "BID", "id": "24649", "trust": 2.8 }, { "db": "USCERT", "id": "TA08-150A", "trust": 2.5 }, { "db": "SECUNIA", "id": "26822", "trust": 1.7 }, { "db": "SECUNIA", "id": "27732", "trust": 1.7 }, { "db": "SECUNIA", "id": "25873", "trust": 1.7 }, { "db": "SECUNIA", "id": "30430", "trust": 1.7 }, { "db": "SECUNIA", "id": "27563", "trust": 1.7 }, { "db": "SECUNIA", "id": "26842", "trust": 1.7 }, { "db": "SECUNIA", "id": "26443", "trust": 1.7 }, { "db": "SECUNIA", "id": "27037", "trust": 1.7 }, { "db": "SECUNIA", "id": "26993", "trust": 1.7 }, { "db": "SECUNIA", "id": "26273", "trust": 1.7 }, { "db": "SECUNIA", "id": "25920", "trust": 1.7 }, { "db": "SECUNIA", "id": "26508", "trust": 1.7 }, { "db": "SECUNIA", "id": "25830", "trust": 1.7 }, { "db": "SECUNIA", "id": "28606", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2007-3386", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2008-1697", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2007-3283", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2008-0233", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2007-2727", "trust": 1.7 }, { "db": "OSVDB", "id": "37079", "trust": 1.7 }, { "db": "SECTRACK", "id": "1018303", "trust": 1.7 }, { "db": "USCERT", "id": "SA08-150A", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2007-000506", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-200706-496", "trust": 0.6 }, { "db": "SEEBUG", "id": "SSVID-87746", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-25225", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "57506", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "57505", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "60759", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "80533", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "59939", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "58667", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-25225" }, { "db": "BID", "id": "24649" }, { "db": "JVNDB", "id": "JVNDB-2007-000506" }, { "db": "PACKETSTORM", "id": "57506" }, { "db": "PACKETSTORM", "id": "57505" }, { "db": "PACKETSTORM", "id": "60759" }, { "db": "PACKETSTORM", "id": "80533" }, { "db": "PACKETSTORM", "id": "59939" }, { "db": "PACKETSTORM", "id": "58667" }, { "db": "CNNVD", "id": "CNNVD-200706-496" }, { "db": "NVD", "id": "CVE-2007-1863" } ] }, "id": "VAR-200706-0660", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-25225" } ], "trust": 0.26519225 }, "last_update_date": "2024-11-29T19:43:52.747000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Fixed in Apache httpd 2.0.61-dev", "trust": 0.8, "url": "http://httpd.apache.org/security/vulnerabilities_20.html#2.0.61-dev" }, { "title": "Fixed in Apache httpd 2.2.6-dev", "trust": 0.8, "url": "http://httpd.apache.org/security/vulnerabilities_22.html#2.2.6-dev" }, { "title": "Security Update 2008-003", "trust": 0.8, "url": "http://support.apple.com/kb/HT1897" }, { "title": "HPSBUX02262", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01178795" }, { "title": "HPSBUX02262", "trust": 0.8, "url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/HP-UX/HPSBUX02262.html" }, { "title": "4017303", "trust": 0.8, "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24017303" }, { "title": "Fix Pack 13 (6.1.0.13)", "trust": 0.8, "url": "http://www-1.ibm.com/support/docview.wss?uid=swg27007951#61013" }, { "title": "PK49355", "trust": 0.8, "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK49355" }, { "title": "4017141", "trust": 0.8, "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24017141" }, { "title": "httpd (V3.0,V4.0)", "trust": 0.8, "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=1073" }, { "title": "apache (V2.x)", "trust": 0.8, "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=1078" }, { "title": "RHSA-2007:0533", "trust": 0.8, "url": "https://rhn.redhat.com/errata/RHSA-2007-0533.html" }, { "title": "RHSA-2007:0534", "trust": 0.8, "url": "https://rhn.redhat.com/errata/RHSA-2007-0534.html" }, { "title": "RHSA-2007:0556", "trust": 0.8, "url": "https://rhn.redhat.com/errata/RHSA-2007-0556.html" }, { "title": "TLSA-2007-41", "trust": 0.8, "url": "http://www.turbolinux.com/security/2007/TLSA-2007-41.txt" }, { "title": "RHSA-2007:0533", "trust": 0.8, "url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2007-0533J.html" }, { "title": "RHSA-2007:0534", "trust": 0.8, "url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2007-0534J.html" }, { "title": "RHSA-2007:0556", "trust": 0.8, "url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2007-0556J.html" }, { "title": "TLSA-2007-41", "trust": 0.8, "url": "http://www.turbolinux.co.jp/security/2007/TLSA-2007-41j.txt" }, { "title": "interstage_as_200802", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_200802.html" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2007-000506" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-Other", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2007-1863" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "http://www.securityfocus.com/bid/24649" }, { "trust": 2.5, "url": "http://www.us-cert.gov/cas/techalerts/ta08-150a.html" }, { "trust": 2.0, "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1pk49355" }, { "trust": 2.0, "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1pk52702" }, { "trust": 2.0, "url": "https://rhn.redhat.com/errata/rhsa-2007-0533.html" }, { "trust": 2.0, "url": "http://rhn.redhat.com/errata/rhsa-2007-0534.html" }, { "trust": 2.0, "url": "http://rhn.redhat.com/errata/rhsa-2007-0556.html" }, { "trust": 2.0, "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=244658" }, { "trust": 2.0, "url": "http://support.avaya.com/elmodocs2/security/asa-2007-353.htm" }, { "trust": 2.0, "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.html" }, { "trust": 1.8, "url": "http://security.gentoo.org/glsa/glsa-200711-06.xml" }, { "trust": 1.7, "url": "http://www.securitytracker.com/id?1018303" }, { "trust": 1.7, "url": "http://www.trustix.org/errata/2007/0026/" }, { "trust": 1.7, "url": "http://www.securityfocus.com/archive/1/505990/100/0/threaded" }, { "trust": 1.7, "url": "http://secunia.com/advisories/25830" }, { "trust": 1.7, "url": "http://secunia.com/advisories/25873" }, { "trust": 1.7, "url": "http://secunia.com/advisories/25920" }, { "trust": 1.7, "url": "http://secunia.com/advisories/26273" }, { "trust": 1.7, "url": "http://secunia.com/advisories/26443" }, { "trust": 1.7, "url": "http://secunia.com/advisories/26508" }, { "trust": 1.7, "url": "http://secunia.com/advisories/26822" }, { "trust": 1.7, "url": "http://secunia.com/advisories/26842" }, { "trust": 1.7, "url": "http://secunia.com/advisories/26993" }, { "trust": 1.7, "url": "http://secunia.com/advisories/27037" }, { "trust": 1.7, "url": "http://secunia.com/advisories/27563" }, { "trust": 1.7, "url": "http://secunia.com/advisories/27732" }, { "trust": 1.7, "url": "http://secunia.com/advisories/28606" }, { "trust": 1.7, "url": "http://secunia.com/advisories/30430" }, { "trust": 1.7, "url": "http://osvdb.org/37079" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2007/2727" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2007/3283" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2007/3386" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2008/0233" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2008/1697" }, { "trust": 1.7, "url": "http://lists.apple.com/archives/security-announce/2008//may/msg00001.html" }, { "trust": 1.7, "url": "http://www.redhat.com/archives/fedora-package-announce/2007-september/msg00320.html" }, { "trust": 1.7, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01178795" }, { "trust": 1.7, "url": "http://www.mandriva.com/security/advisories?name=mdksa-2007:140" }, { "trust": 1.7, "url": "http://www.mandriva.com/security/advisories?name=mdksa-2007:141" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2007-0557.html" }, { "trust": 1.7, "url": "http://www.novell.com/linux/security/advisories/2007_61_apache2.html" }, { "trust": 1.7, "url": "http://www.ubuntu.com/usn/usn-499-1" }, { "trust": 1.7, "url": "http://lists.vmware.com/pipermail/security-announce/2009/000062.html" }, { "trust": 1.7, "url": "http://bugs.gentoo.org/show_bug.cgi?id=186219" }, { "trust": 1.7, "url": "https://issues.rpath.com/browse/rpl-1500" }, { "trust": 1.7, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a9824" }, { "trust": 1.6, "url": "http://svn.apache.org/viewvc?view=rev\u0026revision=535617" }, { "trust": 1.4, "url": "http://httpd.apache.org/security/vulnerabilities_20.html" }, { "trust": 1.4, "url": "http://httpd.apache.org/security/vulnerabilities_22.html" }, { "trust": 1.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1863" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3ccvs.httpd.apache.org%3e" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnta08-150a/" }, { "trust": 0.8, "url": "http://jvn.jp/tr/trta08-150a/index.html" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-1863" }, { "trust": 0.8, "url": "http://www.us-cert.gov/cas/alerts/sa08-150a.html" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2006-5752" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-1863" }, { "trust": 0.6, "url": "httpd.apache.org%3e" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165%40%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3ccvs." }, { "trust": 0.6, "url": "httpd.apache.org/security/vulnerabilities_22.html" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs." }, { "trust": 0.6, "url": "httpd.apache.org/security/vulnerabilities_20.html" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3ccvs." }, { "trust": 0.4, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5752" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-3304" }, { "trust": 0.3, "url": "http://httpd.apache.org/" }, { "trust": 0.3, "url": "http://httpd.apache.org/security/vulnerabilities_13.html" }, { "trust": 0.3, "url": "/archive/1/481830" }, { "trust": 0.3, "url": "/archive/1/479708" }, { "trust": 0.3, "url": "http://support.avaya.com/elmodocs2/security/asa-2007-327.htm" }, { "trust": 0.3, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3304" }, { "trust": 0.2, "url": "http://www.mandriva.com/security/" }, { "trust": 0.2, "url": "http://www.mandriva.com/security/advisories" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-3847" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3847" }, { "trust": 0.1, "url": "http://svn.apache.org/viewvc?view=rev\u0026amp;revision=535617" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1862" }, { "trust": 0.1, "url": "http://secunia.com/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4465" }, { "trust": 0.1, "url": "http://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://enigmail.mozdev.org" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-1862" }, { "trust": 0.1, "url": "http://lists.grok.org.uk/full-disclosure-charter.html" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-4465" }, { "trust": 0.1, "url": "http://download3.vmware.com/software/vmplayer/vmware-player-2.5.3-185404.i386.rpm" }, { "trust": 0.1, "url": "http://www.vmware.com/support/ace25/doc/releasenotes_ace253.html" }, { "trust": 0.1, "url": "http://www.vmware.com/support/player25/doc/releasenotes_player253.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5000" }, { "trust": 0.1, "url": "http://www.vmware.com/download/ace/" }, { "trust": 0.1, "url": "http://www.vmware.com/download/player/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6388" }, { "trust": 0.1, "url": "http://www.vmware.com/security" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0005" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/1055" }, { "trust": 0.1, "url": "http://www.vmware.com/support/ws65/doc/releasenotes_ws653.html" }, { "trust": 0.1, "url": "http://www.vmware.com/download/ws/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0040" }, { "trust": 0.1, "url": "http://www.vmware.com/support/policies/security_response.html" }, { "trust": 0.1, "url": "http://download3.vmware.com/software/vmplayer/vmware-player-2.5.3-185404.x86_64.rpm" }, { "trust": 0.1, "url": "http://www.vmware.com/support/policies/eos.html" }, { "trust": 0.1, "url": "http://download3.vmware.com/software/vmplayer/vmware-player-2.5.3-185404.exe" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5000" }, { "trust": 0.1, "url": "http://download3.vmware.com/software/vmplayer/vmware-player-2.5.3-185404.i386.bundle" }, { "trust": 0.1, "url": "http://download3.vmware.com/software/vmplayer/vmware-player-2.5.3-185404.x86_64.bundle" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0040" }, { "trust": 0.1, "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6388" }, { "trust": 0.1, "url": "http://www.vmware.com/support/policies/eos_vi.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0005" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0450" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-1860" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-1358" }, { "trust": 0.1, "url": "https://www.hp.com/go/softwaredepot/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-1900" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-1355" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0774" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-3386" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-2450" }, { "trust": 0.1, "url": "http://h30046.www3.hp.com/subsignin.php" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-2872" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-3382" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-2756" }, { "trust": 0.1, "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-3385" }, { "trust": 0.1, "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc" }, { "trust": 0.1, "url": "https://www.hp.com/go/swa" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-1887" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2090" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-2449" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu0.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu0.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu0.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu0.1.dsc" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu0.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu0.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu0.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu0.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu0.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3.orig.tar.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu0.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu0.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu0.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.2_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu0.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1.diff.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu0.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu0.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu0.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu0.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.3-3.2ubuntu0.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu0.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.3-3.2ubuntu0.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.3-3.2ubuntu0.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu0.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu0.1.diff.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu4.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2.dsc" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu0.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu0.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1.dsc" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu0.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2.diff.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu0.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu0.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu0.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu0.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu0.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu0.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu0.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu0.1_i386.deb" } ], "sources": [ { "db": "VULHUB", "id": "VHN-25225" }, { "db": "BID", "id": "24649" }, { "db": "JVNDB", "id": "JVNDB-2007-000506" }, { "db": "PACKETSTORM", "id": "57506" }, { "db": "PACKETSTORM", "id": "57505" }, { "db": "PACKETSTORM", "id": "60759" }, { "db": "PACKETSTORM", "id": "80533" }, { "db": "PACKETSTORM", "id": "59939" }, { "db": "PACKETSTORM", "id": "58667" }, { "db": "CNNVD", "id": "CNNVD-200706-496" }, { "db": "NVD", "id": "CVE-2007-1863" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-25225" }, { "db": "BID", "id": "24649" }, { "db": "JVNDB", "id": "JVNDB-2007-000506" }, { "db": "PACKETSTORM", "id": "57506" }, { "db": "PACKETSTORM", "id": "57505" }, { "db": "PACKETSTORM", "id": "60759" }, { "db": "PACKETSTORM", "id": "80533" }, { "db": "PACKETSTORM", "id": "59939" }, { "db": "PACKETSTORM", "id": "58667" }, { "db": "CNNVD", "id": "CNNVD-200706-496" }, { "db": "NVD", "id": "CVE-2007-1863" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2007-06-27T00:00:00", "db": "VULHUB", "id": "VHN-25225" }, { "date": "2007-06-26T00:00:00", "db": "BID", "id": "24649" }, { "date": "2007-07-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2007-000506" }, { "date": "2007-07-07T04:30:58", "db": "PACKETSTORM", "id": "57506" }, { "date": "2007-07-07T04:29:41", "db": "PACKETSTORM", "id": "57505" }, { "date": "2007-11-07T20:27:55", "db": "PACKETSTORM", "id": "60759" }, { "date": "2009-08-23T16:31:17", "db": "PACKETSTORM", "id": "80533" }, { "date": "2007-10-10T05:27:27", "db": "PACKETSTORM", "id": "59939" }, { "date": "2007-08-17T06:30:14", "db": "PACKETSTORM", "id": "58667" }, { "date": "2007-06-27T00:00:00", "db": "CNNVD", "id": "CNNVD-200706-496" }, { "date": "2007-06-27T17:30:00", "db": "NVD", "id": "CVE-2007-1863" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-02-13T00:00:00", "db": "VULHUB", "id": "VHN-25225" }, { "date": "2010-08-05T21:15:00", "db": "BID", "id": "24649" }, { "date": "2009-02-09T00:00:00", "db": "JVNDB", "id": "JVNDB-2007-000506" }, { "date": "2023-02-14T00:00:00", "db": "CNNVD", "id": "CNNVD-200706-496" }, { "date": "2024-11-21T00:29:20.153000", "db": "NVD", "id": "CVE-2007-1863" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-200706-496" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache HTTP Server of mod_cache In module null The problem of caching values that are", "sources": [ { "db": "JVNDB", "id": "JVNDB-2007-000506" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-200706-496" } ], "trust": 0.6 } }
var-201306-0139
Vulnerability from variot
Unspecified vulnerability in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Javadoc. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to frame injection in HTML that is generated by Javadoc. Oracle Java Development Toolkit (JDK) include Javadoc Generated by the tool HTML The file contains a vulnerability that can display the contents of any website in a frame within the page. For details, check the information provided by the developer.The contents of any website may be displayed in a frame within the web page and used for phishing scams, etc. Oracle Java SE is prone to a frame-injection vulnerability. Successful exploits may allow attackers to redirect victims to a malicious website. This may lead to other attacks. This vulnerability affects the following supported versions: 7 Update 21 , 6 Update 45 , 5.0 Update 45 , JavaFX 2.2.21.
A flaw was found in the way the tomcat6 init script handled the tomcat6-initd.log log file. A malicious web application deployed on Tomcat could use this flaw to perform a symbolic link attack to change the ownership of an arbitrary system file to that of the tomcat user, allowing them to escalate their privileges to root (CVE-2013-1976).
It was discovered that Tomcat incorrectly handled certain authentication requests.
Note: With this update, tomcat6-initd.log has been moved from /var/log/tomcat6/ to the /var/log/ directory. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFTBGbfmqjQ0CJFipgRAqoFAJ9rlsBNuojSUoFTrtzjClT1Baj4GACg3oCE t3Cmz3RfMCdPvQPAOR3vuf4= =bOtM -----END PGP SIGNATURE-----
. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03898880
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03898880 Version: 1
HPSBUX02922 SSRT101305 rev.1 - HP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2013-08-19 Last Updated: 2013-08-16
Potential Security Impact: Remote unauthorized access, disclosure of information, and other vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in Java5 Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities. HP-UX B.11.11, B.11.23, and B.11.31 running HP JDK and JRE v5.0.28 and earlier
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2013-0401 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1491 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1500 (AV:L/AC:L/Au:N/C:P/I:P/A:N) 3.6 CVE-2013-1518 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1537 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1557 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1569 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1571 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2013-2383 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-2384 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-2394 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2013-2417 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2013-2419 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2013-2420 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-2424 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2013-2429 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2013-2430 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2013-2432 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-2433 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2013-2439 (AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.9 CVE-2013-2444 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2013-2445 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2013-2446 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2013-2447 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2013-2448 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2013-2450 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2013-2452 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2013-2454 (AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8 CVE-2013-2455 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2013-2456 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2013-2457 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2013-2459 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-2463 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-2464 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-2465 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-2469 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-2470 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-2471 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-2472 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-2473 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-3743 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following Java version upgrade to resolve these vulnerabilities.
The upgrade is available from the following location http://www.hp.com/go/java HP-UX Version HPJava Version
B.11.11, B.11.23, B.11.31 JDK / JRE v5.0.29 or subsequent
MANUAL ACTIONS: Yes - Update For Java v5.0 update to Java v5.0.29 or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.23 HP-UX B.11.31 =========== Jdk15.JDK15-COM Jdk15.JDK15-DEMO Jdk15.JDK15-IPF32 Jdk15.JDK15-IPF64 Jre15.JRE15-COM Jre15.JRE15-COM-DOC Jre15.JRE15-IPF32 Jre15.JRE15-IPF32-HS Jre15.JRE15-IPF64 Jre15.JRE15-IPF64-HS action: install revision 1.5.0.29.00 or subsequent
HP-UX B.11.11 HP-UX B.11.23 =========== Jdk15.JDK15-COM Jdk15.JDK15-DEMO Jdk15.JDK15-PA20 Jdk15.JDK15-PA20W Jre15.JRE15-COM Jre15.JRE15-COM-DOC Jre15.JRE15-PA20 Jre15.JRE15-PA20-HS Jre15.JRE15-PA20W Jre15.JRE15-PA20W-HS action: install revision 1.5.0.29.00 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) - 19 August 2013 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2013 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2013-06-18-1 Java for OS X 2013-004 and Mac OS X v10.6 Update 16
Java for OS X 2013-004 and Mac OS X v10.6 Update 16 is now available and addresses the following:
Java Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 or later, OS X Lion Server v10.7 or later, OS X Mountain Lion 10.8 or later Impact: Multiple vulnerabilities in Java 1.6.0_45 Description: 8011782 Multiple vulnerabilities existed in Java 1.6.0_45, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. These issues were addressed by updating to Java version 1.6.0_51. Further information is available via the Java website at ht tp://www.oracle.com/technetwork/java/javase/releasenotes-136954.html CVE-ID CVE-2013-1500 CVE-2013-1571 CVE-2013-2407 CVE-2013-2412 CVE-2013-2437 CVE-2013-2442 CVE-2013-2443 CVE-2013-2444 CVE-2013-2445 CVE-2013-2446 CVE-2013-2447 CVE-2013-2448 CVE-2013-2450 CVE-2013-2451 CVE-2013-2452 CVE-2013-2453 CVE-2013-2454 CVE-2013-2455 CVE-2013-2456 CVE-2013-2457 CVE-2013-2459 CVE-2013-2461 CVE-2013-2463 CVE-2013-2464 CVE-2013-2465 CVE-2013-2466 CVE-2013-2468 CVE-2013-2469 CVE-2013-2470 CVE-2013-2471 CVE-2013-2472 CVE-2013-2473 CVE-2013-3743 CVE_2013-2445
Java for OS X 2013-004 and Mac OS X v10.6 Update 16 may be obtained from the Software Update pane in System Preferences, Mac App Store, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/
For Mac OS X v10.6 systems The download file is named: JavaForMacOSX10.6.Update16.dmg Its SHA-1 digest is: a6b5a9caa3c0d9acf743da8e4c0e5cfe4e471b01
For OS X Lion and Mountain Lion systems The download file is named: JavaForOSX2013-004.dmg Its SHA-1 digest is: 153c3f74d5285d10008fce2004d904da8d2ffdff
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJRwL5AAAoJEPefwLHPlZEwju0QALM1IST/ATt2xR1L0AQcaZRX eiM07MlvAlE9Jv45xqKLUezRU8XQT6+glN51/hBhpyCa8MJIzPiSnnOIAW+vbA5o RjXQTGPGT1IPSfEk7OWS++566riMLmTOvg45Qn0E/ibOqJHpfrR4wzQX5jpv7lzH EbdKxn+KWfHCF2y/2LCFifDHUBPCjUlbWTRznDCYVHsFbtDiP/vAZiSXsNJtLTXK UOD/eGbel2PEqWOOsUNIrzwvztRB+LsYT4xKQQnsEKJqoyMch/UgB1Uo2jgEPn0U YP3WZbjbDV+UcM+yMoCV/qDFhbJ+qBxTbuwYOHuSDpgqJ7vF8s0cdUUb6U7QLW4/ 3ykC7vOUS/JqYkiqwUxuKVpzSUYXrlez36sQuwCR9AOGCJ/0/MwM8QPavFAdGisP 36ZavJ4k2Dp2CfVmWjexpWY7XN9M36Lh57XChxQk9TcbjUJRrqNadlPyzaja3G9a 95Dq1N1dYfLuFm4MtyeDA0xQl8m8ljnSxH3TQoDcTwvvWGIGdG7EEVpdQqM/MTWY CY2EqMkY3Gouet+QvECYwxOz+g0hcaJd973kSM+5AJ7tVfod93NDW3P13k2cfdTC uo9IgGkhuNY40NuLpJLtTwlHcTCwBtKPt0BLwXugZdoDrgz1j8Q+fLuASSTkUQxl 3t9MUCG40o5ZQFyWqV1+ =zFXN -----END PGP SIGNATURE----- . Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: java-1.7.0-openjdk security update Advisory ID: RHSA-2013:0957-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0957.html Issue date: 2013-06-19 CVE Names: CVE-2013-1500 CVE-2013-1571 CVE-2013-2407 CVE-2013-2412 CVE-2013-2443 CVE-2013-2444 CVE-2013-2445 CVE-2013-2446 CVE-2013-2447 CVE-2013-2448 CVE-2013-2449 CVE-2013-2450 CVE-2013-2452 CVE-2013-2453 CVE-2013-2454 CVE-2013-2455 CVE-2013-2456 CVE-2013-2457 CVE-2013-2458 CVE-2013-2459 CVE-2013-2460 CVE-2013-2461 CVE-2013-2463 CVE-2013-2465 CVE-2013-2469 CVE-2013-2470 CVE-2013-2471 CVE-2013-2472 CVE-2013-2473 =====================================================================
- Summary:
Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64
- Description:
These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit.
Multiple flaws were discovered in the ImagingLib and the image attribute, channel, layout and raster processing in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. (CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-2463, CVE-2013-2465, CVE-2013-2469)
Integer overflow flaws were found in the way AWT processed certain input. An attacker could use these flaws to execute arbitrary code with the privileges of the user running an untrusted Java applet or application. (CVE-2013-2459)
Multiple improper permission check issues were discovered in the Sound, JDBC, Libraries, JMX, and Serviceability components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-2448, CVE-2013-2454, CVE-2013-2458, CVE-2013-2457, CVE-2013-2453, CVE-2013-2460)
Multiple flaws in the Serialization, Networking, Libraries and CORBA components can be exploited by an untrusted Java application or applet to gain access to potentially sensitive information. (CVE-2013-2456, CVE-2013-2447, CVE-2013-2455, CVE-2013-2452, CVE-2013-2443, CVE-2013-2446)
It was discovered that the Hotspot component did not properly handle out-of-memory errors. An untrusted Java application or applet could possibly use these flaws to terminate the Java Virtual Machine. (CVE-2013-2445)
It was discovered that the AWT component did not properly manage certain resources and that the ObjectStreamClass of the Serialization component did not properly handle circular references. An untrusted Java application or applet could possibly use these flaws to cause a denial of service. (CVE-2013-2444, CVE-2013-2450)
It was discovered that the Libraries component contained certain errors related to XML security and the class loader. A remote attacker could possibly exploit these flaws to bypass intended security mechanisms or disclose potentially sensitive information and cause a denial of service. (CVE-2013-2407, CVE-2013-2461)
It was discovered that JConsole did not properly inform the user when establishing an SSL connection failed. An attacker could exploit this flaw to gain access to potentially sensitive information. (CVE-2013-2412)
It was discovered that GnomeFileTypeDetector did not check for read permissions when accessing files. An untrusted Java application or applet could possibly use this flaw to disclose potentially sensitive information. If such documentation was accessible over a network, and a remote attacker could trick a user into visiting a specially-crafted URL, it would lead to arbitrary web content being displayed next to the documentation. This could be used to perform a phishing attack by providing frame content that spoofed a login form on the site hosting the vulnerable documentation. (CVE-2013-1571)
It was discovered that the 2D component created shared memory segments with insecure permissions. A local attacker could use this flaw to read or write to the shared memory segment. (CVE-2013-1500)
Red Hat would like to thank Tim Brown for reporting CVE-2013-1500, and US-CERT for reporting CVE-2013-1571. US-CERT acknowledges Oracle as the original reporter of CVE-2013-1571.
Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.
After installing this update, users of icedtea-web must install RHBA-2013:0959 for icedtea-web to continue functioning.
This erratum also upgrades the OpenJDK package to IcedTea7 2.3.10. Refer to the NEWS file, linked to in the References, for further information.
- Solution:
All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258
- Bugs fixed (http://bugzilla.redhat.com/):
973474 - CVE-2013-1571 OpenJDK: Frame injection in generated HTML (Javadoc, 8012375) 975099 - CVE-2013-2470 OpenJDK: ImagingLib byte lookup processing (2D, 8011243) 975102 - CVE-2013-2471 OpenJDK: Incorrect IntegerComponentRaster size checks (2D, 8011248) 975107 - CVE-2013-2472 OpenJDK: Incorrect ShortBandedRaster size checks (2D, 8011253) 975110 - CVE-2013-2473 OpenJDK: Incorrect ByteBandedRaster size checks (2D, 8011257) 975115 - CVE-2013-2463 OpenJDK: Incorrect image attribute verification (2D, 8012438) 975118 - CVE-2013-2465 OpenJDK: Incorrect image channel verification (2D, 8012597) 975120 - CVE-2013-2469 OpenJDK: Incorrect image layout verification (2D, 8012601) 975121 - CVE-2013-2459 OpenJDK: Various AWT integer overflow checks (AWT, 8009071) 975122 - CVE-2013-2460 OpenJDK: tracing insufficient access checks (Serviceability, 8010209) 975124 - CVE-2013-2445 OpenJDK: Better handling of memory allocation errors (Hotspot, 7158805) 975125 - CVE-2013-2448 OpenJDK: Better access restrictions (Sound, 8006328) 975126 - CVE-2013-2461 OpenJDK: Missing check for valid DOMCanonicalizationMethod canonicalization algorithm (Libraries, 8014281) 975127 - CVE-2013-2407 OpenJDK: Integrate Apache Santuario, rework class loader (Libraries, 6741606, 8008744) 975129 - CVE-2013-2454 OpenJDK: SerialJavaObject package restriction (JDBC, 8009554) 975130 - CVE-2013-2458 OpenJDK: Method handles (Libraries, 8009424) 975131 - CVE-2013-2444 OpenJDK: Resource denial of service (AWT, 8001038) 975132 - CVE-2013-2446 OpenJDK: output stream access restrictions (CORBA, 8000642) 975133 - CVE-2013-2457 OpenJDK: Proper class checking (JMX, 8008120) 975134 - CVE-2013-2453 OpenJDK: MBeanServer Introspector package access (JMX, 8008124) 975137 - CVE-2013-2443 OpenJDK: AccessControlContext check order issue (Libraries, 8001330) 975138 - CVE-2013-2452 OpenJDK: Unique VMIDs(Libraries, 8001033) 975139 - CVE-2013-2455 OpenJDK: getEnclosing* checks (Libraries, 8007812) 975140 - CVE-2013-2447 OpenJDK: Prevent revealing the local address (Networking, 8001318) 975141 - CVE-2013-2450 OpenJDK: ObjectStreamClass circular reference denial of service (Serialization, 8000638) 975142 - CVE-2013-2456 OpenJDK: ObjectOutputStream access checks (Serialization, 8008132) 975144 - CVE-2013-2412 OpenJDK: JConsole SSL support (Serviceability, 8003703) 975145 - CVE-2013-2449 OpenJDK: GnomeFileTypeDetector path access check(Libraries, 8004288) 975148 - CVE-2013-1500 OpenJDK: Insecure shared memory permissions (2D, 8001034)
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.25-2.3.10.3.el6_4.src.rpm
i386: java-1.7.0-openjdk-1.7.0.25-2.3.10.3.el6_4.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.25-2.3.10.3.el6_4.i686.rpm
x86_64: java-1.7.0-openjdk-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.25-2.3.10.3.el6_4.src.rpm
i386: java-1.7.0-openjdk-debuginfo-1.7.0.25-2.3.10.3.el6_4.i686.rpm java-1.7.0-openjdk-demo-1.7.0.25-2.3.10.3.el6_4.i686.rpm java-1.7.0-openjdk-devel-1.7.0.25-2.3.10.3.el6_4.i686.rpm java-1.7.0-openjdk-src-1.7.0.25-2.3.10.3.el6_4.i686.rpm
noarch: java-1.7.0-openjdk-javadoc-1.7.0.25-2.3.10.3.el6_4.noarch.rpm
x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.25-2.3.10.3.el6_4.src.rpm
x86_64: java-1.7.0-openjdk-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.25-2.3.10.3.el6_4.src.rpm
noarch: java-1.7.0-openjdk-javadoc-1.7.0.25-2.3.10.3.el6_4.noarch.rpm
x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.25-2.3.10.3.el6_4.src.rpm
i386: java-1.7.0-openjdk-1.7.0.25-2.3.10.3.el6_4.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.25-2.3.10.3.el6_4.i686.rpm java-1.7.0-openjdk-devel-1.7.0.25-2.3.10.3.el6_4.i686.rpm
x86_64: java-1.7.0-openjdk-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.25-2.3.10.3.el6_4.src.rpm
i386: java-1.7.0-openjdk-debuginfo-1.7.0.25-2.3.10.3.el6_4.i686.rpm java-1.7.0-openjdk-demo-1.7.0.25-2.3.10.3.el6_4.i686.rpm java-1.7.0-openjdk-src-1.7.0.25-2.3.10.3.el6_4.i686.rpm
noarch: java-1.7.0-openjdk-javadoc-1.7.0.25-2.3.10.3.el6_4.noarch.rpm
x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.25-2.3.10.3.el6_4.src.rpm
i386: java-1.7.0-openjdk-1.7.0.25-2.3.10.3.el6_4.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.25-2.3.10.3.el6_4.i686.rpm java-1.7.0-openjdk-devel-1.7.0.25-2.3.10.3.el6_4.i686.rpm
x86_64: java-1.7.0-openjdk-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.25-2.3.10.3.el6_4.src.rpm
i386: java-1.7.0-openjdk-debuginfo-1.7.0.25-2.3.10.3.el6_4.i686.rpm java-1.7.0-openjdk-demo-1.7.0.25-2.3.10.3.el6_4.i686.rpm java-1.7.0-openjdk-src-1.7.0.25-2.3.10.3.el6_4.i686.rpm
noarch: java-1.7.0-openjdk-javadoc-1.7.0.25-2.3.10.3.el6_4.noarch.rpm
x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2013-1500.html https://www.redhat.com/security/data/cve/CVE-2013-1571.html https://www.redhat.com/security/data/cve/CVE-2013-2407.html https://www.redhat.com/security/data/cve/CVE-2013-2412.html https://www.redhat.com/security/data/cve/CVE-2013-2443.html https://www.redhat.com/security/data/cve/CVE-2013-2444.html https://www.redhat.com/security/data/cve/CVE-2013-2445.html https://www.redhat.com/security/data/cve/CVE-2013-2446.html https://www.redhat.com/security/data/cve/CVE-2013-2447.html https://www.redhat.com/security/data/cve/CVE-2013-2448.html https://www.redhat.com/security/data/cve/CVE-2013-2449.html https://www.redhat.com/security/data/cve/CVE-2013-2450.html https://www.redhat.com/security/data/cve/CVE-2013-2452.html https://www.redhat.com/security/data/cve/CVE-2013-2453.html https://www.redhat.com/security/data/cve/CVE-2013-2454.html https://www.redhat.com/security/data/cve/CVE-2013-2455.html https://www.redhat.com/security/data/cve/CVE-2013-2456.html https://www.redhat.com/security/data/cve/CVE-2013-2457.html https://www.redhat.com/security/data/cve/CVE-2013-2458.html https://www.redhat.com/security/data/cve/CVE-2013-2459.html https://www.redhat.com/security/data/cve/CVE-2013-2460.html https://www.redhat.com/security/data/cve/CVE-2013-2461.html https://www.redhat.com/security/data/cve/CVE-2013-2463.html https://www.redhat.com/security/data/cve/CVE-2013-2465.html https://www.redhat.com/security/data/cve/CVE-2013-2469.html https://www.redhat.com/security/data/cve/CVE-2013-2470.html https://www.redhat.com/security/data/cve/CVE-2013-2471.html https://www.redhat.com/security/data/cve/CVE-2013-2472.html https://www.redhat.com/security/data/cve/CVE-2013-2473.html https://access.redhat.com/security/updates/classification/#critical http://icedtea.classpath.org/hg/release/icedtea7-2.3/file/icedtea-2.3.10/NEWS https://rhn.redhat.com/errata/RHBA-2013-0959.html
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFRwkhZXlSAg2UNWIIRAq8SAJ9tsW9PY39Aa6lmSLhOhlUi8hrnugCePCKO NAdLLpJKlVulPXKONu/CudU= =+H1U -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201306-0139", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "javafx", "scope": "lte", "trust": 1.8, "vendor": "oracle", "version": "2.2.21" }, { "model": "javafx", "scope": "eq", "trust": 1.3, "vendor": "oracle", "version": "2.2.7" }, { "model": "javafx", "scope": "eq", "trust": 1.3, "vendor": "oracle", "version": "2.2.4" }, { "model": "javafx", "scope": "eq", "trust": 1.3, "vendor": "oracle", "version": "2.2" }, { "model": "javafx", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "2.2.5" }, { "model": "javafx", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "2.2.3" }, { "model": "javafx", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "2.0.2" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.5.0" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.5.0" }, { "model": "javafx", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "2.0" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.6.0" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.6.0" }, { "model": "jre", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "1.7.0" }, { "model": "jdk", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "1.7.0" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.7.0" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.7.0" }, { "model": "jre", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "1.6.0" }, { "model": "jre", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "1.5.0" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.6.0" }, { "model": "jdk", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "1.5.0" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.6.0" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.5.0" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.5.0" }, { "model": "jdk", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "1.6.0" }, { "model": "javafx", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "2.0.3" }, { "model": "javafx", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "2.1" }, { "model": "jre 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 13", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 12", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 22", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 18", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 16", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 15", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 03", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 01", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.7" }, { "model": "jre 1.6.0 21", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 15", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 14", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 11", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 03", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 02", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 01", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 35", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 33", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 32", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 31", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 30", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 29", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 28", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 27", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 26", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 25", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 23", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 17", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 14", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 13", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 12", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 11", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 10", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 14", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 13", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 11", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 0 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 22", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 18", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 15", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 14", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 01", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk .0 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.6.0 21", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 15", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 03", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 02", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 35", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 33", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 32", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 31", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 30", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 29", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 28", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 27", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 26", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 25", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 24", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 23", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 16", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 13", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.7.0 9", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.7.0 8", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.7.0 17", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.7.0 13", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.7.0 11", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.7.0 10", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 43", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 39", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 38", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0 41", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0 39", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 45", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.7.0 7", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.7.0 4", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.7.0 2", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 35", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 32", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 30", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 28", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 27", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 26", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 25", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 24", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 23", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 22", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0 38", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0 36", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.7.0 9", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.7.0 8", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.7.0 21", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.7.0 13", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.7.0 12", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.7.0 11", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.7.0 10", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 45", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 43", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 39", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.5.0 45", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.5.0 39", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 37", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk", "scope": "eq", "trust": 0.9, "vendor": "oracle", "version": "1.7" }, { "model": "jdk 1.7.0 7", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.7.0 4", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.7.0 2", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 38", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 35", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 32", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 30", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 28", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 27", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 26", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 25", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 24", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 23", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 22", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.5.0 38", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.5.0 36", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "ibm", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "openoffice", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "oracle", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "red hat", "version": null }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6.8" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.7 and later" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.8 and later" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6.8" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.7 and later" }, { "model": "jdk", "scope": "lte", "trust": 0.8, "vendor": "oracle", "version": "5.0 update 45" }, { "model": "jdk", "scope": "lte", "trust": 0.8, "vendor": "oracle", "version": "6 update 45" }, { "model": "jdk", "scope": "lte", "trust": 0.8, "vendor": "oracle", "version": "7 update 21" }, { "model": "jre", "scope": "lte", "trust": 0.8, "vendor": "oracle", "version": "5.0 update 45" }, { "model": "jre", "scope": "lte", "trust": 0.8, "vendor": "oracle", "version": "6 update 45" }, { "model": "jre", "scope": "lte", "trust": 0.8, "vendor": "oracle", "version": "7 update 21" }, { "model": "jdk", "scope": "lte", "trust": 0.8, "vendor": "sun microsystems", "version": "5.0 update 33" }, { "model": "jdk", "scope": "lte", "trust": 0.8, "vendor": "sun microsystems", "version": "6 update 21" }, { "model": "jre", "scope": "lte", "trust": 0.8, "vendor": "sun microsystems", "version": "5.0 update 33" }, { "model": "jre", "scope": "lte", "trust": 0.8, "vendor": "sun microsystems", "version": "6 update 21" }, { "model": "cosminexus application server enterprise", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 6" }, { "model": "cosminexus application server standard", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 6" }, { "model": "cosminexus application server version 5", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus client", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 6" }, { "model": "cosminexus developer light version 6", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer professional version 6", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer standard version 6", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer version 5", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer\u0027s kit for java", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "base" }, { "model": "cosminexus server - standard edition version 4", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus server - web edition version 4", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- standard edition version 4" }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- web edition version 4" }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 5" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "-r" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "express" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "light" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard-r" }, { "model": "ucosminexus application server enterprise", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server smart edition", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "none" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "for plug-in" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "01" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional for plug-in" }, { "model": "ucosminexus developer light", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer standard", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus operator", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "base" }, { "model": "ucosminexus server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard-r" }, { "model": "ucosminexus service architect", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "none" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- messaging" }, { "model": "interstage application framework suite", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage apworks", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage business application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage job workload server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage studio", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage web server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "jre 1.6.0 20", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 2", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.5.0.0 09", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.5.0.0 08", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.5.0.0 07", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk .0 04", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "jdk .0 03", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.6.0 01", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 12", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0.0 12", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0.0 11", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0.0 09", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0.0 08", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 01-b06", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.6" }, { "model": "jdk 11-b03", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "jdk 07-b03", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "jdk 06", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.7.0 12", "scope": null, "trust": 0.6, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0 45", "scope": null, "trust": 0.6, "vendor": "oracle", "version": null }, { "model": "jre 1.7.0 21", "scope": null, "trust": 0.6, "vendor": "oracle", "version": null }, { "model": "jdk 1.7.0 17", "scope": null, "trust": 0.6, "vendor": "oracle", "version": null }, { "model": "jdk 1.5.0 41", "scope": null, "trust": 0.6, "vendor": "oracle", "version": null }, { "model": "freeflow print server 93.e0.21c", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "freeflow print server 91.d2.32", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "freeflow print server 82.d1.44", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "freeflow print server 81.d0.73", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "freeflow print server 73.d2.33", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "freeflow print server 73.c5.11", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "linux enterprise software development kit sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "linux enterprise server sp3 for vmware", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "linux enterprise server sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "linux enterprise server sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "linux enterprise server sp3 ltss", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "linux enterprise java sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "linux enterprise java sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "linux enterprise desktop sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "linux enterprise desktop sp2", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "linux enterprise desktop sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "jre 07", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "jre beta", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "jre 1.5.0 09", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 08", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 01-b06", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 11-b03", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 07-b03", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0.0 06", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "jdk 0 09", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "jdk 0 03", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.5.0 11", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "jdk 01", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6" }, { "model": "jdk 07", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.5.0.0 04", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0.0 03", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "javafx", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "2.0.2" }, { "model": "javafx", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "2.1" }, { "model": "javafx", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "2.0" }, { "model": "trio tview software", "scope": "eq", "trust": 0.3, "vendor": "schneider electric", "version": "3.27.0" }, { "model": "suse core for", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "9x86" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.4" }, { "model": "core", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "9" }, { "model": "network satellite (for rhel", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6)5.5" }, { "model": "network satellite (for rhel", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5)5.5" }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux workstation optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux supplementary server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux server optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux server eus 6.5.z", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6.5" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux hpc node supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux hpc node optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux desktop supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux desktop supplementary client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "enterprise linux desktop optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux desktop client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "jrockit r28.2.7", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "jrockit r28.2.6", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "jrockit r28.2.4", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "jrockit r28.2.2", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "jrockit r27.7.5", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "jrockit r27.7.4", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "jrockit r27.7.3", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "jrockit r27.7.1", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "javafx", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2.2.21" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1x8664" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1" }, { "model": "enterprise server x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "enterprise server", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "websphere real time sr4-fp2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3" }, { "model": "websphere real time", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "websphere process server hypervisor edition for red hat", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "websphere process server hypervisor edition for red hat", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2" }, { "model": "websphere process server hypervisor edition for novell suse", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "websphere process server hypervisor edition for novell suse", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2" }, { "model": "websphere process server hypervisor edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "websphere process server hypervisor edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2" }, { "model": "websphere process server for z/os", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.2" }, { "model": "websphere process server for z/os", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.2" }, { "model": "websphere process server for z/os", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.1" }, { "model": "websphere process server for z/os", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7" }, { "model": "websphere process server for z/os", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2" }, { "model": "websphere process server for z/os", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "websphere process server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.4" }, { "model": "websphere process server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.2" }, { "model": "websphere process server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.2" }, { "model": "websphere process server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.1" }, { "model": "websphere process server feature pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.01" }, { "model": "websphere process server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7" }, { "model": "websphere process server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2" }, { "model": "websphere process server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "websphere process server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "websphere portal", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "websphere portal", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "websphere portal", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "websphere partner gateway express edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0.3" }, { "model": "websphere partner gateway express edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "websphere partner gateway enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.1.2" }, { "model": "websphere partner gateway enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2" }, { "model": "websphere partner gateway advanced edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.1.2" }, { "model": "websphere partner gateway advanced edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2" }, { "model": "websphere partner gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.11" }, { "model": "websphere partner gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.1" }, { "model": "websphere partner gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.25" }, { "model": "websphere partner gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.24" }, { "model": "websphere partner gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.23" }, { "model": "websphere partner gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.22" }, { "model": "websphere partner gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.21" }, { "model": "websphere partner gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.3" }, { "model": "websphere partner gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.2" }, { "model": "websphere partner gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.1" }, { "model": "websphere partner gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "websphere partner gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.1.2" }, { "model": "websphere partner gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2" }, { "model": "websphere operational decision management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.0" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.11" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.19" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.18" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.16" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1.2" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1.1" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.02" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.2" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.1" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.3" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.2" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1.5" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1.4" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1.3" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1.10" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1.0" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.1" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "websphere message broker", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "websphere message broker", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0" }, { "model": "websphere message broker", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "websphere lombardi edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0" }, { "model": "websphere lombardi edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "websphere ilog jrules", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "websphere front office development toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.2" }, { "model": "websphere front office development toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "websphere front office development toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "websphere dynamic process edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "websphere dynamic process edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1" }, { "model": "websphere dynamic process edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2" }, { "model": "websphere dynamic process edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.2" }, { "model": "websphere commerce", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.07" }, { "model": "websphere commerce", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.6" }, { "model": "websphere commerce", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.5" }, { "model": "websphere commerce", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.4" }, { "model": "websphere commerce", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.3" }, { "model": "websphere commerce", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.2" }, { "model": "websphere commerce", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.1" }, { "model": "websphere commerce", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "websphere commerce", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0.9" }, { "model": "websphere commerce", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0.8" }, { "model": "websphere commerce", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0.7" }, { "model": "websphere commerce", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0.6" }, { "model": "websphere commerce", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0.5" }, { "model": "websphere commerce", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0.4" }, { "model": "websphere commerce", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0.3" }, { "model": "websphere commerce", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0.2" }, { "model": "websphere commerce", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0.11" }, { "model": "websphere commerce", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0.10" }, { "model": "websphere commerce", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0.1" }, { "model": "websphere commerce", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0.0" }, { "model": "websphere business services fabric for z/os", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.1" }, { "model": "websphere business services fabric for z/os", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.0" }, { "model": "websphere business services fabric for z/os", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.2" }, { "model": "websphere business services fabric for z/os", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0" }, { "model": "websphere business services fabric for z/os", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.2" }, { "model": "websphere business services fabric for z/os", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0" }, { "model": "websphere business services fabric", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.1" }, { "model": "websphere business services fabric", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.0" }, { "model": "websphere business services fabric", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.2" }, { "model": "websphere business services fabric", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0" }, { "model": "websphere business services fabric", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.2" }, { "model": "websphere business services fabric", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.02" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.03" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.029" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.021" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.9" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.8" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.2" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.13" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.12" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.11" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.141" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.9" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.8" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.7" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.6" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.5" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.4" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.33" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.32" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.3" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.25" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.23" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.22" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.21" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.20" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.2" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.19" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.18" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.17" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.15" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.14" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.13" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.12" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.11" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.10" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.1" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.2" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.1" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.7" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.6" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.7" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.6" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.5" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.4" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.27" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.25" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.23" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.19" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.17" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.15" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.14" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.13" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.1" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.45" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.43" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.39" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.37" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.35" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.34" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.33" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.31" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.29" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.27" }, { "model": "websphere appliance management center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "websphere appliance management center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0" }, { "model": "virtualization engine ts7700", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "tivoli workload scheduler for z/os connector fp02", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "tivoli workload scheduler for z/os connector fp03", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "tivoli workload scheduler for z/os connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "tivoli workload scheduler distributed", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "tivoli workload scheduler distributed", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "tivoli workload scheduler distributed fp02", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "tivoli workload scheduler distributed fp04", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "tivoli workload scheduler distributed fp07", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4" }, { "model": "tivoli system automation for integrated operations management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.1" }, { "model": "tivoli system automation for integrated operations management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1.1" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1.0" }, { "model": "tivoli storage productivity center fp3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.2" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.1" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.0" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "tivoli provisioning manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "tivoli netcool/impact", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.1" }, { "model": "tivoli netcool/impact", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "tivoli netcool/impact", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1" }, { "model": "tivoli netcool/impact", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "tivoli monitoring", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3" }, { "model": "tivoli monitoring fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.33" }, { "model": "tivoli monitoring", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.32" }, { "model": "tivoli monitoring", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.3" }, { "model": "tivoli monitoring", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.29" }, { "model": "tivoli monitoring", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.2" }, { "model": "tivoli monitoring fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.104" }, { "model": "tivoli monitoring", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.1" }, { "model": "tivoli monitoring fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.203" }, { "model": "tivoli monitoring", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2" }, { "model": "tivoli monitoring", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.0.1" }, { "model": "tivoli monitoring", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.3.1" }, { "model": "tivoli monitoring fp6", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.2" }, { "model": "tivoli monitoring fixpack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.24" }, { "model": "tivoli directory server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.222" }, { "model": "tivoli directory server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.147" }, { "model": "tivoli directory server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.9" }, { "model": "tivoli directory server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.8" }, { "model": "tivoli directory server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.7" }, { "model": "tivoli directory server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.6" }, { "model": "tivoli directory server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.5" }, { "model": "tivoli directory server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.4" }, { "model": "tivoli directory server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.3" }, { "model": "tivoli directory server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.2" }, { "model": "tivoli directory server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.15" }, { "model": "tivoli directory server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.14" }, { "model": "tivoli directory server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.13" }, { "model": "tivoli directory server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.12" }, { "model": "tivoli directory server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.11" }, { "model": "tivoli directory server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.10" }, { "model": "tivoli directory server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.1" }, { "model": "tivoli directory server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0" }, { "model": "tivoli directory server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.0.1" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.0" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.2" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.1" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.2" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.1" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0" }, { "model": "tivoli business service manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.1" }, { "model": "tivoli business service manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "tivoli business service manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.1" }, { "model": "tivoli business service manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2" }, { "model": "tivoli application dependency discovery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.2" }, { "model": "tivoli application dependency discovery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.13" }, { "model": "tivoli application dependency discovery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.12" }, { "model": "tivoli application dependency discovery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.11" }, { "model": "tivoli application dependency discovery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.1" }, { "model": "tivoli application dependency discovery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "tivoli application dependency discovery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.1.5" }, { "model": "tivoli application dependency discovery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.1.4" }, { "model": "system storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "sterling external authentication server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.1" }, { "model": "sterling external authentication server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.1" }, { "model": "sterling external authentication server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0" }, { "model": "sterling control center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.41" }, { "model": "sterling control center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.4.1" }, { "model": "sterling control center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "sterling control center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "56009.7" }, { "model": "rational synergy", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.4" }, { "model": "rational host on-demand", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.0" }, { "model": "rational host on-demand", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.0.8" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.18" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.06" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.9" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.8" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.7" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.6" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.5" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.4" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.3" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.2" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.10" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.1" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.9" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.7" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.6" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.5" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.4" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.3" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.2" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.1" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.2" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.1" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.03" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.02" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.28" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.27" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.26" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.25" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.24" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.23" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.21" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.19" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.18" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.17" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.16" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.13" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.12" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.11" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.12" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.6" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.03" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.9" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.2" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.5" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.4" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.1" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.15" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.18" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.17" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.16" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.15" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.14" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.13" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.12" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.11" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.1" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.16" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.15" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.14" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.13" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.12" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.11" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.07" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.06" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.05" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.04" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.03" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.010" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "rational build forge", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.35" }, { "model": "rational build forge", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.34" }, { "model": "rational build forge", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.33" }, { "model": "rational build forge", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.32" }, { "model": "rational build forge", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.31" }, { "model": "rational build forge", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.3" }, { "model": "rational build forge", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.23" }, { "model": "rational build forge", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.22" }, { "model": "rational build forge", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.21" }, { "model": "rational build forge", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2" }, { "model": "rational build forge", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.14" }, { "model": "rational build forge", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.2" }, { "model": "rational build forge", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "rational build forge", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0" }, { "model": "rational build forge", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.02" }, { "model": "rational build forge", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "prerequisite scanner", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.24" }, { "model": "os/400 v6r1m0", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "os/400 v5r4m0", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "operational decision manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "operational decision manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "messagesight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0" }, { "model": "maximo asset management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.1" }, { "model": "maximo asset management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "maximo asset management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.8" }, { "model": "maximo asset management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.7" }, { "model": "maximo asset management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.6" }, { "model": "maximo asset management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.5" }, { "model": "maximo asset management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.4" }, { "model": "maximo asset management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.3" }, { "model": "maximo asset management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.2" }, { "model": "maximo asset management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.1" }, { "model": "maximo asset management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5" }, { "model": "maximo asset management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "maximo asset management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2" }, { "model": "lotus symphony", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "lotus symphony", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.0" }, { "model": "lotus notes", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.3" }, { "model": "lotus notes", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.2" }, { "model": "lotus notes", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "lotus notes", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.2" }, { "model": "lotus notes", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "lotus notes", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.2.3" }, { "model": "lotus notes", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.2.2" }, { "model": "lotus notes", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.2.1" }, { "model": "lotus notes", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1.5" }, { "model": "lotus notes", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1.4" }, { "model": "lotus notes", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1.3" }, { "model": "lotus notes", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1.2" }, { "model": "lotus notes", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.1" }, { "model": "lotus notes", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "lotus notes", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.2.6" }, { "model": "lotus notes", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.2.5" }, { "model": "lotus notes", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.2.4" }, { "model": "lotus notes", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.2.3" }, { "model": "lotus notes", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.2.2" }, { "model": "lotus notes", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.2.1" }, { "model": "lotus notes", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "lotus domino", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.4" }, { "model": "lotus domino", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.3" }, { "model": "lotus domino", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.2" }, { "model": "lotus domino", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "lotus domino", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "lotus domino", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.2" }, { "model": "lotus domino", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "lotus domino", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "lotus domino", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1.1" }, { "model": "lotus domino", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.1" }, { "model": "lotus domino", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.2.4" }, { "model": "lotus domino", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.2.3" }, { "model": "lotus domino", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.2.2" }, { "model": "lotus domino", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.2.1" }, { "model": "lotus domino", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "jre", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.2" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "java sdk", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.2" }, { "model": "java sdk sr4-fp2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7" }, { "model": "java sdk", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7" }, { "model": "java sdk sr5-fp2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.1" }, { "model": "java sdk sr13-fp2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "java sdk", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "java sdk sr16-fp2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "java sdk", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5" }, { "model": "java sdk sr13-fp17", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.2" }, { "model": "infosphere streams", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.0" }, { "model": "infosphere streams", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.0.2" }, { "model": "infosphere streams", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.0.1" }, { "model": "infosphere streams", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.0.0" }, { "model": "infosphere streams", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.0.4" }, { "model": "infosphere streams", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.0.0" }, { "model": "infosphere streams", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.1.0" }, { "model": "infosphere master information hub", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.2" }, { "model": "infosphere master information hub", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.1" }, { "model": "infosphere master data management server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.2" }, { "model": "infosphere master data management server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.1" }, { "model": "infosphere master data management server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "infosphere master data management server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "infosphere master data management server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.0" }, { "model": "infosphere master data management server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "infosphere master data management server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "infosphere guardium data redaction", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.5.0.2" }, { "model": "infosphere enterprise records", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5.1" }, { "model": "infosphere custom domain hub", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.0" }, { "model": "infosphere custom domain hub", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "infosphere custom domain hub", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "informix jdbc 4.10.jc1", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "ims enterprise suite", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.4" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.3" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.2" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.1" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "i v5r4", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "filenet records manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5.0" }, { "model": "enterprise records", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1" }, { "model": "enterprise records", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.0" }, { "model": "cognos tm1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5.2" }, { "model": "cognos tm1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5.1" }, { "model": "cognos tm1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.4.1" }, { "model": "cognos tm1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "cognos tm1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.0" }, { "model": "cognos business intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "cognos business intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4.1" }, { "model": "cognos business intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4" }, { "model": "cognos business intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "cognos business intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "cognos business intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "cognos business intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "business process manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "business process manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "business process manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.1" }, { "model": "nonstop server j6.0.14.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.16", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.15.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.15", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.14.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.14", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.13.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.13", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.12.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.11.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.11.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.10.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.10.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.10.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.09.04", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.09.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.09.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.09.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.09.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.08.04", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.08.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.08.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.08.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.08.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.07.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.07.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.07.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.06.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.06.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.06.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.06.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.05.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.05.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.05.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.04.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.04.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.04.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.27", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.26.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.26", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.25.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.25", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.24.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.24", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.22.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.22.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.21.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.21.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.21.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.20.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.20.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.20.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.20.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.19.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.19.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.19.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.19.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.18.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.18.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.18.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.17.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.17.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.17.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.17.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.16.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.16.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.16.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.15.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.15.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.15.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6" }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "8" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "8" }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "8" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "8" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "5" }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "4.0" }, { "model": "cosminexus server web edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-4" }, { "model": "cosminexus server standard edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-4" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.0" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "5" }, { "model": "cosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6" }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.0" }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "5.0" }, { "model": "cosminexus", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "9.0" }, { "model": "cosminexus", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "8.0" }, { "model": "cosminexus", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.0" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "6" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "5" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.3" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.2" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.1" }, { "model": "voice portal sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "voice portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "voice portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "messaging application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.0" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "ir", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.1" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.0" }, { "model": "conferencing standard edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "conferencing standard edition sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "conferencing standard edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "communication server 1000m signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "communication server 1000m signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "communication server 1000m signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "communication server 1000m", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "communication server 1000m", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "communication server 1000m", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "communication server 1000e signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "communication server 1000e signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "communication server 1000e signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "communication server 1000e", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "communication server 1000e", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "communication server 1000e", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "cms r17", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "cms r16.3", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "cms r16", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "cms r15", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "call management system r17.0", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.1" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.1.0.9" }, { "model": "aura system platform sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.3.9.3" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.3.8.3" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.3.0.3" }, { "model": "aura system platform sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura system platform sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.1" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "aura system manager sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.5" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "aura system manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.5" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.2" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "aura presence services sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "aura experience portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura experience portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura conferencing", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "aura conferencing standard", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura conferencing sp1 standard", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.5.0.15" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.4.0.15" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53003.0" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.4" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.3" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.5" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.8.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.8.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.8.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.8.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.8" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.37" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.36" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.35" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.33" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.32" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.31" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.30" }, { "model": "openoffice sdk", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "3.4.1" }, { "model": "ant", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.9.1" }, { "model": "ant", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.6.2" }, { "model": "ant", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.8.4" }, { "model": "ant", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.8.3" }, { "model": "ant", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.5" }, { "model": "trio tview software", "scope": "ne", "trust": 0.3, "vendor": "schneider electric", "version": "3.29.0" }, { "model": "websphere real time sr5", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3" }, { "model": "websphere mq", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.3" }, { "model": "websphere mq", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.4" }, { "model": "websphere mq", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.0.1.11" }, { "model": "websphere message broker", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "websphere message broker", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.6" }, { "model": "websphere message broker", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.12" }, { "model": "virtualization engine ts7700", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "8.31.0.89" }, { "model": "tivoli system automation for integrated operations management", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "2.1.1.5" }, { "model": "tivoli storage productivity center", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.1.1.2" }, { "model": "tivoli storage productivity center", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "4.2.2.170" }, { "model": "tivoli directory server", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6.2.0.33" }, { "model": "tivoli directory server", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.58" }, { "model": "rational synergy", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.5" }, { "model": "rational business developer", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "8.5.11" }, { "model": "java sdk sr5", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7" }, { "model": "java sdk sr6", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6.0.1" }, { "model": "java sdk sr14", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "java sdk sr16-fp3", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "java sdk sr13-fp18", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.4.2" }, { "model": "infosphere streams", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.1" }, { "model": "infosphere streams", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.0.0.3" }, { "model": "tomcat", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": "6.0.39" }, { "model": "ant", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": "1.9.2" } ], "sources": [ { "db": "CERT/CC", "id": "VU#225657" }, { "db": "BID", "id": "60634" }, { "db": "JVNDB", "id": "JVNDB-2013-003034" }, { "db": "NVD", "id": "CVE-2013-1571" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/o:apple:mac_os_x", "vulnerable": true }, { "cpe22Uri": "cpe:/o:apple:mac_os_x_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:oracle:javafx", "vulnerable": true }, { "cpe22Uri": "cpe:/a:oracle:jdk", "vulnerable": true }, { "cpe22Uri": "cpe:/a:oracle:jre", "vulnerable": true }, { "cpe22Uri": "cpe:/a:sun:jdk", "vulnerable": true }, { "cpe22Uri": "cpe:/a:sun:jre", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server_enterprise", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server_standard", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server_version_5", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_client", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_developer_light_version_6", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_developer_professional_version_6", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_developer_standard_version_6", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_developer_version_5", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_developers_kit_for_java", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_primary_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_server_-_standard_edition_version_4", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_server_-_web_edition_version_4", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_studio", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server_enterprise", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server_smart_edition", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server_standard", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_client", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer_light", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer_standard", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_operator", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_primary_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_service_architect", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_service_platform", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_framework_suite", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_apworks", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_job_workload_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_studio", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_web_server", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2013-003034" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "123735" }, { "db": "PACKETSTORM", "id": "126195" }, { "db": "PACKETSTORM", "id": "122109" }, { "db": "PACKETSTORM", "id": "122273" }, { "db": "PACKETSTORM", "id": "122084" }, { "db": "PACKETSTORM", "id": "122404" } ], "trust": 0.6 }, "cve": "CVE-2013-1571", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "CVE-2013-1571", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "availabilityRequirement": "NOT DEFINED", "baseScore": 5.0, "collateralDamagePotential": "LOW-MEDIUM", "confidentialityImpact": "NONE", "confidentialityRequirement": "NOT DEFINED", "enviromentalScore": 4.4, "exploitability": "FUNCTIONAL", "exploitabilityScore": 10.0, "id": "CVE-2013-1571", "impactScore": 2.9, "integrityImpact": "PARTIAL", "integrityRequirement": "NOT DEFINED", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "remediationLevel": "OFFICIAL FIX", "reportConfidence": "CONFIRMED", "severity": "MEDIUM", "targetDistribution": "MEDIUM", "trust": 0.8, "userInteractionRequired": null, "vector_string": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2013-1571", "trust": 1.6, "value": "MEDIUM" }, { "author": "nvd@nist.gov", "id": "CVE-2013-1571", "trust": 1.0, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2013-1571", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CERT/CC", "id": "VU#225657" }, { "db": "VULMON", "id": "CVE-2013-1571" }, { "db": "JVNDB", "id": "JVNDB-2013-003034" }, { "db": "NVD", "id": "CVE-2013-1571" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Unspecified vulnerability in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Javadoc. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to frame injection in HTML that is generated by Javadoc. Oracle Java Development Toolkit (JDK) include Javadoc Generated by the tool HTML The file contains a vulnerability that can display the contents of any website in a frame within the page. For details, check the information provided by the developer.The contents of any website may be displayed in a frame within the web page and used for phishing scams, etc. Oracle Java SE is prone to a frame-injection vulnerability. \nSuccessful exploits may allow attackers to redirect victims to a malicious website. This may lead to other attacks. \nThis vulnerability affects the following supported versions:\n7 Update 21 , 6 Update 45 , 5.0 Update 45 , JavaFX 2.2.21. \n \n A flaw was found in the way the tomcat6 init script handled the\n tomcat6-initd.log log file. A malicious web application deployed on\n Tomcat could use this flaw to perform a symbolic link attack to change\n the ownership of an arbitrary system file to that of the tomcat user,\n allowing them to escalate their privileges to root (CVE-2013-1976). \n \n It was discovered that Tomcat incorrectly handled certain\n authentication requests. \n \n Note: With this update, tomcat6-initd.log has been moved from\n /var/log/tomcat6/ to the /var/log/ directory. The verification\n of md5 checksums and GPG signatures is performed automatically for you. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFTBGbfmqjQ0CJFipgRAqoFAJ9rlsBNuojSUoFTrtzjClT1Baj4GACg3oCE\nt3Cmz3RfMCdPvQPAOR3vuf4=\n=bOtM\n-----END PGP SIGNATURE-----\n\n\n. In a typical operating environment, these are of low security risk as\nthe runtime is not used on untrusted applets. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c03898880\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c03898880\nVersion: 1\n\nHPSBUX02922 SSRT101305 rev.1 - HP-UX Running Java5 Runtime Environment (JRE)\nand Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of\nInformation, and Other Vulnerabilities\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2013-08-19\nLast Updated: 2013-08-16\n\nPotential Security Impact: Remote unauthorized access, disclosure of\ninformation, and other vulnerabilities\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified in Java5 Runtime\nEnvironment (JRE) and Java Developer Kit (JDK) running on HP-UX. These\nvulnerabilities could allow remote unauthorized access, disclosure of\ninformation, and other vulnerabilities. \nHP-UX B.11.11, B.11.23, and B.11.31 running HP JDK and JRE v5.0.28 and\nearlier\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2013-0401 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2013-1491 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2013-1500 (AV:L/AC:L/Au:N/C:P/I:P/A:N) 3.6\nCVE-2013-1518 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2013-1537 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2013-1557 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2013-1569 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2013-1571 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2013-2383 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2013-2384 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2013-2394 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6\nCVE-2013-2417 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2013-2419 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2013-2420 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2013-2424 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2013-2429 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6\nCVE-2013-2430 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6\nCVE-2013-2432 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2013-2433 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2013-2439 (AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.9\nCVE-2013-2444 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2013-2445 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8\nCVE-2013-2446 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2013-2447 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2013-2448 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6\nCVE-2013-2450 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2013-2452 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2013-2454 (AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8\nCVE-2013-2455 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2013-2456 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2013-2457 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2013-2459 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2013-2463 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2013-2464 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2013-2465 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2013-2469 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2013-2470 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2013-2471 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2013-2472 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2013-2473 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2013-3743 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following Java version upgrade to resolve these\nvulnerabilities. \n\nThe upgrade is available from the following location\nhttp://www.hp.com/go/java\nHP-UX Version\n HPJava Version\n\nB.11.11, B.11.23, B.11.31\n JDK / JRE v5.0.29 or subsequent\n\nMANUAL ACTIONS: Yes - Update\nFor Java v5.0 update to Java v5.0.29 or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.23\nHP-UX B.11.31\n===========\nJdk15.JDK15-COM\nJdk15.JDK15-DEMO\nJdk15.JDK15-IPF32\nJdk15.JDK15-IPF64\nJre15.JRE15-COM\nJre15.JRE15-COM-DOC\nJre15.JRE15-IPF32\nJre15.JRE15-IPF32-HS\nJre15.JRE15-IPF64\nJre15.JRE15-IPF64-HS\naction: install revision 1.5.0.29.00 or subsequent\n\nHP-UX B.11.11\nHP-UX B.11.23\n===========\nJdk15.JDK15-COM\nJdk15.JDK15-DEMO\nJdk15.JDK15-PA20\nJdk15.JDK15-PA20W\nJre15.JRE15-COM\nJre15.JRE15-COM-DOC\nJre15.JRE15-PA20\nJre15.JRE15-PA20-HS\nJre15.JRE15-PA20W\nJre15.JRE15-PA20W-HS\naction: install revision 1.5.0.29.00 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) - 19 August 2013 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2013 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits;damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2013-06-18-1 Java for OS X 2013-004 and\nMac OS X v10.6 Update 16\n\nJava for OS X 2013-004 and Mac OS X v10.6 Update 16 is now available\nand addresses the following:\n\nJava\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 or later, OS X Lion Server v10.7 or later,\nOS X Mountain Lion 10.8 or later\nImpact: Multiple vulnerabilities in Java 1.6.0_45\nDescription: 8011782 Multiple vulnerabilities existed in Java\n1.6.0_45, the most serious of which may allow an untrusted Java\napplet to execute arbitrary code outside the Java sandbox. These issues were addressed by updating to Java version\n1.6.0_51. Further information is available via the Java website at ht\ntp://www.oracle.com/technetwork/java/javase/releasenotes-136954.html\nCVE-ID\nCVE-2013-1500\nCVE-2013-1571\nCVE-2013-2407\nCVE-2013-2412\nCVE-2013-2437\nCVE-2013-2442\nCVE-2013-2443\nCVE-2013-2444\nCVE-2013-2445\nCVE-2013-2446\nCVE-2013-2447\nCVE-2013-2448\nCVE-2013-2450\nCVE-2013-2451\nCVE-2013-2452\nCVE-2013-2453\nCVE-2013-2454\nCVE-2013-2455\nCVE-2013-2456\nCVE-2013-2457\nCVE-2013-2459\nCVE-2013-2461\nCVE-2013-2463\nCVE-2013-2464\nCVE-2013-2465\nCVE-2013-2466\nCVE-2013-2468\nCVE-2013-2469\nCVE-2013-2470\nCVE-2013-2471\nCVE-2013-2472\nCVE-2013-2473\nCVE-2013-3743\nCVE_2013-2445\n\n\nJava for OS X 2013-004 and Mac OS X v10.6 Update 16\nmay be obtained from the Software Update pane in System Preferences,\nMac App Store, or Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nFor Mac OS X v10.6 systems\nThe download file is named: JavaForMacOSX10.6.Update16.dmg\nIts SHA-1 digest is: a6b5a9caa3c0d9acf743da8e4c0e5cfe4e471b01\n\nFor OS X Lion and Mountain Lion systems\nThe download file is named: JavaForOSX2013-004.dmg\nIts SHA-1 digest is: 153c3f74d5285d10008fce2004d904da8d2ffdff\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.17 (Darwin)\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBAgAGBQJRwL5AAAoJEPefwLHPlZEwju0QALM1IST/ATt2xR1L0AQcaZRX\neiM07MlvAlE9Jv45xqKLUezRU8XQT6+glN51/hBhpyCa8MJIzPiSnnOIAW+vbA5o\nRjXQTGPGT1IPSfEk7OWS++566riMLmTOvg45Qn0E/ibOqJHpfrR4wzQX5jpv7lzH\nEbdKxn+KWfHCF2y/2LCFifDHUBPCjUlbWTRznDCYVHsFbtDiP/vAZiSXsNJtLTXK\nUOD/eGbel2PEqWOOsUNIrzwvztRB+LsYT4xKQQnsEKJqoyMch/UgB1Uo2jgEPn0U\nYP3WZbjbDV+UcM+yMoCV/qDFhbJ+qBxTbuwYOHuSDpgqJ7vF8s0cdUUb6U7QLW4/\n3ykC7vOUS/JqYkiqwUxuKVpzSUYXrlez36sQuwCR9AOGCJ/0/MwM8QPavFAdGisP\n36ZavJ4k2Dp2CfVmWjexpWY7XN9M36Lh57XChxQk9TcbjUJRrqNadlPyzaja3G9a\n95Dq1N1dYfLuFm4MtyeDA0xQl8m8ljnSxH3TQoDcTwvvWGIGdG7EEVpdQqM/MTWY\nCY2EqMkY3Gouet+QvECYwxOz+g0hcaJd973kSM+5AJ7tVfod93NDW3P13k2cfdTC\nuo9IgGkhuNY40NuLpJLtTwlHcTCwBtKPt0BLwXugZdoDrgz1j8Q+fLuASSTkUQxl\n3t9MUCG40o5ZQFyWqV1+\n=zFXN\n-----END PGP SIGNATURE-----\n. Further\ninformation about these flaws can be found on the Oracle Java SE Critical\nPatch Update Advisory page, listed in the References section. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: java-1.7.0-openjdk security update\nAdvisory ID: RHSA-2013:0957-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2013-0957.html\nIssue date: 2013-06-19\nCVE Names: CVE-2013-1500 CVE-2013-1571 CVE-2013-2407 \n CVE-2013-2412 CVE-2013-2443 CVE-2013-2444 \n CVE-2013-2445 CVE-2013-2446 CVE-2013-2447 \n CVE-2013-2448 CVE-2013-2449 CVE-2013-2450 \n CVE-2013-2452 CVE-2013-2453 CVE-2013-2454 \n CVE-2013-2455 CVE-2013-2456 CVE-2013-2457 \n CVE-2013-2458 CVE-2013-2459 CVE-2013-2460 \n CVE-2013-2461 CVE-2013-2463 CVE-2013-2465 \n CVE-2013-2469 CVE-2013-2470 CVE-2013-2471 \n CVE-2013-2472 CVE-2013-2473 \n=====================================================================\n\n1. Summary:\n\nUpdated java-1.7.0-openjdk packages that fix various security issues are\nnow available for Red Hat Enterprise Linux 6. \n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64\n\n3. Description:\n\nThese packages provide the OpenJDK 7 Java Runtime Environment and the\nOpenJDK 7 Software Development Kit. \n\nMultiple flaws were discovered in the ImagingLib and the image attribute,\nchannel, layout and raster processing in the 2D component. An untrusted\nJava application or applet could possibly use these flaws to trigger Java\nVirtual Machine memory corruption. (CVE-2013-2470, CVE-2013-2471,\nCVE-2013-2472, CVE-2013-2473, CVE-2013-2463, CVE-2013-2465, CVE-2013-2469)\n\nInteger overflow flaws were found in the way AWT processed certain input. \nAn attacker could use these flaws to execute arbitrary code with the\nprivileges of the user running an untrusted Java applet or application. \n(CVE-2013-2459)\n\nMultiple improper permission check issues were discovered in the Sound,\nJDBC, Libraries, JMX, and Serviceability components in OpenJDK. An\nuntrusted Java application or applet could use these flaws to bypass Java\nsandbox restrictions. (CVE-2013-2448, CVE-2013-2454, CVE-2013-2458,\nCVE-2013-2457, CVE-2013-2453, CVE-2013-2460)\n\nMultiple flaws in the Serialization, Networking, Libraries and CORBA\ncomponents can be exploited by an untrusted Java application or applet to\ngain access to potentially sensitive information. (CVE-2013-2456,\nCVE-2013-2447, CVE-2013-2455, CVE-2013-2452, CVE-2013-2443, CVE-2013-2446)\n\nIt was discovered that the Hotspot component did not properly handle\nout-of-memory errors. An untrusted Java application or applet could\npossibly use these flaws to terminate the Java Virtual Machine. \n(CVE-2013-2445)\n\nIt was discovered that the AWT component did not properly manage certain\nresources and that the ObjectStreamClass of the Serialization component\ndid not properly handle circular references. An untrusted Java application\nor applet could possibly use these flaws to cause a denial of service. \n(CVE-2013-2444, CVE-2013-2450)\n\nIt was discovered that the Libraries component contained certain errors\nrelated to XML security and the class loader. A remote attacker could\npossibly exploit these flaws to bypass intended security mechanisms or\ndisclose potentially sensitive information and cause a denial of service. \n(CVE-2013-2407, CVE-2013-2461)\n\nIt was discovered that JConsole did not properly inform the user when\nestablishing an SSL connection failed. An attacker could exploit this flaw\nto gain access to potentially sensitive information. (CVE-2013-2412)\n\nIt was discovered that GnomeFileTypeDetector did not check for read\npermissions when accessing files. An untrusted Java application or applet\ncould possibly use this flaw to disclose potentially sensitive information. If such documentation was accessible over a\nnetwork, and a remote attacker could trick a user into visiting a\nspecially-crafted URL, it would lead to arbitrary web content being\ndisplayed next to the documentation. This could be used to perform a\nphishing attack by providing frame content that spoofed a login form on\nthe site hosting the vulnerable documentation. (CVE-2013-1571)\n\nIt was discovered that the 2D component created shared memory segments with\ninsecure permissions. A local attacker could use this flaw to read or write\nto the shared memory segment. (CVE-2013-1500)\n\nRed Hat would like to thank Tim Brown for reporting CVE-2013-1500, and\nUS-CERT for reporting CVE-2013-1571. US-CERT acknowledges Oracle as the\noriginal reporter of CVE-2013-1571. \n\nNote: If the web browser plug-in provided by the icedtea-web package was\ninstalled, the issues exposed via Java applets could have been exploited\nwithout user interaction if a user visited a malicious website. \n\nAfter installing this update, users of icedtea-web must install\nRHBA-2013:0959 for icedtea-web to continue functioning. \n\nThis erratum also upgrades the OpenJDK package to IcedTea7 2.3.10. Refer to\nthe NEWS file, linked to in the References, for further information. \n\n4. Solution:\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect. \n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n973474 - CVE-2013-1571 OpenJDK: Frame injection in generated HTML (Javadoc, 8012375)\n975099 - CVE-2013-2470 OpenJDK: ImagingLib byte lookup processing (2D, 8011243)\n975102 - CVE-2013-2471 OpenJDK: Incorrect IntegerComponentRaster size checks (2D, 8011248)\n975107 - CVE-2013-2472 OpenJDK: Incorrect ShortBandedRaster size checks (2D, 8011253)\n975110 - CVE-2013-2473 OpenJDK: Incorrect ByteBandedRaster size checks (2D, 8011257)\n975115 - CVE-2013-2463 OpenJDK: Incorrect image attribute verification (2D, 8012438)\n975118 - CVE-2013-2465 OpenJDK: Incorrect image channel verification (2D, 8012597)\n975120 - CVE-2013-2469 OpenJDK: Incorrect image layout verification (2D, 8012601)\n975121 - CVE-2013-2459 OpenJDK: Various AWT integer overflow checks (AWT, 8009071)\n975122 - CVE-2013-2460 OpenJDK: tracing insufficient access checks (Serviceability, 8010209)\n975124 - CVE-2013-2445 OpenJDK: Better handling of memory allocation errors (Hotspot, 7158805)\n975125 - CVE-2013-2448 OpenJDK: Better access restrictions (Sound, 8006328)\n975126 - CVE-2013-2461 OpenJDK: Missing check for valid DOMCanonicalizationMethod canonicalization algorithm (Libraries, 8014281)\n975127 - CVE-2013-2407 OpenJDK: Integrate Apache Santuario, rework class loader (Libraries, 6741606, 8008744)\n975129 - CVE-2013-2454 OpenJDK: SerialJavaObject package restriction (JDBC, 8009554)\n975130 - CVE-2013-2458 OpenJDK: Method handles (Libraries, 8009424)\n975131 - CVE-2013-2444 OpenJDK: Resource denial of service (AWT, 8001038)\n975132 - CVE-2013-2446 OpenJDK: output stream access restrictions (CORBA, 8000642)\n975133 - CVE-2013-2457 OpenJDK: Proper class checking (JMX, 8008120)\n975134 - CVE-2013-2453 OpenJDK: MBeanServer Introspector package access (JMX, 8008124)\n975137 - CVE-2013-2443 OpenJDK: AccessControlContext check order issue (Libraries, 8001330)\n975138 - CVE-2013-2452 OpenJDK: Unique VMIDs(Libraries, 8001033)\n975139 - CVE-2013-2455 OpenJDK: getEnclosing* checks (Libraries, 8007812)\n975140 - CVE-2013-2447 OpenJDK: Prevent revealing the local address (Networking, 8001318)\n975141 - CVE-2013-2450 OpenJDK: ObjectStreamClass circular reference denial of service (Serialization, 8000638)\n975142 - CVE-2013-2456 OpenJDK: ObjectOutputStream access checks (Serialization, 8008132)\n975144 - CVE-2013-2412 OpenJDK: JConsole SSL support (Serviceability, 8003703)\n975145 - CVE-2013-2449 OpenJDK: GnomeFileTypeDetector path access check(Libraries, 8004288)\n975148 - CVE-2013-1500 OpenJDK: Insecure shared memory permissions (2D, 8001034)\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.25-2.3.10.3.el6_4.src.rpm\n\ni386:\njava-1.7.0-openjdk-1.7.0.25-2.3.10.3.el6_4.i686.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.25-2.3.10.3.el6_4.i686.rpm\n\nx86_64:\njava-1.7.0-openjdk-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.25-2.3.10.3.el6_4.src.rpm\n\ni386:\njava-1.7.0-openjdk-debuginfo-1.7.0.25-2.3.10.3.el6_4.i686.rpm\njava-1.7.0-openjdk-demo-1.7.0.25-2.3.10.3.el6_4.i686.rpm\njava-1.7.0-openjdk-devel-1.7.0.25-2.3.10.3.el6_4.i686.rpm\njava-1.7.0-openjdk-src-1.7.0.25-2.3.10.3.el6_4.i686.rpm\n\nnoarch:\njava-1.7.0-openjdk-javadoc-1.7.0.25-2.3.10.3.el6_4.noarch.rpm\n\nx86_64:\njava-1.7.0-openjdk-debuginfo-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm\njava-1.7.0-openjdk-demo-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm\njava-1.7.0-openjdk-devel-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm\njava-1.7.0-openjdk-src-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.25-2.3.10.3.el6_4.src.rpm\n\nx86_64:\njava-1.7.0-openjdk-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.25-2.3.10.3.el6_4.src.rpm\n\nnoarch:\njava-1.7.0-openjdk-javadoc-1.7.0.25-2.3.10.3.el6_4.noarch.rpm\n\nx86_64:\njava-1.7.0-openjdk-debuginfo-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm\njava-1.7.0-openjdk-demo-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm\njava-1.7.0-openjdk-devel-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm\njava-1.7.0-openjdk-src-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.25-2.3.10.3.el6_4.src.rpm\n\ni386:\njava-1.7.0-openjdk-1.7.0.25-2.3.10.3.el6_4.i686.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.25-2.3.10.3.el6_4.i686.rpm\njava-1.7.0-openjdk-devel-1.7.0.25-2.3.10.3.el6_4.i686.rpm\n\nx86_64:\njava-1.7.0-openjdk-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm\njava-1.7.0-openjdk-devel-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.25-2.3.10.3.el6_4.src.rpm\n\ni386:\njava-1.7.0-openjdk-debuginfo-1.7.0.25-2.3.10.3.el6_4.i686.rpm\njava-1.7.0-openjdk-demo-1.7.0.25-2.3.10.3.el6_4.i686.rpm\njava-1.7.0-openjdk-src-1.7.0.25-2.3.10.3.el6_4.i686.rpm\n\nnoarch:\njava-1.7.0-openjdk-javadoc-1.7.0.25-2.3.10.3.el6_4.noarch.rpm\n\nx86_64:\njava-1.7.0-openjdk-debuginfo-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm\njava-1.7.0-openjdk-demo-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm\njava-1.7.0-openjdk-src-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.25-2.3.10.3.el6_4.src.rpm\n\ni386:\njava-1.7.0-openjdk-1.7.0.25-2.3.10.3.el6_4.i686.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.25-2.3.10.3.el6_4.i686.rpm\njava-1.7.0-openjdk-devel-1.7.0.25-2.3.10.3.el6_4.i686.rpm\n\nx86_64:\njava-1.7.0-openjdk-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm\njava-1.7.0-openjdk-devel-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.25-2.3.10.3.el6_4.src.rpm\n\ni386:\njava-1.7.0-openjdk-debuginfo-1.7.0.25-2.3.10.3.el6_4.i686.rpm\njava-1.7.0-openjdk-demo-1.7.0.25-2.3.10.3.el6_4.i686.rpm\njava-1.7.0-openjdk-src-1.7.0.25-2.3.10.3.el6_4.i686.rpm\n\nnoarch:\njava-1.7.0-openjdk-javadoc-1.7.0.25-2.3.10.3.el6_4.noarch.rpm\n\nx86_64:\njava-1.7.0-openjdk-debuginfo-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm\njava-1.7.0-openjdk-demo-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm\njava-1.7.0-openjdk-src-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2013-1500.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-1571.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2407.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2412.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2443.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2444.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2445.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2446.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2447.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2448.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2449.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2450.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2452.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2453.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2454.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2455.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2456.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2457.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2458.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2459.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2460.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2461.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2463.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2465.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2469.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2470.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2471.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2472.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2473.html\nhttps://access.redhat.com/security/updates/classification/#critical\nhttp://icedtea.classpath.org/hg/release/icedtea7-2.3/file/icedtea-2.3.10/NEWS\nhttps://rhn.redhat.com/errata/RHBA-2013-0959.html\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2013 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFRwkhZXlSAg2UNWIIRAq8SAJ9tsW9PY39Aa6lmSLhOhlUi8hrnugCePCKO\nNAdLLpJKlVulPXKONu/CudU=\n=+H1U\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n", "sources": [ { "db": "NVD", "id": "CVE-2013-1571" }, { "db": "CERT/CC", "id": "VU#225657" }, { "db": "JVNDB", "id": "JVNDB-2013-003034" }, { "db": "BID", "id": "60634" }, { "db": "VULMON", "id": "CVE-2013-1571" }, { "db": "PACKETSTORM", "id": "125296" }, { "db": "PACKETSTORM", "id": "123735" }, { "db": "PACKETSTORM", "id": "122879" }, { "db": "PACKETSTORM", "id": "122075" }, { "db": "PACKETSTORM", "id": "126195" }, { "db": "PACKETSTORM", "id": "122109" }, { "db": "PACKETSTORM", "id": "122273" }, { "db": "PACKETSTORM", "id": "122084" }, { "db": "PACKETSTORM", "id": "122404" } ], "trust": 3.51 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.kb.cert.org/vuls/id/225657", "trust": 0.8, "type": "unknown" } ], "sources": [ { "db": "CERT/CC", "id": "VU#225657" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2013-1571", "trust": 3.1 }, { "db": "CERT/CC", "id": "VU#225657", "trust": 3.0 }, { "db": "USCERT", "id": "TA13-169A", "trust": 1.9 }, { "db": "BID", "id": "60634", "trust": 1.4 }, { "db": "SECUNIA", "id": "54154", "trust": 1.1 }, { "db": "JVN", "id": "JVNVU94189582", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2013-003034", "trust": 0.8 }, { "db": "HITACHI", "id": "HS13-015", "trust": 0.3 }, { "db": "ICS CERT", "id": "ICSA-17-213-02", "trust": 0.3 }, { "db": "VULMON", "id": "CVE-2013-1571", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "125296", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "123735", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "122879", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "122075", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "126195", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "122109", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "122273", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "122084", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "122404", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#225657" }, { "db": "VULMON", "id": "CVE-2013-1571" }, { "db": "BID", "id": "60634" }, { "db": "JVNDB", "id": "JVNDB-2013-003034" }, { "db": "PACKETSTORM", "id": "125296" }, { "db": "PACKETSTORM", "id": "123735" }, { "db": "PACKETSTORM", "id": "122879" }, { "db": "PACKETSTORM", "id": "122075" }, { "db": "PACKETSTORM", "id": "126195" }, { "db": "PACKETSTORM", "id": "122109" }, { "db": "PACKETSTORM", "id": "122273" }, { "db": "PACKETSTORM", "id": "122084" }, { "db": "PACKETSTORM", "id": "122404" }, { "db": "NVD", "id": "CVE-2013-1571" } ] }, "id": "VAR-201306-0139", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 1.0 }, "last_update_date": "2024-11-27T21:21:01.124000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APPLE-SA-2013-06-18-1", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00002.html" }, { "title": "HT5797", "trust": 0.8, "url": "https://support.apple.com/kb/HT5797" }, { "title": "HT5797", "trust": 0.8, "url": "http://support.apple.com/kb/HT5797?viewlocale=ja_JP" }, { "title": "HS13-015", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-015/index.html" }, { "title": "HPSBUX02908", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03874547" }, { "title": "HPSBUX02907", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03868911" }, { "title": "HPSBUX02922 SSRT101305", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880" }, { "title": "1644197", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644197" }, { "title": "1642336", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21642336" }, { "title": "SUSE-SU-2013:1255", "trust": 0.8, "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html" }, { "title": "SUSE-SU-2013:1257", "trust": 0.8, "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html" }, { "title": "SUSE-SU-2013:1293", "trust": 0.8, "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html" }, { "title": "SUSE-SU-2013:1305", "trust": 0.8, "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html" }, { "title": "jdk7u/jdk7u-dev/langtools / changeset", "trust": 0.8, "url": "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/langtools/rev/17ee569d0c01" }, { "title": "Oracle Java SE Critical Patch Update Advisory - June 2013", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" }, { "title": "Text Form of Oracle Java SE Critical Patch Update - June 2013 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013verbose-1899853.html" }, { "title": "Java API Documentation Updater Tool", "trust": 0.8, "url": "http://www.oracle.com/technetwork/java/javase/downloads/java-doc-updater-tool-1955731.html" }, { "title": "Bug 973474", "trust": 0.8, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=973474" }, { "title": "RHSA-2013:1455", "trust": 0.8, "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html" }, { "title": "RHSA-2013:1456", "trust": 0.8, "url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html" }, { "title": "RHSA-2013:1060", "trust": 0.8, "url": "http://rhn.redhat.com/errata/RHSA-2013-1060.html" }, { "title": "RHSA-2013:0963", "trust": 0.8, "url": "http://rhn.redhat.com/errata/RHSA-2013-0963.html" }, { "title": "RHSA-2013:1081", "trust": 0.8, "url": "http://rhn.redhat.com/errata/RHSA-2013-1081.html" }, { "title": "RHSA-2013:1059", "trust": 0.8, "url": "http://rhn.redhat.com/errata/RHSA-2013-1059.html" }, { "title": "Multiple vulnerabilities in Apache Tomcat", "trust": 0.8, "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_apache_tomcat4" }, { "title": "June 2013 Critical Patch Update for Java SE Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/june_2013_critical_patch_update" }, { "title": "HS13-015", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS13-015/index.html" }, { "title": "TA13-169A", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta13-169a.html" }, { "title": "Oracle Corporation Java\u30d7\u30e9\u30b0\u30a4\u30f3\u306e\u8106\u5f31\u6027\u306b\u95a2\u3059\u308b\u304a\u77e5\u3089\u305b", "trust": 0.8, "url": "http://azby.fmworld.net/support/security/information/oj20130620.html" }, { "title": "Interstage Application Server(CVE-2013-1571)", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_201301.html" }, { "title": "Ubuntu Security Notice: openjdk-7 vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1907-1" }, { "title": "Ubuntu Security Notice: icedtea-web update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1907-2" }, { "title": "Ubuntu Security Notice: openjdk-6 vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1908-1" }, { "title": "Debian Security Advisories: DSA-2727-1 openjdk-6 -- several vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=e7d6ea8eb77ee8911e5bbc08ff43f55c" }, { "title": "Debian Security Advisories: DSA-2722-1 openjdk-7 -- several vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=29128f887c1069c9cc8e265bacca4512" }, { "title": "Amazon Linux AMI: ALAS-2013-207", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2013-207" }, { "title": "Amazon Linux AMI: ALAS-2013-204", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2013-204" }, { "title": "Red Hat: Low: Red Hat Network Satellite server IBM Java Runtime security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20131456 - Security Advisory" }, { "title": "Red Hat: Low: Red Hat Network Satellite server IBM Java Runtime security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20131455 - Security Advisory" }, { "title": "JavadocUpdaterTool", "trust": 0.1, "url": "https://github.com/AdoptOpenJDK/JavadocUpdaterTool " }, { "title": "Threatpost", "trust": 0.1, "url": "https://threatpost.com/oracle-java-patch-update-pushes-2013-totals-past-last-year/101014/" } ], "sources": [ { "db": "VULMON", "id": "CVE-2013-1571" }, { "db": "JVNDB", "id": "JVNDB-2013-003034" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2013-1571" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" }, { "trust": 2.3, "url": "http://www.kb.cert.org/vuls/id/225657" }, { "trust": 1.9, "url": "http://www.us-cert.gov/ncas/alerts/ta13-169a" }, { "trust": 1.9, "url": "http://advisories.mageia.org/mgasa-2013-0185.html" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644197" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21642336" }, { "trust": 1.2, "url": "http://rhn.redhat.com/errata/rhsa-2013-0963.html" }, { "trust": 1.2, "url": "http://rhn.redhat.com/errata/rhsa-2013-1456.html" }, { "trust": 1.2, "url": "http://rhn.redhat.com/errata/rhsa-2013-1059.html" }, { "trust": 1.1, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=973474" }, { "trust": 1.1, "url": "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/langtools/rev/17ee569d0c01" }, { "trust": 1.1, "url": "http://secunia.com/advisories/54154" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2013-1081.html" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2013-1060.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html" }, { "trust": 1.1, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03898880" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2013-1455.html" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=137545592101387\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=137545505800971\u0026w=2" }, { "trust": 1.1, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2013:183" }, { "trust": 1.1, "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/60634" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a19718" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a19667" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a19518" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a17215" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html" }, { "trust": 1.1, "url": "https://access.redhat.com/errata/rhsa-2014:0414" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3cdev.tomcat.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3cdev.tomcat.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3cdev.tomcat.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3cdev.tomcat.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3cdev.tomcat.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3cdev.tomcat.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/re0504f08000df786e51795940501e81a5d0ae981ecca68141e87ece0%40%3ccommits.openoffice.apache.org%3e" }, { "trust": 0.9, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1571" }, { "trust": 0.8, "url": "http://tools.ietf.org/html/rfc3986#section-4.2" }, { "trust": 0.8, "url": "http://www.oracle.com/technetwork/java/javase/jdk-7-readme-429198.html" }, { "trust": 0.8, "url": "http://www.oracle.com/technetwork/java/javase/documentation/index-jsp-135444.html" }, { "trust": 0.8, "url": "http://www.oracle.com/technetwork/java/javase/downloads/java-doc-updater-tool-1955731.html" }, { "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21641464" }, { "trust": 0.8, "url": "https://access.redhat.com/security/cve/cve-2013-1571" }, { "trust": 0.8, "url": "http://www.ipa.go.jp/security/ciadr/vul/20130619-jre.html" }, { "trust": 0.8, "url": "https://www.jpcert.or.jp/at/2013/at130030.html" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu94189582/index.html" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnta13-169a/" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1571" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1571" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2447" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1500" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2452" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2448" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2446" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2444" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2450" }, { "trust": 0.6, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21653308" }, { "trust": 0.6, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21653309" }, { "trust": 0.6, "url": "https://www.redhat.com/security/data/cve/cve-2013-2463.html" }, { "trust": 0.6, "url": "https://www.redhat.com/security/data/cve/cve-2013-2446.html" }, { "trust": 0.6, "url": "https://www.redhat.com/security/data/cve/cve-2013-1500.html" }, { "trust": 0.6, "url": "https://www.redhat.com/security/data/cve/cve-2013-2444.html" }, { "trust": 0.6, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.6, "url": "https://access.redhat.com/security/team/key/#package" }, { "trust": 0.6, "url": "https://www.redhat.com/security/data/cve/cve-2013-2456.html" }, { "trust": 0.6, "url": "https://www.redhat.com/security/data/cve/cve-2013-2407.html" }, { "trust": 0.6, "url": "https://www.redhat.com/security/data/cve/cve-2013-2470.html" }, { "trust": 0.6, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.6, "url": "https://www.redhat.com/security/data/cve/cve-2013-2471.html" }, { "trust": 0.6, "url": "https://www.redhat.com/security/data/cve/cve-2013-2443.html" }, { "trust": 0.6, "url": "https://www.redhat.com/security/data/cve/cve-2013-2457.html" }, { "trust": 0.6, "url": "https://www.redhat.com/security/data/cve/cve-2013-2412.html" }, { "trust": 0.6, "url": "https://www.redhat.com/security/data/cve/cve-2013-2447.html" }, { "trust": 0.6, "url": "https://www.redhat.com/security/data/cve/cve-2013-2452.html" }, { "trust": 0.6, "url": "https://www.redhat.com/security/data/cve/cve-2013-1571.html" }, { "trust": 0.6, "url": "https://www.redhat.com/security/data/cve/cve-2013-2465.html" }, { "trust": 0.6, "url": "https://www.redhat.com/security/data/cve/cve-2013-2472.html" }, { "trust": 0.6, "url": "https://www.redhat.com/security/data/cve/cve-2013-2453.html" }, { "trust": 0.6, "url": "https://www.redhat.com/security/data/cve/cve-2013-2473.html" }, { "trust": 0.6, "url": "http://bugzilla.redhat.com/):" }, { "trust": 0.6, "url": "https://www.redhat.com/security/data/cve/cve-2013-2450.html" }, { "trust": 0.6, "url": "https://www.redhat.com/security/data/cve/cve-2013-2455.html" }, { "trust": 0.6, "url": "https://www.redhat.com/security/data/cve/cve-2013-2459.html" }, { "trust": 0.6, "url": "https://www.redhat.com/security/data/cve/cve-2013-2448.html" }, { "trust": 0.6, "url": "https://www.redhat.com/security/data/cve/cve-2013-2469.html" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2445" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2454" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2453" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2456" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2455" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2457" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2407" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2443" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2459" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2463" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2412" }, { "trust": 0.5, "url": "https://www.redhat.com/security/data/cve/cve-2013-2454.html" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2461" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2465" }, { "trust": 0.4, "url": "http://www.ibm.com/developerworks/java/jdk/alerts/" }, { "trust": 0.4, "url": "https://www.redhat.com/security/data/cve/cve-2013-2468.html" }, { "trust": 0.4, "url": "https://www.redhat.com/security/data/cve/cve-2013-2451.html" }, { "trust": 0.4, "url": "https://www.redhat.com/security/data/cve/cve-2013-2464.html" }, { "trust": 0.4, "url": "https://www.redhat.com/security/data/cve/cve-2013-2466.html" }, { "trust": 0.4, "url": "https://www.redhat.com/security/data/cve/cve-2013-2437.html" }, { "trust": 0.4, "url": "https://www.redhat.com/security/data/cve/cve-2013-2442.html" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2437" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2451" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2442" }, { "trust": 0.4, "url": "https://www.redhat.com/security/data/cve/cve-2013-2445.html" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2469" }, { "trust": 0.4, "url": "https://www.redhat.com/security/data/cve/cve-2013-2461.html" }, { "trust": 0.4, "url": "https://access.redhat.com/knowledge/articles/11258" }, { "trust": 0.3, "url": "http://tomcat.apache.org/tomcat-6.0-doc/changelog.html" }, { "trust": 0.3, "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=55132" }, { "trust": 0.3, "url": "http://www.apache.org/dist/ant/release-notes-1.9.2.html" }, { "trust": 0.3, "url": "http://www.openoffice.org/security/cves/cve-2013-1571.html" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21650778" }, { "trust": 0.3, "url": "http://www.oracle.com" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas36583326fc6c02fdf86257bc60079968c" }, { "trust": 0.3, "url": "http://tomcat.apache.org/#fixed_in_apache_tomcat_6.0.39" }, { "trust": 0.3, "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-213-02" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27039500" }, { "trust": 0.3, "url": "http://h20566.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?docid=emr_na-c03909126-1" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04126444" }, { "trust": 0.3, "url": "http://alerts.hp.com/r?2.1.3kt.2zr.xg7ek.jtfhr2..t.cyta.7%2a%2ak.bw89mq%5f%5fdehufqb0" }, { "trust": 0.3, "url": "http://alerts.hp.com/r?2.1.3kt.2zr.xg7ek.jtfhr2..t.cytc.7%2a%2ak.bw89mq%5f%5fdeoifqd0" }, { "trust": 0.3, "url": "http://alerts.hp.com/r?2.1.3kt.2zr.xg7ek.jz8iz8..t.d3wy.82bm.bw89mq%5f%5fcviafmb0" }, { "trust": 0.3, "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs13-015/index.html" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21641206" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21642006" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21641358" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21642024" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001621" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21640206" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21641335" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21648302" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21641323" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21641452" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21647015" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?rs=630\u0026uid=swg21641202" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21641311" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21641065" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100173341" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21642589" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21650811" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1019760" }, { "trust": 0.3, "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100175056" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21641215" }, { "trust": 0.3, "url": "www-01.ibm.com/support/docview.wss?uid=swg21642114" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21642100" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21642222" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644918" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21647384" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21649701" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21643697" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21650599" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004514" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21647024" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21642032" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21647020" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21647009" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21642016" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21653854" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21641223" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655854" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21645500" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21648074" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21650653" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21641184" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21649711" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21647620" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21642027" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas384b70812e39ffb2d86257bbf00581b8d" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas301d21b03888172bd86257bbf00581b95" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas3d553b85edf79912386257bbf00581ba9" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas3a3a4ad6297e8c3df86257bbf00581bb1" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21652561" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21641306" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24035907" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24035908" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21641067" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24036927" }, { "trust": 0.3, "url": "http://www.ubuntu.com/usn/usn-1908-1/" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21648194" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21641387" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21641364" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21648416" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21648418" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21648416" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21648418" }, { "trust": 0.3, "url": "http://www.xerox.com/download/security/security-bulletin/12047-4e4eed8d42ca6/cert_xrx13-007_v1.0.pdf" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2013-3743.html" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2464" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2468" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2466" }, { "trust": 0.3, "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2470" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2471" }, { "trust": 0.2, "url": "https://access.redhat.com/site/articles/11258" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2458" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2013-2460.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2449" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2013-2449.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2460" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2013-2458.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2472" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/.html" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3cdev.tomcat.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3cdev.tomcat.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3cdev.tomcat.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3cdev.tomcat.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3cdev.tomcat.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3cdev.tomcat.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/re0504f08000df786e51795940501e81a5d0ae981ecca68141e87ece0@%3ccommits.openoffice.apache.org%3e" }, { "trust": 0.1, "url": "https://github.com/adoptopenjdk/javadocupdatertool" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3544" }, { "trust": 0.1, "url": "http://advisories.mageia.org/mgasa-2014-0082.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-3544" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1976" }, { "trust": 0.1, "url": "http://www.mandriva.com/en/support/security/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2067" }, { "trust": 0.1, "url": "http://www.mandriva.com/en/support/security/advisories/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2067" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1976" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1540.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1476.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-3342" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0428.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1480.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2419.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-4823" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0401.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0425.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5089.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1722.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5079.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0419.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2422.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1721.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5081.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0409.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5071.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0423.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1532.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-3216.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5069.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-3143" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1541" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5084.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0443.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0809.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1487.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0351.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1719" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1533" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-4820.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0427.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1569.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0433.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1493.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5073.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-4823.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2435.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#low" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5068.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-4822" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-3216" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0547" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1541.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-5068" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-4822.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-3159.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1557.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1725" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1532" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5075.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2429.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-3213" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-5069" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0551" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1713.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-3213.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0441.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5072.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1718.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0432.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0446.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-4820" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1481.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1537.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1717.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1531.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2432.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0450.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1491.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2383.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1717" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2418.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1473.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0547.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1563.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1722" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2424.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1716" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2433.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1716.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5083.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1533.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-3342.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0426.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1718" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-3143.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0440.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1531" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1725.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2417.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0445.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2394.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1682.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-5071" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1713" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2430.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-5072" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0442.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0551.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0424.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1682" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1719.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1486.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1721" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2384.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0169.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-3159" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0438.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-5073" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1478.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0435.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0434.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2420.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2440.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1569" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2424" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1518" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0401" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2420" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1491" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2439" }, { "trust": 0.1, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2394" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2383" }, { "trust": 0.1, "url": "http://www.hp.com/go/java" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1557" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2384" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2430" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2433" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2429" }, { "trust": 0.1, "url": "https://www.hp.com/go/swa" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2419" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1537" }, { "trust": 0.1, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/" }, { "trust": 0.1, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2417" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2432" }, { "trust": 0.1, "url": "http://support.apple.com/kb/ht1222" }, { "trust": 0.1, "url": "https://www.oracle.com/technetwork/java/javase/releasenotes-136954.html" }, { "trust": 0.1, "url": "http://www.apple.com/support/downloads/" }, { "trust": 0.1, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.1, "url": "http://gpgtools.org" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0451.html" }, { "trust": 0.1, "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0449.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5896.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5817.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0452.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5797.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-2428.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0428.html" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2014-0414.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5910.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0446.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5782.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5802.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5803.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5832.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5778.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5823.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5899.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5783.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0457.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5801.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5780.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-2420.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-2409.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-6629.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0416.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0453.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-6954.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5818.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5824.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5789.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0403.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5850.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5812.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5842.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0422.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5902.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5849.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0368.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5889.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0415.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-2403.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0375.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5831.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0423.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5878.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5776.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0376.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5848.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0410.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5852.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5840.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-2427.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-3829.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5907.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5772.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0373.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0458.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0411.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0460.html" }, { "trust": 0.1, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5905.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0417.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0424.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5819.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-2412.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-2398.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5820.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5809.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5898.html" }, { "trust": 0.1, "url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-2421.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5884.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5825.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5774.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0461.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-2423.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5830.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-2414.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5784.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5887.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-4002.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0418.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5906.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0387.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-1876.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-2401.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0456.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5790.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5787.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5804.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5843.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5888.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5814.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0429.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5829.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-3744.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2400" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2400.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2462.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2462" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2013-1014.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2473" }, { "trust": 0.1, "url": "http://icedtea.classpath.org/hg/release/icedtea7-2.3/file/icedtea-2.3.10/news" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhba-2013-0959.html" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2013-0957.html" } ], "sources": [ { "db": "CERT/CC", "id": "VU#225657" }, { "db": "VULMON", "id": "CVE-2013-1571" }, { "db": "BID", "id": "60634" }, { "db": "JVNDB", "id": "JVNDB-2013-003034" }, { "db": "PACKETSTORM", "id": "125296" }, { "db": "PACKETSTORM", "id": "123735" }, { "db": "PACKETSTORM", "id": "122879" }, { "db": "PACKETSTORM", "id": "122075" }, { "db": "PACKETSTORM", "id": "126195" }, { "db": "PACKETSTORM", "id": "122109" }, { "db": "PACKETSTORM", "id": "122273" }, { "db": "PACKETSTORM", "id": "122084" }, { "db": "PACKETSTORM", "id": "122404" }, { "db": "NVD", "id": "CVE-2013-1571" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#225657" }, { "db": "VULMON", "id": "CVE-2013-1571" }, { "db": "BID", "id": "60634" }, { "db": "JVNDB", "id": "JVNDB-2013-003034" }, { "db": "PACKETSTORM", "id": "125296" }, { "db": "PACKETSTORM", "id": "123735" }, { "db": "PACKETSTORM", "id": "122879" }, { "db": "PACKETSTORM", "id": "122075" }, { "db": "PACKETSTORM", "id": "126195" }, { "db": "PACKETSTORM", "id": "122109" }, { "db": "PACKETSTORM", "id": "122273" }, { "db": "PACKETSTORM", "id": "122084" }, { "db": "PACKETSTORM", "id": "122404" }, { "db": "NVD", "id": "CVE-2013-1571" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2013-06-18T00:00:00", "db": "CERT/CC", "id": "VU#225657" }, { "date": "2013-06-18T00:00:00", "db": "VULMON", "id": "CVE-2013-1571" }, { "date": "2013-06-18T00:00:00", "db": "BID", "id": "60634" }, { "date": "2013-06-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2013-003034" }, { "date": "2014-02-20T00:11:57", "db": "PACKETSTORM", "id": "125296" }, { "date": "2013-10-23T22:58:21", "db": "PACKETSTORM", "id": "123735" }, { "date": "2013-08-20T17:55:00", "db": "PACKETSTORM", "id": "122879" }, { "date": "2013-06-18T18:33:33", "db": "PACKETSTORM", "id": "122075" }, { "date": "2014-04-17T22:01:36", "db": "PACKETSTORM", "id": "126195" }, { "date": "2013-06-21T01:38:12", "db": "PACKETSTORM", "id": "122109" }, { "date": "2013-07-03T19:05:30", "db": "PACKETSTORM", "id": "122273" }, { "date": "2013-06-20T00:47:46", "db": "PACKETSTORM", "id": "122084" }, { "date": "2013-07-15T14:54:00", "db": "PACKETSTORM", "id": "122404" }, { "date": "2013-06-18T22:55:01.357000", "db": "NVD", "id": "CVE-2013-1571" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2013-06-26T00:00:00", "db": "CERT/CC", "id": "VU#225657" }, { "date": "2019-04-15T00:00:00", "db": "VULMON", "id": "CVE-2013-1571" }, { "date": "2017-08-11T20:11:00", "db": "BID", "id": "60634" }, { "date": "2015-03-18T00:00:00", "db": "JVNDB", "id": "JVNDB-2013-003034" }, { "date": "2023-11-07T02:14:45.983000", "db": "NVD", "id": "CVE-2013-1571" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "network", "sources": [ { "db": "BID", "id": "60634" } ], "trust": 0.3 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Oracle Javadoc HTML frame injection vulnerability", "sources": [ { "db": "CERT/CC", "id": "VU#225657" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Unknown", "sources": [ { "db": "BID", "id": "60634" } ], "trust": 0.3 } }
var-201110-0291
Vulnerability from variot
The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character. Apache HTTP Server is prone to an information disclosure vulnerability. An attacker can exploit this vulnerability to gain access to sensitive information.
The three CVE ids denote slightly different variants of the same issue.
Note that, even with this issue fixed, it is the responsibility of the administrator to ensure that the regular expression replacement pattern for the target URI does not allow a client to append arbitrary strings to the host or port parts of the target URI. This is a violation of the privilege separation between the apache2 processes and could potentially be used to worsen the impact of other vulnerabilities. This could allow a remote attacker using cross site scripting to steal authentication cookies.
For the oldstable distribution (lenny), these problems have been fixed in version apache2 2.2.9-10+lenny12.
For the stable distribution (squeeze), these problems have been fixed in version apache2 2.2.16-6+squeeze6
For the testing distribution (wheezy), these problems will be fixed in version 2.2.22-1.
For the unstable distribution (sid), these problems have been fixed in version 2.2.22-1.
We recommend that you upgrade your apache2 packages. The new version number for the oldstable distribution is 2.2.6-02-1+lenny7. In the stable distribution, apache2-mpm-itk has the same version number as apache2. Please review the CVE identifiers referenced below for details.
Impact
A remote attacker might obtain sensitive information, gain privileges, send requests to unintended servers behind proxies, bypass certain security restrictions, obtain the values of HTTPOnly cookies, or cause a Denial of Service in various ways.
Workaround
There is no known workaround at this time.
Resolution
All Apache HTTP Server users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/apache-2.2.22-r1"
References
[ 1 ] CVE-2010-0408 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0408 [ 2 ] CVE-2010-0434 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0434 [ 3 ] CVE-2010-1452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1452 [ 4 ] CVE-2010-2791 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2791 [ 5 ] CVE-2011-3192 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3192 [ 6 ] CVE-2011-3348 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3348 [ 7 ] CVE-2011-3368 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3368 [ 8 ] CVE-2011-3607 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3607 [ 9 ] CVE-2011-4317 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4317 [ 10 ] CVE-2012-0021 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0021 [ 11 ] CVE-2012-0031 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0031 [ 12 ] CVE-2012-0053 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0053 [ 13 ] CVE-2012-0883 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0883
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201206-25.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-1259-1 November 11, 2011
apache2, apache2-mpm-itk vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS
Summary:
Multiple vulnerabilities and a regression were fixed in the Apache HTTP server. (CVE-2011-3368)
Stefano Nichele discovered that the mod_proxy_ajp module in Apache when used with mod_proxy_balancer in certain configurations could allow remote attackers to cause a denial of service via a malformed HTTP request. (CVE-2011-3348)
Samuel Montosa discovered that the ITK Multi-Processing Module for Apache did not properly handle certain configuration sections that specify NiceValue but not AssignUserID, preventing Apache from dropping privileges correctly. This issue only affected Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1176)
USN 1199-1 fixed a vulnerability in the byterange filter of Apache. The upstream patch introduced a regression in Apache when handling specific byte range requests.
Original advisory details:
A flaw was discovered in the byterange filter in Apache.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 11.10: apache2.2-bin 2.2.20-1ubuntu1.1
Ubuntu 11.04: apache2-mpm-itk 2.2.17-1ubuntu1.4 apache2.2-bin 2.2.17-1ubuntu1.4
Ubuntu 10.10: apache2-mpm-itk 2.2.16-1ubuntu3.4 apache2.2-bin 2.2.16-1ubuntu3.4
Ubuntu 10.04 LTS: apache2-mpm-itk 2.2.14-5ubuntu8.7 apache2.2-bin 2.2.14-5ubuntu8.7
Ubuntu 8.04 LTS: apache2.2-common 2.2.8-1ubuntu0.22
In general, a standard system update will make all the necessary changes. This version of Apache is principally a security and bug fix release, including the following significant security fixes:
-
SECURITY: CVE-2011-3368 (cve.mitre.org) Reject requests where the request-URI does not match the HTTP specification, preventing unexpected expansion of target URLs in some reverse proxy configurations.
-
SECURITY: CVE-2011-3607 (cve.mitre.org) Fix integer overflow in ap_pregsub() which, when the mod_setenvif module is enabled, could allow local users to gain privileges via a .htaccess file.
-
SECURITY: CVE-2011-4317 (cve.mitre.org) Resolve additional cases of URL rewriting with ProxyPassMatch or RewriteRule, where particular request-URIs could result in undesired backend network exposure in some configurations.
-
SECURITY: CVE-2012-0021 (cve.mitre.org) mod_log_config: Fix segfault (crash) when the '%{cookiename}C' log format string is in use and a client sends a nameless, valueless cookie, causing a denial of service.
-
SECURITY: CVE-2012-0031 (cve.mitre.org) Fix scoreboard issue which could allow an unprivileged child process could cause the parent to crash at shutdown rather than terminate cleanly.
-
SECURITY: CVE-2012-0053 (cve.mitre.org) Fixed an issue in error responses that could expose "httpOnly" cookies when no custom ErrorDocument is specified for status code 400.
The Apache HTTP Project thanks halfdog, Context Information Security Ltd, Prutha Parikh of Qualys, and Norman Hippert for bringing these issues to the attention of the security team.
We consider this release to be the best version of Apache available, and encourage users of all prior versions to upgrade.
Apache HTTP Server 2.2.22 is available for download from:
http://httpd.apache.org/download.cgi
Please see the CHANGES_2.2 file, linked from the download page, for a full list of changes. A condensed list, CHANGES_2.2.22 includes only those changes introduced since the prior 2.2 release. A summary of all of the security vulnerabilities addressed in this and earlier releases is available:
http://httpd.apache.org/security/vulnerabilities_22.html
This release includes the Apache Portable Runtime (APR) version 1.4.5 and APR Utility Library (APR-util) version 1.4.2, bundled with the tar and zip distributions. The APR libraries libapr and libaprutil (and on Win32, libapriconv version 1.2.1) must all be updated to ensure binary compatibility and address many known security and platform bugs. APR-util version 1.4 represents a minor version upgrade from earlier httpd source distributions, which previously included version 1.3.
Apache 2.2 offers numerous enhancements, improvements, and performance boosts over the 2.0 codebase. For an overview of new features introduced since 2.0 please see:
http://httpd.apache.org/docs/2.2/new_features_2_2.html
This release builds on and extends the Apache 2.0 API. Modules written for Apache 2.0 will need to be recompiled in order to run with Apache 2.2, and require minimal or no source code changes.
http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/VERSIONING
When upgrading or installing this version of Apache, please bear in mind that if you intend to use Apache with one of the threaded MPMs (other than the Prefork MPM), you must ensure that any modules you will be using (and the libraries they depend on) are thread-safe. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: httpd security and bug fix update Advisory ID: RHSA-2011:1392-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1392.html Issue date: 2011-10-20 CVE Names: CVE-2011-3368 =====================================================================
- Summary:
Updated httpd packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 4 and 5.
The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
- Relevant releases/architectures:
RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
- In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make the proxy connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to the attacker. (CVE-2011-3368)
Red Hat would like to thank Context Information Security for reporting this issue.
This update also fixes the following bug:
- The fix for CVE-2011-3192 provided by the RHSA-2011:1245 update introduced regressions in the way httpd handled certain Range HTTP header values. This update corrects those regressions. (BZ#736593, BZ#736594)
All httpd users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
- Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259
- Bugs fixed (http://bugzilla.redhat.com/):
736593 - httpd: RHSA-2011:1245 regressions [rhel-5] 736594 - httpd: RHSA-2011:1245 regressions [rhel-4] 740045 - CVE-2011-3368 httpd: reverse web proxy vulnerability
- Package List:
Red Hat Enterprise Linux AS version 4:
Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/httpd-2.0.52-49.ent.src.rpm
i386: httpd-2.0.52-49.ent.i386.rpm httpd-debuginfo-2.0.52-49.ent.i386.rpm httpd-devel-2.0.52-49.ent.i386.rpm httpd-manual-2.0.52-49.ent.i386.rpm httpd-suexec-2.0.52-49.ent.i386.rpm mod_ssl-2.0.52-49.ent.i386.rpm
ia64: httpd-2.0.52-49.ent.ia64.rpm httpd-debuginfo-2.0.52-49.ent.ia64.rpm httpd-devel-2.0.52-49.ent.ia64.rpm httpd-manual-2.0.52-49.ent.ia64.rpm httpd-suexec-2.0.52-49.ent.ia64.rpm mod_ssl-2.0.52-49.ent.ia64.rpm
ppc: httpd-2.0.52-49.ent.ppc.rpm httpd-debuginfo-2.0.52-49.ent.ppc.rpm httpd-devel-2.0.52-49.ent.ppc.rpm httpd-manual-2.0.52-49.ent.ppc.rpm httpd-suexec-2.0.52-49.ent.ppc.rpm mod_ssl-2.0.52-49.ent.ppc.rpm
s390: httpd-2.0.52-49.ent.s390.rpm httpd-debuginfo-2.0.52-49.ent.s390.rpm httpd-devel-2.0.52-49.ent.s390.rpm httpd-manual-2.0.52-49.ent.s390.rpm httpd-suexec-2.0.52-49.ent.s390.rpm mod_ssl-2.0.52-49.ent.s390.rpm
s390x: httpd-2.0.52-49.ent.s390x.rpm httpd-debuginfo-2.0.52-49.ent.s390x.rpm httpd-devel-2.0.52-49.ent.s390x.rpm httpd-manual-2.0.52-49.ent.s390x.rpm httpd-suexec-2.0.52-49.ent.s390x.rpm mod_ssl-2.0.52-49.ent.s390x.rpm
x86_64: httpd-2.0.52-49.ent.x86_64.rpm httpd-debuginfo-2.0.52-49.ent.x86_64.rpm httpd-devel-2.0.52-49.ent.x86_64.rpm httpd-manual-2.0.52-49.ent.x86_64.rpm httpd-suexec-2.0.52-49.ent.x86_64.rpm mod_ssl-2.0.52-49.ent.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/httpd-2.0.52-49.ent.src.rpm
i386: httpd-2.0.52-49.ent.i386.rpm httpd-debuginfo-2.0.52-49.ent.i386.rpm httpd-devel-2.0.52-49.ent.i386.rpm httpd-manual-2.0.52-49.ent.i386.rpm httpd-suexec-2.0.52-49.ent.i386.rpm mod_ssl-2.0.52-49.ent.i386.rpm
x86_64: httpd-2.0.52-49.ent.x86_64.rpm httpd-debuginfo-2.0.52-49.ent.x86_64.rpm httpd-devel-2.0.52-49.ent.x86_64.rpm httpd-manual-2.0.52-49.ent.x86_64.rpm httpd-suexec-2.0.52-49.ent.x86_64.rpm mod_ssl-2.0.52-49.ent.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/httpd-2.0.52-49.ent.src.rpm
i386: httpd-2.0.52-49.ent.i386.rpm httpd-debuginfo-2.0.52-49.ent.i386.rpm httpd-devel-2.0.52-49.ent.i386.rpm httpd-manual-2.0.52-49.ent.i386.rpm httpd-suexec-2.0.52-49.ent.i386.rpm mod_ssl-2.0.52-49.ent.i386.rpm
ia64: httpd-2.0.52-49.ent.ia64.rpm httpd-debuginfo-2.0.52-49.ent.ia64.rpm httpd-devel-2.0.52-49.ent.ia64.rpm httpd-manual-2.0.52-49.ent.ia64.rpm httpd-suexec-2.0.52-49.ent.ia64.rpm mod_ssl-2.0.52-49.ent.ia64.rpm
x86_64: httpd-2.0.52-49.ent.x86_64.rpm httpd-debuginfo-2.0.52-49.ent.x86_64.rpm httpd-devel-2.0.52-49.ent.x86_64.rpm httpd-manual-2.0.52-49.ent.x86_64.rpm httpd-suexec-2.0.52-49.ent.x86_64.rpm mod_ssl-2.0.52-49.ent.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/httpd-2.0.52-49.ent.src.rpm
i386: httpd-2.0.52-49.ent.i386.rpm httpd-debuginfo-2.0.52-49.ent.i386.rpm httpd-devel-2.0.52-49.ent.i386.rpm httpd-manual-2.0.52-49.ent.i386.rpm httpd-suexec-2.0.52-49.ent.i386.rpm mod_ssl-2.0.52-49.ent.i386.rpm
ia64: httpd-2.0.52-49.ent.ia64.rpm httpd-debuginfo-2.0.52-49.ent.ia64.rpm httpd-devel-2.0.52-49.ent.ia64.rpm httpd-manual-2.0.52-49.ent.ia64.rpm httpd-suexec-2.0.52-49.ent.ia64.rpm mod_ssl-2.0.52-49.ent.ia64.rpm
x86_64: httpd-2.0.52-49.ent.x86_64.rpm httpd-debuginfo-2.0.52-49.ent.x86_64.rpm httpd-devel-2.0.52-49.ent.x86_64.rpm httpd-manual-2.0.52-49.ent.x86_64.rpm httpd-suexec-2.0.52-49.ent.x86_64.rpm mod_ssl-2.0.52-49.ent.x86_64.rpm
Red Hat Enterprise Linux Desktop (v. 5 client):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/httpd-2.2.3-53.el5_7.3.src.rpm
i386: httpd-2.2.3-53.el5_7.3.i386.rpm httpd-debuginfo-2.2.3-53.el5_7.3.i386.rpm mod_ssl-2.2.3-53.el5_7.3.i386.rpm
x86_64: httpd-2.2.3-53.el5_7.3.x86_64.rpm httpd-debuginfo-2.2.3-53.el5_7.3.x86_64.rpm mod_ssl-2.2.3-53.el5_7.3.x86_64.rpm
RHEL Desktop Workstation (v. 5 client):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/httpd-2.2.3-53.el5_7.3.src.rpm
i386: httpd-debuginfo-2.2.3-53.el5_7.3.i386.rpm httpd-devel-2.2.3-53.el5_7.3.i386.rpm httpd-manual-2.2.3-53.el5_7.3.i386.rpm
x86_64: httpd-debuginfo-2.2.3-53.el5_7.3.i386.rpm httpd-debuginfo-2.2.3-53.el5_7.3.x86_64.rpm httpd-devel-2.2.3-53.el5_7.3.i386.rpm httpd-devel-2.2.3-53.el5_7.3.x86_64.rpm httpd-manual-2.2.3-53.el5_7.3.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/httpd-2.2.3-53.el5_7.3.src.rpm
i386: httpd-2.2.3-53.el5_7.3.i386.rpm httpd-debuginfo-2.2.3-53.el5_7.3.i386.rpm httpd-devel-2.2.3-53.el5_7.3.i386.rpm httpd-manual-2.2.3-53.el5_7.3.i386.rpm mod_ssl-2.2.3-53.el5_7.3.i386.rpm
ia64: httpd-2.2.3-53.el5_7.3.ia64.rpm httpd-debuginfo-2.2.3-53.el5_7.3.ia64.rpm httpd-devel-2.2.3-53.el5_7.3.ia64.rpm httpd-manual-2.2.3-53.el5_7.3.ia64.rpm mod_ssl-2.2.3-53.el5_7.3.ia64.rpm
ppc: httpd-2.2.3-53.el5_7.3.ppc.rpm httpd-debuginfo-2.2.3-53.el5_7.3.ppc.rpm httpd-debuginfo-2.2.3-53.el5_7.3.ppc64.rpm httpd-devel-2.2.3-53.el5_7.3.ppc.rpm httpd-devel-2.2.3-53.el5_7.3.ppc64.rpm httpd-manual-2.2.3-53.el5_7.3.ppc.rpm mod_ssl-2.2.3-53.el5_7.3.ppc.rpm
s390x: httpd-2.2.3-53.el5_7.3.s390x.rpm httpd-debuginfo-2.2.3-53.el5_7.3.s390.rpm httpd-debuginfo-2.2.3-53.el5_7.3.s390x.rpm httpd-devel-2.2.3-53.el5_7.3.s390.rpm httpd-devel-2.2.3-53.el5_7.3.s390x.rpm httpd-manual-2.2.3-53.el5_7.3.s390x.rpm mod_ssl-2.2.3-53.el5_7.3.s390x.rpm
x86_64: httpd-2.2.3-53.el5_7.3.x86_64.rpm httpd-debuginfo-2.2.3-53.el5_7.3.i386.rpm httpd-debuginfo-2.2.3-53.el5_7.3.x86_64.rpm httpd-devel-2.2.3-53.el5_7.3.i386.rpm httpd-devel-2.2.3-53.el5_7.3.x86_64.rpm httpd-manual-2.2.3-53.el5_7.3.x86_64.rpm mod_ssl-2.2.3-53.el5_7.3.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2011-3368.html https://access.redhat.com/security/updates/classification/#moderate https://rhn.redhat.com/errata/RHSA-2011-1245.html
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFOoFxkXlSAg2UNWIIRAl1kAJ94ZNoM1fzZzwHexpMMIAyHsGsB8wCgvD5v qZVZrYEbxzHisIh4Yznj+ro= =yulh -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2012-09-19-2 OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004
OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004 are now available and address the following:
Apache Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Multiple vulnerabilities in Apache Description: Apache is updated to version 2.2.22 to address several vulnerabilities, the most serious of which may lead to a denial of service. Further information is available via the Apache web site at http://httpd.apache.org/. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2011-3368 CVE-2011-3607 CVE-2011-4317 CVE-2012-0021 CVE-2012-0031 CVE-2012-0053
BIND Available for: OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: A remote attacker may be able to cause a denial of service in systems configured to run BIND as a DNS nameserver Description: A reachable assertion issue existed in the handling of DNS records. This issue was addressed by updating to BIND 9.7.6-P1. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2011-4313
BIND Available for: OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4, OS X Mountain Lion v10.8 and v10.8.1 Impact: A remote attacker may be able to cause a denial of service, data corruption, or obtain sensitive information from process memory in systems configured to run BIND as a DNS nameserver Description: A memory management issue existed in the handling of DNS records. This issue was addressed by updating to BIND 9.7.6-P1 on OS X Lion systems, and BIND 9.8.3-P1 on OS X Mountain Lion systems. CVE-ID CVE-2012-1667
CoreText Available for: OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Applications that use CoreText may be vulnerable to an unexpected application termination or arbitrary code execution Description: A bounds checking issue existed in the handling of text glyphs, which may lead to out of bounds memory reads or writes. This issue was addressed through improved bounds checking. This issue does not affect Mac OS X v10.6 or OS X Mountain Lion systems. CVE-ID CVE-2012-3716 : Jesse Ruderman of Mozilla Corporation
Data Security Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4, OS X Mountain Lion v10.8 and v10.8.1 Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information Description: TrustWave, a trusted root CA, has issued, and subsequently revoked, a sub-CA certificate from one of its trusted anchors. This sub-CA facilitated the interception of communications secured by Transport Layer Security (TLS). This update adds the involved sub-CA certificate to OS X's list of untrusted certificates.
DirectoryService Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8 Impact: If the DirectoryService Proxy is used, a remote attacker may cause a denial of service or arbitrary code execution Description: A buffer overflow existed in the DirectoryService Proxy. This issue was addressed through improved bounds checking. This issue does not affect OS X Lion and Mountain Lion systems. CVE-ID CVE-2012-0650 : aazubel working with HP's Zero Day Initiative
ImageIO Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing a maliciously crafted PNG image may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in libpng's handling of PNG images. These issues were addressed through improved validation of PNG images. These issues do not affect OS X Mountain Lion systems. CVE-ID CVE-2011-3026 : Juri Aedla CVE-2011-3048
ImageIO Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow issue existed in libTIFF's handling of TIFF images. This issue was addressed through improved validation of TIFF images. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-1173 : Alexander Gavrun working with HP's Zero Day Initiative
Installer Available for: OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Remote admins and persons with physical access to the system may obtain account information Description: The fix for CVE-2012-0652 in OS X Lion 10.7.4 prevented user passwords from being recorded in the system log, but did not remove the old log entries. This issue was addressed by deleting log files that contained passwords. This issue does not affect Mac OS X 10.6 or OS X Mountain Lion systems. CVE-ID CVE-2012-0652
International Components for Unicode Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Applications that use ICU may be vulnerable to an unexpected application termination or arbitrary code execution Description: A stack buffer overflow existed in the handling of ICU locale IDs. This issue was addressed through improved bounds checking. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2011-4599
Kernel Available for: OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: A malicious program could bypass sandbox restrictions Description: A logic issue existed in the handling of debug system calls. This may allow a malicious program to gain code execution in other programs with the same user privileges. This issue was addressed by disabling handling of addresses in PT_STEP and PT_CONTINUE. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-0643 : iOS Jailbreak Dream Team
LoginWindow Available for: OS X Mountain Lion v10.8 and v10.8.1 Impact: A local user may be able to obtain other user's login passwords Description: A user-installed input method could intercept password keystrokes from Login Window or Screen Saver Unlock. This issue was addressed by preventing user-installed methods from being used when the system is handling login information. CVE-ID CVE-2012-3718 : An anonymous researcher
Mail Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing an e-mail message may lead to execution of web plugins Description: An input validation issue existed in Mail's handling of embedded web plugins. This issue was addressed by disabling third- party plug-ins in Mail. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-3719 : Will Dormann of the CERT/CC
Mobile Accounts Available for: OS X Mountain Lion v10.8 and v10.8.1 Impact: A user with access to the contents of a mobile account may obtain the account password Description: Creating a mobile account saved a hash of the password in the account, which was used to login when the mobile account was used as an external account. The password hash could be used to determine the user's password. This issue was addressed by creating the password hash only if external accounts are enabled on the system where the mobile account is created. CVE-ID CVE-2012-3720 : Harald Wagener of Google, Inc.
PHP Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4, OS X Mountain Lion v10.8 and v10.8.1 Impact: Multiple vulnerabilities in PHP Description: >PHP is updated to version 5.3.15 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the PHP web site at http://www.php.net CVE-ID CVE-2012-0831 CVE-2012-1172 CVE-2012-1823 CVE-2012-2143 CVE-2012-2311 CVE-2012-2386 CVE-2012-2688
PHP Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: PHP scripts which use libpng may be vulnerable to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of PNG files. This issue was addressed by updating PHP's copy of libpng to version 1.5.10. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2011-3048
Profile Manager Available for: OS X Lion Server v10.7 to v10.7.4 Impact: An unauthenticated user could enumerate managed devices Description: An authentication issue existed in the Device Management private interface. This issue was addressed by removing the interface. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-3721 : Derick Cassidy of XEquals Corporation
QuickLook Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing a maliciously crafted .pict file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of .pict files. This issue was addressed through improved validation of .pict files. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-0671 : Rodrigo Rubira Branco (twitter.com/bsdaemon) from the Qualys Vulnerability & Malware Research Labs (VMRL)
QuickTime Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in QuickTime's handling of sean atoms. This issue was addressed through improved bounds checking. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-0670 : Tom Gallagher (Microsoft) and Paul Bates (Microsoft) working with HP's Zero Day Initiative
QuickTime Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An uninitialized memory access existed in the handling of Sorenson encoded movie files. This issue was addressed through improved memory initialization. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-3722 : Will Dormann of the CERT/CC
QuickTime Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of RLE encoded movie files. This issue was addressed through improved bounds checking. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-0668 : Luigi Auriemma working with HP's Zero Day Initiative
Ruby Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: An attacker may be able to decrypt data protected by SSL Description: There are known attacks on the confidentiality of SSL 3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode. The Ruby OpenSSL module disabled the 'empty fragment' countermeasure which prevented these attacks. This issue was addressed by enabling empty fragments. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2011-3389
USB Available for: OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Attaching a USB device may lead to an unexpected system termination or arbitrary code execution Description: A memory corruption issue existed in the handling of USB hub descriptors. This issue was addressed through improved handling of the bNbrPorts descriptor field. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-3723 : Andy Davis of NGS Secure
Note: OS X Mountain Lion v10.8.2 includes the content of Safari 6.0.1. For further details see "About the security content of Safari 6.0.1" at http://http//support.apple.com/kb/HT5502
OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/
The Software Update utility will present the update that applies to your system configuration. Only one is needed, either OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 or Security Update 2012-004.
For OS X Mountain Lion v10.8.1 The download file is named: OSXUpd10.8.2.dmg Its SHA-1 digest is: d6779e1cc748b78af0207499383b1859ffbebe33
For OS X Mountain Lion v10.8 The download file is named: OSXUpdCombo10.8.2.dmg Its SHA-1 digest is: b08f10233d362e39f20b69f91d1d73f5e7b68a2c
For OS X Lion v10.7.4 The download file is named: MacOSXUpd10.7.5.dmg Its SHA-1 digest is: e0a9582cce9896938a7a541bd431862d93893532
For OS X Lion v10.7 and v10.7.3 The download file is named: MacOSXUpdCombo10.7.5.dmg Its SHA-1 digest is: f7a26b164fa10dae4fe646e57b01c34a619c8d9b
For OS X Lion Server v10.7.4 The download file is named: MacOSXServerUpd10.7.5.dmg Its SHA-1 digest is: a891b03bfb4eecb745c0c39a32f39960fdb6796a
For OS X Lion Server v10.7 and v10.7.3 The download file is named: MacOSXServerUpdCombo10.7.5.dmg Its SHA-1 digest is: df6e1748ab0a3c9e05c890be49d514673efd965e
For Mac OS X v10.6.8 The download file is named: SecUpd2012-004.dmg Its SHA-1 digest is: 5b136e29a871d41012f0c6ea1362d6210c8b4fb7
For Mac OS X Server v10.6.8 The download file is named: SecUpdSrvr2012-004.dmg Its SHA-1 digest is: 9b24496be15078e58a88537700f2f39c112e3b28
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJQWhlbAAoJEPefwLHPlZEwwjwQAKrpQlZh1B2mkSTLxR7QZg6e Qm7SmIZL9sjl5gQkTxoAvOGxJ8uRdYPlJ1IpyU/MbK0GqO53KmFSeKkwCnvLKMaW pc6tiFaQ4zV4LEAwBAFEuqCsMyPEJqKDhYXl2cHQmWfAlrLCyCKfzGLy2mY2UnkE DQC2+ys70DChFv2GzyXlibBXAGMKDygJ5dVKynsi1ceZLYWbUJoGwlUtXPylBpnO QyGWXmEloPbhK6HJbKMNacuDdVcb26pvIeFiivkTSxPVlZ3ns2tAwEyvHrzA9O4n 7rQ6jvfDbguOZmM5sPFvVKBw2GVDBNU+G3T8ouIXhk6Pjhr4in8VFCb8MIMLb8hm 7YYn2z1TzKTNmUuYbwe6ukQvf57cPuW0bAvslbl6PgrzqorlNPU4rDoSvPrJx/RO BOYkcxfirevHDGibfkeqXPjL3h+bVrb1USZpAv+ZOAy0M89SHFcvMtpAhxnoGiV5 w4EyKB+9Yi/CSAk2Ne3Y5kHH7/v3pWV68aJwhVirya7ex3vnJ+M+lRLKSm2BUjL3 +9fykrJBDujFDXoCmK5CN5Wx36DSVZ4VO1h635crotudtcvd+LQ2VHma/Chav5wK q5SSllf4KEownpx6o/qTxpg5tcC4lvgTcsDHlYcNq2s8KTTjmOden8ar4h7M7QD2 xyBfrQfG/dsif6jGHaot =8joH -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201110-0291", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "http server", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.0.46" }, { "model": "http server", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.0.48" }, { "model": "http server", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.0.40" }, { "model": "http server", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.0.47" }, { "model": "http server", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.0.45" }, { "model": "http server", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.0.41" }, { "model": "http server", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.0.39" }, { "model": "http server", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.0.42" }, { "model": "http server", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.0.44" }, { "model": "http server", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.0.43" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.9" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.12" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.35" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.61" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.8" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.13" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.18" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "1.3.9" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.51" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "1.3.11" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "1.3.27" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "1.3.1.1" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "1.3.12" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.64" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.19" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "1.3.68" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.37" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.49" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.53" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.4" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.10" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "1.3.20" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.57" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "1.3" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "1.3.37" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.1" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.15" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.50" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.20" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.34" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.56" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.0" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "1.3.33" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.52" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "1.3.3" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.21" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.36" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.3" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "1.3.29" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.60" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "1.3.30" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "1.3.36" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "1.3.6" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "1.3.35" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.55" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.38" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.58" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.2" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "1.3.38" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "1.3.19" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "1.3.39" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.63" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.16" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.6" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.9" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "1.3.5" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "1.3.2" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "1.3.14" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.11" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "1.3.17" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.14" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "1.3.13" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "1.3.42" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "1.3.4" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "1.3.25" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "1.3.41" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "1.3.16" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "1.3.15" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "1.3.10" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "1.3.32" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.28" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "1.3.0" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "1.3.65" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "1.3.31" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "1.3.24" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.32" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "1.3.34" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "1.3.8" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "1.3.26" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "1.3.1" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.54" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "1.3.23" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "1.3.28" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.59" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "1.3.18" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "1.3.22" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "1.3.7" }, { "model": "http server", "scope": "eq", "trust": 0.8, "vendor": "apache", "version": "1.3.x to 1.3.42" }, { "model": "http server", "scope": "eq", "trust": 0.8, "vendor": "apache", "version": "2.0.x to 2.0.64" }, { "model": "http server", "scope": "eq", "trust": 0.8, "vendor": "apache", "version": "2.2.x to 2.2.21" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6.8" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.7 to v10.7.4" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6.8" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.7 to v10.7.4" }, { "model": "application server", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "10.1.3.5" }, { "model": "http server", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "11.1.1.5" }, { "model": "http server", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "11.1.2.0" }, { "model": "sparc enterprise m3000 server", "scope": null, "trust": 0.8, "vendor": "oracle", "version": null }, { "model": "sparc enterprise m4000 server", "scope": null, "trust": 0.8, "vendor": "oracle", "version": null }, { "model": "sparc enterprise m5000 server", "scope": null, "trust": 0.8, "vendor": "oracle", "version": null }, { "model": "sparc enterprise m8000 server", "scope": null, "trust": 0.8, "vendor": "oracle", "version": null }, { "model": "sparc enterprise m9000 server", "scope": null, "trust": 0.8, "vendor": "oracle", "version": null }, { "model": "xcp", "scope": "lt", "trust": 0.8, "vendor": "oracle", "version": "1118" }, { "model": "hp secure web server for openvms", "scope": "lte", "trust": 0.8, "vendor": "hewlett packard", "version": "v2.2" }, { "model": "interstage application framework suite", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage apworks", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage business application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage job workload server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage studio", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage web server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker resource coordinator", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage studio enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0.2" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.58" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.54" }, { "model": "interstage apworks modelers-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.42" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0.1" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "hat jboss enterprise web server for rhel", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "61.0" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.41" }, { "model": "interstage studio standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.9" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.57" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.3.6" }, { "model": "interstage application server enterprise edition 6.0a", "scope": null, "trust": 0.3, "vendor": "fujitsu", "version": null }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.11" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.10" }, { "model": "software foundation apache -dev", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.7" }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0.1" }, { "model": "voice portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.49" }, { "model": "interstage application server web-j edition l10", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "software foundation apache 2.0.61-dev", "scope": null, "trust": 0.3, "vendor": "apache", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.1" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.50" }, { "model": "interstage application server plus l10a", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.0-68" }, { "model": "hat enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "interstage application server enterprise edition l20a", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.10" }, { "model": "software foundation apache -beta", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.34" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.2" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.2-77" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.37" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.4" }, { "model": "interstage business application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.0" }, { "model": "software foundation apache -dev", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.56" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.1" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.5" }, { "model": "interstage application server enterprise edition l10b", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.2.77" }, { "model": "interstage application server plus l10c", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "os/400 v5r4m0", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0.1" }, { "model": "software foundation apache -beta", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.28" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "interstage application server plus developer l10", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2.27" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.3" }, { "model": "interstage apworks modelers-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "interstage application server standard edition l20a", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.1" }, { "model": "software foundation apache 2.2.6-dev", "scope": null, "trust": 0.3, "vendor": "apache", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.96" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.55" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.2" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1" }, { "model": "meeting exchange sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0.0.52" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.2" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.14" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.17" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.2" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0.1" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.38" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.21" }, { "model": "software foundation apache 2.2.15-dev", "scope": null, "trust": 0.3, "vendor": "apache", "version": null }, { "model": "interstage application server enterprise edition 9.1.0a", "scope": null, "trust": 0.3, "vendor": "fujitsu", "version": null }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.20" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.35" }, { "model": "http server", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.21" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.45" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "interstage application server web-j edition l20a", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.26" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.3.4" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.11" }, { "model": "hat enterprise linux desktop optional", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2009.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.68" }, { "model": "openvms secure web server", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1.0.102" }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0" }, { "model": "interstage application server plus l11", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server plus l10", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "software foundation apache beta", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.28" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.28" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "software foundation apache a9", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0" }, { "model": "interstage studio standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.2" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1.0-103" }, { "model": "os/400 v6r1m0", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "12.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0.95" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.6" }, { "model": "voice portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.8" }, { "model": "software foundation apache 2.2.5-dev", "scope": null, "trust": 0.3, "vendor": "apache", "version": null }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.41" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.17" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.15" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2011" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0-95" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.59" }, { "model": "system management homepage", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.2" }, { "model": "meeting exchange sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "software foundation apache -dev", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.35" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "interstage application server standard-j edition b", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "enterprise linux ws", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "software foundation apache mac", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.14" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.3" }, { "model": "enterprise linux es", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "linux lts sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "interstage application server standard edition l10", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.5" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.34" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "interstage application server web-j edition l10a", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2" }, { "model": "interstage application server standard edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.51" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.4" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.17" }, { "model": "interstage application server standard edition l20", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "interstage application server standard-j edition 9.1.0b", "scope": null, "trust": 0.3, "vendor": "fujitsu", "version": null }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "12.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.1-73" }, { "model": "hat jboss enterprise web server for rhel server", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "51.0" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.30" }, { "model": "interstage application server plus l10", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.35" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "enterprise linux desktop version", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "software foundation apache 2.3.38-dev", "scope": null, "trust": 0.3, "vendor": "apache", "version": null }, { "model": "interstage application server enterprise edition l11", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server web-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.0" }, { "model": "interstage application server plus developer", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.39" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.5" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.13" }, { "model": "interstage application server enterprise edition l10c", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server enterprise edition b", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "system management homepage b", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.2.77" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.2" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1.3" }, { "model": "interstage application server web-j edition l11", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.3" }, { "model": "message networking sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "interstage application server enterprise edition l10", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.65" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.12" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.43" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.64" }, { "model": "interstage studio enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.1" }, { "model": "interstage application server standard edition l10a", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "interstage apworks modelers-j edition l10a", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.46" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.15" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "interstage application server standard edition l11", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura system manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "enterprise server x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1.6" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1.4" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "interstage application server enterprise edition l10a", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.14" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.39" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.1" }, { "model": "interstage studio standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "interstage application server plus developer l20", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "linux x86 64 -current", "scope": null, "trust": 0.3, "vendor": "slackware", "version": null }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.1" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.3.5" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1.5" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.18" }, { "model": "software foundation apache 2.0.62-dev", "scope": null, "trust": 0.3, "vendor": "apache", "version": null }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0.1" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage application server enterprise edition l11", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.8" }, { "model": "interstage application server plus developer", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.8" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.3" }, { "model": "enterprise server", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.15" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "interstage studio enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "interstage application server plus developer l10", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.9" }, { "model": "interstage application server enterprise edition l10", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "software foundation apache 2.0.60-dev", "scope": null, "trust": 0.3, "vendor": "apache", "version": null }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.19" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0.1" }, { "model": "hat enterprise linux desktop client", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "interstage application server plus developer", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0.1" }, { "model": "interstage application server enterprise edition l20", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0.1" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.8" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2009.0" }, { "model": "hat enterprise linux hpc node optional", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.60" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.7" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.22" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.9" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.37" }, { "model": "interstage application server standard edition l10b", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.1" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.3.1" }, { "model": "interstage application server enterprise edition l10b", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.37" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.56" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2011" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.33" }, { "model": "linux lts lpia", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "interstage application server enterprise edition l10", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.36" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "interstage application server plus l11", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.16" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.3" }, { "model": "software foundation apache 2.2.7-dev", "scope": null, "trust": 0.3, "vendor": "apache", "version": null }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.3.2" }, { "model": "application server 10g r3", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10.1.3.5.0" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.44" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3" }, { "model": "interstage application server standard-j edition a", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.3" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.4" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.19" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.3" }, { "model": "hat enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.23" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.1" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2.0-12" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.3" }, { "model": "hat enterprise linux as", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "4" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.9" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.1" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.13" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.27" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.1" }, { "model": "interstage job workload server", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.1" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.10" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.1" }, { "model": "interstage application server web-j edition l10b", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.0" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1" }, { "model": "software foundation apache -beta", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.32" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "12.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.11" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.38" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.3" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.52" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.63" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.36" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.29" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.1.73" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.19" }, { "model": "interstage studio enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.2" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "interstage apworks modelers-j edition l10", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.3" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.31" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.13" }, { "model": "linux lts powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.42" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.37" }, { "model": "interstage application server web-j edition l20", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "interstage apworks modelers-j edition 6.0a", "scope": null, "trust": 0.3, "vendor": "fujitsu", "version": null }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.6" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.2" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.1" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.3.3" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.16" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.32" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "linux -current", "scope": null, "trust": 0.3, "vendor": "slackware", "version": null }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.12" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.1" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "hat enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "interstage application server standard-j edition b", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0.1" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.2" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.0" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.53" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.10" }, { "model": "hat enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.7" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.20" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.2" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.25" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "enterprise linux desktop workstation client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "os/400 v5r5m0", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.28" }, { "model": "interstage apworks modelers-j edition l10", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1.0.103" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.32" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.0" }, { "model": "interstage studio enterprise edition b", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.1.0" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.68" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.5" }, { "model": "software foundation apache", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": "2.2.22" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.1.1" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.48" }, { "model": "interstage studio standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.1" }, { "model": "interstage application server enterprise edition a", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.47" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.1" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0.2" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "interstage application server enterprise edition 9.1.0b", "scope": null, "trust": 0.3, "vendor": "fujitsu", "version": null }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.2" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.2" }, { "model": "hat enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0.1" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.24" }, { "model": "interstage application server enterprise edition b", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0.1" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.40" }, { "model": "interstage application server plus l10b", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "software foundation apache 1.3.40-dev", "scope": null, "trust": 0.3, "vendor": "apache", "version": null }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.61" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.4" }, { "model": "interstage studio standard-j edition b", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.1.0" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.1.1" }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.18" }, { "model": "software foundation apache 2.0.64-dev", "scope": null, "trust": 0.3, "vendor": "apache", "version": null }, { "model": "software foundation apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.6" } ], "sources": [ { "db": "BID", "id": "49957" }, { "db": "JVNDB", "id": "JVNDB-2011-002351" }, { "db": "CNNVD", "id": "CNNVD-201110-052" }, { "db": "NVD", "id": "CVE-2011-3368" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:apache:http_server", "vulnerable": true }, { "cpe22Uri": "cpe:/o:apple:mac_os_x", "vulnerable": true }, { "cpe22Uri": "cpe:/o:apple:mac_os_x_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:oracle:application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:oracle:http_server", "vulnerable": true }, { "cpe22Uri": "cpe:/h:oracle:sparc_enterprise_m3000_server", "vulnerable": true }, { "cpe22Uri": "cpe:/h:oracle:sparc_enterprise_m4000_server", "vulnerable": true }, { "cpe22Uri": "cpe:/h:oracle:sparc_enterprise_m5000_server", "vulnerable": true }, { "cpe22Uri": "cpe:/h:oracle:sparc_enterprise_m8000_server", "vulnerable": true }, { "cpe22Uri": "cpe:/h:oracle:sparc_enterprise_m9000_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:oracle:xcp", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hp:secure_web_server_for_open_vms", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_framework_suite", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_apworks", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_job_workload_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_studio", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_web_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_resource_coordinator", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-002351" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Reported by the vendor", "sources": [ { "db": "BID", "id": "49957" } ], "trust": 0.3 }, "cve": "CVE-2011-3368", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2011-3368", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2011-3368", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2011-3368", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-201110-052", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2011-3368", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2011-3368" }, { "db": "JVNDB", "id": "JVNDB-2011-002351" }, { "db": "CNNVD", "id": "CNNVD-201110-052" }, { "db": "NVD", "id": "CVE-2011-3368" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character. Apache HTTP Server is prone to an information disclosure vulnerability. \nAn attacker can exploit this vulnerability to gain access to sensitive information. \n\n The three CVE ids denote slightly different variants of the same\n issue. \n\n Note that, even with this issue fixed, it is the responsibility of\n the administrator to ensure that the regular expression replacement\n pattern for the target URI does not allow a client to append arbitrary\n strings to the host or port parts of the target URI. This is a violation of the privilege separation\n between the apache2 processes and could potentially be used to worsen\n the impact of other vulnerabilities. This could allow a remote attacker using\n cross site scripting to steal authentication cookies. \n\n\nFor the oldstable distribution (lenny), these problems have been fixed in\nversion apache2 2.2.9-10+lenny12. \n\nFor the stable distribution (squeeze), these problems have been fixed in\nversion apache2 2.2.16-6+squeeze6\n\nFor the testing distribution (wheezy), these problems will be fixed in\nversion 2.2.22-1. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.2.22-1. \n\nWe recommend that you upgrade your apache2 packages. The new version\nnumber for the oldstable distribution is 2.2.6-02-1+lenny7. In the\nstable distribution, apache2-mpm-itk has the same version number as\napache2. \nPlease review the CVE identifiers referenced below for details. \n\nImpact\n======\n\nA remote attacker might obtain sensitive information, gain privileges,\nsend requests to unintended servers behind proxies, bypass certain\nsecurity restrictions, obtain the values of HTTPOnly cookies, or cause\na Denial of Service in various ways. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Apache HTTP Server users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/apache-2.2.22-r1\"\n\nReferences\n==========\n\n[ 1 ] CVE-2010-0408\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0408\n[ 2 ] CVE-2010-0434\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0434\n[ 3 ] CVE-2010-1452\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1452\n[ 4 ] CVE-2010-2791\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2791\n[ 5 ] CVE-2011-3192\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3192\n[ 6 ] CVE-2011-3348\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3348\n[ 7 ] CVE-2011-3368\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3368\n[ 8 ] CVE-2011-3607\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3607\n[ 9 ] CVE-2011-4317\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4317\n[ 10 ] CVE-2012-0021\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0021\n[ 11 ] CVE-2012-0031\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0031\n[ 12 ] CVE-2012-0053\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0053\n[ 13 ] CVE-2012-0883\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0883\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201206-25.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ==========================================================================\nUbuntu Security Notice USN-1259-1\nNovember 11, 2011\n\napache2, apache2-mpm-itk vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 11.10\n- Ubuntu 11.04\n- Ubuntu 10.10\n- Ubuntu 10.04 LTS\n- Ubuntu 8.04 LTS\n\nSummary:\n\nMultiple vulnerabilities and a regression were fixed in the Apache HTTP\nserver. (CVE-2011-3368)\n\nStefano Nichele discovered that the mod_proxy_ajp module in Apache when\nused with mod_proxy_balancer in certain configurations could allow\nremote attackers to cause a denial of service via a malformed HTTP\nrequest. (CVE-2011-3348)\n\nSamuel Montosa discovered that the ITK Multi-Processing Module for\nApache did not properly handle certain configuration sections that\nspecify NiceValue but not AssignUserID, preventing Apache from dropping\nprivileges correctly. This issue only affected Ubuntu 10.04 LTS, Ubuntu\n10.10 and Ubuntu 11.04. (CVE-2011-1176)\n\nUSN 1199-1 fixed a vulnerability in the byterange filter of Apache. The\nupstream patch introduced a regression in Apache when handling specific\nbyte range requests. \n\nOriginal advisory details:\n\n A flaw was discovered in the byterange filter in Apache. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 11.10:\n apache2.2-bin 2.2.20-1ubuntu1.1\n\nUbuntu 11.04:\n apache2-mpm-itk 2.2.17-1ubuntu1.4\n apache2.2-bin 2.2.17-1ubuntu1.4\n\nUbuntu 10.10:\n apache2-mpm-itk 2.2.16-1ubuntu3.4\n apache2.2-bin 2.2.16-1ubuntu3.4\n\nUbuntu 10.04 LTS:\n apache2-mpm-itk 2.2.14-5ubuntu8.7\n apache2.2-bin 2.2.14-5ubuntu8.7\n\nUbuntu 8.04 LTS:\n apache2.2-common 2.2.8-1ubuntu0.22\n\nIn general, a standard system update will make all the necessary changes. This version of Apache is principally a security\n and bug fix release, including the following significant security fixes:\n\n * SECURITY: CVE-2011-3368 (cve.mitre.org)\n Reject requests where the request-URI does not match the HTTP\n specification, preventing unexpected expansion of target URLs in\n some reverse proxy configurations. \n\n * SECURITY: CVE-2011-3607 (cve.mitre.org)\n Fix integer overflow in ap_pregsub() which, when the mod_setenvif module\n is enabled, could allow local users to gain privileges via a .htaccess\n file. \n\n * SECURITY: CVE-2011-4317 (cve.mitre.org)\n Resolve additional cases of URL rewriting with ProxyPassMatch or\n RewriteRule, where particular request-URIs could result in undesired\n backend network exposure in some configurations. \n\n * SECURITY: CVE-2012-0021 (cve.mitre.org)\n mod_log_config: Fix segfault (crash) when the \u0027%{cookiename}C\u0027 log format\n string is in use and a client sends a nameless, valueless cookie, causing\n a denial of service. \n\n * SECURITY: CVE-2012-0031 (cve.mitre.org)\n Fix scoreboard issue which could allow an unprivileged child process\n could cause the parent to crash at shutdown rather than terminate\n cleanly. \n\n * SECURITY: CVE-2012-0053 (cve.mitre.org)\n Fixed an issue in error responses that could expose \"httpOnly\" cookies\n when no custom ErrorDocument is specified for status code 400. \n\n The Apache HTTP Project thanks halfdog, Context Information Security Ltd,\n Prutha Parikh of Qualys, and Norman Hippert for bringing these issues to\n the attention of the security team. \n\n We consider this release to be the best version of Apache available, and\n encourage users of all prior versions to upgrade. \n\n Apache HTTP Server 2.2.22 is available for download from:\n\n http://httpd.apache.org/download.cgi\n\n Please see the CHANGES_2.2 file, linked from the download page, for a\n full list of changes. A condensed list, CHANGES_2.2.22 includes only\n those changes introduced since the prior 2.2 release. A summary of all\n of the security vulnerabilities addressed in this and earlier releases\n is available:\n\n http://httpd.apache.org/security/vulnerabilities_22.html\n\n This release includes the Apache Portable Runtime (APR) version 1.4.5\n and APR Utility Library (APR-util) version 1.4.2, bundled with the tar\n and zip distributions. The APR libraries libapr and libaprutil (and\n on Win32, libapriconv version 1.2.1) must all be updated to ensure\n binary compatibility and address many known security and platform bugs. \n APR-util version 1.4 represents a minor version upgrade from earlier\n httpd source distributions, which previously included version 1.3. \n\n Apache 2.2 offers numerous enhancements, improvements, and performance\n boosts over the 2.0 codebase. For an overview of new features\n introduced since 2.0 please see:\n\n http://httpd.apache.org/docs/2.2/new_features_2_2.html\n\n This release builds on and extends the Apache 2.0 API. Modules written\n for Apache 2.0 will need to be recompiled in order to run with Apache\n 2.2, and require minimal or no source code changes. \n\n http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/VERSIONING\n\n When upgrading or installing this version of Apache, please bear in mind\n that if you intend to use Apache with one of the threaded MPMs (other\n than the Prefork MPM), you must ensure that any modules you will be\n using (and the libraries they depend on) are thread-safe. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: httpd security and bug fix update\nAdvisory ID: RHSA-2011:1392-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2011-1392.html\nIssue date: 2011-10-20\nCVE Names: CVE-2011-3368 \n=====================================================================\n\n1. Summary:\n\nUpdated httpd packages that fix one security issue and one bug are now\navailable for Red Hat Enterprise Linux 4 and 5. \n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section. \n\n2. Relevant releases/architectures:\n\nRHEL Desktop Workstation (v. 5 client) - i386, x86_64\nRed Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64\nRed Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64\nRed Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64\nRed Hat Enterprise Linux Desktop version 4 - i386, x86_64\nRed Hat Enterprise Linux ES version 4 - i386, ia64, x86_64\nRed Hat Enterprise Linux WS version 4 - i386, ia64, x86_64\n\n3. In certain configurations, if a reverse\nproxy used the ProxyPassMatch directive, or if it used the RewriteRule\ndirective with the proxy flag, a remote attacker could make the proxy\nconnect to an arbitrary server, possibly disclosing sensitive information\nfrom internal web servers not directly accessible to the attacker. \n(CVE-2011-3368)\n\nRed Hat would like to thank Context Information Security for reporting this\nissue. \n\nThis update also fixes the following bug:\n\n* The fix for CVE-2011-3192 provided by the RHSA-2011:1245 update\nintroduced regressions in the way httpd handled certain Range HTTP header\nvalues. This update corrects those regressions. (BZ#736593, BZ#736594)\n\nAll httpd users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the updated\npackages, the httpd daemon must be restarted for the update to take effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n736593 - httpd: RHSA-2011:1245 regressions [rhel-5]\n736594 - httpd: RHSA-2011:1245 regressions [rhel-4]\n740045 - CVE-2011-3368 httpd: reverse web proxy vulnerability\n\n6. Package List:\n\nRed Hat Enterprise Linux AS version 4:\n\nSource:\nftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/httpd-2.0.52-49.ent.src.rpm\n\ni386:\nhttpd-2.0.52-49.ent.i386.rpm\nhttpd-debuginfo-2.0.52-49.ent.i386.rpm\nhttpd-devel-2.0.52-49.ent.i386.rpm\nhttpd-manual-2.0.52-49.ent.i386.rpm\nhttpd-suexec-2.0.52-49.ent.i386.rpm\nmod_ssl-2.0.52-49.ent.i386.rpm\n\nia64:\nhttpd-2.0.52-49.ent.ia64.rpm\nhttpd-debuginfo-2.0.52-49.ent.ia64.rpm\nhttpd-devel-2.0.52-49.ent.ia64.rpm\nhttpd-manual-2.0.52-49.ent.ia64.rpm\nhttpd-suexec-2.0.52-49.ent.ia64.rpm\nmod_ssl-2.0.52-49.ent.ia64.rpm\n\nppc:\nhttpd-2.0.52-49.ent.ppc.rpm\nhttpd-debuginfo-2.0.52-49.ent.ppc.rpm\nhttpd-devel-2.0.52-49.ent.ppc.rpm\nhttpd-manual-2.0.52-49.ent.ppc.rpm\nhttpd-suexec-2.0.52-49.ent.ppc.rpm\nmod_ssl-2.0.52-49.ent.ppc.rpm\n\ns390:\nhttpd-2.0.52-49.ent.s390.rpm\nhttpd-debuginfo-2.0.52-49.ent.s390.rpm\nhttpd-devel-2.0.52-49.ent.s390.rpm\nhttpd-manual-2.0.52-49.ent.s390.rpm\nhttpd-suexec-2.0.52-49.ent.s390.rpm\nmod_ssl-2.0.52-49.ent.s390.rpm\n\ns390x:\nhttpd-2.0.52-49.ent.s390x.rpm\nhttpd-debuginfo-2.0.52-49.ent.s390x.rpm\nhttpd-devel-2.0.52-49.ent.s390x.rpm\nhttpd-manual-2.0.52-49.ent.s390x.rpm\nhttpd-suexec-2.0.52-49.ent.s390x.rpm\nmod_ssl-2.0.52-49.ent.s390x.rpm\n\nx86_64:\nhttpd-2.0.52-49.ent.x86_64.rpm\nhttpd-debuginfo-2.0.52-49.ent.x86_64.rpm\nhttpd-devel-2.0.52-49.ent.x86_64.rpm\nhttpd-manual-2.0.52-49.ent.x86_64.rpm\nhttpd-suexec-2.0.52-49.ent.x86_64.rpm\nmod_ssl-2.0.52-49.ent.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop version 4:\n\nSource:\nftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/httpd-2.0.52-49.ent.src.rpm\n\ni386:\nhttpd-2.0.52-49.ent.i386.rpm\nhttpd-debuginfo-2.0.52-49.ent.i386.rpm\nhttpd-devel-2.0.52-49.ent.i386.rpm\nhttpd-manual-2.0.52-49.ent.i386.rpm\nhttpd-suexec-2.0.52-49.ent.i386.rpm\nmod_ssl-2.0.52-49.ent.i386.rpm\n\nx86_64:\nhttpd-2.0.52-49.ent.x86_64.rpm\nhttpd-debuginfo-2.0.52-49.ent.x86_64.rpm\nhttpd-devel-2.0.52-49.ent.x86_64.rpm\nhttpd-manual-2.0.52-49.ent.x86_64.rpm\nhttpd-suexec-2.0.52-49.ent.x86_64.rpm\nmod_ssl-2.0.52-49.ent.x86_64.rpm\n\nRed Hat Enterprise Linux ES version 4:\n\nSource:\nftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/httpd-2.0.52-49.ent.src.rpm\n\ni386:\nhttpd-2.0.52-49.ent.i386.rpm\nhttpd-debuginfo-2.0.52-49.ent.i386.rpm\nhttpd-devel-2.0.52-49.ent.i386.rpm\nhttpd-manual-2.0.52-49.ent.i386.rpm\nhttpd-suexec-2.0.52-49.ent.i386.rpm\nmod_ssl-2.0.52-49.ent.i386.rpm\n\nia64:\nhttpd-2.0.52-49.ent.ia64.rpm\nhttpd-debuginfo-2.0.52-49.ent.ia64.rpm\nhttpd-devel-2.0.52-49.ent.ia64.rpm\nhttpd-manual-2.0.52-49.ent.ia64.rpm\nhttpd-suexec-2.0.52-49.ent.ia64.rpm\nmod_ssl-2.0.52-49.ent.ia64.rpm\n\nx86_64:\nhttpd-2.0.52-49.ent.x86_64.rpm\nhttpd-debuginfo-2.0.52-49.ent.x86_64.rpm\nhttpd-devel-2.0.52-49.ent.x86_64.rpm\nhttpd-manual-2.0.52-49.ent.x86_64.rpm\nhttpd-suexec-2.0.52-49.ent.x86_64.rpm\nmod_ssl-2.0.52-49.ent.x86_64.rpm\n\nRed Hat Enterprise Linux WS version 4:\n\nSource:\nftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/httpd-2.0.52-49.ent.src.rpm\n\ni386:\nhttpd-2.0.52-49.ent.i386.rpm\nhttpd-debuginfo-2.0.52-49.ent.i386.rpm\nhttpd-devel-2.0.52-49.ent.i386.rpm\nhttpd-manual-2.0.52-49.ent.i386.rpm\nhttpd-suexec-2.0.52-49.ent.i386.rpm\nmod_ssl-2.0.52-49.ent.i386.rpm\n\nia64:\nhttpd-2.0.52-49.ent.ia64.rpm\nhttpd-debuginfo-2.0.52-49.ent.ia64.rpm\nhttpd-devel-2.0.52-49.ent.ia64.rpm\nhttpd-manual-2.0.52-49.ent.ia64.rpm\nhttpd-suexec-2.0.52-49.ent.ia64.rpm\nmod_ssl-2.0.52-49.ent.ia64.rpm\n\nx86_64:\nhttpd-2.0.52-49.ent.x86_64.rpm\nhttpd-debuginfo-2.0.52-49.ent.x86_64.rpm\nhttpd-devel-2.0.52-49.ent.x86_64.rpm\nhttpd-manual-2.0.52-49.ent.x86_64.rpm\nhttpd-suexec-2.0.52-49.ent.x86_64.rpm\nmod_ssl-2.0.52-49.ent.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop (v. 5 client):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/httpd-2.2.3-53.el5_7.3.src.rpm\n\ni386:\nhttpd-2.2.3-53.el5_7.3.i386.rpm\nhttpd-debuginfo-2.2.3-53.el5_7.3.i386.rpm\nmod_ssl-2.2.3-53.el5_7.3.i386.rpm\n\nx86_64:\nhttpd-2.2.3-53.el5_7.3.x86_64.rpm\nhttpd-debuginfo-2.2.3-53.el5_7.3.x86_64.rpm\nmod_ssl-2.2.3-53.el5_7.3.x86_64.rpm\n\nRHEL Desktop Workstation (v. 5 client):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/httpd-2.2.3-53.el5_7.3.src.rpm\n\ni386:\nhttpd-debuginfo-2.2.3-53.el5_7.3.i386.rpm\nhttpd-devel-2.2.3-53.el5_7.3.i386.rpm\nhttpd-manual-2.2.3-53.el5_7.3.i386.rpm\n\nx86_64:\nhttpd-debuginfo-2.2.3-53.el5_7.3.i386.rpm\nhttpd-debuginfo-2.2.3-53.el5_7.3.x86_64.rpm\nhttpd-devel-2.2.3-53.el5_7.3.i386.rpm\nhttpd-devel-2.2.3-53.el5_7.3.x86_64.rpm\nhttpd-manual-2.2.3-53.el5_7.3.x86_64.rpm\n\nRed Hat Enterprise Linux (v. 5 server):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/httpd-2.2.3-53.el5_7.3.src.rpm\n\ni386:\nhttpd-2.2.3-53.el5_7.3.i386.rpm\nhttpd-debuginfo-2.2.3-53.el5_7.3.i386.rpm\nhttpd-devel-2.2.3-53.el5_7.3.i386.rpm\nhttpd-manual-2.2.3-53.el5_7.3.i386.rpm\nmod_ssl-2.2.3-53.el5_7.3.i386.rpm\n\nia64:\nhttpd-2.2.3-53.el5_7.3.ia64.rpm\nhttpd-debuginfo-2.2.3-53.el5_7.3.ia64.rpm\nhttpd-devel-2.2.3-53.el5_7.3.ia64.rpm\nhttpd-manual-2.2.3-53.el5_7.3.ia64.rpm\nmod_ssl-2.2.3-53.el5_7.3.ia64.rpm\n\nppc:\nhttpd-2.2.3-53.el5_7.3.ppc.rpm\nhttpd-debuginfo-2.2.3-53.el5_7.3.ppc.rpm\nhttpd-debuginfo-2.2.3-53.el5_7.3.ppc64.rpm\nhttpd-devel-2.2.3-53.el5_7.3.ppc.rpm\nhttpd-devel-2.2.3-53.el5_7.3.ppc64.rpm\nhttpd-manual-2.2.3-53.el5_7.3.ppc.rpm\nmod_ssl-2.2.3-53.el5_7.3.ppc.rpm\n\ns390x:\nhttpd-2.2.3-53.el5_7.3.s390x.rpm\nhttpd-debuginfo-2.2.3-53.el5_7.3.s390.rpm\nhttpd-debuginfo-2.2.3-53.el5_7.3.s390x.rpm\nhttpd-devel-2.2.3-53.el5_7.3.s390.rpm\nhttpd-devel-2.2.3-53.el5_7.3.s390x.rpm\nhttpd-manual-2.2.3-53.el5_7.3.s390x.rpm\nmod_ssl-2.2.3-53.el5_7.3.s390x.rpm\n\nx86_64:\nhttpd-2.2.3-53.el5_7.3.x86_64.rpm\nhttpd-debuginfo-2.2.3-53.el5_7.3.i386.rpm\nhttpd-debuginfo-2.2.3-53.el5_7.3.x86_64.rpm\nhttpd-devel-2.2.3-53.el5_7.3.i386.rpm\nhttpd-devel-2.2.3-53.el5_7.3.x86_64.rpm\nhttpd-manual-2.2.3-53.el5_7.3.x86_64.rpm\nmod_ssl-2.2.3-53.el5_7.3.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and \ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2011-3368.html\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://rhn.redhat.com/errata/RHSA-2011-1245.html\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2011 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFOoFxkXlSAg2UNWIIRAl1kAJ94ZNoM1fzZzwHexpMMIAyHsGsB8wCgvD5v\nqZVZrYEbxzHisIh4Yznj+ro=\n=yulh\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2012-09-19-2 OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and\nSecurity Update 2012-004\n\nOS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update\n2012-004 are now available and address the following:\n\nApache\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\nImpact: Multiple vulnerabilities in Apache\nDescription: Apache is updated to version 2.2.22 to address several\nvulnerabilities, the most serious of which may lead to a denial of\nservice. Further information is available via the Apache web site at\nhttp://httpd.apache.org/. This issue does not affect OS X Mountain\nLion systems. \nCVE-ID\nCVE-2011-3368\nCVE-2011-3607\nCVE-2011-4317\nCVE-2012-0021\nCVE-2012-0031\nCVE-2012-0053\n\nBIND\nAvailable for: OS X Lion v10.7 to v10.7.4,\nOS X Lion Server v10.7 to v10.7.4\nImpact: A remote attacker may be able to cause a denial of service\nin systems configured to run BIND as a DNS nameserver\nDescription: A reachable assertion issue existed in the handling of\nDNS records. This issue was addressed by updating to BIND 9.7.6-P1. \nThis issue does not affect OS X Mountain Lion systems. \nCVE-ID\nCVE-2011-4313\n\nBIND\nAvailable for: OS X Lion v10.7 to v10.7.4,\nOS X Lion Server v10.7 to v10.7.4,\nOS X Mountain Lion v10.8 and v10.8.1\nImpact: A remote attacker may be able to cause a denial of service,\ndata corruption, or obtain sensitive information from process memory\nin systems configured to run BIND as a DNS nameserver\nDescription: A memory management issue existed in the handling of\nDNS records. This issue was addressed by updating to BIND 9.7.6-P1 on\nOS X Lion systems, and BIND 9.8.3-P1 on OS X Mountain Lion systems. \nCVE-ID\nCVE-2012-1667\n\nCoreText\nAvailable for: OS X Lion v10.7 to v10.7.4,\nOS X Lion Server v10.7 to v10.7.4\nImpact: Applications that use CoreText may be vulnerable to an\nunexpected application termination or arbitrary code execution\nDescription: A bounds checking issue existed in the handling of text\nglyphs, which may lead to out of bounds memory reads or writes. This\nissue was addressed through improved bounds checking. This issue does\nnot affect Mac OS X v10.6 or OS X Mountain Lion systems. \nCVE-ID\nCVE-2012-3716 : Jesse Ruderman of Mozilla Corporation\n\nData Security\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4,\nOS X Mountain Lion v10.8 and v10.8.1\nImpact: An attacker with a privileged network position may intercept\nuser credentials or other sensitive information\nDescription: TrustWave, a trusted root CA, has issued, and\nsubsequently revoked, a sub-CA certificate from one of its trusted\nanchors. This sub-CA facilitated the interception of communications\nsecured by Transport Layer Security (TLS). This update adds the\ninvolved sub-CA certificate to OS X\u0027s list of untrusted certificates. \n\nDirectoryService\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8\nImpact: If the DirectoryService Proxy is used, a remote attacker may\ncause a denial of service or arbitrary code execution\nDescription: A buffer overflow existed in the DirectoryService\nProxy. This issue was addressed through improved bounds checking. \nThis issue does not affect OS X Lion and Mountain Lion systems. \nCVE-ID\nCVE-2012-0650 : aazubel working with HP\u0027s Zero Day Initiative\n\nImageIO\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\nImpact: Viewing a maliciously crafted PNG image may lead to an\nunexpected application termination or arbitrary code execution\nDescription: Multiple memory corruption issues existed in libpng\u0027s\nhandling of PNG images. These issues were addressed through improved\nvalidation of PNG images. These issues do not affect OS X Mountain\nLion systems. \nCVE-ID\nCVE-2011-3026 : Juri Aedla\nCVE-2011-3048\n\nImageIO\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\nImpact: Viewing a maliciously crafted TIFF image may lead to an\nunexpected application termination or arbitrary code execution\nDescription: An integer overflow issue existed in libTIFF\u0027s handling\nof TIFF images. This issue was addressed through improved validation\nof TIFF images. This issue does not affect OS X Mountain Lion\nsystems. \nCVE-ID\nCVE-2012-1173 : Alexander Gavrun working with HP\u0027s Zero Day\nInitiative\n\nInstaller\nAvailable for: OS X Lion v10.7 to v10.7.4,\nOS X Lion Server v10.7 to v10.7.4\nImpact: Remote admins and persons with physical access to the system\nmay obtain account information\nDescription: The fix for CVE-2012-0652 in OS X Lion 10.7.4 prevented\nuser passwords from being recorded in the system log, but did not\nremove the old log entries. This issue was addressed by deleting log\nfiles that contained passwords. This issue does not affect Mac OS X\n10.6 or OS X Mountain Lion systems. \nCVE-ID\nCVE-2012-0652\n\nInternational Components for Unicode\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\nImpact: Applications that use ICU may be vulnerable to an unexpected\napplication termination or arbitrary code execution\nDescription: A stack buffer overflow existed in the handling of ICU\nlocale IDs. This issue was addressed through improved bounds\nchecking. This issue does not affect OS X Mountain Lion systems. \nCVE-ID\nCVE-2011-4599\n\nKernel\nAvailable for: OS X Lion v10.7 to v10.7.4,\nOS X Lion Server v10.7 to v10.7.4\nImpact: A malicious program could bypass sandbox restrictions\nDescription: A logic issue existed in the handling of debug system\ncalls. This may allow a malicious program to gain code execution in\nother programs with the same user privileges. This issue was\naddressed by disabling handling of addresses in PT_STEP and\nPT_CONTINUE. This issue does not affect OS X Mountain Lion systems. \nCVE-ID\nCVE-2012-0643 : iOS Jailbreak Dream Team\n\nLoginWindow\nAvailable for: OS X Mountain Lion v10.8 and v10.8.1\nImpact: A local user may be able to obtain other user\u0027s login\npasswords\nDescription: A user-installed input method could intercept password\nkeystrokes from Login Window or Screen Saver Unlock. This issue was\naddressed by preventing user-installed methods from being used when\nthe system is handling login information. \nCVE-ID\nCVE-2012-3718 : An anonymous researcher\n\nMail\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\nImpact: Viewing an e-mail message may lead to execution of web\nplugins\nDescription: An input validation issue existed in Mail\u0027s handling of\nembedded web plugins. This issue was addressed by disabling third-\nparty plug-ins in Mail. This issue does not affect OS X Mountain Lion\nsystems. \nCVE-ID\nCVE-2012-3719 : Will Dormann of the CERT/CC\n\nMobile Accounts\nAvailable for: OS X Mountain Lion v10.8 and v10.8.1\nImpact: A user with access to the contents of a mobile account may\nobtain the account password\nDescription: Creating a mobile account saved a hash of the password\nin the account, which was used to login when the mobile account was\nused as an external account. The password hash could be used to\ndetermine the user\u0027s password. This issue was addressed by creating\nthe password hash only if external accounts are enabled on the system\nwhere the mobile account is created. \nCVE-ID\nCVE-2012-3720 : Harald Wagener of Google, Inc. \n\nPHP\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4,\nOS X Mountain Lion v10.8 and v10.8.1\nImpact: Multiple vulnerabilities in PHP\nDescription: \u003ePHP is updated to version 5.3.15 to address multiple\nvulnerabilities, the most serious of which may lead to arbitrary code\nexecution. Further information is available via the PHP web site at\nhttp://www.php.net\nCVE-ID\nCVE-2012-0831\nCVE-2012-1172\nCVE-2012-1823\nCVE-2012-2143\nCVE-2012-2311\nCVE-2012-2386\nCVE-2012-2688\n\nPHP\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\nImpact: PHP scripts which use libpng may be vulnerable to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue existed in the handling of\nPNG files. This issue was addressed by updating PHP\u0027s copy of libpng\nto version 1.5.10. This issue does not affect OS X Mountain Lion\nsystems. \nCVE-ID\nCVE-2011-3048\n\nProfile Manager\nAvailable for: OS X Lion Server v10.7 to v10.7.4\nImpact: An unauthenticated user could enumerate managed devices\nDescription: An authentication issue existed in the Device\nManagement private interface. This issue was addressed by removing\nthe interface. This issue does not affect OS X Mountain Lion\nsystems. \nCVE-ID\nCVE-2012-3721 : Derick Cassidy of XEquals Corporation\n\nQuickLook\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\nImpact: Viewing a maliciously crafted .pict file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue existed in the handling of\n.pict files. This issue was addressed through improved validation of\n.pict files. This issue does not affect OS X Mountain Lion systems. \nCVE-ID\nCVE-2012-0671 : Rodrigo Rubira Branco (twitter.com/bsdaemon) from the\nQualys Vulnerability \u0026 Malware Research Labs (VMRL)\n\nQuickTime\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: An integer overflow existed in QuickTime\u0027s handling of\nsean atoms. This issue was addressed through improved bounds\nchecking. This issue does not affect OS X Mountain Lion systems. \nCVE-ID\nCVE-2012-0670 : Tom Gallagher (Microsoft) and Paul Bates (Microsoft)\nworking with HP\u0027s Zero Day Initiative\n\nQuickTime\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: An uninitialized memory access existed in the handling\nof Sorenson encoded movie files. This issue was addressed through\nimproved memory initialization. This issue does not affect OS X\nMountain Lion systems. \nCVE-ID\nCVE-2012-3722 : Will Dormann of the CERT/CC\n\nQuickTime\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of RLE\nencoded movie files. This issue was addressed through improved bounds\nchecking. This issue does not affect OS X Mountain Lion systems. \nCVE-ID\nCVE-2012-0668 : Luigi Auriemma working with HP\u0027s Zero Day Initiative\n\nRuby\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\nImpact: An attacker may be able to decrypt data protected by SSL\nDescription: There are known attacks on the confidentiality of SSL\n3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode. \nThe Ruby OpenSSL module disabled the \u0027empty fragment\u0027 countermeasure\nwhich prevented these attacks. This issue was addressed by enabling\nempty fragments. This issue does not affect OS X Mountain Lion\nsystems. \nCVE-ID\nCVE-2011-3389\n\nUSB\nAvailable for: OS X Lion v10.7 to v10.7.4,\nOS X Lion Server v10.7 to v10.7.4\nImpact: Attaching a USB device may lead to an unexpected system\ntermination or arbitrary code execution\nDescription: A memory corruption issue existed in the handling of\nUSB hub descriptors. This issue was addressed through improved\nhandling of the bNbrPorts descriptor field. This issue does not\naffect OS X Mountain Lion systems. \nCVE-ID\nCVE-2012-3723 : Andy Davis of NGS Secure\n\nNote: OS X Mountain Lion v10.8.2 includes the content of\nSafari 6.0.1. For further details see \"About the security content\nof Safari 6.0.1\" at http://http//support.apple.com/kb/HT5502\n\n\nOS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update\n2012-004 may be obtained from the Software Update pane in System\nPreferences, or Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nThe Software Update utility will present the update that applies\nto your system configuration. Only one is needed, either\nOS X Mountain Lion v10.8.2, OS X Lion v10.7.5 or Security Update\n2012-004. \n\nFor OS X Mountain Lion v10.8.1\nThe download file is named: OSXUpd10.8.2.dmg\nIts SHA-1 digest is: d6779e1cc748b78af0207499383b1859ffbebe33\n\nFor OS X Mountain Lion v10.8\nThe download file is named: OSXUpdCombo10.8.2.dmg\nIts SHA-1 digest is: b08f10233d362e39f20b69f91d1d73f5e7b68a2c\n\nFor OS X Lion v10.7.4\nThe download file is named: MacOSXUpd10.7.5.dmg\nIts SHA-1 digest is: e0a9582cce9896938a7a541bd431862d93893532\n\nFor OS X Lion v10.7 and v10.7.3\nThe download file is named: MacOSXUpdCombo10.7.5.dmg\nIts SHA-1 digest is: f7a26b164fa10dae4fe646e57b01c34a619c8d9b\n\nFor OS X Lion Server v10.7.4\nThe download file is named: MacOSXServerUpd10.7.5.dmg\nIts SHA-1 digest is: a891b03bfb4eecb745c0c39a32f39960fdb6796a\n\nFor OS X Lion Server v10.7 and v10.7.3\nThe download file is named: MacOSXServerUpdCombo10.7.5.dmg\nIts SHA-1 digest is: df6e1748ab0a3c9e05c890be49d514673efd965e\n\nFor Mac OS X v10.6.8\nThe download file is named: SecUpd2012-004.dmg\nIts SHA-1 digest is: 5b136e29a871d41012f0c6ea1362d6210c8b4fb7\n\nFor Mac OS X Server v10.6.8\nThe download file is named: SecUpdSrvr2012-004.dmg\nIts SHA-1 digest is: 9b24496be15078e58a88537700f2f39c112e3b28\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.17 (Darwin)\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBAgAGBQJQWhlbAAoJEPefwLHPlZEwwjwQAKrpQlZh1B2mkSTLxR7QZg6e\nQm7SmIZL9sjl5gQkTxoAvOGxJ8uRdYPlJ1IpyU/MbK0GqO53KmFSeKkwCnvLKMaW\npc6tiFaQ4zV4LEAwBAFEuqCsMyPEJqKDhYXl2cHQmWfAlrLCyCKfzGLy2mY2UnkE\nDQC2+ys70DChFv2GzyXlibBXAGMKDygJ5dVKynsi1ceZLYWbUJoGwlUtXPylBpnO\nQyGWXmEloPbhK6HJbKMNacuDdVcb26pvIeFiivkTSxPVlZ3ns2tAwEyvHrzA9O4n\n7rQ6jvfDbguOZmM5sPFvVKBw2GVDBNU+G3T8ouIXhk6Pjhr4in8VFCb8MIMLb8hm\n7YYn2z1TzKTNmUuYbwe6ukQvf57cPuW0bAvslbl6PgrzqorlNPU4rDoSvPrJx/RO\nBOYkcxfirevHDGibfkeqXPjL3h+bVrb1USZpAv+ZOAy0M89SHFcvMtpAhxnoGiV5\nw4EyKB+9Yi/CSAk2Ne3Y5kHH7/v3pWV68aJwhVirya7ex3vnJ+M+lRLKSm2BUjL3\n+9fykrJBDujFDXoCmK5CN5Wx36DSVZ4VO1h635crotudtcvd+LQ2VHma/Chav5wK\nq5SSllf4KEownpx6o/qTxpg5tcC4lvgTcsDHlYcNq2s8KTTjmOden8ar4h7M7QD2\nxyBfrQfG/dsif6jGHaot\n=8joH\n-----END PGP SIGNATURE-----\n", "sources": [ { "db": "NVD", "id": "CVE-2011-3368" }, { "db": "JVNDB", "id": "JVNDB-2011-002351" }, { "db": "BID", "id": "49957" }, { "db": "VULMON", "id": "CVE-2011-3368" }, { "db": "PACKETSTORM", "id": "109464" }, { "db": "PACKETSTORM", "id": "114141" }, { "db": "PACKETSTORM", "id": "106849" }, { "db": "PACKETSTORM", "id": "109330" }, { "db": "PACKETSTORM", "id": "106041" }, { "db": "PACKETSTORM", "id": "116792" } ], "trust": 2.52 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=17969", "trust": 0.1, "type": "exploit" } ], "sources": [ { "db": "VULMON", "id": "CVE-2011-3368" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2011-3368", "trust": 3.4 }, { "db": "JUNIPER", "id": "JSA10585", "trust": 1.9 }, { "db": "BID", "id": "49957", "trust": 1.9 }, { "db": "SECUNIA", "id": "46288", "trust": 1.6 }, { "db": "SECUNIA", "id": "48551", "trust": 1.6 }, { "db": "SECUNIA", "id": "46414", "trust": 1.6 }, { "db": "OSVDB", "id": "76079", "trust": 1.6 }, { "db": "EXPLOIT-DB", "id": "17969", "trust": 1.6 }, { "db": "SECTRACK", "id": "1026144", "trust": 1.6 }, { "db": "JVNDB", "id": "JVNDB-2011-002351", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201110-052", "trust": 0.6 }, { "db": "JUNIPER", "id": "JSA10658", "trust": 0.3 }, { "db": "JUNIPER", "id": "JSA10642", "trust": 0.3 }, { "db": "VULMON", "id": "CVE-2011-3368", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "109464", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "114141", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106849", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "109330", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106041", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "116792", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2011-3368" }, { "db": "BID", "id": "49957" }, { "db": "JVNDB", "id": "JVNDB-2011-002351" }, { "db": "PACKETSTORM", "id": "109464" }, { "db": "PACKETSTORM", "id": "114141" }, { "db": "PACKETSTORM", "id": "106849" }, { "db": "PACKETSTORM", "id": "109330" }, { "db": "PACKETSTORM", "id": "106041" }, { "db": "PACKETSTORM", "id": "116792" }, { "db": "CNNVD", "id": "CNNVD-201110-052" }, { "db": "NVD", "id": "CVE-2011-3368" } ] }, "id": "VAR-201110-0291", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.19116032166666666 }, "last_update_date": "2024-11-29T21:25:57.697000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Apache httpd 2.2 vulnerabilities", "trust": 0.8, "url": "http://httpd.apache.org/security/vulnerabilities_22.html" }, { "title": "Apache httpd 2.0 vulnerabilities", "trust": 0.8, "url": "http://httpd.apache.org/security/vulnerabilities_20.html" }, { "title": "Apache httpd 1.3 vulnerabilities", "trust": 0.8, "url": "http://httpd.apache.org/security/vulnerabilities_13.html" }, { "title": "1179239", "trust": 0.8, "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1179239" }, { "title": "APPLE-SA-2012-09-19-2", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html" }, { "title": "HT5501", "trust": 0.8, "url": "http://support.apple.com/kb/HT5501" }, { "title": "HT5501", "trust": 0.8, "url": "http://support.apple.com/kb/HT5501?viewlocale=ja_JP" }, { "title": "HPSBOV02822 SSRT100966", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03517954" }, { "title": "SE49723", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas2064c7e5f53452ff686257927003c8d42" }, { "title": "SE49724", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas2b7c57b1f1035675186257927003c8d48" }, { "title": "MDVSA-2013:150", "trust": 0.8, "url": "http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2013:150/?name=MDVSA-2013:150" }, { "title": "MDVSA-2011:144", "trust": 0.8, "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:144" }, { "title": "openSUSE-SU-2011:1229", "trust": 0.8, "url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html" }, { "title": "openSUSE-SU-2013:0243", "trust": 0.8, "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html" }, { "title": "openSUSE-SU-2013:0248", "trust": 0.8, "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00012.html" }, { "title": "Oracle Critical Patch Update Advisory - July 2012", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" }, { "title": "Text Form of Oracle Critical Patch Update - July 2012 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2012verbose-392736.html" }, { "title": "Oracle Critical Patch Update Advisory - January 2015", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" }, { "title": "Text Form of Oracle Critical Patch Update - January 2015 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015verbose-1972976.html" }, { "title": "Bug 740045", "trust": 0.8, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=740045" }, { "title": "RHSA-2011:1392", "trust": 0.8, "url": "http://rhn.redhat.com/errata/RHSA-2011-1392.html" }, { "title": "RHSA-2011:1391", "trust": 0.8, "url": "http://www.redhat.com/support/errata/RHSA-2011-1391.html" }, { "title": "CVE-2011-3368 Improper Input Validation vulnerability in Apache HTTP Server 1.3", "trust": 0.8, "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2011_3368_improper_input" }, { "title": "July 2012 Critical Patch Update Released", "trust": 0.8, "url": "http://blogs.oracle.com/security/entry/july_2012_critical_patch_update" }, { "title": "January 2015 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/january_2015_critical_patch_update" }, { "title": "CVE-2011-3368 Improper Input Validation vulnerability in Apache HTTP Server 2.0", "trust": 0.8, "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2011_3368_improper_input1" }, { "title": "JSA10585", "trust": 0.8, "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10585" }, { "title": "Interstage HTTP Server: 2\u4ef6\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u8106\u5f31\u6027", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_201104.html" }, { "title": "protocol.c", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=41759" }, { "title": "CVE-2011-3368.patch", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=41758" }, { "title": "Red Hat: Moderate: httpd security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120128 - Security Advisory" }, { "title": "Red Hat: Moderate: httpd security and bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120542 - Security Advisory" }, { "title": "Ubuntu Security Notice: apache2, apache2-mpm-itk vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1259-1" }, { "title": "Red Hat: Moderate: httpd security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120323 - Security Advisory" }, { "title": "Amazon Linux AMI: ALAS-2011-009", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2011-009" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - January 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4a692d6d60aa31507cb101702b494c51" }, { "title": "CVE-2011-3368\nInstall:\nTested on:", "trust": 0.1, "url": "https://github.com/colorblindpentester/CVE-2011-3368 " }, { "title": "PenTest", "trust": 0.1, "url": "https://github.com/L-e-N/PenTest " }, { "title": "DeepDig", "trust": 0.1, "url": "https://github.com/cyberdeception/deepdig " }, { "title": "ReconScan", "trust": 0.1, "url": "https://github.com/RoliSoft/ReconScan " }, { "title": "ReconScan", "trust": 0.1, "url": "https://github.com/GiJ03/ReconScan " }, { "title": "ReconScan", "trust": 0.1, "url": "https://github.com/issdp/test " }, { "title": "ReconScan", "trust": 0.1, "url": "https://github.com/kira1111/ReconScan " }, { "title": "ReconScan", "trust": 0.1, "url": "https://github.com/matoweb/Enumeration-Script " }, { "title": "Requirements\nvulnsearch-cve\nUsage\nvulnsearch\nUsage\nTest Sample", "trust": 0.1, "url": "https://github.com/kasem545/vulnsearch " }, { "title": "Strike \n Installation \n Usages \n Screen Shot \n License", "trust": 0.1, "url": "https://github.com/SecureAxom/strike " }, { "title": "", "trust": 0.1, "url": "https://github.com/syadg123/pigat " } ], "sources": [ { "db": "VULMON", "id": "CVE-2011-3368" }, { "db": "JVNDB", "id": "JVNDB-2011-002351" }, { "db": "CNNVD", "id": "CNNVD-201110-052" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-002351" }, { "db": "NVD", "id": "CVE-2011-3368" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.9, "url": "http://seclists.org/fulldisclosure/2011/oct/232" }, { "trust": 1.9, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas2b7c57b1f1035675186257927003c8d48" }, { "trust": 1.9, "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" }, { "trust": 1.9, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" }, { "trust": 1.6, "url": "http://lists.apple.com/archives/security-announce/2012/sep/msg00004.html" }, { "trust": 1.6, "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html" }, { "trust": 1.6, "url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html" }, { "trust": 1.6, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas2064c7e5f53452ff686257927003c8d42" }, { "trust": 1.6, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2011:144" }, { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=133294460209056\u0026w=2" }, { "trust": 1.6, "url": "http://osvdb.org/76079" }, { "trust": 1.6, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70336" }, { "trust": 1.6, "url": "http://www.exploit-db.com/exploits/17969" }, { "trust": 1.6, "url": "http://rhn.redhat.com/errata/rhsa-2012-0542.html" }, { "trust": 1.6, "url": "http://www.securitytracker.com/id?1026144" }, { "trust": 1.6, "url": "http://www.debian.org/security/2012/dsa-2405" }, { "trust": 1.6, "url": "http://web.archiveorange.com/archive/v/zys0hzecd5zzb2nkvqlt" }, { "trust": 1.6, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=740045" }, { "trust": 1.6, "url": "http://secunia.com/advisories/46288" }, { "trust": 1.6, "url": "http://kb.juniper.net/jsa10585" }, { "trust": 1.6, "url": "http://www.redhat.com/support/errata/rhsa-2011-1392.html" }, { "trust": 1.6, "url": "http://seclists.org/fulldisclosure/2011/oct/273" }, { "trust": 1.6, "url": "http://support.apple.com/kb/ht5501" }, { "trust": 1.6, "url": "http://rhn.redhat.com/errata/rhsa-2012-0543.html" }, { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=134987041210674\u0026w=2" }, { "trust": 1.6, "url": "http://www.securityfocus.com/bid/49957" }, { "trust": 1.6, "url": "http://secunia.com/advisories/48551" }, { "trust": 1.6, "url": "http://www.redhat.com/support/errata/rhsa-2011-1391.html" }, { "trust": 1.6, "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1179239" }, { "trust": 1.6, "url": "http://secunia.com/advisories/46414" }, { "trust": 1.6, "url": "http://www.contextis.com/research/blog/reverseproxybypass/" }, { "trust": 1.6, "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00012.html" }, { "trust": 1.6, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2013:150" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r064df0985779b7ee044d3120d71ba59750427cf53f57ba3384e3773f%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.httpd.apache.org%3e" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3368" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu381963/index.html" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3368" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3368" }, { "trust": 0.6, "url": "httpd.apache.org%3e" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r064df0985779b7ee044d3120d71ba59750427cf53f57ba3384e3773f@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3ccvs." }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4317" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0031" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3607" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0053" }, { "trust": 0.3, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10642\u0026cat=sirt_1\u0026actp=list" }, { "trust": 0.3, "url": "http://httpd.apache.org/" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100152144" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014506" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pm48384" }, { "trust": 0.3, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10585" }, { "trust": 0.3, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10658\u0026cat=sirt_1\u0026actp=list" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100158872" }, { "trust": 0.3, "url": "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03231301\u0026ac.admitted=1332965374461.876444892.492883150" }, { "trust": 0.3, "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c03517954\u0026ac.admitted=1349807398574.876444892.199480143" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100151220" }, { "trust": 0.3, "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-201104e.html" }, { "trust": 0.3, "url": "http://www.xerox.com/download/security/security-bulletin/12047-4e4eed8d42ca6/cert_xrx13-007_v1.0.pdf" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0021" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3348" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3639" }, { "trust": 0.1, "url": "http://internal-host/$1" }, { "trust": 0.1, "url": "http://internal-host$1" }, { "trust": 0.1, "url": "http://www.debian.org/security/faq" }, { "trust": 0.1, "url": "http://www.debian.org/security/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0434" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2791" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3368" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0031" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3192" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0408" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0408" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1452" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1452" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0053" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0883" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3348" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4317" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0021" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3607" }, { "trust": 0.1, "url": "http://security.gentoo.org/glsa/glsa-201206-25.xml" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3192" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0883" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0434" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2791" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/apache2-mpm-itk/2.2.6-01-1build3.14" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/apache2/2.2.17-1ubuntu1.4" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/apache2/2.2.8-1ubuntu0.22" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/apache2/2.2.16-1ubuntu3.4" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/apache2/2.2.14-5ubuntu8.7" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1176" }, { "trust": 0.1, "url": "http://www.ubuntu.com/usn/usn-1259-1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/apache2/2.2.20-1ubuntu1.1" }, { "trust": 0.1, "url": "http://httpd.apache.org/security/vulnerabilities_22.html" }, { "trust": 0.1, "url": "http://httpd.apache.org/download.cgi" }, { "trust": 0.1, "url": "http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/versioning" }, { "trust": 0.1, "url": "http://httpd.apache.org/docs/2.2/new_features_2_2.html" }, { "trust": 0.1, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.1, "url": "https://access.redhat.com/kb/docs/doc-11259" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2011-1392.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3368.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/#package" }, { "trust": 0.1, "url": "http://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2011-1245.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.1, "url": "http://www.php.net" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2688" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-3718" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4313" }, { "trust": 0.1, "url": "http://http//support.apple.com/kb/ht5502" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3048" }, { "trust": 0.1, "url": "http://support.apple.com/kb/ht1222" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0668" }, { "trust": 0.1, "url": "http://www.apple.com/support/downloads/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0831" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0670" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0671" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1173" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2143" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1172" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0652" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4599" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3389" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1823" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2311" }, { "trust": 0.1, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1667" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2386" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0650" }, { "trust": 0.1, "url": "http://gpgtools.org" }, { "trust": 0.1, "url": "http://httpd.apache.org/." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3026" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0643" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-3716" } ], "sources": [ { "db": "BID", "id": "49957" }, { "db": "JVNDB", "id": "JVNDB-2011-002351" }, { "db": "PACKETSTORM", "id": "109464" }, { "db": "PACKETSTORM", "id": "114141" }, { "db": "PACKETSTORM", "id": "106849" }, { "db": "PACKETSTORM", "id": "109330" }, { "db": "PACKETSTORM", "id": "106041" }, { "db": "PACKETSTORM", "id": "116792" }, { "db": "CNNVD", "id": "CNNVD-201110-052" }, { "db": "NVD", "id": "CVE-2011-3368" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2011-3368" }, { "db": "BID", "id": "49957" }, { "db": "JVNDB", "id": "JVNDB-2011-002351" }, { "db": "PACKETSTORM", "id": "109464" }, { "db": "PACKETSTORM", "id": "114141" }, { "db": "PACKETSTORM", "id": "106849" }, { "db": "PACKETSTORM", "id": "109330" }, { "db": "PACKETSTORM", "id": "106041" }, { "db": "PACKETSTORM", "id": "116792" }, { "db": "CNNVD", "id": "CNNVD-201110-052" }, { "db": "NVD", "id": "CVE-2011-3368" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2011-10-05T00:00:00", "db": "VULMON", "id": "CVE-2011-3368" }, { "date": "2011-10-05T00:00:00", "db": "BID", "id": "49957" }, { "date": "2011-10-12T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-002351" }, { "date": "2012-02-07T00:10:33", "db": "PACKETSTORM", "id": "109464" }, { "date": "2012-06-24T23:54:52", "db": "PACKETSTORM", "id": "114141" }, { "date": "2011-11-11T03:11:08", "db": "PACKETSTORM", "id": "106849" }, { "date": "2012-02-02T01:31:45", "db": "PACKETSTORM", "id": "109330" }, { "date": "2011-10-20T23:10:27", "db": "PACKETSTORM", "id": "106041" }, { "date": "2012-09-22T06:30:43", "db": "PACKETSTORM", "id": "116792" }, { "date": "2011-10-09T00:00:00", "db": "CNNVD", "id": "CNNVD-201110-052" }, { "date": "2011-10-05T22:55:02.643000", "db": "NVD", "id": "CVE-2011-3368" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-07T00:00:00", "db": "VULMON", "id": "CVE-2011-3368" }, { "date": "2015-05-07T17:07:00", "db": "BID", "id": "49957" }, { "date": "2015-01-22T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-002351" }, { "date": "2021-06-07T00:00:00", "db": "CNNVD", "id": "CNNVD-201110-052" }, { "date": "2024-11-21T01:30:21.220000", "db": "NVD", "id": "CVE-2011-3368" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "106849" }, { "db": "PACKETSTORM", "id": "106041" }, { "db": "CNNVD", "id": "CNNVD-201110-052" } ], "trust": 0.8 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache HTTP Server of mod_proxy Vulnerability in module sending requests to intranet server", "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-002351" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201110-052" } ], "trust": 0.6 } }
var-200808-0154
Vulnerability from variot
Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version. A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system. Multiple Java runtime implementations are prone to a vulnerability because the applications fail to sufficiently sanitize user-supplied input. Exploiting this issue in Apache Tomcat will allow an attacker to view arbitrary local files within the context of the webserver. Information harvested may aid in launching further attacks. Other attacks may also be possible. Exploiting this issue in other applications will depend on the individual application. Successful exploits may result in a bypass of intended security filters. This may have various security impacts. We will update this BID pending further investigation. UPDATE (December, 18, 2008): Reports indicate that this issue may affect additional, unspecified Java Virtual Machine (JVM) implementations distributed by Sun, HP, IBM, Apple, and Apache. We will update this BID as more information becomes available. UPDATE (January 9, 2009): This BID previously documented an issue in Apache Tomcat. Further reports indicate that the underlying issue is in various Java runtime implementations. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01650939 Version: 1
HPSBUX02401 SSRT090005 rev.1 - HP-UX Running Apache Web Server Suite, Remote Denial of Service (DoS), Cross-site Scripting (XSS), Execution of Arbitrary Code, Cross-Site Request Forgery (CSRF)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2009-02-02 Last Updated: 2009-02-02
Potential Security Impact: Remote Denial of Service (DoS), cross-site scripting (XSS), execution of arbitrary code, cross-site request forgery (CSRF)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX running Apache-based Web Server or Tomcat-based Servelet Engine. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS), cross-site scripting (XSS), execution of arbitrary code, or cross-site request forgery (CSRF). Apache-based Web Server and Tomcat-based Servelet Engine are contained in the Apache Web Server Suite. HP-UX B.11.23 and B.11.31 running Apache-based Web Server v2.2.8.01.01 or earlier or Tomcat-based Servelet Engine v5.5.27.01.01 or earlier HP-UX B.11.11 running Apache-based Web Server v2.2.8.01.01 or earlier
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2007-6420 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-1232 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-1947 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-2364 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 5.0 CVE-2008-2370 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 5.0 CVE-2008-2938 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-2939 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-3658 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 7.5 =============================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002.
RESOLUTION
HP has provided the following upgrades to resolve these vulnerabilities. The upgrades are available from the following location: URL: http://software.hp.com
Note: HP-UX Web Server Suite v.3.02 contains HP-UX Apache-based Web Server v.2.2.8.01.02 and HP-UX Tomcat-based Servlet Engine 5.5.27.01.01
HP-UX Release - B.11.23 and B.11.31 PA-32 Apache Depot name - HPUXWSATW-B302-32.depot
HP-UX Release - B.11.23 and B.11.31 IA-64 Apache Depot name - HPUXWSATW-B302-64.depot
HP-UX Release - B.11.11 PA-32 Apache Depot name - HPUXWSATW-B222-1111.depot
MANUAL ACTIONS: Yes - Update
Install Apache-based Web Server or Tomcat-based Servelet Engine from the Apache Web Server Suite v3.02 or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11
hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY hpuxwsTOMCAT.TOMCAT hpuxwsWEBMIN.WEBMIN
action: install revision B.2.2.8.01.02 or subsequent URL: http://software.hp.com
HP-UX B.11.23
hpuxws22APCH32.APACHE hpuxws22APCH32.APACHE2 hpuxws22APCH32.AUTH_LDAP hpuxws22APCH32.AUTH_LDAP2 hpuxws22APCH32.MOD_JK hpuxws22APCH32.MOD_JK2 hpuxws22APCH32.MOD_PERL hpuxws22APCH32.MOD_PERL2 hpuxws22APCH32.PHP hpuxws22APCH32.PHP2 hpuxws22APCH32.WEBPROXY hpuxws22APCH32.WEBPROXY2 hpuxws22TOMCAT.TOMCAT hpuxws22WEBMIN.WEBMIN
action: install revision B.2.2.8.01.02 or subsequent URL: http://software.hp.com
HP-UX B.11.31
hpuxws22APACHE.APACHE hpuxws22APACHE.APACHE2 hpuxws22APACHE.AUTH_LDAP hpuxws22APACHE.AUTH_LDAP2 hpuxws22APACHE.MOD_JK hpuxws22APACHE.MOD_JK2 hpuxws22APACHE.MOD_PERL hpuxws22APACHE.MOD_PERL2 hpuxws22APACHE.PHP hpuxws22APACHE.PHP2 hpuxws22APACHE.WEBPROXY hpuxws22APACHE.WEBPROXY2 hpuxws22TOMCAT.TOMCAT hpuxws22WEBMIN.WEBMIN
action: install revision B.2.2.8.01.02 or subsequent URL: http://software.hp.com
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) 2 February 2009 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
- The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
\xa9Copyright 2009 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: PGP 8.1
iQA/AwUBSYhX8+AfOvwtKn1ZEQJxcACeJa8lt5TkhV5qnaGRTaBh4kqHutgAoJbH XCe08aGCzEZj/q4n91JQnhq6 =XImF -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
CVE-2008-2938: Apache Tomcat information disclosure vulnerability - Update 2
Severity: Important
Vendor: Multiple (was The Apache Software Foundation)
Versions Affected: Various
Description (new information): This vulnerability was originally reported to the Apache Software Foundation as a Tomcat vulnerability. Investigations quickly identified that the root cause was an issue with the UTF-8 charset implementation within the JVM.
It was decided to continue to report this as a Tomcat vulnerability until such time as the JVM vendors had released fixed versions.
Unfortunately, the release of fixed JVMs and associated vulnerability disclosure has not been co-ordinated. There has been some confusion within the user community as to the nature and root cause of CVE-2008-2938.
Mitigation: Contact your JVM vendor for further information. Tomcat users may upgrade as follows to a Tomcat version that contains a workaround: 6.0.x users should upgrade to 6.0.18 5.5.x users should upgrade to 5.5.27 4.1.x users should upgrade to 4.1.39
Credit: This additional information was discovered by the Apache security team. This release updates Tomcat to 5.5.27 which patches several security vulnerabilities.
Affected Products
The WiKID Strong Authentication Server - Enterprise Edition The WiKID Strong Authentication Server - Community Edition
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6286
Mitigation
Commercial users may download the most recent RPMs from the website: http://www.wikidsystems.com/downloads/
Users of the open source community version may download packages from Sourceforge: https://sourceforge.net/project/showfiles.php?group_id=144774
Nick Owen WiKID Systems, Inc. 404-962-8983 (desk) http://www.wikidsystems.com Two-factor authentication, without the hassle factor.
A cross-site scripting vulnerability was found in the HttpServletResponse.sendError() method which could allow a remote attacker to inject arbitrary web script or HTML via forged HTTP headers (CVE-2008-1232).
A cross-site scripting vulnerability was found in the host manager application that could allow a remote attacker to inject arbitrary web script or HTML via the hostname parameter (CVE-2008-1947).
The updated packages have been patched to correct these issues.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938
Updated Packages:
Mandriva Linux 2008.0: 56ca5eb3e331c6675634a5e3f3c5afd7 2008.0/i586/tomcat5-5.5.23-9.2.10.2mdv2008.0.i586.rpm a1c688654decf045f80fb6d8978c73fa 2008.0/i586/tomcat5-admin-webapps-5.5.23-9.2.10.2mdv2008.0.i586.rpm 2b7a97313ece05bbd5596045853cfca0 2008.0/i586/tomcat5-common-lib-5.5.23-9.2.10.2mdv2008.0.i586.rpm e8384332efad0e2317a646241bece6ee 2008.0/i586/tomcat5-jasper-5.5.23-9.2.10.2mdv2008.0.i586.rpm a30cc8061f55f2613c517574263cdd21 2008.0/i586/tomcat5-jasper-javadoc-5.5.23-9.2.10.2mdv2008.0.i586.rpm 4f4a12c8479f27c7f9ed877f5821afa3 2008.0/i586/tomcat5-jsp-2.0-api-5.5.23-9.2.10.2mdv2008.0.i586.rpm ced904c459478c1123ed5da41dddbd7f 2008.0/i586/tomcat5-jsp-2.0-api-javadoc-5.5.23-9.2.10.2mdv2008.0.i586.rpm 183e045a9b44747c7a4adaec5c860441 2008.0/i586/tomcat5-server-lib-5.5.23-9.2.10.2mdv2008.0.i586.rpm 78af5a5788ac359a99a24f03a39c7b94 2008.0/i586/tomcat5-servlet-2.4-api-5.5.23-9.2.10.2mdv2008.0.i586.rpm 8e8569bfab5abef912299b9b751e49e9 2008.0/i586/tomcat5-servlet-2.4-api-javadoc-5.5.23-9.2.10.2mdv2008.0.i586.rpm 6899c327906423cdd02b930221c2496e 2008.0/i586/tomcat5-webapps-5.5.23-9.2.10.2mdv2008.0.i586.rpm 39fd3985d73f2f20efe4ed97c2a5e7c7 2008.0/SRPMS/tomcat5-5.5.23-9.2.10.2mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64: c4d1c4471c29d8cd34adb9f2002ef294 2008.0/x86_64/tomcat5-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm 2caf09173a64a378636496196d99756f 2008.0/x86_64/tomcat5-admin-webapps-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm d6a9a290638267a1117a55041986d31a 2008.0/x86_64/tomcat5-common-lib-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm 2eead87d72af58ddc9e934b55e49a1aa 2008.0/x86_64/tomcat5-jasper-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm 0fab26f89e83c882c5948a430bf82c8b 2008.0/x86_64/tomcat5-jasper-javadoc-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm 833334424b555a77e2a9951b71ed8fa3 2008.0/x86_64/tomcat5-jsp-2.0-api-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm 115561d6233c3890cf3b85a7599ed03b 2008.0/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm eccf76ede6fb9256a2b52c861a9b0bb3 2008.0/x86_64/tomcat5-server-lib-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm cd9df1a8a1a5cb3216221bdefdfe8476 2008.0/x86_64/tomcat5-servlet-2.4-api-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm f7440a4111ec2fd30fa32e4bd74a0a20 2008.0/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm 1464eb297888c4df98d8b7eabe7f0197 2008.0/x86_64/tomcat5-webapps-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm 39fd3985d73f2f20efe4ed97c2a5e7c7 2008.0/SRPMS/tomcat5-5.5.23-9.2.10.2mdv2008.0.src.rpm
Mandriva Linux 2008.1: 594abdc70bc430657eb831520926c73f 2008.1/i586/tomcat5-5.5.25-1.2.1.1mdv2008.1.i586.rpm bdec2b83b4fdb4d10a01a65fbdac512d 2008.1/i586/tomcat5-admin-webapps-5.5.25-1.2.1.1mdv2008.1.i586.rpm 3dbc007722996d1c36f31642f80b5c2a 2008.1/i586/tomcat5-common-lib-5.5.25-1.2.1.1mdv2008.1.i586.rpm 04b23d162d13f84d1d8707646ea9148c 2008.1/i586/tomcat5-jasper-5.5.25-1.2.1.1mdv2008.1.i586.rpm 602bf7d4ff261e8af20d50b9e76634bb 2008.1/i586/tomcat5-jasper-eclipse-5.5.25-1.2.1.1mdv2008.1.i586.rpm 0066e7519a2d3478f0a3e70bd95a7e5b 2008.1/i586/tomcat5-jasper-javadoc-5.5.25-1.2.1.1mdv2008.1.i586.rpm 1ba4743762cfa4594a27f0393de47823 2008.1/i586/tomcat5-jsp-2.0-api-5.5.25-1.2.1.1mdv2008.1.i586.rpm 262f2a39b800562cef36d724ce3efa35 2008.1/i586/tomcat5-jsp-2.0-api-javadoc-5.5.25-1.2.1.1mdv2008.1.i586.rpm b9f2af35a734d0e3a2d9bfe292aaced1 2008.1/i586/tomcat5-server-lib-5.5.25-1.2.1.1mdv2008.1.i586.rpm 8307ef374c5b995feac394b6f27474d5 2008.1/i586/tomcat5-servlet-2.4-api-5.5.25-1.2.1.1mdv2008.1.i586.rpm 3f4692170c35f992defcb4111a8133cd 2008.1/i586/tomcat5-servlet-2.4-api-javadoc-5.5.25-1.2.1.1mdv2008.1.i586.rpm 02b9d28af879b825754eff6199bf1788 2008.1/i586/tomcat5-webapps-5.5.25-1.2.1.1mdv2008.1.i586.rpm 2621d41df35e895a1ed0ed471f93f211 2008.1/SRPMS/tomcat5-5.5.25-1.2.1.1mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64: 6b1e03e5206eb262970198dccba7d0a3 2008.1/x86_64/tomcat5-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm 930cf38058a0f8902e2741c6512e0aa0 2008.1/x86_64/tomcat5-admin-webapps-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm c527521cb93bab31df3f91422faf02a6 2008.1/x86_64/tomcat5-common-lib-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm f8bef98047ef956c8e4c0f877155e1f1 2008.1/x86_64/tomcat5-jasper-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm 97a8a59178259d26838ce20c176c459a 2008.1/x86_64/tomcat5-jasper-eclipse-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm 3bb885debc8576bd305c9fa4c9d25bfb 2008.1/x86_64/tomcat5-jasper-javadoc-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm 66dcf08e163fdaaf81992a7d25d84a20 2008.1/x86_64/tomcat5-jsp-2.0-api-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm dd92aab81bf4c75ab30b9b82153b24c0 2008.1/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm 517ed776282d089dd84f81d47104f660 2008.1/x86_64/tomcat5-server-lib-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm 83d4bb973b7fec461e812d74541a5949 2008.1/x86_64/tomcat5-servlet-2.4-api-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm cbdd58e1c9e1e8f0089af055abbd85e0 2008.1/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm cbee0f1f720269f77a66e30709ecd7ae 2008.1/x86_64/tomcat5-webapps-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm 2621d41df35e895a1ed0ed471f93f211 2008.1/SRPMS/tomcat5-5.5.25-1.2.1.1mdv2008.1.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFIwYsKmqjQ0CJFipgRApJjAKCVZ1XtEGoADQcp8l/m1ECSRstnjACg4qE8 j+sCdAEJN0CXvurmFcjUvNU= =+kFf -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . In these configurations arbitrary files in the docBase for an application, including files such as web.xml, may be disclosed.
Bist Du interessiert an einem neuen Job in IT-Sicherheit?
Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/
TITLE: phpPgAds XML-RPC PHP Code Execution Vulnerability
SECUNIA ADVISORY ID: SA15884
VERIFY ADVISORY: http://secunia.com/advisories/15884/
CRITICAL: Highly critical
IMPACT: System access
WHERE:
From remote
SOFTWARE: phpPgAds 2.x http://secunia.com/product/4577/
DESCRIPTION: A vulnerability has been reported in phpPgAds, which can be exploited by malicious people to compromise a vulnerable system. http://sourceforge.net/project/showfiles.php?group_id=36679
OTHER REFERENCES: SA15852: http://secunia.com/advisories/15852/
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. Secure Network - Security Research Advisory
Vuln name: ToutVirtual VirtualIQ Pro Multiple Vulnerabilities Systems affected: ToutVirtual VirtualIQ Professional 3.2 build 7882 Systems not affected: -- Severity: High Local/Remote: Remote Vendor URL: http://www.toutvirtual.com Author(s): Alberto Trivero (a.trivero@securenetwork.it) Claudio Criscione (c.criscione@securenetwork.it) Vendor disclosure: 02/07/2009 Vendor acknowledged: 16/07/2009 Vendor patch release: notified us on 06/11/2009 Public disclosure: 07/11/2009 Advisory number: SN-2009-02 Advisory URL: http://www.securenetwork.it/advisories/sn-2009-02.txt
*** SUMMARY ***
ToutVirtual's VirtualIQ Pro is specifically designed for IT administrators responsible for managing virtual platforms. VirtualIQ Pro provides Visibility, Analytics and policy-based Optimization - all from one single console. VirtualIQ Pro is hypervisor-agnostic supporting both Type I and Type II hypervisors. VirtualIQ Pro can be used to visualize, analyze and optimize your choice of virtualization platform - Citrix, Microsoft, Novell, Oracle and/or VMware.
Multiple vulnerabilities has been found which a allow an attacker to conduct various XSS and CSRF attack, and other attacks due to the use of an old an not hardened version of the web server.
*** VULNERABILITY DETAILS ***
(a) Cross-site scripting (XSS)
Due to an improper sanitization of user's input, multiple XSS attacks (reflective and stored) are possible. Reflective PoCs:
http://server:9080/tvserver/server/user/setPermissions.jsp?userId=1">&resultResourceIds=111-222-1933email@address.tst
http://server:9080/tvserver/server/user/addDepartment.jsp?addNewDept=0&deptName=%22;alert(1);//&deptId=1&deptDesc=asd
http://server:9080/tvserver/server/inventory/inventoryTabs.jsp?ID=1;alert(1);//
http://server:9080/tvserver/reports/virtualIQAdminReports.do?command=getFilter&reportName=%22%3E%3Cscript%3Ealert(1)%3C/script%3E
Stored XSS attacks can be triggered in the "Middle Name" parameter in the "Edit Profile" page with an HTTP request like the following:
POST /tvserver/user/user.do?command=save&userId=1 HTTP/1.1 Host: server:9080 Cookies: JSESSIONID=[...]
userName=IQMANAGER&firstName=IQ&middleName=asd'; alert(document.cookie);//&lastName=MANAGER&email=user%40domain.it&password=*&retypePassword=*&redirect=null&passwordModifed=false&isReportUser=false&roleId=1&supervisorId=1&departmentId=1&locationId=1
(b) Cross-site request forgery (CSRF)
An attacker can perform different types of CSRF attacks against a logged user. He can, for example, shutdown, start or restart an arbitrary virtual machine, schedule new activities and so on.
The following HTTP request, if forged by the attacker and executed by the victim while logged on VirtualIQ, creates an arbitrary user:
POST /tvserver/user/user.do?command=save&userId= HTTP/1.1 Host: server:9080 Cookie: JSESSIONID=[...]
userName=asd1&firstName=asd2&middleName=asd3&lastName=asd4&email=asd5%40asd.com&password=asd6&retypePassword=asd6&redirect=null&passwordModifed=false&isReportUser=false&roleId=1&supervisorId=1&departmentId=1&locationId=1
(c) Web server vulnerabilities
VirtualIQ runs on top of an old version of Apache Tomcat: 5.5.9, for which multiple public vulnerabilities have been released. As a PoC, a directory traversal attack (CVE-2008-2938) can be performed as:
http://server:9080/tvserver/server/%C0%AE%C0%AE/WEB-INF/web.xml
Listing of an arbitrary directory (CVE-2006-3835) can also be obtained with the following PoC:
http://192.168.229.85:9080/tvserver/server/;index.jsp
(d) Information Leakage
Tomcat status page should be disabled or restricted, being accessible at:
http://status:9080/status
Username and password to access a VM through SSH are also available in clear text in the configuration page. Since an XSS vulnerability can also be triggered in the same page, an attacker would also be able to easily capture the full credentials to access the VM with a specially crafted XSS payload.
*** FIX INFORMATION ***
Upgrade to the latest version, at the moment 3.5 build 10.14.2009
*** WORKAROUNDS ***
--
*** LEGAL NOTICES ***
Secure Network (www.securenetwork.it) is an information security company, which provides consulting and training services, and engages in security research and development.
We are committed to open, full disclosure of vulnerabilities, cooperating whenever possible with software developers for properly handling disclosure.
This advisory is copyright 2009 Secure Network S.r.l. Permission is hereby granted for the redistribution of this alert, provided that it is not altered except by reformatting it, and that due credit is given. It may not be edited in any way without the express consent of Secure Network S.r.l. Permission is explicitly given for insertion in vulnerability databases and similars, provided that due credit is given to Secure Network. This information is provided as-is, as a free service to the community by Secure Network research staff. There are no warranties with regard to this information. Secure Network does not accept any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.
If you have any comments or inquiries, or any issue with what is reported in this advisory, please inform us as soon as possible.
E-mail: securenetwork@securenetwork.it GPG/PGP key: http://www.securenetwork.it/pgpkeys/Secure%20Network.asc Phone: +39 02 24 12 67 88
-- Claudio Criscione
Secure Network S.r.l. Via Venezia, 23 - 20099 Sesto San Giovanni (MI) - Italia Tel: +39 02.24126788 Mob: +39 392 3389178 email: c.criscione@securenetwork.it web: www.securenetwork.it
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200808-0154", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "tomcat", "scope": "lte", "trust": 1.0, "vendor": "apache", "version": "5.5.26" }, { "model": "tomcat", "scope": "lte", "trust": 1.0, "vendor": "apache", "version": "4.1.37" }, { "model": "tomcat", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "5.0.0" }, { "model": "tomcat", "scope": "lte", "trust": 1.0, "vendor": "apache", "version": "6.0.16" }, { "model": "tomcat", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "4.0.0" }, { "model": "tomcat", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "6.0.0" }, { "model": "jre 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 03", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 01", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 09", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 08", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 03", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 01", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.6.0 03", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 02", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 01", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 14", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 13", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 12", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 11", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 10", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 17", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 16", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 15", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 14", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 13", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 12", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 11", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "tomcat", "scope": "eq", "trust": 0.9, "vendor": "apache", "version": "6.0.15" }, { "model": "tomcat", "scope": "eq", "trust": 0.9, "vendor": "apache", "version": "6.0.14" }, { "model": "tomcat", "scope": "eq", "trust": 0.9, "vendor": "apache", "version": "6.0.13" }, { "model": "tomcat", "scope": "eq", "trust": 0.9, "vendor": "apache", "version": "6.0.12" }, { "model": "tomcat", "scope": "eq", "trust": 0.9, "vendor": "apache", "version": "6.0.11" }, { "model": "tomcat", "scope": "eq", "trust": 0.9, "vendor": "apache", "version": "6.0.10" }, { "model": "tomcat", "scope": "eq", "trust": 0.9, "vendor": "apache", "version": "6.0.3" }, { "model": "tomcat", "scope": "eq", "trust": 0.9, "vendor": "apache", "version": "6.0.2" }, { "model": "tomcat", "scope": "eq", "trust": 0.9, "vendor": "apache", "version": "6.0.1" }, { "model": "jre 1.6.0 11", "scope": "ne", "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 17", "scope": "ne", "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 19", "scope": "ne", "trust": 0.9, "vendor": "sun", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "apache tomcat", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "drupal", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "gentoo linux", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "mandriva", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "pear xml rpc", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "phpxmlrpc", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "postnuke", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "red hat", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "serendipity", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "trustix secure linux", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "ubuntu linux", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "wordpress", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "xoops", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "phpmyfaq", "version": null }, { "model": "tomcat", "scope": "eq", "trust": 0.8, "vendor": "apache", "version": "4.1.0 to 4.1.37" }, { "model": "tomcat", "scope": "eq", "trust": 0.8, "vendor": "apache", "version": "5.5.0 to 5.5.26" }, { "model": "tomcat", "scope": "eq", "trust": 0.8, "vendor": "apache", "version": "6.0.0 to 6.0.16" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.5.5" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "3 (x86)" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "3 (x86-64)" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.11" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.23" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.31" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (server)" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5.0 (client)" }, { "model": "rhel desktop workstation", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (client)" }, { "model": "webotx application server", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "interstage application framework suite", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage apworks", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage business application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage job workload server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage studio", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage web server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "jre 1.6.0 2", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.5.0.0 09", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.5.0.0 08", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.5.0.0 07", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "tomcat", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "6.0.0" }, { "model": "systems wikid server", "scope": "eq", "trust": 0.3, "vendor": "wikid", "version": "3.0.4" }, { "model": "linux enterprise server sp2", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "solaris", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "10" }, { "model": "jre 07", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "jre beta", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "jre 10-b03", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.5.0 09", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 08", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.0" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.3" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.2" }, { "model": "red hat network satellite server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5.0.1" }, { "model": "red hat network satellite server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5.0" }, { "model": "red hat network satellite (for rhel", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4)5.1" }, { "model": "jboss enterprise application platform el5", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4.2" }, { "model": "jboss enterprise application platform el4", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4.2" }, { "model": "jboss enterprise application platform .cp03", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4.2" }, { "model": "jboss enterprise application platform", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4.2" }, { "model": "enterprise linux desktop workstation client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "enterprise linux desktop client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "developer suite as4", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "3" }, { "model": "application server ws4", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2" }, { "model": "application server es4", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2" }, { "model": "application server as4", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2" }, { "model": "oracle10g application server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10.1.3.1.0" }, { "model": "java", "scope": "eq", "trust": 0.3, "vendor": "openjdk", "version": "1.6" }, { "model": "zenworks linux management", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "7.3" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2008.1" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2008.1" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2008.0" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2008.0" }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "hp-ux b.11.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "interstage studio standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.1" }, { "model": "interstage studio standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage studio standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "interstage studio standard-j edition b", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.1.0" }, { "model": "interstage studio enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.1" }, { "model": "interstage studio enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage studio enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "interstage studio enterprise edition b", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.1.0" }, { "model": "interstage job workload server", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.1" }, { "model": "interstage business application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.0" }, { "model": "interstage apworks modelers-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage apworks modelers-j edition 6.0a", "scope": null, "trust": 0.3, "vendor": "fujitsu", "version": null }, { "model": "interstage apworks modelers-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.1" }, { "model": "interstage application server standard-j edition a", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.2" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0" }, { "model": "interstage application server standard-j edition 9.1.0b", "scope": null, "trust": 0.3, "vendor": "fujitsu", "version": null }, { "model": "interstage application server plus developer", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage application server plus developer", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0.1" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.1" }, { "model": "interstage application server enterprise edition a", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.2" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0.1" }, { "model": "interstage application server enterprise edition 9.1.0b", "scope": null, "trust": 0.3, "vendor": "fujitsu", "version": null }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "meeting exchange enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0.0.52" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1.6" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1.5" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1.4" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1.3" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.5" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.16" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.9" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.8" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.7" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.6" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.5" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.4" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.26" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.25" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.24" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.23" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.22" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.21" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.20" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.19" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.18" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.17" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.16" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.15" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.14" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.13" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.12" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.11" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.10" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.9" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.8" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.7" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.6" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.5" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.4" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.3" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.2" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.1" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "4.1.37" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "4.1.36" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "4.1.34" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "4.1.32" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "4.1.31" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "4.1.30" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "4.1.29" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "4.1.28" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "4.1.24" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "4.1.12" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "4.1.10" }, { "model": "tomcat beta", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "4.1.9" }, { "model": "tomcat beta", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "4.1.3" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "4.1.3" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "4.1" }, { "model": "harmony m8", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0" }, { "model": "harmony m7", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0" }, { "model": "systems wikid server", "scope": "ne", "trust": 0.3, "vendor": "wikid", "version": "3.0.5" }, { "model": "jboss enterprise application platform .cp04", "scope": "ne", "trust": 0.3, "vendor": "redhat", "version": "4.2" }, { "model": "tomcat", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": "6.0.18" }, { "model": "tomcat", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": "5.5.27" }, { "model": "tomcat", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": "4.1.39" } ], "sources": [ { "db": "CERT/CC", "id": "VU#343355" }, { "db": "CERT/CC", "id": "VU#442845" }, { "db": "BID", "id": "30633" }, { "db": "JVNDB", "id": "JVNDB-2008-001611" }, { "db": "CNNVD", "id": "CNNVD-200808-165" }, { "db": "NVD", "id": "CVE-2008-2938" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:apache:tomcat", "vulnerable": true }, { "cpe22Uri": "cpe:/o:apple:mac_os_x_server", "vulnerable": true }, { "cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server", "vulnerable": true }, { "cpe22Uri": "cpe:/o:hp:hp-ux", "vulnerable": true }, { "cpe22Uri": "cpe:/o:redhat:enterprise_linux", "vulnerable": true }, { "cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop", "vulnerable": true }, { "cpe22Uri": "cpe:/o:redhat:rhel_desktop_workstation", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:webotx_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_framework_suite", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_apworks", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_job_workload_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_studio", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_web_server", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2008-001611" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Simon Ryeo\u203b bar4mi@gmail.com", "sources": [ { "db": "CNNVD", "id": "CNNVD-200808-165" } ], "trust": 0.6 }, "cve": "CVE-2008-2938", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2008-2938", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2008-2938", "trust": 1.0, "value": "MEDIUM" }, { "author": "CARNEGIE MELLON", "id": "VU#343355", "trust": 0.8, "value": "7.14" }, { "author": "CARNEGIE MELLON", "id": "VU#442845", "trust": 0.8, "value": "20.75" }, { "author": "NVD", "id": "CVE-2008-2938", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-200808-165", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2008-2938", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CERT/CC", "id": "VU#343355" }, { "db": "CERT/CC", "id": "VU#442845" }, { "db": "VULMON", "id": "CVE-2008-2938" }, { "db": "JVNDB", "id": "JVNDB-2008-001611" }, { "db": "CNNVD", "id": "CNNVD-200808-165" }, { "db": "NVD", "id": "CVE-2008-2938" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version. A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system. Multiple Java runtime implementations are prone to a vulnerability because the applications fail to sufficiently sanitize user-supplied input. \nExploiting this issue in Apache Tomcat will allow an attacker to view arbitrary local files within the context of the webserver. Information harvested may aid in launching further attacks. Other attacks may also be possible. \nExploiting this issue in other applications will depend on the individual application. Successful exploits may result in a bypass of intended security filters. This may have various security impacts. We will update this BID pending further investigation. \nUPDATE (December, 18, 2008): Reports indicate that this issue may affect additional, unspecified Java Virtual Machine (JVM) implementations distributed by Sun, HP, IBM, Apple, and Apache. We will update this BID as more information becomes available. \nUPDATE (January 9, 2009): This BID previously documented an issue in Apache Tomcat. Further reports indicate that the underlying issue is in various Java runtime implementations. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c01650939\nVersion: 1\n\nHPSBUX02401 SSRT090005 rev.1 - HP-UX Running Apache Web Server Suite, Remote Denial of Service (DoS), Cross-site Scripting (XSS), Execution of Arbitrary Code, Cross-Site Request Forgery (CSRF)\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2009-02-02\nLast Updated: 2009-02-02\n\nPotential Security Impact: Remote Denial of Service (DoS), cross-site scripting (XSS), execution of arbitrary code, cross-site request forgery (CSRF)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP-UX running Apache-based Web Server or Tomcat-based Servelet Engine. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS), cross-site scripting (XSS), execution of arbitrary code, or cross-site request forgery (CSRF). Apache-based Web Server and Tomcat-based Servelet Engine are contained in the Apache Web Server Suite. \nHP-UX B.11.23 and B.11.31 running Apache-based Web Server v2.2.8.01.01 or earlier or Tomcat-based Servelet Engine v5.5.27.01.01 or earlier \nHP-UX B.11.11 running Apache-based Web Server v2.2.8.01.01 or earlier \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics \n===============================================\nReference Base Vector Base Score \nCVE-2007-6420 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2008-1232 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2008-1947 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2008-2364 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 5.0\nCVE-2008-2370 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 5.0\nCVE-2008-2938 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2008-2939 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2008-3658 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 7.5\n===============================================\nInformation on CVSS is documented in HP Customer Notice: HPSN-2008-002. \n \nRESOLUTION\n\nHP has provided the following upgrades to resolve these vulnerabilities. \nThe upgrades are available from the following location: \nURL: http://software.hp.com \n\nNote: HP-UX Web Server Suite v.3.02 contains HP-UX Apache-based Web Server v.2.2.8.01.02 \nand HP-UX Tomcat-based Servlet Engine 5.5.27.01.01 \n\nHP-UX Release - B.11.23 and B.11.31 PA-32\nApache Depot name - HPUXWSATW-B302-32.depot\n \nHP-UX Release - B.11.23 and B.11.31 IA-64\nApache Depot name - HPUXWSATW-B302-64.depot\n \nHP-UX Release - B.11.11 PA-32\nApache Depot name - HPUXWSATW-B222-1111.depot\n \n\nMANUAL ACTIONS: Yes - Update \n\nInstall Apache-based Web Server or Tomcat-based Servelet Engine from the Apache Web Server Suite v3.02 or subsequent \n\nPRODUCT SPECIFIC INFORMATION \n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa \n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS \n\nHP-UX B.11.11 \n================== \nhpuxwsAPACHE.APACHE \nhpuxwsAPACHE.APACHE2 \nhpuxwsAPACHE.AUTH_LDAP \nhpuxwsAPACHE.AUTH_LDAP2 \nhpuxwsAPACHE.MOD_JK \nhpuxwsAPACHE.MOD_JK2 \nhpuxwsAPACHE.MOD_PERL \nhpuxwsAPACHE.MOD_PERL2 \nhpuxwsAPACHE.PHP \nhpuxwsAPACHE.PHP2 \nhpuxwsAPACHE.WEBPROXY \nhpuxwsTOMCAT.TOMCAT \nhpuxwsWEBMIN.WEBMIN \n\naction: install revision B.2.2.8.01.02 or subsequent \nURL: http://software.hp.com \n\nHP-UX B.11.23 \n================== \nhpuxws22APCH32.APACHE \nhpuxws22APCH32.APACHE2 \nhpuxws22APCH32.AUTH_LDAP \nhpuxws22APCH32.AUTH_LDAP2 \nhpuxws22APCH32.MOD_JK \nhpuxws22APCH32.MOD_JK2 \nhpuxws22APCH32.MOD_PERL \nhpuxws22APCH32.MOD_PERL2 \nhpuxws22APCH32.PHP \nhpuxws22APCH32.PHP2 \nhpuxws22APCH32.WEBPROXY \nhpuxws22APCH32.WEBPROXY2 \nhpuxws22TOMCAT.TOMCAT \nhpuxws22WEBMIN.WEBMIN \n\naction: install revision B.2.2.8.01.02 or subsequent \nURL: http://software.hp.com \n\nHP-UX B.11.31 \n================== \nhpuxws22APACHE.APACHE \nhpuxws22APACHE.APACHE2 \nhpuxws22APACHE.AUTH_LDAP \nhpuxws22APACHE.AUTH_LDAP2 \nhpuxws22APACHE.MOD_JK \nhpuxws22APACHE.MOD_JK2 \nhpuxws22APACHE.MOD_PERL \nhpuxws22APACHE.MOD_PERL2 \nhpuxws22APACHE.PHP \nhpuxws22APACHE.PHP2 \nhpuxws22APACHE.WEBPROXY \nhpuxws22APACHE.WEBPROXY2 \nhpuxws22TOMCAT.TOMCAT \nhpuxws22WEBMIN.WEBMIN \n\naction: install revision B.2.2.8.01.02 or subsequent \nURL: http://software.hp.com \n\nEND AFFECTED VERSIONS \n\nHISTORY \nVersion:1 (rev.1) 2 February 2009 Initial release \n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com \nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n To: security-alert@hp.com \n Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email: \nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC \nOn the web page: ITRC security bulletins and patch sign-up \nUnder Step1: your ITRC security bulletins and patches \n - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems \n - verify your operating system selections are checked and save. \n\n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php \nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do \n\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: \n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n \nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2009 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 8.1\n\niQA/AwUBSYhX8+AfOvwtKn1ZEQJxcACeJa8lt5TkhV5qnaGRTaBh4kqHutgAoJbH\nXCe08aGCzEZj/q4n91JQnhq6\n=XImF\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nCVE-2008-2938: Apache Tomcat information disclosure vulnerability - Update 2\n\nSeverity: Important\n\nVendor:\nMultiple (was The Apache Software Foundation)\n\nVersions Affected:\nVarious\n\nDescription (new information):\nThis vulnerability was originally reported to the Apache Software Foundation as\na Tomcat vulnerability. Investigations quickly identified that the root cause\nwas an issue with the UTF-8 charset implementation within the JVM. \n\nIt was decided to continue to report this as a Tomcat vulnerability until such\ntime as the JVM vendors had released fixed versions. \n\nUnfortunately, the release of fixed JVMs and associated vulnerability disclosure\nhas not been co-ordinated. There has been some confusion within the user\ncommunity as to the nature and root cause of CVE-2008-2938. \n\nMitigation:\nContact your JVM vendor for further information. \nTomcat users may upgrade as follows to a Tomcat version that contains a workaround:\n6.0.x users should upgrade to 6.0.18\n5.5.x users should upgrade to 5.5.27\n4.1.x users should upgrade to 4.1.39\n\nCredit:\nThis additional information was discovered by the Apache security\nteam. This release updates Tomcat to 5.5.27\nwhich patches several security vulnerabilities. \n\n\nAffected Products\n=================\nThe WiKID Strong Authentication Server - Enterprise Edition\nThe WiKID Strong Authentication Server - Community Edition\n\nReferences\n==========\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6286\n\nMitigation\n==========\n\nCommercial users may download the most recent RPMs from the website:\nhttp://www.wikidsystems.com/downloads/\n\nUsers of the open source community version may download packages from\nSourceforge:\nhttps://sourceforge.net/project/showfiles.php?group_id=144774\n\n\n\n- --\nNick Owen\nWiKID Systems, Inc. \n404-962-8983 (desk)\nhttp://www.wikidsystems.com\nTwo-factor authentication, without the hassle factor. \n \n A cross-site scripting vulnerability was found in the\n HttpServletResponse.sendError() method which could allow a remote\n attacker to inject arbitrary web script or HTML via forged HTTP headers\n (CVE-2008-1232). \n \n A cross-site scripting vulnerability was found in the host manager\n application that could allow a remote attacker to inject arbitrary\n web script or HTML via the hostname parameter (CVE-2008-1947). \n \n The updated packages have been patched to correct these issues. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2008.0:\n 56ca5eb3e331c6675634a5e3f3c5afd7 2008.0/i586/tomcat5-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n a1c688654decf045f80fb6d8978c73fa 2008.0/i586/tomcat5-admin-webapps-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n 2b7a97313ece05bbd5596045853cfca0 2008.0/i586/tomcat5-common-lib-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n e8384332efad0e2317a646241bece6ee 2008.0/i586/tomcat5-jasper-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n a30cc8061f55f2613c517574263cdd21 2008.0/i586/tomcat5-jasper-javadoc-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n 4f4a12c8479f27c7f9ed877f5821afa3 2008.0/i586/tomcat5-jsp-2.0-api-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n ced904c459478c1123ed5da41dddbd7f 2008.0/i586/tomcat5-jsp-2.0-api-javadoc-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n 183e045a9b44747c7a4adaec5c860441 2008.0/i586/tomcat5-server-lib-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n 78af5a5788ac359a99a24f03a39c7b94 2008.0/i586/tomcat5-servlet-2.4-api-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n 8e8569bfab5abef912299b9b751e49e9 2008.0/i586/tomcat5-servlet-2.4-api-javadoc-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n 6899c327906423cdd02b930221c2496e 2008.0/i586/tomcat5-webapps-5.5.23-9.2.10.2mdv2008.0.i586.rpm \n 39fd3985d73f2f20efe4ed97c2a5e7c7 2008.0/SRPMS/tomcat5-5.5.23-9.2.10.2mdv2008.0.src.rpm\n\n Mandriva Linux 2008.0/X86_64:\n c4d1c4471c29d8cd34adb9f2002ef294 2008.0/x86_64/tomcat5-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n 2caf09173a64a378636496196d99756f 2008.0/x86_64/tomcat5-admin-webapps-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n d6a9a290638267a1117a55041986d31a 2008.0/x86_64/tomcat5-common-lib-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n 2eead87d72af58ddc9e934b55e49a1aa 2008.0/x86_64/tomcat5-jasper-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n 0fab26f89e83c882c5948a430bf82c8b 2008.0/x86_64/tomcat5-jasper-javadoc-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n 833334424b555a77e2a9951b71ed8fa3 2008.0/x86_64/tomcat5-jsp-2.0-api-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n 115561d6233c3890cf3b85a7599ed03b 2008.0/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n eccf76ede6fb9256a2b52c861a9b0bb3 2008.0/x86_64/tomcat5-server-lib-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n cd9df1a8a1a5cb3216221bdefdfe8476 2008.0/x86_64/tomcat5-servlet-2.4-api-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n f7440a4111ec2fd30fa32e4bd74a0a20 2008.0/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n 1464eb297888c4df98d8b7eabe7f0197 2008.0/x86_64/tomcat5-webapps-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm \n 39fd3985d73f2f20efe4ed97c2a5e7c7 2008.0/SRPMS/tomcat5-5.5.23-9.2.10.2mdv2008.0.src.rpm\n\n Mandriva Linux 2008.1:\n 594abdc70bc430657eb831520926c73f 2008.1/i586/tomcat5-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n bdec2b83b4fdb4d10a01a65fbdac512d 2008.1/i586/tomcat5-admin-webapps-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n 3dbc007722996d1c36f31642f80b5c2a 2008.1/i586/tomcat5-common-lib-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n 04b23d162d13f84d1d8707646ea9148c 2008.1/i586/tomcat5-jasper-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n 602bf7d4ff261e8af20d50b9e76634bb 2008.1/i586/tomcat5-jasper-eclipse-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n 0066e7519a2d3478f0a3e70bd95a7e5b 2008.1/i586/tomcat5-jasper-javadoc-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n 1ba4743762cfa4594a27f0393de47823 2008.1/i586/tomcat5-jsp-2.0-api-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n 262f2a39b800562cef36d724ce3efa35 2008.1/i586/tomcat5-jsp-2.0-api-javadoc-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n b9f2af35a734d0e3a2d9bfe292aaced1 2008.1/i586/tomcat5-server-lib-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n 8307ef374c5b995feac394b6f27474d5 2008.1/i586/tomcat5-servlet-2.4-api-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n 3f4692170c35f992defcb4111a8133cd 2008.1/i586/tomcat5-servlet-2.4-api-javadoc-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n 02b9d28af879b825754eff6199bf1788 2008.1/i586/tomcat5-webapps-5.5.25-1.2.1.1mdv2008.1.i586.rpm \n 2621d41df35e895a1ed0ed471f93f211 2008.1/SRPMS/tomcat5-5.5.25-1.2.1.1mdv2008.1.src.rpm\n\n Mandriva Linux 2008.1/X86_64:\n 6b1e03e5206eb262970198dccba7d0a3 2008.1/x86_64/tomcat5-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n 930cf38058a0f8902e2741c6512e0aa0 2008.1/x86_64/tomcat5-admin-webapps-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n c527521cb93bab31df3f91422faf02a6 2008.1/x86_64/tomcat5-common-lib-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n f8bef98047ef956c8e4c0f877155e1f1 2008.1/x86_64/tomcat5-jasper-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n 97a8a59178259d26838ce20c176c459a 2008.1/x86_64/tomcat5-jasper-eclipse-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n 3bb885debc8576bd305c9fa4c9d25bfb 2008.1/x86_64/tomcat5-jasper-javadoc-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n 66dcf08e163fdaaf81992a7d25d84a20 2008.1/x86_64/tomcat5-jsp-2.0-api-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n dd92aab81bf4c75ab30b9b82153b24c0 2008.1/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n 517ed776282d089dd84f81d47104f660 2008.1/x86_64/tomcat5-server-lib-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n 83d4bb973b7fec461e812d74541a5949 2008.1/x86_64/tomcat5-servlet-2.4-api-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n cbdd58e1c9e1e8f0089af055abbd85e0 2008.1/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n cbee0f1f720269f77a66e30709ecd7ae 2008.1/x86_64/tomcat5-webapps-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm \n 2621d41df35e895a1ed0ed471f93f211 2008.1/SRPMS/tomcat5-5.5.25-1.2.1.1mdv2008.1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niD8DBQFIwYsKmqjQ0CJFipgRApJjAKCVZ1XtEGoADQcp8l/m1ECSRstnjACg4qE8\nj+sCdAEJN0CXvurmFcjUvNU=\n=+kFf\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. In these\nconfigurations arbitrary files in the docBase for an application,\nincluding files such as web.xml, may be disclosed. \n\n----------------------------------------------------------------------\n\nBist Du interessiert an einem neuen Job in IT-Sicherheit?\n\n\nSecunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-\nSicherheit:\nhttp://secunia.com/secunia_vacancies/\n\n----------------------------------------------------------------------\n\nTITLE:\nphpPgAds XML-RPC PHP Code Execution Vulnerability\n\nSECUNIA ADVISORY ID:\nSA15884\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/15884/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nphpPgAds 2.x\nhttp://secunia.com/product/4577/\n\nDESCRIPTION:\nA vulnerability has been reported in phpPgAds, which can be exploited\nby malicious people to compromise a vulnerable system. \nhttp://sourceforge.net/project/showfiles.php?group_id=36679\n\nOTHER REFERENCES:\nSA15852:\nhttp://secunia.com/advisories/15852/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. Secure Network - Security Research Advisory\n\nVuln name: ToutVirtual VirtualIQ Pro Multiple Vulnerabilities\nSystems affected: ToutVirtual VirtualIQ Professional 3.2 build 7882\nSystems not affected: --\nSeverity: High\nLocal/Remote: Remote\nVendor URL: http://www.toutvirtual.com\nAuthor(s): Alberto Trivero (a.trivero@securenetwork.it) \nClaudio Criscione (c.criscione@securenetwork.it)\nVendor disclosure: 02/07/2009\nVendor acknowledged: 16/07/2009\nVendor patch release: notified us on 06/11/2009\nPublic disclosure: 07/11/2009\nAdvisory number: SN-2009-02\nAdvisory URL: http://www.securenetwork.it/advisories/sn-2009-02.txt\n\n\n*** SUMMARY ***\n\nToutVirtual\u0027s VirtualIQ Pro is specifically designed for IT administrators \nresponsible for managing virtual platforms. VirtualIQ Pro provides\n Visibility, Analytics and policy-based Optimization - all from one single\nconsole. VirtualIQ Pro is hypervisor-agnostic supporting both Type I and Type \nII hypervisors. VirtualIQ Pro can be used to visualize, analyze and \noptimize your choice of virtualization platform - Citrix, Microsoft,\nNovell, Oracle and/or VMware. \n\nMultiple vulnerabilities has been found which a allow an attacker to conduct \nvarious XSS and CSRF attack, and other attacks due to the use \nof an old an not hardened version of the web server. \n\n\n*** VULNERABILITY DETAILS ***\n\n(a) Cross-site scripting (XSS)\n\nDue to an improper sanitization of user\u0027s input, multiple XSS attacks \n(reflective and stored) are possible. \nReflective PoCs:\n\nhttp://server:9080/tvserver/server/user/setPermissions.jsp?userId=1\"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e\u0026amp;resultResourceIds=111-222-1933email@address.tst \n\nhttp://server:9080/tvserver/server/user/addDepartment.jsp?addNewDept=0\u0026amp;deptName=%22;alert(1);//\u0026amp;deptId=1\u0026amp;deptDesc=asd\n\nhttp://server:9080/tvserver/server/inventory/inventoryTabs.jsp?ID=1;alert(1);//\n\nhttp://server:9080/tvserver/reports/virtualIQAdminReports.do?command=getFilter\u0026amp;reportName=%22%3E%3Cscript%3Ealert(1)%3C/script%3E\n\nStored XSS attacks can be triggered in the \"Middle Name\" parameter in the \n\"Edit Profile\" page with an HTTP request like the following:\n\nPOST /tvserver/user/user.do?command=save\u0026userId=1 HTTP/1.1\nHost: server:9080\nCookies: JSESSIONID=[...]\n\nuserName=IQMANAGER\u0026firstName=IQ\u0026middleName=asd\u0027; \nalert(document.cookie);//\u0026lastName=MANAGER\u0026email=user%40domain.it\u0026password=********\u0026retypePassword=********\u0026redirect=null\u0026passwordModifed=false\u0026isReportUser=false\u0026roleId=1\u0026supervisorId=1\u0026departmentId=1\u0026locationId=1\n\n\n(b) Cross-site request forgery (CSRF)\n\nAn attacker can perform different types of CSRF attacks against a logged user. \nHe can, for example, shutdown, start or restart an arbitrary\nvirtual machine, schedule new activities and so on. \n\nThe following HTTP request, if forged by the attacker and executed by the \nvictim while logged on VirtualIQ, creates an arbitrary user:\n\nPOST /tvserver/user/user.do?command=save\u0026userId= HTTP/1.1\nHost: server:9080\nCookie: JSESSIONID=[...]\n\nuserName=asd1\u0026firstName=asd2\u0026middleName=asd3\u0026lastName=asd4\u0026email=asd5%40asd.com\u0026password=asd6\u0026retypePassword=asd6\u0026redirect=null\u0026passwordModifed=false\u0026isReportUser=false\u0026roleId=1\u0026supervisorId=1\u0026departmentId=1\u0026locationId=1\n\n\n(c) Web server vulnerabilities\n\nVirtualIQ runs on top of an old version of Apache Tomcat: 5.5.9, for which \nmultiple public vulnerabilities have been released. As a \nPoC, a directory traversal attack (CVE-2008-2938) \ncan be performed as:\n\nhttp://server:9080/tvserver/server/%C0%AE%C0%AE/WEB-INF/web.xml\n\nListing of an arbitrary directory (CVE-2006-3835) can also be obtained with \nthe following PoC:\n\nhttp://192.168.229.85:9080/tvserver/server/;index.jsp\n\n\n(d) Information Leakage\n\nTomcat status page should be disabled or restricted, being accessible at:\n\nhttp://status:9080/status\n\nUsername and password to access a VM through SSH are also available in clear \ntext in the configuration page. \nSince an XSS vulnerability can also be triggered in the same page, an attacker \nwould also be able to easily capture the full credentials to access \nthe VM with a specially crafted XSS payload. \n\n\n*** FIX INFORMATION ***\n\nUpgrade to the latest version, at the moment 3.5 build 10.14.2009\n\n*** WORKAROUNDS ***\n\n--\n\n\n*********************\n*** LEGAL NOTICES ***\n*********************\n\nSecure Network (www.securenetwork.it) is an information security company, \nwhich provides consulting and training services, and engages in security \nresearch and development. \n\nWe are committed to open, full disclosure of vulnerabilities, cooperating\nwhenever possible with software developers for properly handling disclosure. \n\nThis advisory is copyright 2009 Secure Network S.r.l. Permission is \nhereby granted for the redistribution of this alert, provided that it is\nnot altered except by reformatting it, and that due credit is given. It \nmay not be edited in any way without the express consent of Secure Network \nS.r.l. Permission is explicitly given for insertion in vulnerability \ndatabases and similars, provided that due credit is given to Secure Network. This information is\nprovided as-is, as a free service to the community by Secure Network \nresearch staff. There are no warranties with regard to this information. \nSecure Network does not accept any liability for any direct, indirect,\nor consequential loss or damage arising from use of, or reliance on,\nthis information. \n\nIf you have any comments or inquiries, or any issue with what is reported \nin this advisory, please inform us as soon as possible. \n\nE-mail: securenetwork@securenetwork.it\nGPG/PGP key: http://www.securenetwork.it/pgpkeys/Secure%20Network.asc\nPhone: +39 02 24 12 67 88\n\n-- \nClaudio Criscione\n\nSecure Network S.r.l. \nVia Venezia, 23 - 20099 Sesto San Giovanni (MI) - Italia\nTel: +39 02.24126788 Mob: +39 392 3389178\nemail: c.criscione@securenetwork.it\nweb: www.securenetwork.it\n", "sources": [ { "db": "NVD", "id": "CVE-2008-2938" }, { "db": "CERT/CC", "id": "VU#343355" }, { "db": "CERT/CC", "id": "VU#442845" }, { "db": "JVNDB", "id": "JVNDB-2008-001611" }, { "db": "BID", "id": "30633" }, { "db": "VULMON", "id": "CVE-2008-2938" }, { "db": "PACKETSTORM", "id": "74633" }, { "db": "PACKETSTORM", "id": "73193" }, { "db": "PACKETSTORM", "id": "70055" }, { "db": "PACKETSTORM", "id": "69700" }, { "db": "PACKETSTORM", "id": "69819" }, { "db": "PACKETSTORM", "id": "38390" }, { "db": "PACKETSTORM", "id": "82649" } ], "trust": 4.05 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=6229", "trust": 0.2, "type": "exploit" } ], "sources": [ { "db": "VULMON", "id": "CVE-2008-2938" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2008-2938", "trust": 3.4 }, { "db": "CERT/CC", "id": "VU#343355", "trust": 2.8 }, { "db": "BID", "id": "30633", "trust": 2.8 }, { "db": "SECTRACK", "id": "1020665", "trust": 2.5 }, { "db": "BID", "id": "31681", "trust": 1.7 }, { "db": "SECUNIA", "id": "31639", "trust": 1.7 }, { "db": "SECUNIA", "id": "31891", "trust": 1.7 }, { "db": "SECUNIA", "id": "31982", "trust": 1.7 }, { "db": "SECUNIA", "id": "33797", "trust": 1.7 }, { "db": "SECUNIA", "id": "32222", "trust": 1.7 }, { "db": "SECUNIA", "id": "32120", "trust": 1.7 }, { "db": "SECUNIA", "id": "31865", "trust": 1.7 }, { "db": "SECUNIA", "id": "32266", "trust": 1.7 }, { "db": "SECUNIA", "id": "37297", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2008-2343", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2008-2823", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2008-2780", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2009-0320", "trust": 1.7 }, { "db": "SREASON", "id": "4148", "trust": 1.7 }, { "db": "EXPLOIT-DB", "id": "6229", "trust": 1.7 }, { "db": "SECUNIA", "id": "15884", "trust": 0.9 }, { "db": "SECUNIA", "id": "15810", "trust": 0.8 }, { "db": "SECUNIA", "id": "15922", "trust": 0.8 }, { "db": "SECUNIA", "id": "15852", "trust": 0.8 }, { "db": "SECUNIA", "id": "15855", "trust": 0.8 }, { "db": "SECUNIA", "id": "15861", "trust": 0.8 }, { "db": "SECUNIA", "id": "15862", "trust": 0.8 }, { "db": "SECUNIA", "id": "15872", "trust": 0.8 }, { "db": "SECUNIA", "id": "15883", "trust": 0.8 }, { "db": "SECUNIA", "id": "15895", "trust": 0.8 }, { "db": "BID", "id": "14088", "trust": 0.8 }, { "db": "SECTRACK", "id": "1014327", "trust": 0.8 }, { "db": "CERT/CC", "id": "VU#442845", "trust": 0.8 }, { "db": "XF", "id": "44411", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2008-001611", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-200808-165", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2008-2938", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "74633", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "73193", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "70055", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "69700", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "69819", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "38390", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "82649", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#343355" }, { "db": "CERT/CC", "id": "VU#442845" }, { "db": "VULMON", "id": "CVE-2008-2938" }, { "db": "BID", "id": "30633" }, { "db": "JVNDB", "id": "JVNDB-2008-001611" }, { "db": "PACKETSTORM", "id": "74633" }, { "db": "PACKETSTORM", "id": "73193" }, { "db": "PACKETSTORM", "id": "70055" }, { "db": "PACKETSTORM", "id": "69700" }, { "db": "PACKETSTORM", "id": "69819" }, { "db": "PACKETSTORM", "id": "38390" }, { "db": "PACKETSTORM", "id": "82649" }, { "db": "CNNVD", "id": "CNNVD-200808-165" }, { "db": "NVD", "id": "CVE-2008-2938" } ] }, "id": "VAR-200808-0154", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.16519225 }, "last_update_date": "2024-11-29T19:25:11.720000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Fixed in Apache Tomcat 5.5.SVN", "trust": 0.8, "url": "http://tomcat.apache.org/security-5.html" }, { "title": "Fixed in Apache Tomcat 6.0.18", "trust": 0.8, "url": "http://tomcat.apache.org/security-6.html" }, { "title": "Fixed in Apache Tomcat 4.1.SVN", "trust": 0.8, "url": "http://tomcat.apache.org/security-4.html" }, { "title": "HT3216", "trust": 0.8, "url": "http://support.apple.com/kb/HT3216" }, { "title": "HT3216", "trust": 0.8, "url": "http://support.apple.com/kb/HT3216?viewlocale=ja_JP" }, { "title": "tomcat5-5.5.23-0jpp.7.1.1AXS3", "trust": 0.8, "url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=156" }, { "title": "HPSBUX02401", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01650939" }, { "title": "NV09-013", "trust": 0.8, "url": "http://www.nec.co.jp/security-info/secinfo/nv09-013.html" }, { "title": "RHSA-2008:0648", "trust": 0.8, "url": "https://rhn.redhat.com/errata/RHSA-2008-0648.html" }, { "title": "Multiple vulnerabilities in Oracle Java Web Console", "trust": 0.8, "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_oracle_java1" }, { "title": "interstage_as_201003", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_201003.html" }, { "title": "Red Hat: Important: jbossweb security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20080877 - Security Advisory" }, { "title": "Red Hat: Important: tomcat security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20080864 - Security Advisory" }, { "title": "Red Hat: Low: tomcat security update for Red Hat Network Satellite Server", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20081007 - Security Advisory" }, { "title": "Red Hat: Important: tomcat security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20080862 - Security Advisory" }, { "title": "Offensive", "trust": 0.1, "url": "https://github.com/Naramsim/Offensive " }, { "title": "", "trust": 0.1, "url": "https://github.com/CVEDB/PoC-List " } ], "sources": [ { "db": "VULMON", "id": "CVE-2008-2938" }, { "db": "JVNDB", "id": "JVNDB-2008-001611" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-22", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2008-001611" }, { "db": "NVD", "id": "CVE-2008-2938" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.1, "url": "http://www.securityfocus.com/bid/30633" }, { "trust": 2.3, "url": "http://www.securityfocus.com/bid/31681" }, { "trust": 2.1, "url": "http://www.kb.cert.org/vuls/id/343355" }, { "trust": 2.0, "url": "http://tomcat.apache.org/security-6.html" }, { "trust": 2.0, "url": "http://support.avaya.com/elmodocs2/security/asa-2008-401.htm" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2008-0648.html" }, { "trust": 1.7, "url": "http://secunia.com/advisories/31639" }, { "trust": 1.7, "url": "http://www.securitytracker.com/id?1020665" }, { "trust": 1.7, "url": "http://tomcat.apache.org/security-4.html" }, { "trust": 1.7, "url": "http://tomcat.apache.org/security-5.html" }, { "trust": 1.7, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2008:188" }, { "trust": 1.7, "url": "https://www.redhat.com/archives/fedora-package-announce/2008-september/msg00859.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html" }, { "trust": 1.7, "url": "http://secunia.com/advisories/31891" }, { "trust": 1.7, "url": "https://www.redhat.com/archives/fedora-package-announce/2008-september/msg00889.html" }, { "trust": 1.7, "url": "http://secunia.com/advisories/31865" }, { "trust": 1.7, "url": "https://www.redhat.com/archives/fedora-package-announce/2008-september/msg00712.html" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2008-0862.html" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2008-0864.html" }, { "trust": 1.7, "url": "http://lists.apple.com/archives/security-announce/2008/oct/msg00001.html" }, { "trust": 1.7, "url": "http://support.apple.com/kb/ht3216" }, { "trust": 1.7, "url": "http://secunia.com/advisories/32222" }, { "trust": 1.7, "url": "http://securityreason.com/securityalert/4148" }, { "trust": 1.7, "url": "http://secunia.com/advisories/31982" }, { "trust": 1.7, "url": "http://marc.info/?l=bugtraq\u0026m=123376588623823\u0026w=2" }, { "trust": 1.7, "url": "http://secunia.com/advisories/33797" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "trust": 1.7, "url": "http://secunia.com/advisories/32120" }, { "trust": 1.7, "url": "http://secunia.com/advisories/32266" }, { "trust": 1.7, "url": "http://www.securenetwork.it/ricerca/advisory/download/sn-2009-02.txt" }, { "trust": 1.7, "url": "http://secunia.com/advisories/37297" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2009/0320" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2008/2823" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2008/2343" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2008/2780" }, { "trust": 1.7, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44411" }, { "trust": 1.7, "url": "https://www.exploit-db.com/exploits/6229" }, { "trust": 1.7, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10587" }, { "trust": 1.7, "url": "http://www.securityfocus.com/archive/1/507729/100/0/threaded" }, { "trust": 1.7, "url": "http://www.securityfocus.com/archive/1/495318/100/0/threaded" }, { "trust": 1.7, "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3cdev.tomcat.apache.org%3e" }, { "trust": 1.7, "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3cdev.tomcat.apache.org%3e" }, { "trust": 1.7, "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3cdev.tomcat.apache.org%3e" }, { "trust": 1.0, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2938" }, { "trust": 0.9, "url": "http://secunia.com/advisories/15884/" }, { "trust": 0.9, "url": "http://secunia.com/advisories/15852/" }, { "trust": 0.8, "url": "about vulnerability notes" }, { "trust": 0.8, "url": "contact us about this vulnerability" }, { "trust": 0.8, "url": "provide a vendor statement" }, { "trust": 0.8, "url": "http://www.hardened-php.net/advisory-022005.php" }, { "trust": 0.8, "url": "http://secunia.com/advisories/15861/" }, { "trust": 0.8, "url": "http://secunia.com/advisories/15862/" }, { "trust": 0.8, "url": "http://secunia.com/advisories/15895/" }, { "trust": 0.8, "url": "http://secunia.com/advisories/15883/" }, { "trust": 0.8, "url": "http://news.postnuke.com/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=2699" }, { "trust": 0.8, "url": "http://secunia.com/advisories/15855/" }, { "trust": 0.8, "url": "http://secunia.com/advisories/15810/" }, { "trust": 0.8, "url": "http://secunia.com/advisories/15872/" }, { "trust": 0.8, "url": "http://secunia.com/advisories/15922/" }, { "trust": 0.8, "url": "http://securitytracker.com/alerts/2005/jun/1014327.html" }, { "trust": 0.8, "url": "http://www.gulftech.org/?node=research\u0026article_id=00088-07022005" }, { "trust": 0.8, "url": "http://www.gulftech.org/?node=research\u0026article_id=00087-07012005" }, { "trust": 0.8, "url": "http://www.securityfocus.com/bid/14088" }, { "trust": 0.8, "url": "http://www.frsirt.com/english/advisories/2008/2343" }, { "trust": 0.8, "url": "http://xforce.iss.net/xforce/xfdb/44411" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-2938" }, { "trust": 0.8, "url": "http://securitytracker.com/id?1020665" }, { "trust": 0.6, "url": "/archive/1/496168" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-2938" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3cdev.tomcat.apache.org%3e" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3cdev.tomcat.apache.org%3e" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3cdev.tomcat.apache.org%3e" }, { "trust": 0.3, "url": "http://tomcat.apache.org/" }, { "trust": 0.3, "url": "http://java.sun.com/javase/6/webnotes/6u11.html" }, { "trust": 0.3, "url": "http://harmony.apache.org/" }, { "trust": 0.3, "url": "http://www.redhat.com/docs/en-us/jboss_enterprise_application_platform/4.2.0.cp04/html-single/readme/index.html" }, { "trust": 0.3, "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_oracle_java" }, { "trust": 0.3, "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_oracle_java1" }, { "trust": 0.3, "url": "http://openjdk.java.net/" }, { "trust": 0.3, "url": "msg://bugtraq/8ba534860901192056k63dc5e78j5555f5f09997eabf@mail.gmail.com" }, { "trust": 0.3, "url": "https://sourceforge.net/project/shownotes.php?release_id=626903\u0026group_id=144774" }, { "trust": 0.3, "url": "http://download.novell.com/download?buildid=n5vszfht1vs" }, { "trust": 0.3, "url": "/archive/1/495318" }, { "trust": 0.3, "url": "/archive/1/499926" }, { "trust": 0.3, "url": "msg://bugtraq/494a7e59.80909@apache.org" }, { "trust": 0.3, "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-201003e.html" }, { "trust": 0.3, "url": "http://rhn.redhat.com/errata/rhsa-2008-0648.html" }, { "trust": 0.3, "url": "http://www.novell.com/support/viewcontent.do?externalid=7006398" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-2370" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1947" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1232" }, { "trust": 0.3, "url": "http://enigmail.mozdev.org" }, { "trust": 0.2, "url": "http://tomcat.apache.org/security.html" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1947" }, { "trust": 0.2, "url": "http://secunia.com/" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1232" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5342" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5342" }, { "trust": 0.2, "url": "http://lists.grok.org.uk/full-disclosure-charter.html" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2370" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/22.html" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2008:0877" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=16434" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://github.com/naramsim/offensive" }, { "trust": 0.1, "url": "https://www.exploit-db.com/exploits/6229/" }, { "trust": 0.1, "url": "http://software.hp.com" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-2364" }, { "trust": 0.1, "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6420" }, { "trust": 0.1, "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc" }, { "trust": 0.1, "url": "https://www.hp.com/go/swa" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-2939" }, { "trust": 0.1, "url": "http://h30046.www3.hp.com/subsignin.php" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-3658" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5333" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6286" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5333" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5461" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6286" }, { "trust": 0.1, "url": "http://www.wikidsystems.com" }, { "trust": 0.1, "url": "https://sourceforge.net/project/showfiles.php?group_id=144774" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5461" }, { "trust": 0.1, "url": "http://www.wikidsystems.com/downloads/" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/advisories" }, { "trust": 0.1, "url": "http://svn.apache.org/viewvc?view=rev\u0026revision=681065" }, { "trust": 0.1, "url": "http://www.target.com/contextpath/%c0%ae%c0%ae/web-inf/web.xml" }, { "trust": 0.1, "url": "http://secunia.com/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/product/4577/" }, { "trust": 0.1, "url": "http://secunia.com/secunia_vacancies/" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://sourceforge.net/project/showfiles.php?group_id=36679" }, { "trust": 0.1, "url": "http://secunia.com/about_secunia_advisories/" }, { "trust": 0.1, "url": "http://server:9080/tvserver/server/inventory/inventorytabs.jsp?id=1;alert(1);//" }, { "trust": 0.1, "url": "http://server:9080/tvserver/reports/virtualiqadminreports.do?command=getfilter\u0026amp;reportname=%22%3e%3cscript%3ealert(1)%3c/script%3e" }, { "trust": 0.1, "url": "http://server:9080/tvserver/server/%c0%ae%c0%ae/web-inf/web.xml" }, { "trust": 0.1, "url": "http://status:9080/status" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3835" }, { "trust": 0.1, "url": "http://www.securenetwork.it/pgpkeys/secure%20network.asc" }, { "trust": 0.1, "url": "http://www.toutvirtual.com" }, { "trust": 0.1, "url": "http://server:9080/tvserver/server/user/setpermissions.jsp?userid=1\"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e\u0026amp;resultresourceids=111-222-1933email@address.tst" }, { "trust": 0.1, "url": "http://192.168.229.85:9080/tvserver/server/;index.jsp" }, { "trust": 0.1, "url": "http://server:9080/web-console/" }, { "trust": 0.1, "url": "https://www.securenetwork.it)" }, { "trust": 0.1, "url": "http://server:9080/tvserver/server/user/adddepartment.jsp?addnewdept=0\u0026amp;deptname=%22;alert(1);//\u0026amp;deptid=1\u0026amp;deptdesc=asd" }, { "trust": 0.1, "url": "http://server:9080/jmx-console/" }, { "trust": 0.1, "url": "http://www.securenetwork.it/advisories/sn-2009-02.txt" } ], "sources": [ { "db": "CERT/CC", "id": "VU#343355" }, { "db": "CERT/CC", "id": "VU#442845" }, { "db": "VULMON", "id": "CVE-2008-2938" }, { "db": "BID", "id": "30633" }, { "db": "JVNDB", "id": "JVNDB-2008-001611" }, { "db": "PACKETSTORM", "id": "74633" }, { "db": "PACKETSTORM", "id": "73193" }, { "db": "PACKETSTORM", "id": "70055" }, { "db": "PACKETSTORM", "id": "69700" }, { "db": "PACKETSTORM", "id": "69819" }, { "db": "PACKETSTORM", "id": "38390" }, { "db": "PACKETSTORM", "id": "82649" }, { "db": "CNNVD", "id": "CNNVD-200808-165" }, { "db": "NVD", "id": "CVE-2008-2938" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#343355" }, { "db": "CERT/CC", "id": "VU#442845" }, { "db": "VULMON", "id": "CVE-2008-2938" }, { "db": "BID", "id": "30633" }, { "db": "JVNDB", "id": "JVNDB-2008-001611" }, { "db": "PACKETSTORM", "id": "74633" }, { "db": "PACKETSTORM", "id": "73193" }, { "db": "PACKETSTORM", "id": "70055" }, { "db": "PACKETSTORM", "id": "69700" }, { "db": "PACKETSTORM", "id": "69819" }, { "db": "PACKETSTORM", "id": "38390" }, { "db": "PACKETSTORM", "id": "82649" }, { "db": "CNNVD", "id": "CNNVD-200808-165" }, { "db": "NVD", "id": "CVE-2008-2938" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2008-08-19T00:00:00", "db": "CERT/CC", "id": "VU#343355" }, { "date": "2005-07-06T00:00:00", "db": "CERT/CC", "id": "VU#442845" }, { "date": "2008-08-13T00:00:00", "db": "VULMON", "id": "CVE-2008-2938" }, { "date": "2008-08-11T00:00:00", "db": "BID", "id": "30633" }, { "date": "2008-09-04T00:00:00", "db": "JVNDB", "id": "JVNDB-2008-001611" }, { "date": "2009-02-04T18:45:10", "db": "PACKETSTORM", "id": "74633" }, { "date": "2008-12-22T04:48:14", "db": "PACKETSTORM", "id": "73193" }, { "date": "2008-09-17T15:13:40", "db": "PACKETSTORM", "id": "70055" }, { "date": "2008-09-06T00:23:13", "db": "PACKETSTORM", "id": "69700" }, { "date": "2008-09-10T16:29:31", "db": "PACKETSTORM", "id": "69819" }, { "date": "2005-07-01T23:31:00", "db": "PACKETSTORM", "id": "38390" }, { "date": "2009-11-17T00:59:14", "db": "PACKETSTORM", "id": "82649" }, { "date": "2007-05-16T00:00:00", "db": "CNNVD", "id": "CNNVD-200808-165" }, { "date": "2008-08-13T00:41:00", "db": "NVD", "id": "CVE-2008-2938" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2008-08-19T00:00:00", "db": "CERT/CC", "id": "VU#343355" }, { "date": "2007-03-09T00:00:00", "db": "CERT/CC", "id": "VU#442845" }, { "date": "2023-02-13T00:00:00", "db": "VULMON", "id": "CVE-2008-2938" }, { "date": "2015-04-13T22:13:00", "db": "BID", "id": "30633" }, { "date": "2012-09-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2008-001611" }, { "date": "2023-05-06T00:00:00", "db": "CNNVD", "id": "CNNVD-200808-165" }, { "date": "2024-11-21T00:48:03.483000", "db": "NVD", "id": "CVE-2008-2938" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-200808-165" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache Tomcat UTF8 Directory Traversal Vulnerability", "sources": [ { "db": "CERT/CC", "id": "VU#343355" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "path traversal", "sources": [ { "db": "CNNVD", "id": "CNNVD-200808-165" } ], "trust": 0.6 } }
var-200802-0064
Vulnerability from variot
Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header. A vulnerability exists in the legacy version of the mod_jk2 Apache module. If successfully exploited, the vulnerability may allow an attacker to run arbitrary code on affected system. Interstage Application Server Contains a buffer overflow vulnerability.A third party may execute arbitrary code. Apache mod_jk2 is prone to multiple stack-based buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data before copying it to insufficiently sized buffers. Successful exploits may allow attackers to execute arbitrary code in the context of a vulnerable application; failed attempts will likely cause denial-of-service conditions. Versions prior to mod_jk2 2.0.4 are vulnerable. NOTE: mod_jk2 is a legacy branch of mod_jk that is now deprecated; mod_jk is a currently supported module and is reportedly unaffected by these issues
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200802-0064", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "big-ip", "scope": "eq", "trust": 1.6, "vendor": "f5", "version": "9.2.3.30" }, { "model": "mod jk", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0" }, { "model": "mod jk", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.3_dev" }, { "model": "mod jk", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.2" }, { "model": "mod jk", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.1" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "apache http server", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "f5", "version": null }, { "model": "interstage application framework suite", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage apworks", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage business application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage job workload server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage studio", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage web server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage studio standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage studio standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "interstage studio enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage studio enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "interstage job workload server", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.1" }, { "model": "interstage business application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0" }, { "model": "interstage apworks modelers-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage apworks modelers-j edition 6.0a", "scope": null, "trust": 0.3, "vendor": "fujitsu", "version": null }, { "model": "interstage apworks modelers-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server standard-j edition a", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.2" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0" }, { "model": "interstage application server plus developer", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage application server plus developer", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0.1" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server enterprise edition a", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.2" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0.1" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "bigip", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "9.2.3.30" }, { "model": "software foundation mod jk2", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.2" }, { "model": "software foundation mod jk2", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.1" }, { "model": "software foundation mod jk2", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0" }, { "model": "software foundation mod jk2 2.0.3-dev", "scope": null, "trust": 0.3, "vendor": "apache", "version": null }, { "model": "software foundation mod jk2", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": "2.0.4" } ], "sources": [ { "db": "CERT/CC", "id": "VU#771937" }, { "db": "BID", "id": "27752" }, { "db": "JVNDB", "id": "JVNDB-2008-002490" }, { "db": "CNNVD", "id": "CNNVD-200802-324" }, { "db": "NVD", "id": "CVE-2007-6258" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_framework_suite", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_apworks", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_job_workload_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_studio", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_web_server", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2008-002490" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IOActive Security discovered these issues.", "sources": [ { "db": "BID", "id": "27752" }, { "db": "CNNVD", "id": "CNNVD-200802-324" } ], "trust": 0.9 }, "cve": "CVE-2007-6258", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2007-6258", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-29620", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2007-6258", "trust": 1.0, "value": "HIGH" }, { "author": "CARNEGIE MELLON", "id": "VU#771937", "trust": 0.8, "value": "4.80" }, { "author": "NVD", "id": "CVE-2007-6258", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-200802-324", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-29620", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "CERT/CC", "id": "VU#771937" }, { "db": "VULHUB", "id": "VHN-29620" }, { "db": "JVNDB", "id": "JVNDB-2008-002490" }, { "db": "CNNVD", "id": "CNNVD-200802-324" }, { "db": "NVD", "id": "CVE-2007-6258" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header. A vulnerability exists in the legacy version of the mod_jk2 Apache module. If successfully exploited, the vulnerability may allow an attacker to run arbitrary code on affected system. Interstage Application Server Contains a buffer overflow vulnerability.A third party may execute arbitrary code. Apache mod_jk2 is prone to multiple stack-based buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data before copying it to insufficiently sized buffers. \nSuccessful exploits may allow attackers to execute arbitrary code in the context of a vulnerable application; failed attempts will likely cause denial-of-service conditions. \nVersions prior to mod_jk2 2.0.4 are vulnerable. \nNOTE: mod_jk2 is a legacy branch of mod_jk that is now deprecated; mod_jk is a currently supported module and is reportedly unaffected by these issues", "sources": [ { "db": "NVD", "id": "CVE-2007-6258" }, { "db": "CERT/CC", "id": "VU#771937" }, { "db": "JVNDB", "id": "JVNDB-2008-002490" }, { "db": "BID", "id": "27752" }, { "db": "VULHUB", "id": "VHN-29620" } ], "trust": 2.7 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-29620", "trust": 0.1, "type": "unknown" } ], "sources": [ { "db": "VULHUB", "id": "VHN-29620" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "CERT/CC", "id": "VU#771937", "trust": 3.3 }, { "db": "NVD", "id": "CVE-2007-6258", "trust": 2.8 }, { "db": "BID", "id": "27752", "trust": 2.8 }, { "db": "VUPEN", "id": "ADV-2008-0572", "trust": 2.5 }, { "db": "EXPLOIT-DB", "id": "5330", "trust": 1.7 }, { "db": "EXPLOIT-DB", "id": "5386", "trust": 1.7 }, { "db": "SREASON", "id": "3661", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2008-002490", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-200802-324", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-29620", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#771937" }, { "db": "VULHUB", "id": "VHN-29620" }, { "db": "BID", "id": "27752" }, { "db": "JVNDB", "id": "JVNDB-2008-002490" }, { "db": "CNNVD", "id": "CNNVD-200802-324" }, { "db": "NVD", "id": "CVE-2007-6258" } ] }, "id": "VAR-200802-0064", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-29620" } ], "trust": 0.34551522199999996 }, "last_update_date": "2024-11-23T22:03:42.080000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "interstage_as_201004", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_201004.html" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2008-002490" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-29620" }, { "db": "JVNDB", "id": "JVNDB-2008-002490" }, { "db": "NVD", "id": "CVE-2007-6258" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "http://www.ioactive.com/vulnerabilities/mod_jk2legacybufferoverflowadvisory.pdf" }, { "trust": 2.5, "url": "http://www.securityfocus.com/bid/27752" }, { "trust": 2.5, "url": "http://www.kb.cert.org/vuls/id/771937" }, { "trust": 2.5, "url": "http://www.vupen.com/english/advisories/2008/0572" }, { "trust": 1.7, "url": "http://www.securityfocus.com/archive/1/487983/100/100/threaded" }, { "trust": 1.7, "url": "https://www.exploit-db.com/exploits/5330" }, { "trust": 1.7, "url": "https://www.exploit-db.com/exploits/5386" }, { "trust": 1.7, "url": "http://www.ioactive.com/pdfs/mod_jk2.pdf" }, { "trust": 1.7, "url": "http://securityreason.com/securityalert/3661" }, { "trust": 0.8, "url": "http://today.java.net/pub/n/mod_jk22.0.4" }, { "trust": 0.8, "url": "http://www.w3.org/protocols/rfc2616/rfc2616.html" }, { "trust": 0.8, "url": "http://www.jmarshall.com/easy/http/#http1.1c1" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6258" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-6258" }, { "trust": 0.3, "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-201004e.html" }, { "trust": 0.3, "url": "http://tomcat.apache.org/download-connectors.cgi" }, { "trust": 0.3, "url": "/archive/1/487983" } ], "sources": [ { "db": "CERT/CC", "id": "VU#771937" }, { "db": "VULHUB", "id": "VHN-29620" }, { "db": "BID", "id": "27752" }, { "db": "JVNDB", "id": "JVNDB-2008-002490" }, { "db": "CNNVD", "id": "CNNVD-200802-324" }, { "db": "NVD", "id": "CVE-2007-6258" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#771937" }, { "db": "VULHUB", "id": "VHN-29620" }, { "db": "BID", "id": "27752" }, { "db": "JVNDB", "id": "JVNDB-2008-002490" }, { "db": "CNNVD", "id": "CNNVD-200802-324" }, { "db": "NVD", "id": "CVE-2007-6258" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2008-02-14T00:00:00", "db": "CERT/CC", "id": "VU#771937" }, { "date": "2008-02-19T00:00:00", "db": "VULHUB", "id": "VHN-29620" }, { "date": "2008-02-12T00:00:00", "db": "BID", "id": "27752" }, { "date": "2010-11-16T00:00:00", "db": "JVNDB", "id": "JVNDB-2008-002490" }, { "date": "2008-02-18T00:00:00", "db": "CNNVD", "id": "CNNVD-200802-324" }, { "date": "2008-02-19T00:00:00", "db": "NVD", "id": "CVE-2007-6258" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2008-04-29T00:00:00", "db": "CERT/CC", "id": "VU#771937" }, { "date": "2018-10-15T00:00:00", "db": "VULHUB", "id": "VHN-29620" }, { "date": "2010-10-27T11:38:00", "db": "BID", "id": "27752" }, { "date": "2010-11-16T00:00:00", "db": "JVNDB", "id": "JVNDB-2008-002490" }, { "date": "2022-02-10T00:00:00", "db": "CNNVD", "id": "CNNVD-200802-324" }, { "date": "2024-11-21T00:39:43.290000", "db": "NVD", "id": "CVE-2007-6258" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-200802-324" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache mod_jk2 host header buffer overflow", "sources": [ { "db": "CERT/CC", "id": "VU#771937" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-200802-324" } ], "trust": 0.6 } }
var-200703-0007
Vulnerability from variot
Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache. A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system. Apache HTTP servers running with the Tomcat servlet container are prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting this issue allows attackers to access arbitrary files in the Tomcat webroot. This can expose sensitive information that could help the attacker launch further attacks. Versions in the 5.0 series prior to 5.5.22 and in the 6.0 series prior to 6.0.10 are vulnerable. Note that this vulnerability can only be exploited when using apache proxy modules like mod_proxy, mod_rewrite or mod_jk.
Workaround
There is no known workaround at this time.
Resolution
All Tomcat users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-servers/tomcat-5.5.22"
References
[ 1 ] CVE-2007-0450 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200705-03.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . Title: CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities
CA Advisory Reference: CA20090123-01
CA Advisory Date: 2009-01-23
Reported By: n/a
Impact: Refer to the CVE identifiers for details.
Summary: Multiple security risks exist in Apache Tomcat as included with CA Cohesion Application Configuration Manager. CA has issued an update to address the vulnerabilities. Refer to the References section for the full list of resolved issues by CVE identifier.
Mitigating Factors: None
Severity: CA has given these vulnerabilities a Medium risk rating.
Affected Products: CA Cohesion Application Configuration Manager 4.5
Non-Affected Products CA Cohesion Application Configuration Manager 4.5 SP1
Affected Platforms: Windows
Status and Recommendation: CA has issued the following update to address the vulnerabilities.
CA Cohesion Application Configuration Manager 4.5:
RO04648 https://support.ca.com/irj/portal/anonymous/redirArticles?reqPage=search &searchID=RO04648
How to determine if you are affected:
- Using Windows Explorer, locate the file "RELEASE-NOTES".
- By default, the file is located in the "C:\Program Files\CA\Cohesion\Server\server\" directory.
- Open the file with a text editor.
- If the version is less than 5.5.25, the installation is vulnerable.
Workaround: None
References (URLs may wrap): CA Support: http://support.ca.com/ CA20090123-01: Security Notice for Cohesion Tomcat https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=1975 40 Solution Document Reference APARs: RO04648 CA Security Response Blog posting: CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx Reported By: n/a CVE References: CVE-2005-2090 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2090 CVE-2005-3510 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3510 CVE-2006-3835 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3835 CVE-2006-7195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7195 CVE-2006-7196 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7196 CVE-2007-0450 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450 CVE-2007-1355 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1355 CVE-2007-1358 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1358 CVE-2007-1858 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1858 CVE-2007-2449 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2449 CVE-2007-2450 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2450 CVE-2007-3382 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3382 CVE-2007-3385 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385 CVE-2007-3386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3386 CVE-2008-0128 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0128 *Note: the issue was not completely fixed by Tomcat maintainers. OSVDB References: Pending http://osvdb.org/
Changelog for this advisory: v1.0 - Initial Release v1.1 - Updated Impact, Summary, Affected Products
Customers who require additional information should contact CA Technical Support at http://support.ca.com.
For technical questions or comments related to this advisory, please send email to vuln AT ca DOT com.
If you discover a vulnerability in CA products, please report your findings to the CA Product Vulnerability Response Team. https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=1777 82
Regards, Ken Williams, Director ; 0xE2941985 CA Product Vulnerability Response Team
CA, 1 CA Plaza, Islandia, NY 11749
Contact http://www.ca.com/us/contact/ Legal Notice http://www.ca.com/us/legal/ Privacy Policy http://www.ca.com/us/privacy/ Copyright (c) 2009 CA. All rights reserved. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01178795 Version: 1
HPSBUX02262 SSRT071447 rev. 1 - HP-UX running Apache, Remote Arbitrary Code Execution, Cross Site Scripting (XSS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2007-10-02 Last Updated: 2007-10-02
Potential Security Impact: Remote arbitrary code execution, cross site scripting (XSS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Apache running on HP-UX. The vulnerabilities could be exploited remotely via Cross Site Scripting (XSS) to execute arbitrary code.
References: CVE-2005-2090, CVE-2006-5752, CVE-2007-0450, CVE-2007-0774, CVE-2007-1355, CVE-2007-1358, CVE-2007-1860, CVE-2007-1863, CVE-2007-1887, CVE-2007-1900, CVE-2007-2449, CVE-2007-2450, CVE-2007-2756, CVE-2007-2872, CVE-2007-3382, CVE-2007-3385, CVE-2007-3386.
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running Apache
BACKGROUND To determine if a system has an affected version, search the output of "swlist -a revision -l fileset" for an affected fileset. Then determine if the recommended patch or update is installed.
AFFECTED VERSIONS
For IPv4: HP-UX B.11.11 ============= hpuxwsAPACHE action: install revision A.2.0.59.00 or subsequent restart Apache URL: https://www.hp.com/go/softwaredepot/
For IPv6: HP-UX B.11.11 HP-UX B.11.23 HP-UX B.11.31 ============= hpuxwsAPACHE,revision=B.1.0.00.01 hpuxwsAPACHE,revision=B.1.0.07.01 hpuxwsAPACHE,revision=B.1.0.08.01 hpuxwsAPACHE,revision=B.1.0.09.01 hpuxwsAPACHE,revision=B.1.0.10.01 hpuxwsAPACHE,revision=B.2.0.48.00 hpuxwsAPACHE,revision=B.2.0.49.00 hpuxwsAPACHE,revision=B.2.0.50.00 hpuxwsAPACHE,revision=B.2.0.51.00 hpuxwsAPACHE,revision=B.2.0.52.00 hpuxwsAPACHE,revision=B.2.0.53.00 hpuxwsAPACHE,revision=B.2.0.54.00 hpuxwsAPACHE,revision=B.2.0.55.00 hpuxwsAPACHE,revision=B.2.0.56.00 hpuxwsAPACHE,revision=B.2.0.58.00 hpuxwsAPACHE,revision=B.2.0.58.01
action: install revision B.2.0.59.00 or subsequent restart Apache URL: https://www.hp.com/go/softwaredepot/
END AFFECTED VERSIONS
RESOLUTION HP has made the following available to resolve the vulnerability. HP-UX Apache-based Web Server v.2.18 powered by Apache Tomcat Webmin or subsequent. The update is available on https://www.hp.com/go/softwaredepot/ Note: HP-UX Apache-based Web Server v.2.18 powered by Apache Tomcat Webmin contains HP-UX Apache-based Web Server v.2.0.59.00.
MANUAL ACTIONS: Yes - Update Install HP-UX Apache-based Web Server v.2.18 powered by Apache Tomcat Webmin or subsequent.
PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all HP-issued Security Bulletins and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
HISTORY Revision: 1 (rev.1) - 02 October 2007 Initial release
Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
- The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
\xa9Copyright 2007 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: PGP 8.1
iQA/AwUBRwVCruAfOvwtKn1ZEQK1YgCfavU7x1Hs59uLdP26lpZFwMxKofIAn3gJ HHoe3AY1sc6hrW3Xk+B1hcbr =+E1W -----END PGP SIGNATURE----- .
Multiple cross-site scripting vulnerabilities in the Manager and Host Manager web applications allow remote authenticated users to inject arbitrary web script or HTML (CVE-2007-2450).
Tomcat treated single quotes as delimiters in cookies, which could cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks (CVE-2007-3382).
Tomcat did not properly handle the " character sequence in a cookie value, which could cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks (CVE-2007-3385).
A cross-site scripting vulnerability in the Host Manager servlet allowed remote attackers to inject arbitrary HTML and web script via crafted attacks (CVE-2007-3386).
The updated packages have been patched to correct these issues.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2449 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2450 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3382 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461
Updated Packages:
Mandriva Linux 2007.1: 2eaba952d2699868ef76ca11dc7743e2 2007.1/i586/tomcat5-5.5.17-6.2.4.1mdv2007.1.i586.rpm 037b18dda99d06be0b77f35964257902 2007.1/i586/tomcat5-admin-webapps-5.5.17-6.2.4.1mdv2007.1.i586.rpm d9e6c355370c0e3f9aebc7ba0edd99d5 2007.1/i586/tomcat5-common-lib-5.5.17-6.2.4.1mdv2007.1.i586.rpm fcb4fa36ea0926a0fbd92d1f9c9d9671 2007.1/i586/tomcat5-jasper-5.5.17-6.2.4.1mdv2007.1.i586.rpm fedd1a27a4f46d0d793c3ceb21a57246 2007.1/i586/tomcat5-jasper-javadoc-5.5.17-6.2.4.1mdv2007.1.i586.rpm ab5985c840c14c812b3e72dae54407f0 2007.1/i586/tomcat5-jsp-2.0-api-5.5.17-6.2.4.1mdv2007.1.i586.rpm 6266395d78af5f64ce7a150b9175fab7 2007.1/i586/tomcat5-jsp-2.0-api-javadoc-5.5.17-6.2.4.1mdv2007.1.i586.rpm 08335caaa65e97003aa67d465ce60ae1 2007.1/i586/tomcat5-server-lib-5.5.17-6.2.4.1mdv2007.1.i586.rpm 3a4f5995900419c7354804ae0dc548b6 2007.1/i586/tomcat5-servlet-2.4-api-5.5.17-6.2.4.1mdv2007.1.i586.rpm 0c27ba521cee0d06627f121df3a138c9 2007.1/i586/tomcat5-servlet-2.4-api-javadoc-5.5.17-6.2.4.1mdv2007.1.i586.rpm 07537a59d8549f412dc4c9a783f41177 2007.1/i586/tomcat5-webapps-5.5.17-6.2.4.1mdv2007.1.i586.rpm b55342a597ab506be934b6a73ed24005 2007.1/SRPMS/tomcat5-5.5.17-6.2.4.1mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64: aea539336fa58a995ae1411fe61934c2 2007.1/x86_64/tomcat5-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm 0225750a0d4ef032915783d0b29c1504 2007.1/x86_64/tomcat5-admin-webapps-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm 8223d038509a71f537f537909e9ef863 2007.1/x86_64/tomcat5-common-lib-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm dedd59d873c5bb4e608b1328595f2d98 2007.1/x86_64/tomcat5-jasper-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm c0ef0eda05488b8b571e6700a9365ea3 2007.1/x86_64/tomcat5-jasper-javadoc-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm 95dae961b82630d633fc3419383dbe4b 2007.1/x86_64/tomcat5-jsp-2.0-api-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm 41378a0106da001d545681c185b2f5c3 2007.1/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm 5448b57b7667414c12aabb1da5e528fa 2007.1/x86_64/tomcat5-server-lib-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm 9a277ae64587b81f61e8c118ba4d4571 2007.1/x86_64/tomcat5-servlet-2.4-api-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm 1be4b0eea59741ef7efb0f51f97e19c7 2007.1/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm d3965a643dbdc8e685ff4b5861877254 2007.1/x86_64/tomcat5-webapps-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm b55342a597ab506be934b6a73ed24005 2007.1/SRPMS/tomcat5-5.5.17-6.2.4.1mdv2007.1.src.rpm
Mandriva Linux 2008.0: 828e35db12f9dab3a5e63c475c289f88 2008.0/i586/tomcat5-5.5.23-9.2.10.1mdv2008.0.i586.rpm 5e98b01f16f8213db5e842dcb47e4e8b 2008.0/i586/tomcat5-admin-webapps-5.5.23-9.2.10.1mdv2008.0.i586.rpm fd483503d3f313775be4c098858a4e0d 2008.0/i586/tomcat5-common-lib-5.5.23-9.2.10.1mdv2008.0.i586.rpm 23dffdf05e1c50d5cfea045552c8f3bb 2008.0/i586/tomcat5-jasper-5.5.23-9.2.10.1mdv2008.0.i586.rpm 3da9fcc0e4c0c8366b676e0770b8fe7c 2008.0/i586/tomcat5-jasper-javadoc-5.5.23-9.2.10.1mdv2008.0.i586.rpm 03222fbcf7fad63aa6920d5d4ee55ee2 2008.0/i586/tomcat5-jsp-2.0-api-5.5.23-9.2.10.1mdv2008.0.i586.rpm 566362e78e6dd5f853b616204453aa0d 2008.0/i586/tomcat5-jsp-2.0-api-javadoc-5.5.23-9.2.10.1mdv2008.0.i586.rpm fd00fd2a4faa567523ba9ce959ad1efa 2008.0/i586/tomcat5-server-lib-5.5.23-9.2.10.1mdv2008.0.i586.rpm 8a8c1b69636876ac31b0968edce82d3f 2008.0/i586/tomcat5-servlet-2.4-api-5.5.23-9.2.10.1mdv2008.0.i586.rpm 85d0641840725e728f18cc86925d1923 2008.0/i586/tomcat5-servlet-2.4-api-javadoc-5.5.23-9.2.10.1mdv2008.0.i586.rpm 3e62b31a3fce47b8d7e2de2ecc7eb29d 2008.0/i586/tomcat5-webapps-5.5.23-9.2.10.1mdv2008.0.i586.rpm 9522ebba28176adf03d9a7b33fb526f8 2008.0/SRPMS/tomcat5-5.5.23-9.2.10.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64: a44ed55a6a2943e5ba39ea6473a2af27 2008.0/x86_64/tomcat5-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm 292e2c0a822a736fe85c498c17bb09c6 2008.0/x86_64/tomcat5-admin-webapps-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm c8ee3862233f323278d0b97a3f07a74d 2008.0/x86_64/tomcat5-common-lib-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm 0c944fe5d8725da8fd4e57e89539fa21 2008.0/x86_64/tomcat5-jasper-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm bcbb50b5978295bd40ec24212ca77a8a 2008.0/x86_64/tomcat5-jasper-javadoc-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm 472c0a30c7ad74c0cb63da51142de438 2008.0/x86_64/tomcat5-jsp-2.0-api-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm 10c6da9615553dc07e2f59d226f30a1d 2008.0/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm 53eba8a64c428e6e2a14e59095f958b4 2008.0/x86_64/tomcat5-server-lib-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm 8c6849bcca11457dffd03aa9c9e9a35f 2008.0/x86_64/tomcat5-servlet-2.4-api-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm b5b42989963c31f79a997c9c18ed4cb4 2008.0/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm 667a7b6fe2d3bc22ef64d87c2a6b9fe7 2008.0/x86_64/tomcat5-webapps-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm 9522ebba28176adf03d9a7b33fb526f8 2008.0/SRPMS/tomcat5-5.5.23-9.2.10.1mdv2008.0.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFHXZ68mqjQ0CJFipgRAhO2AKC+AwaCU8LmMtlbmj5Q9HgrOr3PTwCeMZo1 QKCxPSeNSXZPdPEE6c2TDyk= =z6UT -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ .
Bist Du interessiert an einem neuen Job in IT-Sicherheit?
Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/
TITLE: phpPgAds XML-RPC PHP Code Execution Vulnerability
SECUNIA ADVISORY ID: SA15884
VERIFY ADVISORY: http://secunia.com/advisories/15884/
CRITICAL: Highly critical
IMPACT: System access
WHERE:
From remote
SOFTWARE: phpPgAds 2.x http://secunia.com/product/4577/
DESCRIPTION: A vulnerability has been reported in phpPgAds, which can be exploited by malicious people to compromise a vulnerable system.
For more information: SA15852
SOLUTION: Update to version 2.0.5. http://sourceforge.net/project/showfiles.php?group_id=36679
OTHER REFERENCES: SA15852: http://secunia.com/advisories/15852/
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. Summary:
Updated Tomcat and Java JRE packages for VirtualCenter 2.0.2, ESX Server 3.0.2, and ESX 3.0.1. Relevant releases:
VirtualCenter Management Server 2 ESX Server 3.0.2 without patch ESX-1002434 ESX Server 3.0.1 without patch ESX-1003176
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2005-2090, CVE-2006-7195, and CVE-2007-0450 to these issues.
JRE Security Update This release of VirtualCenter Server updates the JRE package from 1.5.0_7 to 1.5.0_12, which addresses a security issue that existed in the earlier release of JRE.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-3004 to this issue.
Security best practices provided by VMware recommend that the
service console be isolated from the VM network. Please see
http://www.vmware.com/resources/techresources/726 for more
information on VMware security best practices. Solution:
Please review the Patch notes for your product and version and verify the md5sum of your downloaded file.
VMware VirtualCenter 2.0.2 Update 2 Release Notes http://www.vmware.com/support/vi3/doc/releasenotes_vc202u2.html
VirtualCenter CD image md5sum d7d98a5d7f8afff32cee848f860d3ba7
VirtualCenter as Zip md5sum 3b42ec350121659e10352ca2d76e212b
ESX Server 3.0.2 http://kb.vmware.com/kb/1002434 md5sum: 2f52251f6ace3d50934344ef313539d5
ESX Server 3.0.1 http://kb.vmware.com/kb/1003176 md5sum: 5674ca0dcfac90726014cc316444996e
- Contact:
E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
- security-announce@lists.vmware.com
- bugtraq@securityfocus.com
- full-disclosure@lists.grok.org.uk
E-mail: security@vmware.com
Security web site http://www.vmware.com/security
VMware security response policy http://www.vmware.com/support/policies/security_response.html
General support life cycle policy http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html
Copyright 2008 VMware Inc
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200703-0007", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "tomcat", "scope": "lt", "trust": 1.0, "vendor": "apache", "version": "5.5.22" }, { "model": "tomcat", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "5.0.0" }, { "model": "tomcat", "scope": "lt", "trust": 1.0, "vendor": "apache", "version": "6.0.10" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": null }, { "model": "tomcat", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "6.0.0" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "drupal", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "gentoo linux", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "mandriva", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "pear xml rpc", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "phpxmlrpc", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "postnuke", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "red hat", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "serendipity", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "trustix secure linux", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "ubuntu linux", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "wordpress", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "xoops", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "phpmyfaq", "version": null }, { "model": "tomcat", "scope": "lte", "trust": 0.8, "vendor": "apache", "version": "4.0.6" }, { "model": "tomcat", "scope": "lte", "trust": 0.8, "vendor": "apache", "version": "4.1.34" }, { "model": "tomcat", "scope": "lte", "trust": 0.8, "vendor": "apache", "version": "5.0.30" }, { "model": "tomcat", "scope": "lte", "trust": 0.8, "vendor": "apache", "version": "5.5.21" }, { "model": "tomcat", "scope": "lte", "trust": 0.8, "vendor": "apache", "version": "6.0.9" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "2.0" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "2.1" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "10 (sparc)" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "10 (x86)" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "9 (sparc)" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "9 (x86)" }, { "model": "interscan messaging security suite", "scope": "eq", "trust": 0.8, "vendor": "trend micro", "version": "- 7.x" }, { "model": "trendmicro interscan messaging security appliance", "scope": "eq", "trust": 0.8, "vendor": "trend micro", "version": "- 7.x" }, { "model": "trendmicro interscan web security appliance", "scope": "eq", "trust": 0.8, "vendor": "trend micro", "version": "- 3.x" }, { "model": "trendmicro interscan web security suite", "scope": "eq", "trust": 0.8, "vendor": "trend micro", "version": "- 2.x" }, { "model": "trendmicro interscan web security suite", "scope": "eq", "trust": 0.8, "vendor": "trend micro", "version": "- 3.x" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.11" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.23" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.31" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (server)" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5.0 (client)" }, { "model": "rhel desktop workstation", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (client)" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "enterprise edition v4.x/v5.x" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "standard edition v4.x/v5.x" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "standard-j edition v4.x/v5.x" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "uddi registry v1.1 ~ v2.1" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "web edition v4.x/v5.x" }, { "model": "interstage application framework suite", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage apworks", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage business application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage job workload server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage studio", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage web server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "tomcat", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "5.5.7" }, { "model": "tomcat", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "5.5.5" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "win32" }, { "model": "tomcat", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "5.5.4" }, { "model": "tomcat", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "5.5.2" }, { "model": "tomcat", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "5.0.28" }, { "model": "tomcat", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "5.5.6" }, { "model": "tomcat", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "5.0.19" }, { "model": "tomcat", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "5.5.3" }, { "model": "tomcat", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "5.5.0" }, { "model": "virtualcenter management server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2" }, { "model": "esx server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "3.0.2" }, { "model": "esx server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "3.0.1" }, { "model": "linux enterprise server sdk", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "9" }, { "model": "linux enterprise server sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "9" }, { "model": "linux enterprise server", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "9" }, { "model": "linux enterprise server", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "8" }, { "model": "linux enterprise server sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "linux enterprise server", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "linux enterprise sdk 10.sp1", "scope": null, "trust": 0.3, "vendor": "suse", "version": null }, { "model": "linux enterprise sdk", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "linux enterprise desktop sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "linux enterprise desktop", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "linux professional x86 64", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10.2" }, { "model": "linux personal x86 64", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10.2" }, { "model": "solaris 9 x86", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "solaris 9 sparc", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "solaris 10 x86", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "solaris 10 sparc", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "unitedlinux", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "1.0" }, { "model": "suse linux standard server", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "8.0" }, { "model": "suse linux school server for i386", "scope": null, "trust": 0.3, "vendor": "s u s e", "version": null }, { "model": "suse linux retail solution", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "8.0" }, { "model": "suse linux openexchange server", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "4.0" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.2" }, { "model": "open-enterprise-server", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "9.0" }, { "model": "open-enterprise-server", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "0" }, { "model": "novell linux pos", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "9" }, { "model": "novell linux desktop", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "9.0" }, { "model": "linux professional oss", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.0" }, { "model": "linux professional", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.0" }, { "model": "linux professional x86 64", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "9.3" }, { "model": "linux professional", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "9.3" }, { "model": "linux professional", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.2" }, { "model": "linux professional", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.1" }, { "model": "linux personal oss", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.0" }, { "model": "linux personal x86 64", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "9.3" }, { "model": "linux personal", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "9.3" }, { "model": "linux personal", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.2" }, { "model": "linux personal", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.1x86-64" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.1x86" }, { "model": "linux ppc", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.0x86-64" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.0x86" }, { "model": "linux ppc", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.0" }, { "model": "network satellite (for rhel", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4)4.2" }, { "model": "enterprise linux virtualization server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "enterprise linux optional productivity application server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "enterprise linux hardware certification", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "enterprise linux desktop workstation client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "enterprise linux desktop multi os client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "enterprise linux clustering server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "enterprise linux cluster-storage server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "certificate server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7.3" }, { "model": "hat red hat network satellite server", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5.0" }, { "model": "hat red hat network satellite server", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "4.2" }, { "model": "hat red hat network satellite server", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "4.1" }, { "model": "hat red hat network satellite server", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "4.0" }, { "model": "hat network satellite (for rhel", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "3)4.2" }, { "model": "hat enterprise linux supplementary server", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "hat enterprise linux desktop supplementary client", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "hat enterprise linux desktop client", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "hat enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2008.0" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2008.0" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2007.1" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2007.1" }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "hp-ux b.11.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "interstage studio standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage studio standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "interstage studio enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage studio enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "interstage job workload server", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.1" }, { "model": "interstage business application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.0" }, { "model": "interstage apworks modelers-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage apworks modelers-j edition 6.0a", "scope": null, "trust": 0.3, "vendor": "fujitsu", "version": null }, { "model": "interstage apworks modelers-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.3" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.2" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0" }, { "model": "interstage application server plus developer", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.3" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.2" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0.1" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "associates cohesion application configuration manager", "scope": "eq", "trust": 0.3, "vendor": "computer", "version": "4.5" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.10" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.9" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.10" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.9" }, { "model": "software foundation tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.9" }, { "model": "software foundation tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.8" }, { "model": "software foundation tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.7" }, { "model": "software foundation tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.6" }, { "model": "software foundation tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.5" }, { "model": "software foundation tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.4" }, { "model": "software foundation tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.3" }, { "model": "software foundation tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.2" }, { "model": "software foundation tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.1" }, { "model": "software foundation tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.22" }, { "model": "software foundation tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.21" }, { "model": "software foundation tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.20" }, { "model": "software foundation tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.19" }, { "model": "software foundation tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.18" }, { "model": "software foundation tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.17" }, { "model": "software foundation tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.16" }, { "model": "software foundation tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.15" }, { "model": "software foundation tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.14" }, { "model": "software foundation tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.13" }, { "model": "software foundation tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.12" }, { "model": "software foundation tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.11" }, { "model": "software foundation tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.10" }, { "model": "software foundation tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.9" }, { "model": "software foundation tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.8" }, { "model": "software foundation tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.7" }, { "model": "software foundation tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.6" }, { "model": "software foundation tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.5" }, { "model": "software foundation tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.4" }, { "model": "software foundation tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.3" }, { "model": "software foundation tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.2" }, { "model": "software foundation tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.1" }, { "model": "software foundation tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5" }, { "model": "software foundation tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.4" }, { "model": "software foundation tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.3" }, { "model": "software foundation tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.2" }, { "model": "software foundation tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.1" }, { "model": "software foundation tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0" }, { "model": "associates cohesion application configuration manager sp1", "scope": "ne", "trust": 0.3, "vendor": "computer", "version": "4.5" }, { "model": "software foundation tomcat", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": "6.0.10" }, { "model": "software foundation tomcat", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": "5.5.23" } ], "sources": [ { "db": "CERT/CC", "id": "VU#442845" }, { "db": "BID", "id": "22960" }, { "db": "JVNDB", "id": "JVNDB-2007-000217" }, { "db": "CNNVD", "id": "CNNVD-200703-400" }, { "db": "NVD", "id": "CVE-2007-0450" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:apache:tomcat", "vulnerable": true }, { "cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server", "vulnerable": true }, { "cpe22Uri": "cpe:/o:sun:solaris", "vulnerable": true }, { "cpe22Uri": "cpe:/a:trendmicro:interscan_messaging_security_suite", "vulnerable": true }, { "cpe22Uri": "cpe:/a:trendmicro:interscan_messaging_security_appliance", "vulnerable": true }, { "cpe22Uri": "cpe:/a:trendmicro:interscan_web_security_appliance", "vulnerable": true }, { "cpe22Uri": "cpe:/a:trendmicro:interscan_web_security_suite", "vulnerable": true }, { "cpe22Uri": "cpe:/o:hp:hp-ux", "vulnerable": true }, { "cpe22Uri": "cpe:/o:redhat:enterprise_linux", "vulnerable": true }, { "cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop", "vulnerable": true }, { "cpe22Uri": "cpe:/o:redhat:rhel_desktop_workstation", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:webotx_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_framework_suite", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_apworks", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_job_workload_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_studio", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_web_server", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2007-000217" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "David Matscheko", "sources": [ { "db": "CNNVD", "id": "CNNVD-200703-400" } ], "trust": 0.6 }, "cve": "CVE-2007-0450", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2007-0450", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2007-0450", "trust": 1.0, "value": "MEDIUM" }, { "author": "CARNEGIE MELLON", "id": "VU#442845", "trust": 0.8, "value": "20.75" }, { "author": "NVD", "id": "CVE-2007-0450", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-200703-400", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2007-0450", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CERT/CC", "id": "VU#442845" }, { "db": "VULMON", "id": "CVE-2007-0450" }, { "db": "JVNDB", "id": "JVNDB-2007-000217" }, { "db": "CNNVD", "id": "CNNVD-200703-400" }, { "db": "NVD", "id": "CVE-2007-0450" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) \"/\" (slash), (2) \"\\\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache. A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system. Apache HTTP servers running with the Tomcat servlet container are prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. \nExploiting this issue allows attackers to access arbitrary files in the Tomcat webroot. This can expose sensitive information that could help the attacker launch further attacks. \nVersions in the 5.0 series prior to 5.5.22 and in the 6.0 series prior to 6.0.10 are vulnerable. Note that this vulnerability can only be exploited when using\napache proxy modules like mod_proxy, mod_rewrite or mod_jk. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Tomcat users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/tomcat-5.5.22\"\n\nReferences\n==========\n\n [ 1 ] CVE-2007-0450\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-200705-03.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2007 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. Title: CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities\n\n\nCA Advisory Reference: CA20090123-01\n\n\nCA Advisory Date: 2009-01-23\n\n\nReported By: n/a\n\n\nImpact: Refer to the CVE identifiers for details. \n\n\nSummary: Multiple security risks exist in Apache Tomcat as \nincluded with CA Cohesion Application Configuration Manager. CA \nhas issued an update to address the vulnerabilities. Refer to the \nReferences section for the full list of resolved issues by CVE \nidentifier. \n\n\nMitigating Factors: None\n\n\nSeverity: CA has given these vulnerabilities a Medium risk rating. \n\n\nAffected Products:\nCA Cohesion Application Configuration Manager 4.5\n\n\nNon-Affected Products\nCA Cohesion Application Configuration Manager 4.5 SP1\n\n\nAffected Platforms:\nWindows\n\n\nStatus and Recommendation:\nCA has issued the following update to address the vulnerabilities. \n\nCA Cohesion Application Configuration Manager 4.5:\n\nRO04648\nhttps://support.ca.com/irj/portal/anonymous/redirArticles?reqPage=search\n\u0026searchID=RO04648\n\n\nHow to determine if you are affected:\n\n1. Using Windows Explorer, locate the file \"RELEASE-NOTES\". \n2. By default, the file is located in the \n \"C:\\Program Files\\CA\\Cohesion\\Server\\server\\\" directory. \n3. Open the file with a text editor. \n4. If the version is less than 5.5.25, the installation is \n vulnerable. \n\n\nWorkaround: None\n\n\nReferences (URLs may wrap):\nCA Support:\nhttp://support.ca.com/\nCA20090123-01: Security Notice for Cohesion Tomcat\nhttps://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=1975\n40\nSolution Document Reference APARs:\nRO04648\nCA Security Response Blog posting:\nCA20090123-01: Cohesion Tomcat Multiple Vulnerabilities\ncommunity.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx\nReported By: \nn/a\nCVE References:\nCVE-2005-2090\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2090\nCVE-2005-3510\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3510\nCVE-2006-3835\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3835\nCVE-2006-7195\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7195\nCVE-2006-7196\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7196\nCVE-2007-0450\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450\nCVE-2007-1355\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1355\nCVE-2007-1358\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1358\nCVE-2007-1858\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1858\nCVE-2007-2449\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2449\nCVE-2007-2450\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2450\nCVE-2007-3382\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3382\nCVE-2007-3385 *\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385\nCVE-2007-3386\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3386\nCVE-2008-0128\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0128\n*Note: the issue was not completely fixed by Tomcat maintainers. \nOSVDB References: Pending\nhttp://osvdb.org/\n\n\nChangelog for this advisory:\nv1.0 - Initial Release\nv1.1 - Updated Impact, Summary, Affected Products\n\n\nCustomers who require additional information should contact CA\nTechnical Support at http://support.ca.com. \n\nFor technical questions or comments related to this advisory, \nplease send email to vuln AT ca DOT com. \n\nIf you discover a vulnerability in CA products, please report your \nfindings to the CA Product Vulnerability Response Team. \nhttps://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=1777\n82\n\n\nRegards,\nKen Williams, Director ; 0xE2941985\nCA Product Vulnerability Response Team\n\n\nCA, 1 CA Plaza, Islandia, NY 11749\n\t\nContact http://www.ca.com/us/contact/\nLegal Notice http://www.ca.com/us/legal/\nPrivacy Policy http://www.ca.com/us/privacy/\nCopyright (c) 2009 CA. All rights reserved. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c01178795\nVersion: 1\n\nHPSBUX02262 SSRT071447 rev. 1 - HP-UX running Apache, Remote Arbitrary Code Execution, Cross Site Scripting (XSS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2007-10-02\nLast Updated: 2007-10-02\n\nPotential Security Impact: Remote arbitrary code execution, cross site scripting (XSS)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with Apache running on HP-UX. The vulnerabilities could be exploited remotely via Cross Site Scripting (XSS) to execute arbitrary code. \n\nReferences: CVE-2005-2090, CVE-2006-5752, CVE-2007-0450, CVE-2007-0774, CVE-2007-1355, CVE-2007-1358, CVE-2007-1860, CVE-2007-1863, CVE-2007-1887, CVE-2007-1900, CVE-2007-2449, CVE-2007-2450, CVE-2007-2756, CVE-2007-2872, CVE-2007-3382, CVE-2007-3385, CVE-2007-3386. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, B.11.31 running Apache\n\nBACKGROUND\nTo determine if a system has an affected version, search the output of \"swlist -a revision -l fileset\" for an affected fileset. Then determine if the recommended patch or update is installed. \n\nAFFECTED VERSIONS \n\nFor IPv4: \nHP-UX B.11.11 \n============= \nhpuxwsAPACHE \naction: install revision A.2.0.59.00 or subsequent \nrestart Apache \nURL: https://www.hp.com/go/softwaredepot/ \n\nFor IPv6: \nHP-UX B.11.11 \nHP-UX B.11.23 \nHP-UX B.11.31 \n============= \nhpuxwsAPACHE,revision=B.1.0.00.01 \nhpuxwsAPACHE,revision=B.1.0.07.01 \nhpuxwsAPACHE,revision=B.1.0.08.01 \nhpuxwsAPACHE,revision=B.1.0.09.01 \nhpuxwsAPACHE,revision=B.1.0.10.01 \nhpuxwsAPACHE,revision=B.2.0.48.00 \nhpuxwsAPACHE,revision=B.2.0.49.00 \nhpuxwsAPACHE,revision=B.2.0.50.00 \nhpuxwsAPACHE,revision=B.2.0.51.00 \nhpuxwsAPACHE,revision=B.2.0.52.00 \nhpuxwsAPACHE,revision=B.2.0.53.00 \nhpuxwsAPACHE,revision=B.2.0.54.00 \nhpuxwsAPACHE,revision=B.2.0.55.00 \nhpuxwsAPACHE,revision=B.2.0.56.00 \nhpuxwsAPACHE,revision=B.2.0.58.00 \nhpuxwsAPACHE,revision=B.2.0.58.01 \n\naction: install revision B.2.0.59.00 or subsequent \nrestart Apache \nURL: https://www.hp.com/go/softwaredepot/ \n\nEND AFFECTED VERSIONS \n\n\nRESOLUTION\nHP has made the following available to resolve the vulnerability. \nHP-UX Apache-based Web Server v.2.18 powered by Apache Tomcat Webmin or subsequent. \nThe update is available on https://www.hp.com/go/softwaredepot/ \nNote: HP-UX Apache-based Web Server v.2.18 powered by Apache Tomcat Webmin contains HP-UX Apache-based Web Server v.2.0.59.00. \n\nMANUAL ACTIONS: Yes - Update \nInstall HP-UX Apache-based Web Server v.2.18 powered by Apache Tomcat Webmin or subsequent. \n\nPRODUCT SPECIFIC INFORMATION \nHP-UX Software Assistant: \nHP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all HP-issued Security Bulletins and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. \nFor more information see: https://www.hp.com/go/swa \n\nHISTORY \nRevision: 1 (rev.1) - 02 October 2007 Initial release \n\nThird Party Security Patches: \nThird party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com \nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n To: security-alert@hp.com \n Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email: \nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC \nOn the web page: ITRC security bulletins and patch sign-up \nUnder Step1: your ITRC security bulletins and patches \n - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems \n - verify your operating system selections are checked and save. \n\n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php \nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do \n\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: \n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 8.1\n\niQA/AwUBRwVCruAfOvwtKn1ZEQK1YgCfavU7x1Hs59uLdP26lpZFwMxKofIAn3gJ\nHHoe3AY1sc6hrW3Xk+B1hcbr\n=+E1W\n-----END PGP SIGNATURE-----\n. \n \n Multiple cross-site scripting vulnerabilities in the Manager and Host\n Manager web applications allow remote authenticated users to inject\n arbitrary web script or HTML (CVE-2007-2450). \n \n Tomcat treated single quotes as delimiters in cookies, which could\n cause sensitive information such as session IDs to be leaked and allow\n remote attackers to conduct session hijacking attacks (CVE-2007-3382). \n \n Tomcat did not properly handle the \" character sequence in a cookie\n value, which could cause sensitive information such as session IDs\n to be leaked and allow remote attackers to conduct session hijacking\n attacks (CVE-2007-3385). \n \n A cross-site scripting vulnerability in the Host Manager servlet\n allowed remote attackers to inject arbitrary HTML and web script via\n crafted attacks (CVE-2007-3386). \n \n The updated packages have been patched to correct these issues. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2449\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2450\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3382\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3386\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2007.1:\n 2eaba952d2699868ef76ca11dc7743e2 2007.1/i586/tomcat5-5.5.17-6.2.4.1mdv2007.1.i586.rpm\n 037b18dda99d06be0b77f35964257902 2007.1/i586/tomcat5-admin-webapps-5.5.17-6.2.4.1mdv2007.1.i586.rpm\n d9e6c355370c0e3f9aebc7ba0edd99d5 2007.1/i586/tomcat5-common-lib-5.5.17-6.2.4.1mdv2007.1.i586.rpm\n fcb4fa36ea0926a0fbd92d1f9c9d9671 2007.1/i586/tomcat5-jasper-5.5.17-6.2.4.1mdv2007.1.i586.rpm\n fedd1a27a4f46d0d793c3ceb21a57246 2007.1/i586/tomcat5-jasper-javadoc-5.5.17-6.2.4.1mdv2007.1.i586.rpm\n ab5985c840c14c812b3e72dae54407f0 2007.1/i586/tomcat5-jsp-2.0-api-5.5.17-6.2.4.1mdv2007.1.i586.rpm\n 6266395d78af5f64ce7a150b9175fab7 2007.1/i586/tomcat5-jsp-2.0-api-javadoc-5.5.17-6.2.4.1mdv2007.1.i586.rpm\n 08335caaa65e97003aa67d465ce60ae1 2007.1/i586/tomcat5-server-lib-5.5.17-6.2.4.1mdv2007.1.i586.rpm\n 3a4f5995900419c7354804ae0dc548b6 2007.1/i586/tomcat5-servlet-2.4-api-5.5.17-6.2.4.1mdv2007.1.i586.rpm\n 0c27ba521cee0d06627f121df3a138c9 2007.1/i586/tomcat5-servlet-2.4-api-javadoc-5.5.17-6.2.4.1mdv2007.1.i586.rpm\n 07537a59d8549f412dc4c9a783f41177 2007.1/i586/tomcat5-webapps-5.5.17-6.2.4.1mdv2007.1.i586.rpm \n b55342a597ab506be934b6a73ed24005 2007.1/SRPMS/tomcat5-5.5.17-6.2.4.1mdv2007.1.src.rpm\n\n Mandriva Linux 2007.1/X86_64:\n aea539336fa58a995ae1411fe61934c2 2007.1/x86_64/tomcat5-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm\n 0225750a0d4ef032915783d0b29c1504 2007.1/x86_64/tomcat5-admin-webapps-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm\n 8223d038509a71f537f537909e9ef863 2007.1/x86_64/tomcat5-common-lib-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm\n dedd59d873c5bb4e608b1328595f2d98 2007.1/x86_64/tomcat5-jasper-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm\n c0ef0eda05488b8b571e6700a9365ea3 2007.1/x86_64/tomcat5-jasper-javadoc-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm\n 95dae961b82630d633fc3419383dbe4b 2007.1/x86_64/tomcat5-jsp-2.0-api-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm\n 41378a0106da001d545681c185b2f5c3 2007.1/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm\n 5448b57b7667414c12aabb1da5e528fa 2007.1/x86_64/tomcat5-server-lib-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm\n 9a277ae64587b81f61e8c118ba4d4571 2007.1/x86_64/tomcat5-servlet-2.4-api-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm\n 1be4b0eea59741ef7efb0f51f97e19c7 2007.1/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm\n d3965a643dbdc8e685ff4b5861877254 2007.1/x86_64/tomcat5-webapps-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm \n b55342a597ab506be934b6a73ed24005 2007.1/SRPMS/tomcat5-5.5.17-6.2.4.1mdv2007.1.src.rpm\n\n Mandriva Linux 2008.0:\n 828e35db12f9dab3a5e63c475c289f88 2008.0/i586/tomcat5-5.5.23-9.2.10.1mdv2008.0.i586.rpm\n 5e98b01f16f8213db5e842dcb47e4e8b 2008.0/i586/tomcat5-admin-webapps-5.5.23-9.2.10.1mdv2008.0.i586.rpm\n fd483503d3f313775be4c098858a4e0d 2008.0/i586/tomcat5-common-lib-5.5.23-9.2.10.1mdv2008.0.i586.rpm\n 23dffdf05e1c50d5cfea045552c8f3bb 2008.0/i586/tomcat5-jasper-5.5.23-9.2.10.1mdv2008.0.i586.rpm\n 3da9fcc0e4c0c8366b676e0770b8fe7c 2008.0/i586/tomcat5-jasper-javadoc-5.5.23-9.2.10.1mdv2008.0.i586.rpm\n 03222fbcf7fad63aa6920d5d4ee55ee2 2008.0/i586/tomcat5-jsp-2.0-api-5.5.23-9.2.10.1mdv2008.0.i586.rpm\n 566362e78e6dd5f853b616204453aa0d 2008.0/i586/tomcat5-jsp-2.0-api-javadoc-5.5.23-9.2.10.1mdv2008.0.i586.rpm\n fd00fd2a4faa567523ba9ce959ad1efa 2008.0/i586/tomcat5-server-lib-5.5.23-9.2.10.1mdv2008.0.i586.rpm\n 8a8c1b69636876ac31b0968edce82d3f 2008.0/i586/tomcat5-servlet-2.4-api-5.5.23-9.2.10.1mdv2008.0.i586.rpm\n 85d0641840725e728f18cc86925d1923 2008.0/i586/tomcat5-servlet-2.4-api-javadoc-5.5.23-9.2.10.1mdv2008.0.i586.rpm\n 3e62b31a3fce47b8d7e2de2ecc7eb29d 2008.0/i586/tomcat5-webapps-5.5.23-9.2.10.1mdv2008.0.i586.rpm \n 9522ebba28176adf03d9a7b33fb526f8 2008.0/SRPMS/tomcat5-5.5.23-9.2.10.1mdv2008.0.src.rpm\n\n Mandriva Linux 2008.0/X86_64:\n a44ed55a6a2943e5ba39ea6473a2af27 2008.0/x86_64/tomcat5-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm\n 292e2c0a822a736fe85c498c17bb09c6 2008.0/x86_64/tomcat5-admin-webapps-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm\n c8ee3862233f323278d0b97a3f07a74d 2008.0/x86_64/tomcat5-common-lib-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm\n 0c944fe5d8725da8fd4e57e89539fa21 2008.0/x86_64/tomcat5-jasper-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm\n bcbb50b5978295bd40ec24212ca77a8a 2008.0/x86_64/tomcat5-jasper-javadoc-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm\n 472c0a30c7ad74c0cb63da51142de438 2008.0/x86_64/tomcat5-jsp-2.0-api-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm\n 10c6da9615553dc07e2f59d226f30a1d 2008.0/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm\n 53eba8a64c428e6e2a14e59095f958b4 2008.0/x86_64/tomcat5-server-lib-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm\n 8c6849bcca11457dffd03aa9c9e9a35f 2008.0/x86_64/tomcat5-servlet-2.4-api-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm\n b5b42989963c31f79a997c9c18ed4cb4 2008.0/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm\n 667a7b6fe2d3bc22ef64d87c2a6b9fe7 2008.0/x86_64/tomcat5-webapps-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm \n 9522ebba28176adf03d9a7b33fb526f8 2008.0/SRPMS/tomcat5-5.5.23-9.2.10.1mdv2008.0.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (GNU/Linux)\n\niD8DBQFHXZ68mqjQ0CJFipgRAhO2AKC+AwaCU8LmMtlbmj5Q9HgrOr3PTwCeMZo1\nQKCxPSeNSXZPdPEE6c2TDyk=\n=z6UT\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \n\n----------------------------------------------------------------------\n\nBist Du interessiert an einem neuen Job in IT-Sicherheit?\n\n\nSecunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-\nSicherheit:\nhttp://secunia.com/secunia_vacancies/\n\n----------------------------------------------------------------------\n\nTITLE:\nphpPgAds XML-RPC PHP Code Execution Vulnerability\n\nSECUNIA ADVISORY ID:\nSA15884\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/15884/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nphpPgAds 2.x\nhttp://secunia.com/product/4577/\n\nDESCRIPTION:\nA vulnerability has been reported in phpPgAds, which can be exploited\nby malicious people to compromise a vulnerable system. \n\nFor more information:\nSA15852\n\nSOLUTION:\nUpdate to version 2.0.5. \nhttp://sourceforge.net/project/showfiles.php?group_id=36679\n\nOTHER REFERENCES:\nSA15852:\nhttp://secunia.com/advisories/15852/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. Summary:\n\n Updated Tomcat and Java JRE packages for VirtualCenter 2.0.2, ESX\n Server 3.0.2, and ESX 3.0.1. Relevant releases:\n\n VirtualCenter Management Server 2\n ESX Server 3.0.2 without patch ESX-1002434\n ESX Server 3.0.1 without patch ESX-1003176\n\n3. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the names CVE-2005-2090, CVE-2006-7195, and CVE-2007-0450 to\n these issues. \n\n JRE Security Update\n This release of VirtualCenter Server updates the JRE package from\n 1.5.0_7 to 1.5.0_12, which addresses a security issue that existed in\n the earlier release of JRE. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the name CVE-2007-3004 to this issue. \n\n Security best practices provided by VMware recommend that the\n service console be isolated from the VM network. Please see\n http://www.vmware.com/resources/techresources/726 for more\n information on VMware security best practices. Solution:\n\nPlease review the Patch notes for your product and version and verify\nthe md5sum of your downloaded file. \n\n VMware VirtualCenter 2.0.2 Update 2 Release Notes\n http://www.vmware.com/support/vi3/doc/releasenotes_vc202u2.html\n\n VirtualCenter CD image\n md5sum d7d98a5d7f8afff32cee848f860d3ba7\n\n VirtualCenter as Zip\n md5sum 3b42ec350121659e10352ca2d76e212b\n\n ESX Server 3.0.2\n http://kb.vmware.com/kb/1002434\n md5sum: 2f52251f6ace3d50934344ef313539d5\n\n ESX Server 3.0.1\n http://kb.vmware.com/kb/1003176\n md5sum: 5674ca0dcfac90726014cc316444996e\n\n5. Contact:\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n * security-announce@lists.vmware.com\n * bugtraq@securityfocus.com\n * full-disclosure@lists.grok.org.uk\n\nE-mail: security@vmware.com\n\nSecurity web site\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2008 VMware Inc", "sources": [ { "db": "NVD", "id": "CVE-2007-0450" }, { "db": "CERT/CC", "id": "VU#442845" }, { "db": "JVNDB", "id": "JVNDB-2007-000217" }, { "db": "BID", "id": "22960" }, { "db": "VULMON", "id": "CVE-2007-0450" }, { "db": "PACKETSTORM", "id": "56411" }, { "db": "PACKETSTORM", "id": "74289" }, { "db": "PACKETSTORM", "id": "59939" }, { "db": "PACKETSTORM", "id": "61679" }, { "db": "PACKETSTORM", "id": "38390" }, { "db": "PACKETSTORM", "id": "62402" } ], "trust": 3.24 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=29739", "trust": 0.1, "type": "exploit" } ], "sources": [ { "db": "VULMON", "id": "CVE-2007-0450" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2007-0450", "trust": 3.3 }, { "db": "BID", "id": "22960", "trust": 2.8 }, { "db": "SECUNIA", "id": "24732", "trust": 2.5 }, { "db": "SECUNIA", "id": "28365", "trust": 1.7 }, { "db": "SECUNIA", "id": "30899", "trust": 1.7 }, { "db": "SECUNIA", "id": "25106", "trust": 1.7 }, { "db": "SECUNIA", "id": "26235", "trust": 1.7 }, { "db": "SECUNIA", "id": "30908", "trust": 1.7 }, { "db": "SECUNIA", "id": "27037", "trust": 1.7 }, { "db": "SECUNIA", "id": "26660", "trust": 1.7 }, { "db": "SECUNIA", "id": "33668", "trust": 1.7 }, { "db": "SECUNIA", "id": "25280", "trust": 1.7 }, { "db": "SREASON", "id": "2446", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2008-1979", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2007-3386", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2007-2732", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2009-0233", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2007-0975", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2007-3087", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2008-0065", "trust": 1.7 }, { "db": "BID", "id": "25159", "trust": 1.7 }, { "db": "SECUNIA", "id": "15884", "trust": 0.9 }, { "db": "SECUNIA", "id": "15810", "trust": 0.8 }, { "db": "SECUNIA", "id": "15922", "trust": 0.8 }, { "db": "SECUNIA", "id": "15852", "trust": 0.8 }, { "db": "SECUNIA", "id": "15855", "trust": 0.8 }, { "db": "SECUNIA", "id": "15861", "trust": 0.8 }, { "db": "SECUNIA", "id": "15862", "trust": 0.8 }, { "db": "SECUNIA", "id": "15872", "trust": 0.8 }, { "db": "SECUNIA", "id": "15883", "trust": 0.8 }, { "db": "SECUNIA", "id": "15895", "trust": 0.8 }, { "db": "BID", "id": "14088", "trust": 0.8 }, { "db": "SECTRACK", "id": "1014327", "trust": 0.8 }, { "db": "CERT/CC", "id": "VU#442845", "trust": 0.8 }, { "db": "XF", "id": "32988", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2007-000217", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-200703-400", "trust": 0.6 }, { "db": "EXPLOIT-DB", "id": "29739", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2007-0450", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "56411", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "74289", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "59939", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "61679", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "38390", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "62402", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#442845" }, { "db": "VULMON", "id": "CVE-2007-0450" }, { "db": "BID", "id": "22960" }, { "db": "JVNDB", "id": "JVNDB-2007-000217" }, { "db": "PACKETSTORM", "id": "56411" }, { "db": "PACKETSTORM", "id": "74289" }, { "db": "PACKETSTORM", "id": "59939" }, { "db": "PACKETSTORM", "id": "61679" }, { "db": "PACKETSTORM", "id": "38390" }, { "db": "PACKETSTORM", "id": "62402" }, { "db": "CNNVD", "id": "CNNVD-200703-400" }, { "db": "NVD", "id": "CVE-2007-0450" } ] }, "id": "VAR-200703-0007", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.16519225 }, "last_update_date": "2024-11-29T22:13:26.674000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Fixed in Apache Tomcat 6.0.10", "trust": 0.8, "url": "http://tomcat.apache.org/security-6.html" }, { "title": "Fixed in Apache Tomcat 4.1.36", "trust": 0.8, "url": "http://tomcat.apache.org/security-4.html" }, { "title": "Fixed in Apache Tomcat 5.5.22, 5.0.SVN", "trust": 0.8, "url": "http://tomcat.apache.org/security-5.html" }, { "title": "HPSBUX02262", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01178795" }, { "title": "HPSBUX02262", "trust": 0.8, "url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/HP-UX/HPSBUX02262.html" }, { "title": "tomcat4 (V2.x)", "trust": 0.8, "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=1168" }, { "title": "NV09-001", "trust": 0.8, "url": "http://www.nec.co.jp/security-info/secinfo/nv09-001.html" }, { "title": "RHSA-2007:0327", "trust": 0.8, "url": "https://rhn.redhat.com/errata/RHSA-2007-0327.html" }, { "title": "239312", "trust": 0.8, "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-239312-1" }, { "title": "imss_70_lx32_en_sp1_patch2_readme", "trust": 0.8, "url": "http://www.trendmicro.com/ftp/documentation/readme/imss_70_lx32_en_sp1_patch2_readme.txt" }, { "title": "readme_imss70_lin_sp1_patch1_b3356", "trust": 0.8, "url": "http://www.trendmicro.com/ftp/jp/ucmodule/imss/lin/70/readme_imss70_lin_sp1_patch1_b3356.txt" }, { "title": "imss_70_win32_en_sp1_patch2_readme", "trust": 0.8, "url": "http://www.trendmicro.com/ftp/documentation/readme/imss_70_win32_en_sp1_patch2_readme.txt" }, { "title": "readme_imss70_sol_sp1_patch1_b81460", "trust": 0.8, "url": "http://www.trendmicro.com/ftp/jp/ucmodule/imss/sol/70/readme_imss70_sol_sp1_patch1_b81460_r2.txt" }, { "title": "iwss_31_lx32_en_patch2_readme", "trust": 0.8, "url": "http://www.trendmicro.com/ftp/documentation/readme/iwss_31_lx32_en_patch2_readme.txt" }, { "title": "interstage_as_200702", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_200702.html" }, { "title": "2064149", "trust": 0.8, "url": "http://esupport.trendmicro.co.jp/supportjp/viewxml.do?ContentID=JP-2064149" }, { "title": "2064436", "trust": 0.8, "url": "http://esupport.trendmicro.co.jp/supportjp/viewxml.do?ContentID=JP-2064436" }, { "title": "RHSA-2007:0327", "trust": 0.8, "url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2007-0327J.html" }, { "title": "VMware Security Advisories: Updated Tomcat and Java JRE packages for VirtualCenter 2.5, VirtualCenter 2.0.2, ESX 3.5, ESX 3.0.2, and ESX 3.0.1.", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=0fde1d7289a7f706413e4e8620446740" }, { "title": "Capstone-Red-vs-Blue-CySec-Report", "trust": 0.1, "url": "https://github.com/ActualSalt/Capstone-Red-vs-Blue-CySec-Report " } ], "sources": [ { "db": "VULMON", "id": "CVE-2007-0450" }, { "db": "JVNDB", "id": "JVNDB-2007-000217" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-22", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2007-000217" }, { "db": "NVD", "id": "CVE-2007-0450" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.2, "url": "http://www.securityfocus.com/bid/22960" }, { "trust": 2.5, "url": "http://secunia.com/advisories/24732" }, { "trust": 2.3, "url": "http://www.securityfocus.com/bid/25159" }, { "trust": 2.0, "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200702e.html" }, { "trust": 2.0, "url": "http://support.avaya.com/elmodocs2/security/asa-2007-206.htm" }, { "trust": 2.0, "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid=197540" }, { "trust": 1.8, "url": "http://security.gentoo.org/glsa/glsa-200705-03.xml" }, { "trust": 1.7, "url": "http://www.sec-consult.com/287.html" }, { "trust": 1.7, "url": "http://www.sec-consult.com/fileadmin/advisories/20070314-0-apache_tomcat_directory_traversal.txt" }, { "trust": 1.7, "url": "http://www.novell.com/linux/security/advisories/2007_5_sr.html" }, { "trust": 1.7, "url": "http://tomcat.apache.org/security-4.html" }, { "trust": 1.7, "url": "http://tomcat.apache.org/security-5.html" }, { "trust": 1.7, "url": "http://tomcat.apache.org/security-6.html" }, { "trust": 1.7, "url": "http://secunia.com/advisories/25106" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2007-0327.html" }, { "trust": 1.7, "url": "http://secunia.com/advisories/25280" }, { "trust": 1.7, "url": "http://docs.info.apple.com/article.html?artnum=306172" }, { "trust": 1.7, "url": "http://lists.apple.com/archives/security-announce//2007/jul/msg00004.html" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2007-0360.html" }, { "trust": 1.7, "url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html" }, { "trust": 1.7, "url": "http://secunia.com/advisories/26235" }, { "trust": 1.7, "url": "http://secunia.com/advisories/26660" }, { "trust": 1.7, "url": "http://secunia.com/advisories/27037" }, { "trust": 1.7, "url": "http://securityreason.com/securityalert/2446" }, { "trust": 1.7, "url": "http://www.mandriva.com/security/advisories?name=mdksa-2007:241" }, { "trust": 1.7, "url": "http://lists.vmware.com/pipermail/security-announce/2008/000003.html" }, { "trust": 1.7, "url": "http://secunia.com/advisories/28365" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2008-0261.html" }, { "trust": 1.7, "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1" }, { "trust": 1.7, "url": "http://secunia.com/advisories/30908" }, { "trust": 1.7, "url": "http://secunia.com/advisories/30899" }, { "trust": 1.7, "url": "http://secunia.com/advisories/33668" }, { "trust": 1.7, "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2009/0233" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2007/0975" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2007/3087" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2007/2732" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2007/3386" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2008/1979/references" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2008/0065" }, { "trust": 1.7, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01178795" }, { "trust": 1.7, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32988" }, { "trust": 1.7, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10643" }, { "trust": 1.7, "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded" }, { "trust": 1.7, "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded" }, { "trust": 1.7, "url": "http://www.securityfocus.com/archive/1/485938/100/0/threaded" }, { "trust": 1.7, "url": "http://www.securityfocus.com/archive/1/462791/100/0/threaded" }, { "trust": 1.6, "url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3cdev.tomcat.apache.org%3e" }, { "trust": 1.6, "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3cdev.tomcat.apache.org%3e" }, { "trust": 1.6, "url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3cdev.tomcat.apache.org%3e" }, { "trust": 1.6, "url": "https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3cdev.tomcat.apache.org%3e" }, { "trust": 1.6, "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3cdev.tomcat.apache.org%3e" }, { "trust": 1.6, "url": "https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3cdev.tomcat.apache.org%3e" }, { "trust": 1.6, "url": "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3cdev.tomcat.apache.org%3e" }, { "trust": 1.6, "url": "https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3cdev.tomcat.apache.org%3e" }, { "trust": 1.6, "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3cdev.tomcat.apache.org%3e" }, { "trust": 1.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0450" }, { "trust": 0.9, "url": "http://secunia.com/advisories/15884/" }, { "trust": 0.9, "url": "http://secunia.com/advisories/15852/" }, { "trust": 0.8, "url": "http://www.hardened-php.net/advisory-022005.php" }, { "trust": 0.8, "url": "http://secunia.com/advisories/15861/" }, { "trust": 0.8, "url": "http://secunia.com/advisories/15862/" }, { "trust": 0.8, "url": "http://secunia.com/advisories/15895/" }, { "trust": 0.8, "url": "http://secunia.com/advisories/15883/" }, { "trust": 0.8, "url": "http://news.postnuke.com/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=2699" }, { "trust": 0.8, "url": "http://secunia.com/advisories/15855/" }, { "trust": 0.8, "url": "http://secunia.com/advisories/15810/" }, { "trust": 0.8, "url": "http://secunia.com/advisories/15872/" }, { "trust": 0.8, "url": "http://secunia.com/advisories/15922/" }, { "trust": 0.8, "url": "http://securitytracker.com/alerts/2005/jun/1014327.html" }, { "trust": 0.8, "url": "http://www.gulftech.org/?node=research\u0026article_id=00088-07022005" }, { "trust": 0.8, "url": "http://www.gulftech.org/?node=research\u0026article_id=00087-07012005" }, { "trust": 0.8, "url": "http://www.securityfocus.com/bid/14088" }, { "trust": 0.8, "url": "http://www.frsirt.com/english/advisories/2007/0975" }, { "trust": 0.8, "url": "http://xforce.iss.net/xforce/xfdb/32988" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-0450" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3cdev.tomcat.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3cdev.tomcat.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935@%3cdev.tomcat.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3cdev.tomcat.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925@%3cdev.tomcat.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4@%3cdev.tomcat.apache.org%3e" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0450" }, { "trust": 0.3, "url": "http://tomcat.apache.org/" }, { "trust": 0.3, "url": "/archive/1/500412" }, { "trust": 0.3, "url": "/archive/1/481830" }, { "trust": 0.3, "url": "msg://bugtraq/45f7f67f.8050403@sec-consult.com" }, { "trust": 0.3, "url": "http://rhn.redhat.com/errata/rhsa-2007-0327.html" }, { "trust": 0.3, "url": "http://rhn.redhat.com/errata/rhsa-2007-1069.html" }, { "trust": 0.3, "url": "http://rhn.redhat.com/errata/rhsa-2008-0261.html" }, { "trust": 0.3, "url": "http://rhn.redhat.com/errata/rhsa-2008-0524.html" }, { "trust": 0.3, "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-239312-1" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-2449" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-3386" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-2450" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-3382" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-3385" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2090" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-1358" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2450" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-2090" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-7195" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3385" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3386" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3382" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-1355" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2006-7195" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2449" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/22.html" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3cdev.tomcat.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c@%3cdev.tomcat.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3cdev.tomcat.apache.org%3e" }, { "trust": 0.1, "url": "https://github.com/actualsalt/capstone-red-vs-blue-cysec-report" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.exploit-db.com/exploits/29739/" }, { "trust": 0.1, "url": "https://www.vmware.com/security/advisories/vmsa-2008-0002.html" }, { "trust": 0.1, "url": "http://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "http://www.ca.com/us/contact/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-7196" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0128" }, { "trust": 0.1, "url": "http://support.ca.com/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3510" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1858" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3510" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0128" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1358" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3835" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1355" }, { "trust": 0.1, "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid=1777" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3835" }, { "trust": 0.1, "url": "http://support.ca.com." }, { "trust": 0.1, "url": "http://www.ca.com/us/privacy/" }, { "trust": 0.1, "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid=1975" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-1858" }, { "trust": 0.1, "url": "http://osvdb.org/" }, { "trust": 0.1, "url": "https://support.ca.com/irj/portal/anonymous/redirarticles?reqpage=search" }, { "trust": 0.1, "url": "http://www.ca.com/us/legal/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2006-7196" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-1860" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-1863" }, { "trust": 0.1, "url": "https://www.hp.com/go/softwaredepot/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-1900" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0774" }, { "trust": 0.1, "url": "http://h30046.www3.hp.com/subsignin.php" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-2872" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-2756" }, { "trust": 0.1, "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do" }, { "trust": 0.1, "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc" }, { "trust": 0.1, "url": "https://www.hp.com/go/swa" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-1887" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2006-5752" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5461" }, { "trust": 0.1, "url": "http://secunia.com/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5461" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/advisories" }, { "trust": 0.1, "url": "http://lists.grok.org.uk/full-disclosure-charter.html" }, { "trust": 0.1, "url": "http://secunia.com/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/product/4577/" }, { "trust": 0.1, "url": "http://secunia.com/secunia_vacancies/" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://sourceforge.net/project/showfiles.php?group_id=36679" }, { "trust": 0.1, "url": "http://secunia.com/about_secunia_advisories/" }, { "trust": 0.1, "url": "http://www.vmware.com/support/policies/eos.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3004" }, { "trust": 0.1, "url": "http://www.vmware.com/security" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/1003176" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/1002434" }, { "trust": 0.1, "url": "http://www.vmware.com/support/policies/security_response.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-3004" }, { "trust": 0.1, "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce" }, { "trust": 0.1, "url": "http://www.vmware.com/resources/techresources/726" }, { "trust": 0.1, "url": "http://www.vmware.com/support/vi3/doc/releasenotes_vc202u2.html" }, { "trust": 0.1, "url": "http://www.vmware.com/support/policies/eos_vi.html" } ], "sources": [ { "db": "CERT/CC", "id": "VU#442845" }, { "db": "VULMON", "id": "CVE-2007-0450" }, { "db": "BID", "id": "22960" }, { "db": "JVNDB", "id": "JVNDB-2007-000217" }, { "db": "PACKETSTORM", "id": "56411" }, { "db": "PACKETSTORM", "id": "74289" }, { "db": "PACKETSTORM", "id": "59939" }, { "db": "PACKETSTORM", "id": "61679" }, { "db": "PACKETSTORM", "id": "38390" }, { "db": "PACKETSTORM", "id": "62402" }, { "db": "CNNVD", "id": "CNNVD-200703-400" }, { "db": "NVD", "id": "CVE-2007-0450" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#442845" }, { "db": "VULMON", "id": "CVE-2007-0450" }, { "db": "BID", "id": "22960" }, { "db": "JVNDB", "id": "JVNDB-2007-000217" }, { "db": "PACKETSTORM", "id": "56411" }, { "db": "PACKETSTORM", "id": "74289" }, { "db": "PACKETSTORM", "id": "59939" }, { "db": "PACKETSTORM", "id": "61679" }, { "db": "PACKETSTORM", "id": "38390" }, { "db": "PACKETSTORM", "id": "62402" }, { "db": "CNNVD", "id": "CNNVD-200703-400" }, { "db": "NVD", "id": "CVE-2007-0450" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2005-07-06T00:00:00", "db": "CERT/CC", "id": "VU#442845" }, { "date": "2007-03-16T00:00:00", "db": "VULMON", "id": "CVE-2007-0450" }, { "date": "2007-03-14T00:00:00", "db": "BID", "id": "22960" }, { "date": "2007-04-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2007-000217" }, { "date": "2007-05-03T07:01:34", "db": "PACKETSTORM", "id": "56411" }, { "date": "2009-01-27T23:27:39", "db": "PACKETSTORM", "id": "74289" }, { "date": "2007-10-10T05:27:27", "db": "PACKETSTORM", "id": "59939" }, { "date": "2007-12-11T01:29:29", "db": "PACKETSTORM", "id": "61679" }, { "date": "2005-07-01T23:31:00", "db": "PACKETSTORM", "id": "38390" }, { "date": "2008-01-08T16:58:51", "db": "PACKETSTORM", "id": "62402" }, { "date": "2006-06-01T00:00:00", "db": "CNNVD", "id": "CNNVD-200703-400" }, { "date": "2007-03-16T22:19:00", "db": "NVD", "id": "CVE-2007-0450" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2007-03-09T00:00:00", "db": "CERT/CC", "id": "VU#442845" }, { "date": "2019-04-15T00:00:00", "db": "VULMON", "id": "CVE-2007-0450" }, { "date": "2010-08-05T20:45:00", "db": "BID", "id": "22960" }, { "date": "2010-01-06T00:00:00", "db": "JVNDB", "id": "JVNDB-2007-000217" }, { "date": "2023-02-14T00:00:00", "db": "CNNVD", "id": "CNNVD-200703-400" }, { "date": "2024-11-21T00:25:53.633000", "db": "NVD", "id": "CVE-2007-0450" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-200703-400" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Multiple PHP XML-RPC implementations vulnerable to code injection", "sources": [ { "db": "CERT/CC", "id": "VU#442845" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "path traversal", "sources": [ { "db": "CNNVD", "id": "CNNVD-200703-400" } ], "trust": 0.6 } }
var-201404-0287
Vulnerability from variot
CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094. This vulnerability CVE-2014-0094 Vulnerability due to insufficient fix for.Through a crafted request by a third party, ClassLoader The " operation (manipulate)" And any code could be executed. Apache Struts is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. Apache Struts versions 2.0.0 through 2.3.16.1 are vulnerable
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201404-0287", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "struts", "scope": "lt", "trust": 1.8, "vendor": "apache", "version": "2.3.16.2" }, { "model": "connections", "scope": "eq", "trust": 1.1, "vendor": "ibm", "version": "5.0" }, { "model": "connections", "scope": "eq", "trust": 1.1, "vendor": "ibm", "version": "4.5" }, { "model": "connections", "scope": "eq", "trust": 1.1, "vendor": "ibm", "version": "4.0" }, { "model": "struts", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "2.0.0" }, { "model": "struts", "scope": "eq", "trust": 0.9, "vendor": "apache", "version": "2.3.4" }, { "model": "struts", "scope": "eq", "trust": 0.9, "vendor": "apache", "version": "2.3.8" }, { "model": "struts", "scope": "eq", "trust": 0.9, "vendor": "apache", "version": "2.3.7" }, { "model": "struts", "scope": "eq", "trust": 0.9, "vendor": "apache", "version": "2.3.16.1" }, { "model": "struts", "scope": "eq", "trust": 0.9, "vendor": "apache", "version": "2.3.16" }, { "model": "struts", "scope": "eq", "trust": 0.9, "vendor": "apache", "version": "2.3.15.3" }, { "model": "struts", "scope": "eq", "trust": 0.9, "vendor": "apache", "version": "2.3.15.2" }, { "model": "struts", "scope": "eq", "trust": 0.9, "vendor": "apache", "version": "2.3.15.1" }, { "model": "connections", "scope": "lte", "trust": 0.8, "vendor": "ibm", "version": "3.0.1.1" }, { "model": "mysql", "scope": "lte", "trust": 0.8, "vendor": "oracle", "version": "enterprise monitor 2.3.16" }, { "model": "mysql", "scope": "lte", "trust": 0.8, "vendor": "oracle", "version": "enterprise monitor 3.0.10" }, { "model": "esmpro/servermanager", "scope": "lte", "trust": 0.8, "vendor": "nec", "version": "ver5.75" }, { "model": "infocage", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "pc security" }, { "model": "infocage", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "security risk management v1.0.0 to v2.1.3" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "enterprise edition v5.1 to v5.2" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "enterprise edition v6.1 to v6.5" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "rfid manager enterprise v7.1" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "rfid manager lite v2.0" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "rfid manager standard v2.0" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "standard edition v5.1 to v5.2" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "standard edition v6.1 to v6.5" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "standard-j edition v5.1 to v5.2" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "standard-j edition v6.1 to v6.5" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "web edition v5.1 to v5.2" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "web edition v6.1 to v6.5" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v7.1" }, { "model": "webotx developer", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "\"v8.2 to v8.4 (with developers studio only )\"" }, { "model": "webotx developer", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "\"v9.1 to v9.2 (with developers studio only )\"" }, { "model": "webotx portal", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v8.3 to v8.4" }, { "model": "webotx portal", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v9.1" }, { "model": "integrated system ha database ready", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "business analytics modeling server" }, { "model": "interstage", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "business process manager analytics" }, { "model": "interstage", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "extreme transaction processing server" }, { "model": "interstage", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "mobile manager" }, { "model": "interstage application development cycle manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage application framework suite", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage apworks", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage business application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage job workload server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage service integrator", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage studio", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "serverview", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "resource orchestrator" }, { "model": "symfoware", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "analytics server" }, { "model": "symfoware", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "server" }, { "model": "systemwalker service catalog manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker service quality coordinator", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker software configuration manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "triole", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "cloud middle set b set" }, { "model": "cloud infrastructure management software", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "struts", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.3.4.1" }, { "model": "struts", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.3.3" }, { "model": "keybox", "scope": "eq", "trust": 0.3, "vendor": "skavanagh", "version": "2.10.02" }, { "model": "ec2box", "scope": "eq", "trust": 0.3, "vendor": "skavanagh", "version": "0.11.01" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.0.10" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2.3.16" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2.3.15" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2.3.14" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2.3.13" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.0" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2.3" }, { "model": "sterling web channel", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "sterling web channel", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "sterling selling and fulfillment foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.2.1" }, { "model": "sterling selling and fulfillment foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.2" }, { "model": "sterling selling and fulfillment foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "sterling selling and fulfillment foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "sterling order management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "sterling field sales", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.2.1" }, { "model": "sterling field sales", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.2.0" }, { "model": "sterling field sales", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.0" }, { "model": "sterling field sales", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "platform symphony", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.1" }, { "model": "platform symphony", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "platform symphony", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "platform hpc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.1" }, { "model": "platform hpc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "platform hpc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "platform cluster manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.1" }, { "model": "platform cluster manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "platform cluster manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "platform application center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.2" }, { "model": "platform application center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "platform application center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "platform application center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.3" }, { "model": "connections", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.00" }, { "model": "connections", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.10" }, { "model": "connections", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1.1" }, { "model": "connections", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1.0" }, { "model": "connections", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "connections", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "connections", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.5.0.3" }, { "model": "connections", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.5.0.2" }, { "model": "connections", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.5.0.1" }, { "model": "connections", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.5.0.0" }, { "model": "connections", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.1.1" }, { "model": "connections", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.0.0" }, { "model": "clearpass", "scope": "eq", "trust": 0.3, "vendor": "arubanetworks", "version": "6.0.2" }, { "model": "clearpass", "scope": "eq", "trust": 0.3, "vendor": "arubanetworks", "version": "6.0.1" }, { "model": "clearpass", "scope": "eq", "trust": 0.3, "vendor": "arubanetworks", "version": "6.3.0" }, { "model": "clearpass", "scope": "eq", "trust": 0.3, "vendor": "arubanetworks", "version": "6.2.0" }, { "model": "clearpass", "scope": "eq", "trust": 0.3, "vendor": "arubanetworks", "version": "6.1.3" }, { "model": "clearpass", "scope": "eq", "trust": 0.3, "vendor": "arubanetworks", "version": "6.1.0" }, { "model": "clearpass", "scope": "eq", "trust": 0.3, "vendor": "arubanetworks", "version": "5.0" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.3.41" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.3" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.8" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.6" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.5" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.2" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.1" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.14" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.12" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.11" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.10" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.9" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.8" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.7" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.6" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.5" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.4" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.3" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.2" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.1" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.3.15" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.3.14.3" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.3.14.2" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.3.14.1" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.3.14" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.3.1.2" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.3.1.1" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.3.1" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.3.1" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.4" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.3" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.13" }, { "model": "keybox", "scope": "ne", "trust": 0.3, "vendor": "skavanagh", "version": "2.10.03" }, { "model": "ec2box", "scope": "ne", "trust": 0.3, "vendor": "skavanagh", "version": "0.11.02" }, { "model": "clearpass", "scope": "ne", "trust": 0.3, "vendor": "arubanetworks", "version": "6.3.2" }, { "model": "clearpass", "scope": "ne", "trust": 0.3, "vendor": "arubanetworks", "version": "6.2.6" }, { "model": "clearpass", "scope": "ne", "trust": 0.3, "vendor": "arubanetworks", "version": "6.1.4" }, { "model": "struts", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": "2.3.16.2" } ], "sources": [ { "db": "BID", "id": "67081" }, { "db": "JVNDB", "id": "JVNDB-2014-002269" }, { "db": "CNNVD", "id": "CNNVD-201404-570" }, { "db": "NVD", "id": "CVE-2014-0113" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:apache:struts", "vulnerable": true }, { "cpe22Uri": "cpe:/a:ibm:connections", "vulnerable": true }, { "cpe22Uri": "cpe:/a:oracle:mysql", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:esmpro_servermanager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:infocage", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:webotx", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:webotx_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:webotx_developer", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:webotx_portal", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:integrated_system_ha_database_ready", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_development_cycle_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_framework_suite", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_apworks", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_job_workload_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_service_integrator", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_studio", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:serverview", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:symfoware", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_service_catalog_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_service_quality_coordinator", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_software_configuration_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:triole", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:cloud_infrastructure_management_software", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-002269" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Taki Uchiyama, Takeshi Terada, Takayoshi Isayama, Yoshiyuki Karezaki, BAKA/ty, \nShine, NSFOCUS Security Team and heige.", "sources": [ { "db": "BID", "id": "67081" } ], "trust": 0.3 }, "cve": "CVE-2014-0113", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2014-0113", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 1.9, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2014-0113", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2014-0113", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-201404-570", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2014-0113", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-0113" }, { "db": "JVNDB", "id": "JVNDB-2014-002269" }, { "db": "CNNVD", "id": "CNNVD-201404-570" }, { "db": "NVD", "id": "CVE-2014-0113" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to \"manipulate\" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094. This vulnerability CVE-2014-0094 Vulnerability due to insufficient fix for.Through a crafted request by a third party, ClassLoader The \" operation (manipulate)\" And any code could be executed. Apache Struts is prone to a security-bypass vulnerability. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. \nApache Struts versions 2.0.0 through 2.3.16.1 are vulnerable", "sources": [ { "db": "NVD", "id": "CVE-2014-0113" }, { "db": "JVNDB", "id": "JVNDB-2014-002269" }, { "db": "BID", "id": "67081" }, { "db": "VULMON", "id": "CVE-2014-0113" } ], "trust": 1.98 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=33142", "trust": 0.1, "type": "exploit" } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-0113" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2014-0113", "trust": 2.8 }, { "db": "SECUNIA", "id": "59178", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2014-002269", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201404-570", "trust": 0.6 }, { "db": "BID", "id": "67081", "trust": 0.3 }, { "db": "EXPLOITDB", "id": "33142", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2014-0113", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-0113" }, { "db": "BID", "id": "67081" }, { "db": "JVNDB", "id": "JVNDB-2014-002269" }, { "db": "CNNVD", "id": "CNNVD-201404-570" }, { "db": "NVD", "id": "CVE-2014-0113" } ] }, "id": "VAR-201404-0287", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.1875 }, "last_update_date": "2024-11-23T20:19:45.132000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Security Bulletins S2-021", "trust": 0.8, "url": "https://cwiki.apache.org/confluence/display/WW/S2-021" }, { "title": "Download a Release of Apache Struts -- Full Releases Struts 2.3.16.2", "trust": 0.8, "url": "http://struts.apache.org/download.cgi#struts23162" }, { "title": "1680848", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680848" }, { "title": "1681190", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681190" }, { "title": "NV15-001", "trust": 0.8, "url": "http://jpn.nec.com/security-info/secinfo/nv15-001.html" }, { "title": "Text Form of Oracle Critical Patch Update - April 2015 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015verbose-2365613.html" }, { "title": "Oracle Critical Patch Update Advisory - April 2015", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" }, { "title": "April 2015 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/april_2015_critical_patch_update" }, { "title": "CVE-2014-0094 \u4ed6 \u306b\u95a2\u3059\u308b\u5f71\u97ff", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/vulnerabilities/cve2014-0094-0114.html" }, { "title": "Symfoware Server\uff08Open\u30a4\u30f3\u30bf\u30d5\u30a7\u30fc\u30b9\uff09: Struts\u306e\u8106\u5f31\u6027(CVE-2014-0094, CVE-2014-0112, CVE-2014-0113, CVE-2014-0116) (2014\u5e746\u67082\u65e5)", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/symfoware_201402.html" }, { "title": "FUJITSU Integrated System HA Database Ready: Struts2\u306e\u8106\u5f31\u6027(CVE-2014-0094,CVE-2014-0112,CVE-2014-0113,CVE-2014-0116) (2014\u5e746\u670819\u65e5)", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/ha_db_ready_201401.html" }, { "title": "struts-2.3.16.2-all", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49668" }, { "title": "Red Hat: CVE-2014-0113", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2014-0113" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - April 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4b527561ba1a5de7a529c8a93679f585" }, { "title": "-maven-security-versions", "trust": 0.1, "url": "https://github.com/nagauker/-maven-security-versions " }, { "title": "maven-security-versions-Travis", "trust": 0.1, "url": "https://github.com/klee94/maven-security-versions-Travis " }, { "title": "maven-security-versions", "trust": 0.1, "url": "https://github.com/victims/maven-security-versions " }, { "title": "victims", "trust": 0.1, "url": "https://github.com/tmpgit3000/victims " }, { "title": "victims", "trust": 0.1, "url": "https://github.com/alexsh88/victims " } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-0113" }, { "db": "JVNDB", "id": "JVNDB-2014-002269" }, { "db": "CNNVD", "id": "CNNVD-201404-570" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-264", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-002269" }, { "db": "NVD", "id": "CVE-2014-0113" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" }, { "trust": 2.0, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676706" }, { "trust": 1.7, "url": "https://cwiki.apache.org/confluence/display/ww/s2-021" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59178" }, { "trust": 1.7, "url": "http://www.securityfocus.com/archive/1/531952/100/0/threaded" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0113" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0113" }, { "trust": 0.3, "url": "http://www.arubanetworks.com/support/alerts/aid-051414.asc" }, { "trust": 0.3, "url": "https://github.com/skavanagh/ec2box/releases/tag/v0.11.02" }, { "trust": 0.3, "url": "https://github.com/skavanagh/keybox/releases/tag/v2.10.03" }, { "trust": 0.3, "url": "http://struts.apache.org/" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21680848" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=isg3t1020896" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=isg3t1020893" }, { "trust": 0.3, "url": "http://struts.apache.org/development/2.x/docs/s2-021.html" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=isg3t1020894" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=isg3t1020895" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/264.html" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=33975" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://github.com/victims/maven-security-versions" }, { "trust": 0.1, "url": "https://www.exploit-db.com/exploits/33142/" } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-0113" }, { "db": "BID", "id": "67081" }, { "db": "JVNDB", "id": "JVNDB-2014-002269" }, { "db": "CNNVD", "id": "CNNVD-201404-570" }, { "db": "NVD", "id": "CVE-2014-0113" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2014-0113" }, { "db": "BID", "id": "67081" }, { "db": "JVNDB", "id": "JVNDB-2014-002269" }, { "db": "CNNVD", "id": "CNNVD-201404-570" }, { "db": "NVD", "id": "CVE-2014-0113" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-04-29T00:00:00", "db": "VULMON", "id": "CVE-2014-0113" }, { "date": "2014-04-28T00:00:00", "db": "BID", "id": "67081" }, { "date": "2014-04-30T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-002269" }, { "date": "2014-04-30T00:00:00", "db": "CNNVD", "id": "CNNVD-201404-570" }, { "date": "2014-04-29T10:37:03.700000", "db": "NVD", "id": "CVE-2014-0113" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-08-12T00:00:00", "db": "VULMON", "id": "CVE-2014-0113" }, { "date": "2015-05-07T17:38:00", "db": "BID", "id": "67081" }, { "date": "2016-08-02T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-002269" }, { "date": "2019-08-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201404-570" }, { "date": "2024-11-21T02:01:23.837000", "db": "NVD", "id": "CVE-2014-0113" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201404-570" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache Struts of CookieInterceptor In ClassLoader Vulnerability manipulated", "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-002269" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "permissions and access control issues", "sources": [ { "db": "CNNVD", "id": "CNNVD-201404-570" } ], "trust": 0.6 } }
var-200810-0184
Vulnerability from variot
Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve. Apache Tomcat from The Apache Software Foundation contains a vulnerability which may allow a user from a non-premitted IP address to gain access. Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies. Apache Tomcat contains a vulnerability which may allow a user from a non-permitted IP address to gain access to a protected context. This vulnerability was addressed and solved in ASF Bugzilla - Bug 25835. However there was no description regarding this vulnerability in ASF Bugzilla - Bug 25835. Therefore, The Apache Tomcat Development Team has decided to publish an advisory regarding this issue. Kenichi Tsukamoto of Development Dept. II Application Management Middleware Div. FUJITSU LIMITED reported this vulnerability to IPA. JPCERT/CC coordinated with The Apache Software Foundation and the vendors under Information Security Early Warning Partnership.Impact varies depending on the accessed context by the non-permitted IP address. For example information disclosure may be possible as a result. Apache Tomcat is prone to a security-bypass vulnerability related to extensions of 'RemoteFilterValve'. Attackers may be able to bypass certain access restrictions. The following versions are vulnerable: Tomcat 4.1.0 through 4.1.32 Tomcat 5.5.0.
TITLE: Apache Tomcat Directory Listing Denial of Service
SECUNIA ADVISORY ID: SA17416
VERIFY ADVISORY: http://secunia.com/advisories/17416/
CRITICAL: Not critical
IMPACT: DoS
WHERE:
From remote
SOFTWARE: Apache Tomcat 5.x http://secunia.com/product/3571/
DESCRIPTION: David Maciejak has discovered a vulnerability in Apache Tomcat, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to the inefficient generation of directory listing for web directories that has a large number of files. By sending multiple concurrent requests for such a directory, it is possible to prevent other users from accessing the directory and causes the server to consume a large amount of CPU resources. The vulnerability affects only the directory that is being listed. Files or applications in other web directories are not affected.
Successful exploitation requires that directory listing is enabled in a directory with a large number of files.
The vulnerability has been confirmed in Tomcat version 5.5.11 and 5.5.12 on the Windows platform, and has been reported in versions 5.5.0 through 5.5.11. Other versions may also be affected.
Note: In version 5.5.12, the server will resume normal operation after a few minutes.
SOLUTION: The vulnerability has been partially addressed in version 5.5.12, which will resume normal operation after a few minutes.
Disable directory listing for web directories that has a large number of files.
PROVIDED AND/OR DISCOVERED BY: David Maciejak
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
.
Mitigation: Upgrade to: 4.1.32 or later 5.5.1 or later 6.0.0 or later
Example: This has only been reproduced using a debugger to force a particular processing sequence across two threads.
1. Set a breakpoint right after the place where a value
is to be entered in the instance variable of regexp
(search:org.apache.regexp.CharacterIterator).
2. Send a request from the IP address* which is not permitted.
(stopped at the breakpoint)
*About the IP address which is not permitted.
The character strings length of the IP address which is set
in RemoteAddrValve must be same.
3. Send a request from the IP address which was set in
RemoteAddrValve.
(stopped at the breakpoint)
In this way, the instance variable is to be overwritten here.
4. Resume the thread which is processing the step 2 above.
5. The request from the not permitted IP address will succeed.
References: http://tomcat.apache.org/security.html
Mark Thomas -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkjuibsACgkQb7IeiTPGAkO33wCgiBY0nBdTaXBC8oPoHqMWH4mt OtgAmQHjgnxg0vKKSp43vez8XaBIZpOj =9Z/F -----END PGP SIGNATURE----- .
Apache Tomcat 5.x: Update to version 5.5.1 or later.
SOLUTION: Patches are scheduled for release.
Use a proxy or firewall to protect resources. Version 5.5.x is intented for servlet/jsp specification 2.4/2.0. More information on http://tomcat.apache.org/
Description:
Many time consuming directory listing requests can cause a denial of service.
Detection/PoC:
On Linux: Vulnerable version tested are 5.5.0 to 5.5.11. 5.5.12 and 5.0.28 seems not to be impacted.
A easy way to test : -Download Tomcat package from Tomcat archive -Unpack it, use default configuration -In webapps example dir, add some empty files (enough for the dir listing request to be long) -Thread many listing access on this directory
Workaround:
Upgrade to linux version 5.5.12
PS: Secunia team have done more test available on http://secunia.com/advisories/17416/
David Maciejak
KYXAR.FR - Mail envoy\xe9 depuis http://webmail.kyxar.fr . ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability intelligence source on the market.
Implement it through Secunia.
For more information visit: http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com
TITLE: NEC WebOTX Products "RemoteFilterValve" Security Bypass Security Issue
SECUNIA ADVISORY ID: SA35684
VERIFY ADVISORY: http://secunia.com/advisories/35684/
DESCRIPTION: A security issue has been reported in various NEC WebOTX products, which potentially can be exploited by malicious people to bypass certain security restrictions.
The security issue is caused due to a synchronisation problem when checking IP addresses and can be exploited to bypass a filter valve that extends "RemoteFilterValve" and potentially gain access to protected contexts.
The security issue is reported in the following products and versions: * WebOTX Web Edition version 4.x through 5.x * WebOTX Standard-J Edition version 4.x through 5.x * WebOTX Standard Edition version 4.x through 5.x * WebOTX Enterprise Edition version 4.x through 5.x * WebOTX UDDI Registry version 1.1 through 2.1
SOLUTION: Reportedly, patches are available. Contact the vendor's sales department for more information.
For more information: SA32213
SOLUTION: Apply updated packages via YaST Online Update or the SUSE FTP server
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200810-0184", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "tomcat", "scope": "eq", "trust": 2.4, "vendor": "apache", "version": "5.5.0" }, { "model": "tomcat", "scope": "eq", "trust": 1.9, "vendor": "apache", "version": "4.1.31" }, { "model": "tomcat", "scope": "eq", "trust": 1.9, "vendor": "apache", "version": "4.1.30" }, { "model": "tomcat", "scope": "eq", "trust": 1.9, "vendor": "apache", "version": "4.1.3" }, { "model": "tomcat", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "4.1.9" }, { "model": "tomcat", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "4.1.5" }, { "model": "tomcat", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "4.1.7" }, { "model": "tomcat", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "4.1.4" }, { "model": "tomcat", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "4.1.6" }, { "model": "tomcat", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "4.1.8" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "4.1.28" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "4.1.29" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "4.1.24" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "4.1.12" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "4.1.10" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.11" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.14" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.18" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.20" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.23" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.26" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.22" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.17" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.19" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.13" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.15" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.25" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.2" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.0" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.21" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.27" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.1" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.16" }, { "model": "tomcat", "scope": "eq", "trust": 0.8, "vendor": "apache", "version": "4.1.0 to 4.1.31" }, { "model": "interstage application framework suite", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage apworks", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage business application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage job workload server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage studio", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage web server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "webotx application server", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "interstage job workload server", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.1" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.0" }, { "model": "webotx uddi registry", "scope": "eq", "trust": 0.3, "vendor": "nec", "version": "2.1" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0" }, { "model": "interstage apworks modelers-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "webotx standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "nec", "version": "4.x" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.1" }, { "model": "interstage studio enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.3" }, { "model": "webotx web edition", "scope": "eq", "trust": 0.3, "vendor": "nec", "version": "5.x" }, { "model": "linux enterprise server sp2", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0" }, { "model": "interstage application server enterprise edition a", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.2" }, { "model": "linux enterprise sdk sp2", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "tomcat", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": "4.1.32" }, { "model": "tomcat", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": "5.0.1" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage apworks modelers-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage apworks modelers-j edition 6.0a", "scope": null, "trust": 0.3, "vendor": "fujitsu", "version": null }, { "model": "webotx enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "nec", "version": "5.x" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.2" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0.1" }, { "model": "interstage application server plus developer", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "webotx web edition", "scope": "eq", "trust": 0.3, "vendor": "nec", "version": "4.x" }, { "model": "interstage business application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.0" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "4.1" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0.1" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage application server standard-j edition a", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage application server plus developer", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "webotx enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "nec", "version": "4.x" }, { "model": "interstage studio standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.1" }, { "model": "red hat network satellite (for rhel", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4)5.1" }, { "model": "webotx standard edition", "scope": "eq", "trust": 0.3, "vendor": "nec", "version": "5.x" }, { "model": "tomcat beta", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "4.1.3" }, { "model": "interstage application server standard edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "webotx standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "nec", "version": "5.x" }, { "model": "linux enterprise sdk 10.sp1", "scope": null, "trust": 0.3, "vendor": "suse", "version": null }, { "model": "linux enterprise server sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "interstage studio enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "red hat network satellite server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5.0.1" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.3" }, { "model": "novell linux pos", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "9" }, { "model": "webotx uddi registry", "scope": "eq", "trust": 0.3, "vendor": "nec", "version": "1.1" }, { "model": "interstage studio standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.2" }, { "model": "tomcat", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": "6.0" }, { "model": "open-enterprise-server", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "0" }, { "model": "linux enterprise server", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "9" }, { "model": "novell linux desktop sdk", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "9.0" }, { "model": "webotx standard edition", "scope": "eq", "trust": 0.3, "vendor": "nec", "version": "4.x" }, { "model": "red hat network satellite server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5.0" } ], "sources": [ { "db": "BID", "id": "31698" }, { "db": "JVNDB", "id": "JVNDB-2008-000069" }, { "db": "CNNVD", "id": "CNNVD-200810-176" }, { "db": "NVD", "id": "CVE-2008-3271" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:apache:tomcat", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_framework_suite", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_apworks", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_job_workload_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_studio", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_web_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:webotx_application_server", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2008-000069" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Kenichi Tsukamoto", "sources": [ { "db": "BID", "id": "31698" }, { "db": "CNNVD", "id": "CNNVD-200810-176" } ], "trust": 0.9 }, "cve": "CVE-2008-3271", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2008-3271", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.0, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "High", "accessVector": "Network", "authentication": "None", "author": "IPA", "availabilityImpact": "None", "baseScore": 2.6, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2008-000069", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Low", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2008-3271", "trust": 1.0, "value": "MEDIUM" }, { "author": "IPA", "id": "JVNDB-2008-000069", "trust": 0.8, "value": "Low" }, { "author": "CNNVD", "id": "CNNVD-200810-176", "trust": 0.6, "value": "LOW" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2008-000069" }, { "db": "CNNVD", "id": "CNNVD-200810-176" }, { "db": "NVD", "id": "CVE-2008-3271" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a \"synchronization problem\" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve. Apache Tomcat from The Apache Software Foundation contains a vulnerability which may allow a user from a non-premitted IP address to gain access. Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies. Apache Tomcat contains a vulnerability which may allow a user from a non-permitted IP address to gain access to a protected context. This vulnerability was addressed and solved in ASF Bugzilla - Bug 25835. However there was no description regarding this vulnerability in ASF Bugzilla - Bug 25835. Therefore, The Apache Tomcat Development Team has decided to publish an advisory regarding this issue. Kenichi Tsukamoto of Development Dept. II Application Management Middleware Div. FUJITSU LIMITED reported this vulnerability to IPA. JPCERT/CC coordinated with The Apache Software Foundation and the vendors under Information Security Early Warning Partnership.Impact varies depending on the accessed context by the non-permitted IP address. For example information disclosure may be possible as a result. Apache Tomcat is prone to a security-bypass vulnerability related to extensions of \u0027RemoteFilterValve\u0027. \nAttackers may be able to bypass certain access restrictions. \nThe following versions are vulnerable:\nTomcat 4.1.0 through 4.1.32\nTomcat 5.5.0. \n\nTITLE:\nApache Tomcat Directory Listing Denial of Service\n\nSECUNIA ADVISORY ID:\nSA17416\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/17416/\n\nCRITICAL:\nNot critical\n\nIMPACT:\nDoS\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nApache Tomcat 5.x\nhttp://secunia.com/product/3571/\n\nDESCRIPTION:\nDavid Maciejak has discovered a vulnerability in Apache Tomcat, which\ncan be exploited by malicious people to cause a DoS (Denial of\nService). \n\nThe vulnerability is caused due to the inefficient generation of\ndirectory listing for web directories that has a large number of\nfiles. By sending multiple concurrent requests for such a directory,\nit is possible to prevent other users from accessing the directory\nand causes the server to consume a large amount of CPU resources. The\nvulnerability affects only the directory that is being listed. Files\nor applications in other web directories are not affected. \n\nSuccessful exploitation requires that directory listing is enabled in\na directory with a large number of files. \n\nThe vulnerability has been confirmed in Tomcat version 5.5.11 and\n5.5.12 on the Windows platform, and has been reported in versions\n5.5.0 through 5.5.11. Other versions may also be affected. \n\nNote: In version 5.5.12, the server will resume normal operation\nafter a few minutes. \n\nSOLUTION:\nThe vulnerability has been partially addressed in version 5.5.12,\nwhich will resume normal operation after a few minutes. \n\nDisable directory listing for web directories that has a large number\nof files. \n\nPROVIDED AND/OR DISCOVERED BY:\nDavid Maciejak\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n\nMitigation:\nUpgrade to:\n4.1.32 or later\n5.5.1 or later\n6.0.0 or later\n\nExample:\nThis has only been reproduced using a debugger to force a particular\nprocessing sequence across two threads. \n\n 1. Set a breakpoint right after the place where a value\n is to be entered in the instance variable of regexp\n (search:org.apache.regexp.CharacterIterator). \n\n 2. Send a request from the IP address* which is not permitted. \n (stopped at the breakpoint)\n\n *About the IP address which is not permitted. \n The character strings length of the IP address which is set\n in RemoteAddrValve must be same. \n\n 3. Send a request from the IP address which was set in\n RemoteAddrValve. \n (stopped at the breakpoint)\n In this way, the instance variable is to be overwritten here. \n\n 4. Resume the thread which is processing the step 2 above. \n\n 5. The request from the not permitted IP address will succeed. \n\nReferences:\nhttp://tomcat.apache.org/security.html\n\nMark Thomas\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (MingW32)\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org\n\niEYEARECAAYFAkjuibsACgkQb7IeiTPGAkO33wCgiBY0nBdTaXBC8oPoHqMWH4mt\nOtgAmQHjgnxg0vKKSp43vez8XaBIZpOj\n=9Z/F\n-----END PGP SIGNATURE-----\n. \n\nApache Tomcat 5.x:\nUpdate to version 5.5.1 or later. \n\nSOLUTION:\nPatches are scheduled for release. \n\nUse a proxy or firewall to protect resources. \nVersion 5.5.x is intented for servlet/jsp specification 2.4/2.0. \nMore information on http://tomcat.apache.org/\n\nDescription:\n\nMany time consuming directory listing requests can cause a denial of service. \n\nDetection/PoC:\n\nOn Linux:\nVulnerable version tested are 5.5.0 to 5.5.11. \n5.5.12 and 5.0.28 seems not to be impacted. \n\nA easy way to test :\n-Download Tomcat package from Tomcat archive\n-Unpack it, use default configuration\n-In webapps example dir, add some empty files (enough for the dir listing \nrequest to be long)\n-Thread many listing access on this directory\n\nWorkaround:\n\nUpgrade to linux version 5.5.12\n\nPS: Secunia team have done more test available on\nhttp://secunia.com/advisories/17416/\n\nDavid Maciejak\n\n\n\n--------------------------------------------------------------------------------\nKYXAR.FR - Mail envoy\\xe9 depuis http://webmail.kyxar.fr\n. ----------------------------------------------------------------------\n\nDo you have VARM strategy implemented?\n\n(Vulnerability Assessment Remediation Management) \n\nIf not, then implement it through the most reliable vulnerability\nintelligence source on the market. \n\nImplement it through Secunia. \n\nFor more information visit:\nhttp://secunia.com/advisories/business_solutions/\n\nAlternatively request a call from a Secunia representative today to\ndiscuss how we can help you with our capabilities contact us at:\nsales@secunia.com\n\n----------------------------------------------------------------------\n\nTITLE:\nNEC WebOTX Products \"RemoteFilterValve\" Security Bypass Security\nIssue\n\nSECUNIA ADVISORY ID:\nSA35684\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/35684/\n\nDESCRIPTION:\nA security issue has been reported in various NEC WebOTX products,\nwhich potentially can be exploited by malicious people to bypass\ncertain security restrictions. \n\nThe security issue is caused due to a synchronisation problem when\nchecking IP addresses and can be exploited to bypass a filter valve\nthat extends \"RemoteFilterValve\" and potentially gain access to\nprotected contexts. \n\nThe security issue is reported in the following products and\nversions:\n* WebOTX Web Edition version 4.x through 5.x\n* WebOTX Standard-J Edition version 4.x through 5.x\n* WebOTX Standard Edition version 4.x through 5.x\n* WebOTX Enterprise Edition version 4.x through 5.x\n* WebOTX UDDI Registry version 1.1 through 2.1\n\nSOLUTION:\nReportedly, patches are available. Contact the vendor\u0027s sales\ndepartment for more information. \n\nFor more information:\nSA32213\n\nSOLUTION:\nApply updated packages via YaST Online Update or the SUSE FTP server", "sources": [ { "db": "NVD", "id": "CVE-2008-3271" }, { "db": "JVNDB", "id": "JVNDB-2008-000069" }, { "db": "BID", "id": "31698" }, { "db": "PACKETSTORM", "id": "41248" }, { "db": "PACKETSTORM", "id": "70828" }, { "db": "PACKETSTORM", "id": "70882" }, { "db": "PACKETSTORM", "id": "70792" }, { "db": "PACKETSTORM", "id": "41335" }, { "db": "PACKETSTORM", "id": "79028" }, { "db": "PACKETSTORM", "id": "71395" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2008-000069", "trust": 2.8 }, { "db": "NVD", "id": "CVE-2008-3271", "trust": 2.8 }, { "db": "BID", "id": "31698", "trust": 2.7 }, { "db": "SECUNIA", "id": "32213", "trust": 2.6 }, { "db": "SECUNIA", "id": "32234", "trust": 2.6 }, { "db": "JVN", "id": "JVN30732239", "trust": 2.6 }, { "db": "SECUNIA", "id": "35684", "trust": 1.8 }, { "db": "SECUNIA", "id": "32398", "trust": 1.7 }, { "db": "SREASON", "id": "4396", "trust": 1.6 }, { "db": "SECTRACK", "id": "1021039", "trust": 1.6 }, { "db": "VUPEN", "id": "ADV-2008-2793", "trust": 1.6 }, { "db": "VUPEN", "id": "ADV-2008-2800", "trust": 1.6 }, { "db": "VUPEN", "id": "ADV-2009-1818", "trust": 1.6 }, { "db": "CNNVD", "id": "CNNVD-200810-176", "trust": 0.6 }, { "db": "SECUNIA", "id": "17416", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "41248", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "70828", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "70882", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "70792", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "41335", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "79028", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "71395", "trust": 0.1 } ], "sources": [ { "db": "BID", "id": "31698" }, { "db": "JVNDB", "id": "JVNDB-2008-000069" }, { "db": "PACKETSTORM", "id": "41248" }, { "db": "PACKETSTORM", "id": "70828" }, { "db": "PACKETSTORM", "id": "70882" }, { "db": "PACKETSTORM", "id": "70792" }, { "db": "PACKETSTORM", "id": "41335" }, { "db": "PACKETSTORM", "id": "79028" }, { "db": "PACKETSTORM", "id": "71395" }, { "db": "CNNVD", "id": "CNNVD-200810-176" }, { "db": "NVD", "id": "CVE-2008-3271" } ] }, "id": "VAR-200810-0184", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.16519225 }, "last_update_date": "2024-11-23T20:15:01.679000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Security Updates", "trust": 0.8, "url": "http://tomcat.apache.org/security" }, { "title": "Apache Tomcat 4.x vulnerabilities", "trust": 0.8, "url": "http://tomcat.apache.org/security-4.html" }, { "title": "Apache Tomcat 5.x vulnerabilities", "trust": 0.8, "url": "http://tomcat.apache.org/security-5.html" }, { "title": "Bug 25835", "trust": 0.8, "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=25835" }, { "title": "interstage-200806e", "trust": 0.8, "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200806e.html" }, { "title": "NV09-006", "trust": 0.8, "url": "http://www.nec.co.jp/security-info/secinfo/nv09-006.html" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2008-000069" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-264", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2008-000069" }, { "db": "NVD", "id": "CVE-2008-3271" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.0, "url": "http://www.securityfocus.com/bid/31698" }, { "trust": 2.6, "url": "http://jvn.jp/en/jp/jvn30732239/index.html" }, { "trust": 2.4, "url": "http://secunia.com/advisories/32234" }, { "trust": 2.0, "url": "http://tomcat.apache.org/security-4.html" }, { "trust": 2.0, "url": "http://tomcat.apache.org/security-5.html" }, { "trust": 2.0, "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=25835" }, { "trust": 2.0, "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200806e.html" }, { "trust": 2.0, "url": "http://jvndb.jvn.jp/en/contents/2008/jvndb-2008-000069.html" }, { "trust": 2.0, "url": "http://www.nec.co.jp/security-info/secinfo/nv09-006.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00012.html" }, { "trust": 1.6, "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3cdev.tomcat.apache.org%3e" }, { "trust": 1.6, "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3cdev.tomcat.apache.org%3e" }, { "trust": 1.6, "url": "http://www.vupen.com/english/advisories/2008/2800" }, { "trust": 1.6, "url": "http://secunia.com/advisories/32398" }, { "trust": 1.6, "url": "http://secunia.com/advisories/32213" }, { "trust": 1.6, "url": "http://www.securityfocus.com/archive/1/497220/100/0/threaded" }, { "trust": 1.6, "url": "http://securityreason.com/securityalert/4396" }, { "trust": 1.6, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45791" }, { "trust": 1.6, "url": "http://secunia.com/advisories/35684" }, { "trust": 1.6, "url": "http://www.securitytracker.com/id?1021039" }, { "trust": 1.6, "url": "http://www.vupen.com/english/advisories/2008/2793" }, { "trust": 1.6, "url": "http://www.vupen.com/english/advisories/2009/1818" }, { "trust": 1.6, "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3cdev.tomcat.apache.org%3e" }, { "trust": 1.0, "url": "http://secunia.com/advisories/32213/" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3271" }, { "trust": 0.8, "url": "http://www.frsirt.com/english/advisories/2008/2793" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-3271" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3cdev.tomcat.apache.org%3e" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3cdev.tomcat.apache.org%3e" }, { "trust": 0.5, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.4, "url": "http://tomcat.apache.org/" }, { "trust": 0.4, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.4, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.3, "url": "/archive/1/497220" }, { "trust": 0.3, "url": "http://secunia.com/binary_analysis/sample_analysis/" }, { "trust": 0.2, "url": "http://secunia.com/advisories/17416/" }, { "trust": 0.1, "url": "http://secunia.com/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/about_secunia_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/product/3571/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-3271" }, { "trust": 0.1, "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=25835)" }, { "trust": 0.1, "url": "http://tomcat.apache.org/security.html" }, { "trust": 0.1, "url": "http://enigmail.mozdev.org" }, { "trust": 0.1, "url": "http://secunia.com/advisories/product/328/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/product/3571/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/32234/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/product/13693/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/product/15986/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/product/13690/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/product/13688/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/product/15610/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/product/13685/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/product/13687/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/product/13689/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/product/13686/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/product/13692/" }, { "trust": 0.1, "url": "http://webmail.kyxar.fr" }, { "trust": 0.1, "url": "http://secunia.com/advisories/35684/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/business_solutions/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/32398/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/product/4664/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/product/13375/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/product/4118/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/product/12192/" } ], "sources": [ { "db": "BID", "id": "31698" }, { "db": "JVNDB", "id": "JVNDB-2008-000069" }, { "db": "PACKETSTORM", "id": "41248" }, { "db": "PACKETSTORM", "id": "70828" }, { "db": "PACKETSTORM", "id": "70882" }, { "db": "PACKETSTORM", "id": "70792" }, { "db": "PACKETSTORM", "id": "41335" }, { "db": "PACKETSTORM", "id": "79028" }, { "db": "PACKETSTORM", "id": "71395" }, { "db": "CNNVD", "id": "CNNVD-200810-176" }, { "db": "NVD", "id": "CVE-2008-3271" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "BID", "id": "31698" }, { "db": "JVNDB", "id": "JVNDB-2008-000069" }, { "db": "PACKETSTORM", "id": "41248" }, { "db": "PACKETSTORM", "id": "70828" }, { "db": "PACKETSTORM", "id": "70882" }, { "db": "PACKETSTORM", "id": "70792" }, { "db": "PACKETSTORM", "id": "41335" }, { "db": "PACKETSTORM", "id": "79028" }, { "db": "PACKETSTORM", "id": "71395" }, { "db": "CNNVD", "id": "CNNVD-200810-176" }, { "db": "NVD", "id": "CVE-2008-3271" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2008-10-10T00:00:00", "db": "BID", "id": "31698" }, { "date": "2008-10-10T00:00:00", "db": "JVNDB", "id": "JVNDB-2008-000069" }, { "date": "2005-11-03T23:53:58", "db": "PACKETSTORM", "id": "41248" }, { "date": "2008-10-11T18:33:31", "db": "PACKETSTORM", "id": "70828" }, { "date": "2008-10-13T22:53:24", "db": "PACKETSTORM", "id": "70882" }, { "date": "2008-10-10T23:03:15", "db": "PACKETSTORM", "id": "70792" }, { "date": "2005-11-08T14:26:54", "db": "PACKETSTORM", "id": "41335" }, { "date": "2009-07-08T14:53:57", "db": "PACKETSTORM", "id": "79028" }, { "date": "2008-10-31T18:08:14", "db": "PACKETSTORM", "id": "71395" }, { "date": "2008-10-13T00:00:00", "db": "CNNVD", "id": "CNNVD-200810-176" }, { "date": "2008-10-13T20:00:02.057000", "db": "NVD", "id": "CVE-2008-3271" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2009-07-08T21:46:00", "db": "BID", "id": "31698" }, { "date": "2009-07-08T00:00:00", "db": "JVNDB", "id": "JVNDB-2008-000069" }, { "date": "2023-02-14T00:00:00", "db": "CNNVD", "id": "CNNVD-200810-176" }, { "date": "2024-11-21T00:48:51.353000", "db": "NVD", "id": "CVE-2008-3271" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-200810-176" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache Tomcat allows access from a non-permitted IP address", "sources": [ { "db": "JVNDB", "id": "JVNDB-2008-000069" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "permissions and access control issues", "sources": [ { "db": "CNNVD", "id": "CNNVD-200810-176" } ], "trust": 0.6 } }
var-201208-0141
Vulnerability from variot
Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list. Apache HTTP Server is prone to an HTML-injection vulnerability and an information disclosure vulnerability. Attackers may leverage these issues to obtain potentially sensitive session information, execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, or control how the site is rendered to the user; other attacks are also possible. (CVE-2008-0455, CVE-2012-2687)
It was discovered that mod_proxy_ajp, when used in configurations with mod_proxy in load balancer mode, would mark a back-end server as failed when request processing timed out, even when a previous AJP (Apache JServ Protocol) CPing request was responded to by the back-end. A remote attacker able to make a back-end use an excessive amount of time to process a request could cause mod_proxy to not send requests to back-end AJP servers for the retry timeout period or until all back-end servers were marked as failed. Space precludes documenting all of these changes in this advisory.
Problem Description:
Multiple vulnerabilities has been found and corrected in apache (ASF HTTPD):
Insecure handling of LD_LIBRARY_PATH was found that could lead to the current working directory to be searched for DSOs. This could allow a local user to execute code as root if an administrator runs apachectl from an untrusted directory (CVE-2012-0883).
Possible XSS for sites which use mod_negotiation and allow untrusted uploads to locations which have MultiViews enabled (CVE-2012-2687).
Update:
Packages for Mandriva Linux 2011 is also being provided. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFQaa9/mqjQ0CJFipgRAhruAJ9EC4FWiuzvbIXRyxeJEa6ifXWfngCfdzew 7eKtlYj6mMOMjJJ0oekKwnQ= =t10D -----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
TITLE: Hitachi Multiple Products Apache HTTP Server Cross-Site Scripting Vulnerabilities
SECUNIA ADVISORY ID: SA51458
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51458/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51458
RELEASE DATE: 2012-11-30
DISCUSS ADVISORY: http://secunia.com/advisories/51458/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/51458/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=51458
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Hitachi has acknowledged some vulnerabilities in multiple Hitachi products, which can be exploited by malicious people to conduct cross-site scripting attacks.
For more information see vulnerability #2 in: SA50363
See the vendor's advisory for a list of affected products and versions.
SOLUTION: As a workaround the vendor recommends to disable the mod_negotiation module or remove "MultiViews" from the "Options" lines in the Directory specifications.
ORIGINAL ADVISORY: http://www.hitachi.co.jp/Prod/comp/soft1/security/info/./vuls/HS12-028/index.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Low: httpd security, bug fix, and enhancement update Advisory ID: RHSA-2013:0130-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0130.html Issue date: 2013-01-08 CVE Names: CVE-2008-0455 CVE-2008-0456 CVE-2012-2687 =====================================================================
- Summary:
Updated httpd packages that fix multiple security issues, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
- Description:
The httpd packages contain the Apache HTTP Server (httpd), which is the namesake project of The Apache Software Foundation.
Input sanitization flaws were found in the mod_negotiation module. A remote attacker able to upload or create files with arbitrary names in a directory that has the MultiViews options enabled, could use these flaws to conduct cross-site scripting and HTTP response splitting attacks against users visiting the site. (CVE-2008-0455, CVE-2008-0456, CVE-2012-2687)
Bug fixes:
-
Previously, no check was made to see if the /etc/pki/tls/private/localhost.key file was a valid key prior to running the "%post" script for the "mod_ssl" package. Consequently, when /etc/pki/tls/certs/localhost.crt did not exist and "localhost.key" was present but invalid, upgrading the Apache HTTP Server daemon (httpd) with mod_ssl failed. The "%post" script has been fixed to test for an existing SSL key. As a result, upgrading httpd with mod_ssl now proceeds as expected. (BZ#752618)
-
The "mod_ssl" module did not support operation under FIPS mode. Consequently, when operating Red Hat Enterprise Linux 5 with FIPS mode enabled, httpd failed to start. An upstream patch has been applied to disable non-FIPS functionality if operating under FIPS mode and httpd now starts as expected. (BZ#773473)
-
Prior to this update, httpd exit status codes were not Linux Standard Base (LSB) compliant. When the command "service httpd reload" was run and httpd failed, the exit status code returned was "0" and not in the range 1 to 6 as expected. A patch has been applied to the init script and httpd now returns "1" as an exit status code. (BZ#783242)
-
Chunked Transfer Coding is described in RFC 2616. Previously, the Apache server did not correctly handle a chunked encoded POST request with a "chunk-size" or "chunk-extension" value of 32 bytes or more. Consequently, when such a POST request was made the server did not respond. An upstream patch has been applied and the problem no longer occurs. (BZ#840845)
-
Due to a regression, when mod_cache received a non-cacheable 304 response, the headers were served incorrectly. Consequently, compressed data could be returned to the client without the cached headers to indicate the data was compressed. An upstream patch has been applied to merge response and cached headers before data from the cache is served to the client. As a result, cached data is now correctly interpreted by the client. (BZ#845532)
-
In a proxy configuration, certain response-line strings were not handled correctly. If a response-line without a "description" string was received from the origin server, for a non-standard status code, such as the "450" status code, a "500 Internal Server Error" would be returned to the client. This bug has been fixed so that the original response line is returned to the client. (BZ#853128)
Enhancements:
-
The configuration directive "LDAPReferrals" is now supported in addition to the previously introduced "LDAPChaseReferrals". (BZ#727342)
-
The AJP support module for "mod_proxy", "mod_proxy_ajp", now supports the "ProxyErrorOverride" directive. Consequently, it is now possible to configure customized error pages for web applications running on a backend server accessed via AJP. (BZ#767890)
-
The "%posttrans" scriptlet which automatically restarts the httpd service after a package upgrade can now be disabled. If the file /etc/sysconfig/httpd-disable-posttrans exists, the scriptlet will not restart the daemon. (BZ#833042)
-
The output of "httpd -S" now includes configured alias names for each virtual host. (BZ#833043)
-
New certificate variable names are now exposed by "mod_ssl" using the "_DN_userID" suffix, such as "SSL_CLIENT_S_DN_userID", which use the commonly used object identifier (OID) definition of "userID", OID 0.9.2342.19200300.100.1.1. (BZ#840036)
All users of httpd are advised to upgrade to these updated packages, which fix these issues and add these enhancements.
- Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258
- Bugs fixed (http://bugzilla.redhat.com/):
727342 - LDAPChaseReferrals should be LDAPReferrals 752618 - mod_ssl post install script can cause failures 767890 - The mod_proxy_ajp lacks the ErrorOverride 773473 - [RHEL 5.7] Apache HTTP Server cannot start with mod_ssl when FIPS 140-2 mode enabled 783242 - service httpd reload return 0 when it fails 840845 - httpd fails in processing chunked requests with > 31 bytes chunk-size / -extension line 845532 - mod_cache regression in httpd 2.2.3-65: non-cacheable 304 responses serve bad data 850794 - CVE-2012-2687 CVE-2008-0455 httpd: mod_negotiation XSS via untrusted file names in directories with MultiViews enabled 879292 - CVE-2008-0456 httpd: mod_negotiation CRLF injection via untrusted file names in directories with MultiViews enabled
- Package List:
Red Hat Enterprise Linux Desktop (v. 5 client):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/httpd-2.2.3-74.el5.src.rpm
i386: httpd-2.2.3-74.el5.i386.rpm httpd-debuginfo-2.2.3-74.el5.i386.rpm mod_ssl-2.2.3-74.el5.i386.rpm
x86_64: httpd-2.2.3-74.el5.x86_64.rpm httpd-debuginfo-2.2.3-74.el5.x86_64.rpm mod_ssl-2.2.3-74.el5.x86_64.rpm
RHEL Desktop Workstation (v. 5 client):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/httpd-2.2.3-74.el5.src.rpm
i386: httpd-debuginfo-2.2.3-74.el5.i386.rpm httpd-devel-2.2.3-74.el5.i386.rpm httpd-manual-2.2.3-74.el5.i386.rpm
x86_64: httpd-debuginfo-2.2.3-74.el5.i386.rpm httpd-debuginfo-2.2.3-74.el5.x86_64.rpm httpd-devel-2.2.3-74.el5.i386.rpm httpd-devel-2.2.3-74.el5.x86_64.rpm httpd-manual-2.2.3-74.el5.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/httpd-2.2.3-74.el5.src.rpm
i386: httpd-2.2.3-74.el5.i386.rpm httpd-debuginfo-2.2.3-74.el5.i386.rpm httpd-devel-2.2.3-74.el5.i386.rpm httpd-manual-2.2.3-74.el5.i386.rpm mod_ssl-2.2.3-74.el5.i386.rpm
ia64: httpd-2.2.3-74.el5.ia64.rpm httpd-debuginfo-2.2.3-74.el5.ia64.rpm httpd-devel-2.2.3-74.el5.ia64.rpm httpd-manual-2.2.3-74.el5.ia64.rpm mod_ssl-2.2.3-74.el5.ia64.rpm
ppc: httpd-2.2.3-74.el5.ppc.rpm httpd-debuginfo-2.2.3-74.el5.ppc.rpm httpd-debuginfo-2.2.3-74.el5.ppc64.rpm httpd-devel-2.2.3-74.el5.ppc.rpm httpd-devel-2.2.3-74.el5.ppc64.rpm httpd-manual-2.2.3-74.el5.ppc.rpm mod_ssl-2.2.3-74.el5.ppc.rpm
s390x: httpd-2.2.3-74.el5.s390x.rpm httpd-debuginfo-2.2.3-74.el5.s390.rpm httpd-debuginfo-2.2.3-74.el5.s390x.rpm httpd-devel-2.2.3-74.el5.s390.rpm httpd-devel-2.2.3-74.el5.s390x.rpm httpd-manual-2.2.3-74.el5.s390x.rpm mod_ssl-2.2.3-74.el5.s390x.rpm
x86_64: httpd-2.2.3-74.el5.x86_64.rpm httpd-debuginfo-2.2.3-74.el5.i386.rpm httpd-debuginfo-2.2.3-74.el5.x86_64.rpm httpd-devel-2.2.3-74.el5.i386.rpm httpd-devel-2.2.3-74.el5.x86_64.rpm httpd-manual-2.2.3-74.el5.x86_64.rpm mod_ssl-2.2.3-74.el5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2008-0455.html https://www.redhat.com/security/data/cve/CVE-2008-0456.html https://www.redhat.com/security/data/cve/CVE-2012-2687.html https://access.redhat.com/security/updates/classification/#low
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFQ68TMXlSAg2UNWIIRApH8AJ9lf6CJcLnIK7D9siL6M2/OxR1argCeO7mh /xD6DzmFPZw8MhY2CC19xag= =mexo -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2013-09-12-1 OS X Mountain Lion v10.8.5 and Security Update 2013-004
OS X Mountain Lion v10.8.5 and Security Update 2013-004 is now available and addresses the following:
Apache Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4 Impact: Multiple vulnerabilities in Apache Description: Multiple vulnerabilities existed in Apache, the most serious of which may lead to cross-site scripting. These issues were addressed by updating Apache to version 2.2.24. CVE-ID CVE-2012-0883 CVE-2012-2687 CVE-2012-3499 CVE-2012-4558
Bind Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4 Impact: Multiple vulnerabilities in BIND Description: Multiple vulnerabilities existed in BIND, the most serious of which may lead to a denial of service. These issues were addressed by updating BIND to version 9.8.5-P1. CVE-2012-5688 did not affect Mac OS X v10.7 systems. CVE-ID CVE-2012-3817 CVE-2012-4244 CVE-2012-5166 CVE-2012-5688 CVE-2013-2266
Certificate Trust Policy Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4 Impact: Root certificates have been updated Description: Several certificates were added to or removed from the list of system roots. The complete list of recognized system roots may be viewed via the Keychain Access application.
ClamAV Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5 Impact: Multiple vulnerabilities in ClamAV Description: Multiple vulnerabilities exist in ClamAV, the most serious of which may lead to arbitrary code execution. This update addresses the issues by updating ClamAV to version 0.97.8. CVE-ID CVE-2013-2020 CVE-2013-2021
CoreGraphics Available for: OS X Mountain Lion v10.8 to v10.8.4 Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of JBIG2 encoded data in PDF files. This issue was addressed through additional bounds checking. CVE-ID CVE-2013-1025 : Felix Groebert of the Google Security Team
ImageIO Available for: OS X Mountain Lion v10.8 to v10.8.4 Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of JPEG2000 encoded data in PDF files. This issue was addressed through additional bounds checking. CVE-ID CVE-2013-1026 : Felix Groebert of the Google Security Team
Installer Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4 Impact: Packages could be opened after certificate revocation Description: When Installer encountered a revoked certificate, it would present a dialog with an option to continue. The issue was addressed by removing the dialog and refusing any revoked package. CVE-ID CVE-2013-1027
IPSec Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4 Impact: An attacker may intercept data protected with IPSec Hybrid Auth Description: The DNS name of an IPSec Hybrid Auth server was not being matched against the certificate, allowing an attacker with a certificate for any server to impersonate any other. This issue was addressed by properly checking the certificate. CVE-ID CVE-2013-1028 : Alexander Traud of www.traud.de
Kernel Available for: OS X Mountain Lion v10.8 to v10.8.4 Impact: A local network user may cause a denial of service Description: An incorrect check in the IGMP packet parsing code in the kernel allowed a user who could send IGMP packets to the system to cause a kernel panic. The issue was addressed by removing the check. CVE-ID CVE-2013-1029 : Christopher Bohn of PROTECTSTAR INC.
Mobile Device Management Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4 Impact: Passwords may be disclosed to other local users Description: A password was passed on the command-line to mdmclient, which made it visible to other users on the same system. The issue was addressed by communicating the password through a pipe. CVE-ID CVE-2013-1030 : Per Olofsson at the University of Gothenburg
OpenSSL Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4 Impact: Multiple vulnerabilities in OpenSSL Description: Multiple vulnerabilities existed in OpenSSL, the most serious of which may lead to disclosure of user data. These issues were addressed by updating OpenSSL to version 0.9.8y. CVE-ID CVE-2012-2686 CVE-2013-0166 CVE-2013-0169
PHP Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4 Impact: Multiple vulnerabilities in PHP Description: Multiple vulnerabilities existed in PHP, the most serious of which may lead to arbitrary code execution. These issues were addressed by updating PHP to version 5.3.26. CVE-ID CVE-2013-1635 CVE-2013-1643 CVE-2013-1824 CVE-2013-2110
PostgreSQL Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4 Impact: Multiple vulnerabilities in PostgreSQL Description: Multiple vulnerabilities exist in PostgreSQL, the most serious of which may lead to data corruption or privilege escalation. This update addresses the issues by updating PostgreSQL to version 9.0.13. CVE-ID CVE-2013-1899 CVE-2013-1900 CVE-2013-1901 CVE-2013-1902 CVE-2013-1903
Power Management Available for: OS X Mountain Lion v10.8 to v10.8.4 Impact: The screen saver may not start after the specified time period Description: A power assertion lock issue existed. This issue was addressed through improved lock handling. CVE-ID CVE-2013-1031
QuickTime Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of 'idsc' atoms in QuickTime movie files. This issue was addressed through additional bounds checking. CVE-ID CVE-2013-1032 : Jason Kratzer working with iDefense VCP
Screen Lock Available for: OS X Mountain Lion v10.8 to v10.8.4 Impact: A user with screen sharing access may be able to bypass the screen lock when another user is logged in Description: A session management issue existed in the screen lock's handling of screen sharing sessions. This issue was addressed through improved session tracking. CVE-ID CVE-2013-1033 : Jeff Grisso of Atos IT Solutions, Sebastien Stormacq
Note: OS X Mountain Lion v10.8.5 also addresses an issue where certain Unicode strings could cause applications to unexpectedly terminate.
OS X Mountain Lion v10.8.5 and Security Update 2013-004 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/
The Software Update utility will present the update that applies to your system configuration. Only one is needed, either OS X Mountain Lion v10.8.5, or Security Update 2013-004.
For OS X Mountain Lion v10.8.4 The download file is named: OSXUpd10.8.5.dmg Its SHA-1 digest is: a74ab6d9501778437e7afba0bbed47b776a52b11
For OS X Mountain Lion v10.8 and v10.8.3 The download file is named: OSXUpdCombo10.8.5.dmg Its SHA-1 digest is: cb798ac9b97ceb2d8875af040ce4ff06187d61f2
For OS X Lion v10.7.5 The download file is named: SecUpd2013-004.dmg Its SHA-1 digest is: dbc50fce7070f83b93b866a21b8f5c6e65007fa0
For OS X Lion Server v10.7.5 The download file is named: SecUpdSrvr2013-004.dmg Its SHA-1 digest is: 44a77edbd37732b865bc21a9aac443a3cdc47355
For Mac OS X v10.6.8 The download file is named: SecUpd2013-004.dmg Its SHA-1 digest is: d07d5142a2549270f0d2eaddb262b41bb5c16b61
For Mac OS X Server v10.6.8 The download file is named: SecUpdSrvr2013-004.dmg Its SHA-1 digest is: 8f9abe93f7f9427cf86b89bd67df948a85537dbc
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJSMiPGAAoJEPefwLHPlZEw9qMP/17D4Q8velZ3H4AumPzHqqB4 QxPcuv8PXzhi55epUm2bzNfXR9A5L9KvzEsmggqxO2/ESO0zfeKgAmXXjCI3z5Qc +WkHgqowjwXU9cbjyDkhwb/ylXml+vCSIv2m9eXXNRTRi0rm9ZLSI/JMSRfLMojQ bZbzQSoSpuGaOeOOWESKCf9zBXFG6DBGo0wg3z8Bkywjtp/7bfddPAFHxIdhjDDN 1IgmhPRnP6NEdNSfR6RwF94M+hyiJ2I2DIDZTIo+6B4Ne90bEYdBiQmSxwKFAyc3 H9VFfB8XmrtA2k4DhE6Ow2jD/Y//QKz6TbyZNSQawXxuPsj43v6/T6BsWdfddGbQ hDGU85e7z7a4gmIPuS3DjMhSEyAixL/B3vKYBaZltH6JBCcPuLvGrU7nAiJa7KGQ 8MToOyv42TSj95drFzysk5fcO0MIUH5xiGlaU+ScEdBSpIpHDfpjeJYPqxHeGFaa V2xCGw1vMYbMoxNzRL0FPPdUxJkyBHvuzZXh6c6fATuQIPCtwejpPrYEo7x7RRpl ytsVLe3V27j7IfWb62nI+mNVfH5m+YgK4SGK5DSq8Nm1Lk0w4HXmTtrhOCogsJ2I yoqeg/XakiSdxZxhSa9/ZZsMB+D1B8siNzCj0+U0k4zYjxEA0GdSu/dYRVT62oIn vBrJ5gm+nnyRe2TUMAwz =h9hc -----END PGP SIGNATURE----- . Relevant releases/architectures:
JBoss Enterprise Application Platform 6 for RHEL 6 Server - i386, noarch, x86_64
- Description:
JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7.
This release serves as a replacement for JBoss Enterprise Application Platform 6.0.0, and includes bug fixes and enhancements. Refer to the 6.0.1 Release Notes for information on the most significant of these changes, available shortly from https://access.redhat.com/knowledge/docs/
This update removes unused signed JARs; unused SHA1 checksums from JAR MANIFEST.MF files to reduce the Server memory footprint; adds MANIFEST.MF to JAR files where it was previously missing; and removes redundant Javadoc files from the main packages. (BZ#830291)
Security fixes:
Apache CXF checked to ensure XML elements were signed or encrypted by a Supporting Token, but not whether the correct token was used. A remote attacker could transmit confidential information without the appropriate security, and potentially circumvent access controls on web services exposed via Apache CXF. (CVE-2012-2379)
When using role-based authorization to configure EJB access, JACC permissions should be used to determine access; however, due to a flaw the configured authorization modules (JACC, XACML, etc.) were not called, and the JACC permissions were not used to determine access to an EJB. (CVE-2012-4550)
A flaw in the way Apache CXF enforced child policies of WS-SecurityPolicy 1.1 on the client side could, in certain cases, lead to a client failing to sign or encrypt certain elements as directed by the security policy, leading to information disclosure and insecure information transmission. (CVE-2012-2378)
A flaw was found in the way IronJacamar authenticated credentials and returned a valid datasource connection when configured to "allow-multiple-users". A remote attacker, provided the correct subject, could obtain a datasource connection that might belong to a privileged user. (CVE-2012-3428)
It was found that Apache CXF was vulnerable to SOAPAction spoofing attacks under certain conditions. Note that WS-Policy validation is performed against the operation being invoked, and an attack must pass validation to be successful. (CVE-2012-3451)
When there are no allowed roles for an EJB method invocation, the invocation should be denied for all users. It was found that the processInvocation() method in org.jboss.as.ejb3.security.AuthorizationInterceptor incorrectly authorizes all method invocations to proceed when the list of allowed roles is empty. (CVE-2012-4549)
It was found that in Mojarra, the FacesContext that is made available during application startup is held in a ThreadLocal. The reference is not properly cleaned up in all cases. As a result, if a JavaServer Faces (JSF) WAR calls FacesContext.getCurrentInstance() during application startup, another WAR can get access to the leftover context and thus get access to the other WAR's resources. A local attacker could use this flaw to access another WAR's resources using a crafted, deployed application. (CVE-2008-0455, CVE-2012-2687)
Red Hat would like to thank the Apache CXF project for reporting CVE-2012-2379, CVE-2012-2378, and CVE-2012-3451.
Warning: Before applying this update, back up your existing JBoss Enterprise Application Platform installation and deployed applications. Refer to the Solution section for further details. The JBoss server process must be restarted for the update to take effect. Also, back up any customized JBoss Enterprise Application Platform 6 configuration files. On update, the configuration files that have been locally modified will not be updated. The updated version of such files will be stored as the rpmnew files. Make sure to locate any such files after the update and merge any changes manually. Bugs fixed (http://bugzilla.redhat.com/):
826533 - CVE-2012-2378 jbossws-cxf, apache-cxf: Certain child policies of WS-SecurityPolicy 1.1 SupportingToken policy not applied on the client side 826534 - CVE-2012-2379 jbossws-cxf, apache-cxf: Apache CXF does not verify that elements were signed / encrypted by a particular Supporting Token 829560 - CVE-2012-2672 Mojarra: deployed web applications can read FacesContext from other applications under certain conditions 843358 - CVE-2012-3428 JBoss: Datasource connection manager returns valid connection for wrong credentials when using security-domains 850794 - CVE-2012-2687 CVE-2008-0455 httpd: mod_negotiation XSS via untrusted file names in directories with MultiViews enabled 851896 - CVE-2012-3451 jbossws-cxf, apache-cxf: SOAPAction spoofing on document literal web services 870868 - CVE-2012-4549 JBoss AS: EJB authorization succeeds for any role when allowed roles list is empty 870871 - CVE-2012-4550 JBoss JACC: Security constraints configured for EJBs are incorrectly interpreted and not applied
6
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201208-0141", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ucosminexus application server enterprise 06-70-/b", "scope": null, "trust": 2.1, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard 06-70-/c", "scope": null, "trust": 2.1, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise 06-70-/c", "scope": null, "trust": 2.1, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard 06-70-/b", "scope": null, "trust": 2.1, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise 06-70-/a", "scope": null, "trust": 1.8, "vendor": "hitachi", "version": null }, { "model": "web server", "scope": "eq", "trust": 1.8, "vendor": "hitachi", "version": "02-03" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 1.8, "vendor": "hitachi", "version": "08-00-01" }, { "model": "ucosminexus application server standard 06-70-/a", "scope": null, "trust": 1.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise 06-70-/f", "scope": null, "trust": 1.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 1.8, "vendor": "hitachi", "version": "08-00-01" }, { "model": "ucosminexus application server standard 06-70-/f", "scope": null, "trust": 1.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 1.8, "vendor": "hitachi", "version": "07-10" }, { "model": "http server", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.2.13" }, { "model": "http server", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.2.11" }, { "model": "http server", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.2.14" }, { "model": "http server", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.2.8" }, { "model": "http server", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.2.20" }, { "model": "http server", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.2.18" }, { "model": "http server", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.2.4" }, { "model": "http server", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.2.9" }, { "model": "http server", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.2.10" }, { "model": "http server", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.2.3" }, { "model": "ucosminexus application server enterprise 06-70-/e", "scope": null, "trust": 1.5, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard 06-70-/e", "scope": null, "trust": 1.5, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 1.5, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus application server standard 06-70-/d", "scope": null, "trust": 1.5, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard 06-70-/g", "scope": null, "trust": 1.5, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 1.5, "vendor": "hitachi", "version": "06-70" }, { "model": "web server 02-04-/a", "scope": null, "trust": 1.5, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 1.5, "vendor": "hitachi", "version": "06-70" }, { "model": "ucosminexus application server enterprise 06-70-/d", "scope": null, "trust": 1.5, "vendor": "hitachi", "version": null }, { "model": "web server", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "02-01" }, { "model": "cosminexus application server 05-05-/g", "scope": null, "trust": 1.2, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "07-00-06" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "07-60" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "07-00-12" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "07-00" }, { "model": "cosminexus application server 05-05-/a", "scope": null, "trust": 1.2, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server 05-05-/c", "scope": null, "trust": 1.2, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server 05-05-/i", "scope": null, "trust": 1.2, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server 05-05-/d", "scope": null, "trust": 1.2, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "05-05" }, { "model": "cosminexus application server 05-05-/h", "scope": null, "trust": 1.2, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "07-60" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "07-00" }, { "model": "web server", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "02-02" }, { "model": "ucosminexus application server enterprise 06-70-/g", "scope": null, "trust": 1.2, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server 05-05-/f", "scope": null, "trust": 1.2, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "07-00-06" }, { "model": "cosminexus application server 05-05-/b", "scope": null, "trust": 1.2, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server 05-05-/e", "scope": null, "trust": 1.2, "vendor": "hitachi", "version": null }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.6" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.1" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.15" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.12" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.22" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.4.1" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.0" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.4.0" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.4.2" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.23" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.17" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.21" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.19" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.2" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.16" }, { "model": "web server 01-02-/b", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-50" }, { "model": "ucosminexus application server enterprise 06-71-/b", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-10-01" }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "06-70" }, { "model": "web server 01-02-/a", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00-01" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00-01" }, { "model": "ucosminexus application server light", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus application server standard )", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "06-70" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-50-01" }, { "model": "ucosminexus application server express", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-50" }, { "model": "ucosminexus application server express", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-10-06" }, { "model": "cosminexus application server 05-05-/m", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise 06-71-/c", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "05-00" }, { "model": "web server 01-02-/c", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00-03" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-50-01" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "express" }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 5" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional for plug-in" }, { "model": "web server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "none" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- messaging" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "-r" }, { "model": "web server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- security enhancement" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "foundation v8.2 to v8.5" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "light" }, { "model": "interstage application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6.8" }, { "model": "cosminexus application server version 5", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "interstage web server express", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage apworks", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "ucosminexus developer standard", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "csview", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "/web questionnaire all versions" }, { "model": "http server", "scope": "eq", "trust": 0.8, "vendor": "apache", "version": "2.4.3" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "01" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "express v8.2 to v8.5" }, { "model": "ucosminexus application server smart edition", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "interstage application framework suite", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "webotx enterprise service bus", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v8.2 to v8.5" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.7.5" }, { "model": "ucosminexus developer light", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "none" }, { "model": "systemwalker resource coordinator", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "st ard v8.2 to v8.5" }, { "model": "cosminexus developer version 5", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "http server", "scope": "lt", "trust": 0.8, "vendor": "apache", "version": "2.4.x" }, { "model": "csview", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "/faq navigator all versions" }, { "model": "cosminexus developer light version 6", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "base" }, { "model": "interstage web server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "none" }, { "model": "cosminexus client", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 6" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "enterprise v8.2 to v8.5" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "smart" }, { "model": "cosminexus http server", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "base" }, { "model": "interstage studio", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage business application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "ucosminexus service architect", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "webotx portal", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v8.2 to v8.4" }, { "model": "ucosminexus application server enterprise", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.8 to v10.8.4" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6.8" }, { "model": "cosminexus application server standard", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 6" }, { "model": "cosminexus application server enterprise", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 6" }, { "model": "cosminexus developer standard version 6", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer professional version 6", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "none" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "none" }, { "model": "http server", "scope": null, "trust": 0.8, "vendor": "oracle", "version": null }, { "model": "interstage job workload server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.7.5" }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-50" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-00-02" }, { "model": "ucosminexus application server enterprise 06-71-/d", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard 06-71-/b", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server 05-05-/j", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard 06-71-/d", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-60" }, { "model": "ucosminexus application server standard )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-10-01" }, { "model": "ucosminexus application server express )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-50" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "02-00" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-00-01" }, { "model": "web server linux", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "04-00" }, { "model": "cosminexus application server 05-00-/i", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server 06-71-/d", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise 06-70-/b )", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard 06-71-/h", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-10" }, { "model": "cosminexus application server 05-05-/o", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-03-02" }, { "model": "ucosminexus application server standard 06-72-/b", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard 06-70-/h", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-00-10" }, { "model": "cosminexus application server 05-00-/c", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-03-02" }, { "model": "ucosminexus application server enterprise 06-70-/n", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "web server linux", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "03-00" }, { "model": "ucosminexus application server standard )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-53" }, { "model": "web server 02-04-/b", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-71" }, { "model": "ucosminexus application server standard )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-50" }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-00" }, { "model": "cosminexus application server 05-05-/k", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server 06-70-/c", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise 06-71-/g", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-60" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-10-08" }, { "model": "cosminexus application server 05-00-/a", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-00-02" }, { "model": "ucosminexus application server standard 06-71-/g", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise 06-71-/a", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server express )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus application server enterprise 06-71-/h", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard 06-71-/c", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard 06-71-/a", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-10" }, { "model": "cosminexus application server 05-05-/l", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server 05-00-/b", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-53" }, { "model": "ucosminexus application server standard )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-00-09" }, { "model": "ucosminexus application server 06-70-/d", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-71" }, { "model": "web server", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "02-04" }, { "model": "web server", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "01-02" }, { "model": "ucosminexus application server standard 06-72-/d", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-00-09" }, { "model": "web server hp-ux", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "03-00" }, { "model": "ucosminexus application server standard 06-70-/n", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise 06-72-/b )", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "interstage studio enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0.2" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-02" }, { "model": "cosminexus application server 05-00-/m", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "interstage apworks modelers-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "ucosminexus application server standard )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0.1" }, { "model": "ucosminexus application server standard version", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6" }, { "model": "cosminexus application server 05-02-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server 05-02-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "ucosminexus application server enterprise 06-72-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "interstage studio standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "web server hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "04-00" }, { "model": "hp-ux web server suite", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.10" }, { "model": "ucosminexus application server express (solaris", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-20(x6)" }, { "model": "web server aix", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "04-00" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.10" }, { "model": "ucosminexus application server enterprise 06-72-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise 06-70-/o", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0.1" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20-02" }, { "model": "web server windows", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "04-10" }, { "model": "hp-ux web server suite", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.32" }, { "model": "ucosminexus application server enterprise version", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6" }, { "model": "ucosminexus application server enterprise 06-70-/a linux )", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.8.1" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "cosminexus application server version", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "505-05" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.2.0" }, { "model": "ucosminexus application server standard (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus application server express", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-70" }, { "model": "hp-ux web server suite", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.15" }, { "model": "web server", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "03-00-01" }, { "model": "ucosminexus application server enterprise 06-70-/h", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.1" }, { "model": "ucosminexus application server light )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-50" }, { "model": "web server solaris", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "04-00-01" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-72(*1)" }, { "model": "interstage studio enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "10.0" }, { "model": "ucosminexus application server enterprise 06-70-/l", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server 05-01-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise 06-71-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server 06-70-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.10" }, { "model": "http server roll up", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.0.2.22" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-03-03" }, { "model": "interstage apworks modelers-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "cosminexus application server 05-00-/r", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-02" }, { "model": "web server windows", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "03-10" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.10" }, { "model": "ucosminexus application server standard 06-70-/l", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-72" }, { "model": "cosminexus application server 05-01-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0.1" }, { "model": "cosminexus application server 05-02-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-02" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20" }, { "model": "cosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-50" }, { "model": "cosminexus application server 05-01-/k", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "solaris", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1" }, { "model": "ucosminexus application server enterprise 06-70-/m", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "02-00" }, { "model": "ucosminexus application server enterprise 06-70-/p", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard 06-70-/q", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server 05-02-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server version 05-00-/q", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "5" }, { "model": "ucosminexus application server standard 06-71-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server 05-02-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.0.2.0" }, { "model": "cosminexus application server version 05-05-/l", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "5" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-03" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "cosminexus application server version 05-05-/k", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "5" }, { "model": "ucosminexus application server light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "ucosminexus application server standard 06-70-/o", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "freeflow print server 73.c0.41", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1.1.6.0" }, { "model": "cosminexus application server 05-01-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard 06-72-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0" }, { "model": "ucosminexus application server standard 06-70-/k", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "11.1.0" }, { "model": "interstage studio standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.2" }, { "model": "web server hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "03-00-05" }, { "model": "os/400 v6r1m0", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1.1.4" }, { "model": "ucosminexus application server 06-70-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server version", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "505-00" }, { "model": "ucosminexus application server enterprise 06-72-/g )", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "interstage studio standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "11.0.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.2" }, { "model": "ucosminexus client 06-70-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "web server", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "03-00-02" }, { "model": "enterprise linux desktop client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-12" }, { "model": "ucosminexus application server )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "web server )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "02-03" }, { "model": "ucosminexus application server express )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-02" }, { "model": "linux lts sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-10" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-70" }, { "model": "interstage application server standard edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "mac os", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.8.5" }, { "model": "hp-ux web server suite", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.13" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1.1.3" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-50" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1.0.6" }, { "model": "interstage application server standard-j edition 9.1.0b", "scope": null, "trust": 0.3, "vendor": "fujitsu", "version": null }, { "model": "ucosminexus application server light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "freeflow print server 73.b3.61", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "ucosminexus application server light )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20-02" }, { "model": "ucosminexus client 06-71-/h", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise hp-ux )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "web server 02-04-/a (windows(ip", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-20" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.0.1" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.7" }, { "model": "cosminexus application server 05-01-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server plus developer", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-71" }, { "model": "solaris", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11" }, { "model": "ucosminexus application server enterprise hp-ux )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.0.2" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.2" }, { "model": "web server windows", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "04-00-05" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.1" }, { "model": "web server hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "03-10" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.1.7" }, { "model": "ucosminexus application server 06-70-/d (windows", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "11.0.0" }, { "model": "interstage studio enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.1" }, { "model": "ucosminexus application server enterpris", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-09" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "hp-ux web server suite", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.33" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10.1.3.5" }, { "model": "web server hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "03-10-09" }, { "model": "enterprise server x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-20" }, { "model": "interstage application server enterprise edition l10a", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "cosminexus application server 05-00-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "apache", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": "2.4.3" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.8.2" }, { "model": "ucosminexus application server standard 06-70-/b )", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus client 06-70-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server 05-00-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "interstage studio standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "ucosminexus application server enterprise 06-71-/j", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server 05-01-/h", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10-01" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0.1" }, { "model": "enterprise linux hpc node optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20" }, { "model": "hp-ux b.11.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus application server enterprise 06-72-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "interstage application server enterprise edition l11", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "ucosminexus service platform hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "web server hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "04-00-04" }, { "model": "freeflow print server 73.c5.11", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "cosminexus application server 05-00-/p", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20-01" }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-01" }, { "model": "hp-ux web server suite", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.17" }, { "model": "interstage application server plus developer", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5" }, { "model": "cosminexus application server 05-00-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "hp-ux web server suite", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.22" }, { "model": "web server windows", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "03-00" }, { "model": "ucosminexus application server enterprise 06-71-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0.1" }, { "model": "enterprise server", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "ucosminexus application server standard 06-71-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard 06-70-/a (windows(ip", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-03-03" }, { "model": "interstage studio enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "ucosminexus application server enterprise hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10-01" }, { "model": "cosminexus client 06-02-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10-06" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0.1" }, { "model": "ucosminexus application server standard 06-71-/j", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-09" }, { "model": "interstage application server plus developer", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.8.4" }, { "model": "ucosminexus application server enterprise 06-70-/g )", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0.1" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.2.8" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-01" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-03" }, { "model": "interstage studio standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "10.0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.4.2" }, { "model": "ucosminexus application server light (windows", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00(x64)" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10.1.3.5.0" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-70" }, { "model": "jboss enterprise application platform", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "cosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-51" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-10" }, { "model": "cosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-00" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.0.2.2" }, { "model": "web server", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "02-05" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6" }, { "model": "cosminexus client 06-51-/k", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.0.2.3" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-72" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.0.3.1" }, { "model": "ucosminexus application server enterprise 06-70-/q", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "web server )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "02-04" }, { "model": "linux lts lpia", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "ucosminexus application server 06-71-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server 05-00-/q", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-05" }, { "model": "aura experience portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "ucosminexus application server standard 06-72-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "interstage application server enterprise edition l10", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "web server 01-02-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server express", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-70" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.8" }, { "model": "cosminexus application server 05-01-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.0.2.1" }, { "model": "web server windows", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "03-10-10" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.8.3" }, { "model": "ucosminexus application server standard 06-70-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cosminexus client 06-50-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-80" }, { "model": "cosminexus application server 05-00-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-50" }, { "model": "ucosminexus application server standard 06-70-/p", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server express (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0" }, { "model": "web server windows", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "04-00" }, { "model": "cosminexus application server 05-01-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10-01" }, { "model": "web server windows", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "03-00-060" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.10" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "10.0.0" }, { "model": "ucosminexus application server smart edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "cosminexus application server 05-01-/l", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterpris", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-10" }, { "model": "cosminexus application server 05-01-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "5" }, { "model": "ucosminexus application server standard 06-70-/j", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server 05-01-/j", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-02" }, { "model": "cosminexus application server 05-00-/o", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server 05-00-/h", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server express", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus application server enterprise 06-70-/a (windows(ip", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "hp-ux web server suite", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.18" }, { "model": "ucosminexus primary server base", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "interstage studio standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "11.1.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.8" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-02" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20" }, { "model": "cosminexus application server 05-00-/n", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "linux lts powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.5" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1.1.5" }, { "model": "hp-ux web server suite", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.21" }, { "model": "hp-ux web server suite", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.31" }, { "model": "jboss enterprise application platform", "scope": "ne", "trust": 0.3, "vendor": "redhat", "version": "6.0.1" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10-08" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "aura experience portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "ucosminexus service platform aix", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00(64)" }, { "model": "cosminexus application server 05-05-/n", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20-01" }, { "model": "web server aix", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "03-00" }, { "model": "ucosminexus application server standard 06-72-/g )", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20-01" }, { "model": "interstage application server enterprise edition l10b", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "cosminexus application server 05-00-/j", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus client 06-71-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "web server 02-04-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server 05-01-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "6" }, { "model": "ucosminexus client 06-71-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server 05-05-/p", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "enterprise linux desktop optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "web server solaris", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "03-00" }, { "model": "ucosminexus application server standard-r", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "8" }, { "model": "web server hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "03-00-01" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "ucosminexus service platform windows", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00(x64)" }, { "model": "cosminexus application server 05-00-/k", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus service platform linux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00(x64)" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "solaris", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "10" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-05" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10.1.2.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.5" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-72(*1)" }, { "model": "interstage business application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-09" }, { "model": "hp-ux web server suite", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.12" }, { "model": "interstage studio standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.1" }, { "model": "ucosminexus application server 06-70-/j", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard 06-72-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0.2" }, { "model": "enterprise linux desktop workstation client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "ucosminexus application server enterprise (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10-1" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.2" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.7" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "cosminexus application server 05-00-/l", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server version 05-00-/r", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "5" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0.1" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-10" }, { "model": "ucosminexus application server standard 06-70-/m", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server 05-00-/s", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "hp-ux web server suite", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.14" }, { "model": "cosminexus client 06-00-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "interstage studio standard-j edition b", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.1.0" } ], "sources": [ { "db": "BID", "id": "55131" }, { "db": "JVNDB", "id": "JVNDB-2012-003837" }, { "db": "CNNVD", "id": "CNNVD-201208-378" }, { "db": "NVD", "id": "CVE-2012-2687" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:apache:http_server", "vulnerable": true }, { "cpe22Uri": "cpe:/o:apple:mac_os_x", "vulnerable": true }, { "cpe22Uri": "cpe:/o:apple:mac_os_x_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:oracle:http_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:csview", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:webotx_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:webotx_enterprise_service_bus", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:webotx_portal", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server_enterprise", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server_standard", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server_version_5", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_client", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_developer_light_version_6", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_developer_professional_version_6", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_developer_standard_version_6", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_developer_version_5", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_http_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_primary_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_studio", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:hitachi_web_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server_enterprise", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server_smart_edition", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server_standard", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer_light", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer_standard", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_primary_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_service_architect", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_service_platform", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_framework_suite", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_apworks", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_job_workload_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_studio", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_web_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_web_server_express", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_resource_coordinator", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-003837" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Rainer Jung and Niels Heinen", "sources": [ { "db": "BID", "id": "55131" }, { "db": "CNNVD", "id": "CNNVD-201208-378" } ], "trust": 0.9 }, "cve": "CVE-2012-2687", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "NONE", "exploitabilityScore": 4.9, "id": "CVE-2012-2687", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "LOW", "trust": 1.1, "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "High", "accessVector": "Network", "authentication": "None", "author": "VENDOR", "availabilityImpact": "None", "baseScore": 2.6, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2012-003837", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Low", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2012-2687", "trust": 1.0, "value": "LOW" }, { "author": "VENDOR", "id": "JVNDB-2012-003837", "trust": 0.8, "value": "Low" }, { "author": "CNNVD", "id": "CNNVD-201208-378", "trust": 0.6, "value": "LOW" }, { "author": "VULMON", "id": "CVE-2012-2687", "trust": 0.1, "value": "LOW" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2012-2687" }, { "db": "JVNDB", "id": "JVNDB-2012-003837" }, { "db": "CNNVD", "id": "CNNVD-201208-378" }, { "db": "NVD", "id": "CVE-2012-2687" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list. Apache HTTP Server is prone to an HTML-injection vulnerability and an information disclosure vulnerability. \nAttackers may leverage these issues to obtain potentially sensitive session information, execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, or control how the site is rendered to the user; other attacks are also possible. (CVE-2008-0455, CVE-2012-2687)\n\nIt was discovered that mod_proxy_ajp, when used in configurations with\nmod_proxy in load balancer mode, would mark a back-end server as failed\nwhen request processing timed out, even when a previous AJP (Apache JServ\nProtocol) CPing request was responded to by the back-end. A remote\nattacker able to make a back-end use an excessive amount of time to\nprocess a request could cause mod_proxy to not send requests to back-end\nAJP servers for the retry timeout period or until all back-end servers\nwere marked as failed. \nSpace precludes documenting all of these changes in this advisory. \n _______________________________________________________________________\n\n Problem Description:\n\n Multiple vulnerabilities has been found and corrected in apache\n (ASF HTTPD):\n \n Insecure handling of LD_LIBRARY_PATH was found that could lead to\n the current working directory to be searched for DSOs. This could\n allow a local user to execute code as root if an administrator runs\n apachectl from an untrusted directory (CVE-2012-0883). \n \n Possible XSS for sites which use mod_negotiation and allow untrusted\n uploads to locations which have MultiViews enabled (CVE-2012-2687). \n\n Update:\n\n Packages for Mandriva Linux 2011 is also being provided. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.11 (GNU/Linux)\n\niD8DBQFQaa9/mqjQ0CJFipgRAhruAJ9EC4FWiuzvbIXRyxeJEa6ifXWfngCfdzew\n7eKtlYj6mMOMjJJ0oekKwnQ=\n=t10D\n-----END PGP SIGNATURE-----\n\n\n. ----------------------------------------------------------------------\n\nThe final version of the CSI 6.0 has been released. \nFind out why this is not just another Patch Management solution: http://secunia.com/blog/325/\n\n----------------------------------------------------------------------\n\nTITLE:\nHitachi Multiple Products Apache HTTP Server Cross-Site Scripting\nVulnerabilities\n\nSECUNIA ADVISORY ID:\nSA51458\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/51458/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=51458\n\nRELEASE DATE:\n2012-11-30\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/51458/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/51458/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=51458\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nHitachi has acknowledged some vulnerabilities in multiple Hitachi\nproducts, which can be exploited by malicious people to conduct\ncross-site scripting attacks. \n\nFor more information see vulnerability #2 in:\nSA50363\n\nSee the vendor\u0027s advisory for a list of affected products and\nversions. \n\nSOLUTION:\nAs a workaround the vendor recommends to disable the mod_negotiation\nmodule or remove \"MultiViews\" from the \"Options\" lines in the\nDirectory specifications. \n\nORIGINAL ADVISORY:\nhttp://www.hitachi.co.jp/Prod/comp/soft1/security/info/./vuls/HS12-028/index.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Low: httpd security, bug fix, and enhancement update\nAdvisory ID: RHSA-2013:0130-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2013-0130.html\nIssue date: 2013-01-08\nCVE Names: CVE-2008-0455 CVE-2008-0456 CVE-2012-2687 \n=====================================================================\n\n1. Summary:\n\nUpdated httpd packages that fix multiple security issues, various bugs,\nand add enhancements are now available for Red Hat Enterprise Linux 5. \n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRHEL Desktop Workstation (v. 5 client) - i386, x86_64\nRed Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64\nRed Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64\n\n3. Description:\n\nThe httpd packages contain the Apache HTTP Server (httpd), which is the\nnamesake project of The Apache Software Foundation. \n\nInput sanitization flaws were found in the mod_negotiation module. A remote\nattacker able to upload or create files with arbitrary names in a directory\nthat has the MultiViews options enabled, could use these flaws to conduct\ncross-site scripting and HTTP response splitting attacks against users\nvisiting the site. (CVE-2008-0455, CVE-2008-0456, CVE-2012-2687)\n\nBug fixes:\n\n* Previously, no check was made to see if the\n/etc/pki/tls/private/localhost.key file was a valid key prior to running\nthe \"%post\" script for the \"mod_ssl\" package. Consequently, when\n/etc/pki/tls/certs/localhost.crt did not exist and \"localhost.key\" was\npresent but invalid, upgrading the Apache HTTP Server daemon (httpd) with\nmod_ssl failed. The \"%post\" script has been fixed to test for an existing\nSSL key. As a result, upgrading httpd with mod_ssl now proceeds as\nexpected. (BZ#752618)\n\n* The \"mod_ssl\" module did not support operation under FIPS mode. \nConsequently, when operating Red Hat Enterprise Linux 5 with FIPS mode\nenabled, httpd failed to start. An upstream patch has been applied to\ndisable non-FIPS functionality if operating under FIPS mode and httpd now\nstarts as expected. (BZ#773473)\n\n* Prior to this update, httpd exit status codes were not Linux Standard\nBase (LSB) compliant. When the command \"service httpd reload\" was run and\nhttpd failed, the exit status code returned was \"0\" and not in the range 1\nto 6 as expected. A patch has been applied to the init script and httpd now\nreturns \"1\" as an exit status code. (BZ#783242)\n\n* Chunked Transfer Coding is described in RFC 2616. Previously, the\nApache server did not correctly handle a chunked encoded POST request with\na \"chunk-size\" or \"chunk-extension\" value of 32 bytes or more. \nConsequently, when such a POST request was made the server did not respond. \nAn upstream patch has been applied and the problem no longer occurs. \n(BZ#840845)\n\n* Due to a regression, when mod_cache received a non-cacheable 304\nresponse, the headers were served incorrectly. Consequently, compressed\ndata could be returned to the client without the cached headers to indicate\nthe data was compressed. An upstream patch has been applied to merge\nresponse and cached headers before data from the cache is served to the\nclient. As a result, cached data is now correctly interpreted by the\nclient. (BZ#845532)\n\n* In a proxy configuration, certain response-line strings were not handled\ncorrectly. If a response-line without a \"description\" string was received\nfrom the origin server, for a non-standard status code, such as the \"450\"\nstatus code, a \"500 Internal Server Error\" would be returned to the client. \nThis bug has been fixed so that the original response line is returned to\nthe client. (BZ#853128)\n\nEnhancements:\n\n* The configuration directive \"LDAPReferrals\" is now supported in addition\nto the previously introduced \"LDAPChaseReferrals\". (BZ#727342)\n\n* The AJP support module for \"mod_proxy\", \"mod_proxy_ajp\", now supports the\n\"ProxyErrorOverride\" directive. Consequently, it is now possible to\nconfigure customized error pages for web applications running on a backend\nserver accessed via AJP. (BZ#767890)\n\n* The \"%posttrans\" scriptlet which automatically restarts the httpd service\nafter a package upgrade can now be disabled. If the file\n/etc/sysconfig/httpd-disable-posttrans exists, the scriptlet will not\nrestart the daemon. (BZ#833042)\n\n* The output of \"httpd -S\" now includes configured alias names for each\nvirtual host. (BZ#833043)\n\n* New certificate variable names are now exposed by \"mod_ssl\" using the\n\"_DN_userID\" suffix, such as \"SSL_CLIENT_S_DN_userID\", which use the\ncommonly used object identifier (OID) definition of \"userID\", OID\n0.9.2342.19200300.100.1.1. (BZ#840036)\n\nAll users of httpd are advised to upgrade to these updated packages, which\nfix these issues and add these enhancements. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n727342 - LDAPChaseReferrals should be LDAPReferrals\n752618 - mod_ssl post install script can cause failures\n767890 - The mod_proxy_ajp lacks the ErrorOverride\n773473 - [RHEL 5.7] Apache HTTP Server cannot start with mod_ssl when FIPS 140-2 mode enabled\n783242 - service httpd reload return 0 when it fails\n840845 - httpd fails in processing chunked requests with \u003e 31 bytes chunk-size / -extension line\n845532 - mod_cache regression in httpd 2.2.3-65: non-cacheable 304 responses serve bad data\n850794 - CVE-2012-2687 CVE-2008-0455 httpd: mod_negotiation XSS via untrusted file names in directories with MultiViews enabled\n879292 - CVE-2008-0456 httpd: mod_negotiation CRLF injection via untrusted file names in directories with MultiViews enabled\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 5 client):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/httpd-2.2.3-74.el5.src.rpm\n\ni386:\nhttpd-2.2.3-74.el5.i386.rpm\nhttpd-debuginfo-2.2.3-74.el5.i386.rpm\nmod_ssl-2.2.3-74.el5.i386.rpm\n\nx86_64:\nhttpd-2.2.3-74.el5.x86_64.rpm\nhttpd-debuginfo-2.2.3-74.el5.x86_64.rpm\nmod_ssl-2.2.3-74.el5.x86_64.rpm\n\nRHEL Desktop Workstation (v. 5 client):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/httpd-2.2.3-74.el5.src.rpm\n\ni386:\nhttpd-debuginfo-2.2.3-74.el5.i386.rpm\nhttpd-devel-2.2.3-74.el5.i386.rpm\nhttpd-manual-2.2.3-74.el5.i386.rpm\n\nx86_64:\nhttpd-debuginfo-2.2.3-74.el5.i386.rpm\nhttpd-debuginfo-2.2.3-74.el5.x86_64.rpm\nhttpd-devel-2.2.3-74.el5.i386.rpm\nhttpd-devel-2.2.3-74.el5.x86_64.rpm\nhttpd-manual-2.2.3-74.el5.x86_64.rpm\n\nRed Hat Enterprise Linux (v. 5 server):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/httpd-2.2.3-74.el5.src.rpm\n\ni386:\nhttpd-2.2.3-74.el5.i386.rpm\nhttpd-debuginfo-2.2.3-74.el5.i386.rpm\nhttpd-devel-2.2.3-74.el5.i386.rpm\nhttpd-manual-2.2.3-74.el5.i386.rpm\nmod_ssl-2.2.3-74.el5.i386.rpm\n\nia64:\nhttpd-2.2.3-74.el5.ia64.rpm\nhttpd-debuginfo-2.2.3-74.el5.ia64.rpm\nhttpd-devel-2.2.3-74.el5.ia64.rpm\nhttpd-manual-2.2.3-74.el5.ia64.rpm\nmod_ssl-2.2.3-74.el5.ia64.rpm\n\nppc:\nhttpd-2.2.3-74.el5.ppc.rpm\nhttpd-debuginfo-2.2.3-74.el5.ppc.rpm\nhttpd-debuginfo-2.2.3-74.el5.ppc64.rpm\nhttpd-devel-2.2.3-74.el5.ppc.rpm\nhttpd-devel-2.2.3-74.el5.ppc64.rpm\nhttpd-manual-2.2.3-74.el5.ppc.rpm\nmod_ssl-2.2.3-74.el5.ppc.rpm\n\ns390x:\nhttpd-2.2.3-74.el5.s390x.rpm\nhttpd-debuginfo-2.2.3-74.el5.s390.rpm\nhttpd-debuginfo-2.2.3-74.el5.s390x.rpm\nhttpd-devel-2.2.3-74.el5.s390.rpm\nhttpd-devel-2.2.3-74.el5.s390x.rpm\nhttpd-manual-2.2.3-74.el5.s390x.rpm\nmod_ssl-2.2.3-74.el5.s390x.rpm\n\nx86_64:\nhttpd-2.2.3-74.el5.x86_64.rpm\nhttpd-debuginfo-2.2.3-74.el5.i386.rpm\nhttpd-debuginfo-2.2.3-74.el5.x86_64.rpm\nhttpd-devel-2.2.3-74.el5.i386.rpm\nhttpd-devel-2.2.3-74.el5.x86_64.rpm\nhttpd-manual-2.2.3-74.el5.x86_64.rpm\nmod_ssl-2.2.3-74.el5.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2008-0455.html\nhttps://www.redhat.com/security/data/cve/CVE-2008-0456.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-2687.html\nhttps://access.redhat.com/security/updates/classification/#low\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2013 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFQ68TMXlSAg2UNWIIRApH8AJ9lf6CJcLnIK7D9siL6M2/OxR1argCeO7mh\n/xD6DzmFPZw8MhY2CC19xag=\n=mexo\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2013-09-12-1 OS X Mountain Lion v10.8.5 and Security Update\n2013-004\n\nOS X Mountain Lion v10.8.5 and Security Update 2013-004 is now\navailable and addresses the following:\n\nApache\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8 to v10.8.4\nImpact: Multiple vulnerabilities in Apache\nDescription: Multiple vulnerabilities existed in Apache, the most\nserious of which may lead to cross-site scripting. These issues were\naddressed by updating Apache to version 2.2.24. \nCVE-ID\nCVE-2012-0883\nCVE-2012-2687\nCVE-2012-3499\nCVE-2012-4558\n\nBind\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8 to v10.8.4\nImpact: Multiple vulnerabilities in BIND\nDescription: Multiple vulnerabilities existed in BIND, the most\nserious of which may lead to a denial of service. These issues were\naddressed by updating BIND to version 9.8.5-P1. CVE-2012-5688 did not\naffect Mac OS X v10.7 systems. \nCVE-ID\nCVE-2012-3817\nCVE-2012-4244\nCVE-2012-5166\nCVE-2012-5688\nCVE-2013-2266\n\nCertificate Trust Policy\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8 to v10.8.4\nImpact: Root certificates have been updated\nDescription: Several certificates were added to or removed from the\nlist of system roots. The complete list of recognized system roots\nmay be viewed via the Keychain Access application. \n\nClamAV\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7.5, OS X Lion Server v10.7.5\nImpact: Multiple vulnerabilities in ClamAV\nDescription: Multiple vulnerabilities exist in ClamAV, the most\nserious of which may lead to arbitrary code execution. This update\naddresses the issues by updating ClamAV to version 0.97.8. \nCVE-ID\nCVE-2013-2020\nCVE-2013-2021\n\nCoreGraphics\nAvailable for: OS X Mountain Lion v10.8 to v10.8.4\nImpact: Viewing a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of JBIG2\nencoded data in PDF files. This issue was addressed through\nadditional bounds checking. \nCVE-ID\nCVE-2013-1025 : Felix Groebert of the Google Security Team\n\nImageIO\nAvailable for: OS X Mountain Lion v10.8 to v10.8.4\nImpact: Viewing a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of JPEG2000\nencoded data in PDF files. This issue was addressed through\nadditional bounds checking. \nCVE-ID\nCVE-2013-1026 : Felix Groebert of the Google Security Team\n\nInstaller\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8 to v10.8.4\nImpact: Packages could be opened after certificate revocation\nDescription: When Installer encountered a revoked certificate, it\nwould present a dialog with an option to continue. The issue was\naddressed by removing the dialog and refusing any revoked package. \nCVE-ID\nCVE-2013-1027\n\nIPSec\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8 to v10.8.4\nImpact: An attacker may intercept data protected with IPSec Hybrid\nAuth\nDescription: The DNS name of an IPSec Hybrid Auth server was not\nbeing matched against the certificate, allowing an attacker with a\ncertificate for any server to impersonate any other. This issue was\naddressed by properly checking the certificate. \nCVE-ID\nCVE-2013-1028 : Alexander Traud of www.traud.de\n\nKernel\nAvailable for: OS X Mountain Lion v10.8 to v10.8.4\nImpact: A local network user may cause a denial of service\nDescription: An incorrect check in the IGMP packet parsing code in\nthe kernel allowed a user who could send IGMP packets to the system\nto cause a kernel panic. The issue was addressed by removing the\ncheck. \nCVE-ID\nCVE-2013-1029 : Christopher Bohn of PROTECTSTAR INC. \n\nMobile Device Management\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8 to v10.8.4\nImpact: Passwords may be disclosed to other local users\nDescription: A password was passed on the command-line to mdmclient,\nwhich made it visible to other users on the same system. The issue\nwas addressed by communicating the password through a pipe. \nCVE-ID\nCVE-2013-1030 : Per Olofsson at the University of Gothenburg\n\nOpenSSL\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8 to v10.8.4\nImpact: Multiple vulnerabilities in OpenSSL\nDescription: Multiple vulnerabilities existed in OpenSSL, the most\nserious of which may lead to disclosure of user data. These issues\nwere addressed by updating OpenSSL to version 0.9.8y. \nCVE-ID\nCVE-2012-2686\nCVE-2013-0166\nCVE-2013-0169\n\nPHP\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8 to v10.8.4\nImpact: Multiple vulnerabilities in PHP\nDescription: Multiple vulnerabilities existed in PHP, the most\nserious of which may lead to arbitrary code execution. These issues\nwere addressed by updating PHP to version 5.3.26. \nCVE-ID\nCVE-2013-1635\nCVE-2013-1643\nCVE-2013-1824\nCVE-2013-2110\n\nPostgreSQL\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8 to v10.8.4\nImpact: Multiple vulnerabilities in PostgreSQL\nDescription: Multiple vulnerabilities exist in PostgreSQL, the most\nserious of which may lead to data corruption or privilege escalation. \nThis update addresses the issues by updating PostgreSQL to version\n9.0.13. \nCVE-ID\nCVE-2013-1899\nCVE-2013-1900\nCVE-2013-1901\nCVE-2013-1902\nCVE-2013-1903\n\nPower Management\nAvailable for: OS X Mountain Lion v10.8 to v10.8.4\nImpact: The screen saver may not start after the specified time\nperiod\nDescription: A power assertion lock issue existed. This issue was\naddressed through improved lock handling. \nCVE-ID\nCVE-2013-1031\n\nQuickTime\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8 to v10.8.4\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue existed in the handling of\n\u0027idsc\u0027 atoms in QuickTime movie files. This issue was addressed\nthrough additional bounds checking. \nCVE-ID\nCVE-2013-1032 : Jason Kratzer working with iDefense VCP\n\nScreen Lock\nAvailable for: OS X Mountain Lion v10.8 to v10.8.4\nImpact: A user with screen sharing access may be able to bypass the\nscreen lock when another user is logged in\nDescription: A session management issue existed in the screen lock\u0027s\nhandling of screen sharing sessions. This issue was addressed through\nimproved session tracking. \nCVE-ID\nCVE-2013-1033 : Jeff Grisso of Atos IT Solutions, Sebastien Stormacq\n\nNote: OS X Mountain Lion v10.8.5 also addresses an issue where\ncertain Unicode strings could cause applications to unexpectedly\nterminate. \n\n\nOS X Mountain Lion v10.8.5 and Security Update 2013-004 may be\nobtained from the Software Update pane in System Preferences,\nor Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nThe Software Update utility will present the update that applies\nto your system configuration. Only one is needed, either\nOS X Mountain Lion v10.8.5, or Security Update\n2013-004. \n\nFor OS X Mountain Lion v10.8.4\nThe download file is named: OSXUpd10.8.5.dmg\nIts SHA-1 digest is: a74ab6d9501778437e7afba0bbed47b776a52b11\n\nFor OS X Mountain Lion v10.8 and v10.8.3\nThe download file is named: OSXUpdCombo10.8.5.dmg\nIts SHA-1 digest is: cb798ac9b97ceb2d8875af040ce4ff06187d61f2\n\nFor OS X Lion v10.7.5\nThe download file is named: SecUpd2013-004.dmg\nIts SHA-1 digest is: dbc50fce7070f83b93b866a21b8f5c6e65007fa0\n\nFor OS X Lion Server v10.7.5\nThe download file is named: SecUpdSrvr2013-004.dmg\nIts SHA-1 digest is: 44a77edbd37732b865bc21a9aac443a3cdc47355\n\nFor Mac OS X v10.6.8\nThe download file is named: SecUpd2013-004.dmg\nIts SHA-1 digest is: d07d5142a2549270f0d2eaddb262b41bb5c16b61\n\nFor Mac OS X Server v10.6.8\nThe download file is named: SecUpdSrvr2013-004.dmg\nIts SHA-1 digest is: 8f9abe93f7f9427cf86b89bd67df948a85537dbc\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.17 (Darwin)\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBAgAGBQJSMiPGAAoJEPefwLHPlZEw9qMP/17D4Q8velZ3H4AumPzHqqB4\nQxPcuv8PXzhi55epUm2bzNfXR9A5L9KvzEsmggqxO2/ESO0zfeKgAmXXjCI3z5Qc\n+WkHgqowjwXU9cbjyDkhwb/ylXml+vCSIv2m9eXXNRTRi0rm9ZLSI/JMSRfLMojQ\nbZbzQSoSpuGaOeOOWESKCf9zBXFG6DBGo0wg3z8Bkywjtp/7bfddPAFHxIdhjDDN\n1IgmhPRnP6NEdNSfR6RwF94M+hyiJ2I2DIDZTIo+6B4Ne90bEYdBiQmSxwKFAyc3\nH9VFfB8XmrtA2k4DhE6Ow2jD/Y//QKz6TbyZNSQawXxuPsj43v6/T6BsWdfddGbQ\nhDGU85e7z7a4gmIPuS3DjMhSEyAixL/B3vKYBaZltH6JBCcPuLvGrU7nAiJa7KGQ\n8MToOyv42TSj95drFzysk5fcO0MIUH5xiGlaU+ScEdBSpIpHDfpjeJYPqxHeGFaa\nV2xCGw1vMYbMoxNzRL0FPPdUxJkyBHvuzZXh6c6fATuQIPCtwejpPrYEo7x7RRpl\nytsVLe3V27j7IfWb62nI+mNVfH5m+YgK4SGK5DSq8Nm1Lk0w4HXmTtrhOCogsJ2I\nyoqeg/XakiSdxZxhSa9/ZZsMB+D1B8siNzCj0+U0k4zYjxEA0GdSu/dYRVT62oIn\nvBrJ5gm+nnyRe2TUMAwz\n=h9hc\n-----END PGP SIGNATURE-----\n. Relevant releases/architectures:\n\nJBoss Enterprise Application Platform 6 for RHEL 6 Server - i386, noarch, x86_64\n\n3. Description:\n\nJBoss Enterprise Application Platform 6 is a platform for Java applications\nbased on JBoss Application Server 7. \n\nThis release serves as a replacement for JBoss Enterprise Application\nPlatform 6.0.0, and includes bug fixes and enhancements. Refer to the 6.0.1\nRelease Notes for information on the most significant of these changes,\navailable shortly from https://access.redhat.com/knowledge/docs/\n\nThis update removes unused signed JARs; unused SHA1 checksums from JAR\nMANIFEST.MF files to reduce the Server memory footprint; adds MANIFEST.MF\nto JAR files where it was previously missing; and removes redundant Javadoc\nfiles from the main packages. (BZ#830291)\n\nSecurity fixes:\n\nApache CXF checked to ensure XML elements were signed or encrypted by a\nSupporting Token, but not whether the correct token was used. A remote\nattacker could transmit confidential information without the appropriate\nsecurity, and potentially circumvent access controls on web services\nexposed via Apache CXF. (CVE-2012-2379)\n\nWhen using role-based authorization to configure EJB access, JACC\npermissions should be used to determine access; however, due to a flaw the\nconfigured authorization modules (JACC, XACML, etc.) were not called, and\nthe JACC permissions were not used to determine access to an EJB. \n(CVE-2012-4550)\n\nA flaw in the way Apache CXF enforced child policies of WS-SecurityPolicy\n1.1 on the client side could, in certain cases, lead to a client failing to\nsign or encrypt certain elements as directed by the security policy,\nleading to information disclosure and insecure information transmission. \n(CVE-2012-2378)\n\nA flaw was found in the way IronJacamar authenticated credentials and\nreturned a valid datasource connection when configured to\n\"allow-multiple-users\". A remote attacker, provided the correct subject,\ncould obtain a datasource connection that might belong to a privileged\nuser. (CVE-2012-3428)\n\nIt was found that Apache CXF was vulnerable to SOAPAction spoofing attacks\nunder certain conditions. Note that WS-Policy validation is performed\nagainst the operation being invoked, and an attack must pass validation to\nbe successful. (CVE-2012-3451)\n\nWhen there are no allowed roles for an EJB method invocation, the\ninvocation should be denied for all users. It was found that the\nprocessInvocation() method in\norg.jboss.as.ejb3.security.AuthorizationInterceptor incorrectly authorizes\nall method invocations to proceed when the list of allowed roles is empty. \n(CVE-2012-4549)\n\nIt was found that in Mojarra, the FacesContext that is made available\nduring application startup is held in a ThreadLocal. The reference is not\nproperly cleaned up in all cases. As a result, if a JavaServer Faces (JSF)\nWAR calls FacesContext.getCurrentInstance() during application startup,\nanother WAR can get access to the leftover context and thus get access to\nthe other WAR\u0027s resources. A local attacker could use this flaw to access\nanother WAR\u0027s resources using a crafted, deployed application. (CVE-2008-0455, CVE-2012-2687)\n\nRed Hat would like to thank the Apache CXF project for reporting\nCVE-2012-2379, CVE-2012-2378, and CVE-2012-3451. \n\nWarning: Before applying this update, back up your existing JBoss\nEnterprise Application Platform installation and deployed applications. \nRefer to the Solution section for further details. The\nJBoss server process must be restarted for the update to take effect. Also, back up any customized\nJBoss Enterprise Application Platform 6 configuration files. On update, the\nconfiguration files that have been locally modified will not be updated. \nThe updated version of such files will be stored as the rpmnew files. Make\nsure to locate any such files after the update and merge any changes\nmanually. Bugs fixed (http://bugzilla.redhat.com/):\n\n826533 - CVE-2012-2378 jbossws-cxf, apache-cxf: Certain child policies of WS-SecurityPolicy 1.1 SupportingToken policy not applied on the client side\n826534 - CVE-2012-2379 jbossws-cxf, apache-cxf: Apache CXF does not verify that elements were signed / encrypted by a particular Supporting Token\n829560 - CVE-2012-2672 Mojarra: deployed web applications can read FacesContext from other applications under certain conditions\n843358 - CVE-2012-3428 JBoss: Datasource connection manager returns valid connection for wrong credentials when using security-domains\n850794 - CVE-2012-2687 CVE-2008-0455 httpd: mod_negotiation XSS via untrusted file names in directories with MultiViews enabled\n851896 - CVE-2012-3451 jbossws-cxf, apache-cxf: SOAPAction spoofing on document literal web services\n870868 - CVE-2012-4549 JBoss AS: EJB authorization succeeds for any role when allowed roles list is empty\n870871 - CVE-2012-4550 JBoss JACC: Security constraints configured for EJBs are incorrectly interpreted and not applied\n\n6", "sources": [ { "db": "NVD", "id": "CVE-2012-2687" }, { "db": "JVNDB", "id": "JVNDB-2012-003837" }, { "db": "BID", "id": "55131" }, { "db": "VULMON", "id": "CVE-2012-2687" }, { "db": "PACKETSTORM", "id": "120438" }, { "db": "PACKETSTORM", "id": "117037" }, { "db": "PACKETSTORM", "id": "118513" }, { "db": "PACKETSTORM", "id": "119316" }, { "db": "PACKETSTORM", "id": "116986" }, { "db": "PACKETSTORM", "id": "123228" }, { "db": "PACKETSTORM", "id": "118913" } ], "trust": 2.61 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2012-2687", "trust": 3.4 }, { "db": "BID", "id": "55131", "trust": 2.0 }, { "db": "SECUNIA", "id": "50894", "trust": 1.7 }, { "db": "SECUNIA", "id": "51607", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2012-003837", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201208-378", "trust": 0.6 }, { "db": "HITACHI", "id": "HS12-028", "trust": 0.4 }, { "db": "SECUNIA", "id": "51458", "trust": 0.2 }, { "db": "VULMON", "id": "CVE-2012-2687", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "120438", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "117037", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "118513", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "119316", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "116986", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "123228", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "118913", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2012-2687" }, { "db": "BID", "id": "55131" }, { "db": "JVNDB", "id": "JVNDB-2012-003837" }, { "db": "PACKETSTORM", "id": "120438" }, { "db": "PACKETSTORM", "id": "117037" }, { "db": "PACKETSTORM", "id": "118513" }, { "db": "PACKETSTORM", "id": "119316" }, { "db": "PACKETSTORM", "id": "116986" }, { "db": "PACKETSTORM", "id": "123228" }, { "db": "PACKETSTORM", "id": "118913" }, { "db": "CNNVD", "id": "CNNVD-201208-378" }, { "db": "NVD", "id": "CVE-2012-2687" } ] }, "id": "VAR-201208-0141", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.1915078275 }, "last_update_date": "2024-11-28T21:48:22.836000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Fixed in Apache httpd 2.4.3", "trust": 0.8, "url": "http://httpd.apache.org/security/vulnerabilities_24.html#2.4.3" }, { "title": "APPLE-SA-2013-09-12-1", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html" }, { "title": "HT5880", "trust": 0.8, "url": "http://support.apple.com/kb/HT5880" }, { "title": "HT5880", "trust": 0.8, "url": "http://support.apple.com/kb/HT5880?viewlocale=ja_JP" }, { "title": "Apache 2.4.3", "trust": 0.8, "url": "http://www.apache.org/dist/httpd/CHANGES_2.4.3" }, { "title": "HS12-028", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-028/index.html" }, { "title": "SE53614", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas2a2b50a0ca011b37c86257a96003c9a4f" }, { "title": "Apache HTTP Server 2.4.3 Released", "trust": 0.8, "url": "http://mail-archives.apache.org/mod_mbox/www-announce/201208.mbox/%3C0BFFEA9B-801B-4BAA-9534-56F640268E30@apache.org%3E" }, { "title": "NV14-007", "trust": 0.8, "url": "http://jpn.nec.com/security-info/secinfo/nv14-007.html" }, { "title": "openSUSE-SU-2013:0243", "trust": 0.8, "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html" }, { "title": "openSUSE-SU-2013:0245", "trust": 0.8, "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00011.html" }, { "title": "openSUSE-SU-2013:0248", "trust": 0.8, "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00012.html" }, { "title": "Oracle Critical Patch Update Advisory - July 2013", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html" }, { "title": "Text Form of Oracle Critical Patch Update - July 2013 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013verbose-1899830.html" }, { "title": "RHSA-2013:0130", "trust": 0.8, "url": "http://rhn.redhat.com/errata/RHSA-2013-0130.html" }, { "title": "RHSA-2012:1594", "trust": 0.8, "url": "http://rhn.redhat.com/errata/RHSA-2012-1594.html" }, { "title": "RHSA-2012:1592", "trust": 0.8, "url": "http://rhn.redhat.com/errata/RHSA-2012-1592.html" }, { "title": "RHSA-2012:1591", "trust": 0.8, "url": "http://rhn.redhat.com/errata/RHSA-2012-1591.html" }, { "title": "July 2013 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/july_2013_critical_patch_update" }, { "title": "Multiple vulnerabilities in Apache HTTP server (Jan 29, 2013)", "trust": 0.8, "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_apache_http2" }, { "title": "Multiple vulnerabilities in Apache HTTP Server (Jul 16, 2013)", "trust": 0.8, "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_apache_http3" }, { "title": "USN-1627-1", "trust": 0.8, "url": "http://www.ubuntu.com/usn/USN-1627-1/" }, { "title": "XRX13-003", "trust": 0.8, "url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf" }, { "title": "HS12-028", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-028/index.html" }, { "title": "Interstage HTTP Server (CVE-2011-3607/ CVE-2012-3499/ CVE-2012-2687/ CVE-2013-1862)", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_201303.html" }, { "title": "httpd-2.4.3", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=44210" }, { "title": "httpd-2.4.3", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=44209" }, { "title": "Red Hat: Low: httpd security, bug fix, and enhancement update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20130130 - Security Advisory" }, { "title": "Red Hat: Low: httpd security, bug fix, and enhancement update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20130512 - Security Advisory" }, { "title": "Ubuntu Security Notice: apache2 vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1627-1" }, { "title": "Red Hat: Important: JBoss Enterprise Application Platform 6.0.1 update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20121591 - Security Advisory" }, { "title": "Red Hat: Important: JBoss Enterprise Application Platform 6.0.1 update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20121592 - Security Advisory" }, { "title": "Red Hat: Important: JBoss Enterprise Application Platform 6.0.1 update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20121594 - Security Advisory" }, { "title": "Pentest-Cheetsheet", "trust": 0.1, "url": "https://github.com/MrFrozenPepe/Pentest-Cheetsheet " }, { "title": "ReconScan", "trust": 0.1, "url": "https://github.com/RoliSoft/ReconScan " }, { "title": "ReconScan", "trust": 0.1, "url": "https://github.com/GiJ03/ReconScan " }, { "title": "test", "trust": 0.1, "url": "https://github.com/issdp/test " }, { "title": "ReconScan", "trust": 0.1, "url": "https://github.com/kira1111/ReconScan " }, { "title": "DC-1-Vulnhub-Walkthrough", "trust": 0.1, "url": "https://github.com/vshaliii/DC-1-Vulnhub-Walkthrough " }, { "title": "", "trust": 0.1, "url": "https://github.com/SecureAxom/strike " } ], "sources": [ { "db": "VULMON", "id": "CVE-2012-2687" }, { "db": "JVNDB", "id": "JVNDB-2012-003837" }, { "db": "CNNVD", "id": "CNNVD-201208-378" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-79", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-003837" }, { "db": "NVD", "id": "CVE-2012-2687" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.1, "url": "http://rhn.redhat.com/errata/rhsa-2012-1592.html" }, { "trust": 2.0, "url": "http://rhn.redhat.com/errata/rhsa-2012-1591.html" }, { "trust": 2.0, "url": "http://rhn.redhat.com/errata/rhsa-2012-1594.html" }, { "trust": 2.0, "url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_xrx13-003_v1.0.pdf" }, { "trust": 2.0, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas2a2b50a0ca011b37c86257a96003c9a4f" }, { "trust": 2.0, "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html" }, { "trust": 2.0, "url": "http://support.apple.com/kb/ht5880" }, { "trust": 2.0, "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-201303e.html" }, { "trust": 1.8, "url": "http://rhn.redhat.com/errata/rhsa-2013-0130.html" }, { "trust": 1.7, "url": "http://www.ubuntu.com/usn/usn-1627-1" }, { "trust": 1.7, "url": "http://secunia.com/advisories/51607" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00011.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00012.html" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/55131" }, { "trust": 1.7, "url": "http://secunia.com/advisories/50894" }, { "trust": 1.7, "url": "http://lists.apple.com/archives/security-announce/2013/sep/msg00002.html" }, { "trust": 1.7, "url": "http://marc.info/?l=bugtraq\u0026m=136612293908376\u0026w=2" }, { "trust": 1.7, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a19539" }, { "trust": 1.7, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a18832" }, { "trust": 1.4, "url": "http://www.apache.org/dist/httpd/changes_2.4.3" }, { "trust": 1.1, "url": "http://httpd.apache.org/security/vulnerabilities_24.html" }, { "trust": 1.0, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2687" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "http://mail-archives.apache.org/mod_mbox/www-announce/201208.mbox/%3c0bffea9b-801b-4baa-9534-56f640268e30%40apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3ccvs.httpd.apache.org%3e" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-2687" }, { "trust": 0.7, "url": "http://mail-archives.apache.org/mod_mbox/www-announce/201208.mbox/%3c0bffea9b-801b-4baa-9534-56f640268e30@apache.org%3e" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2687" }, { "trust": 0.6, "url": "httpd.apache.org%3e" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3ccvs." }, { "trust": 0.6, "url": "httpd.apache.org/security/vulnerabilities_24.html" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3ccvs." }, { "trust": 0.6, "url": "httpd/changes_2.4.3" }, { "trust": 0.6, "url": "http://www.apache.org/dist/" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729@%3ccvs." }, { "trust": 0.3, "url": "http://www.apache.org/dist/httpd/announcement2.2.html" }, { "trust": 0.3, "url": "http://www.apache.org/dist/httpd/announcement2.4.html" }, { "trust": 0.3, "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c03734195-1" }, { "trust": 0.3, "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_apache_http2" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100170251" }, { "trust": 0.3, "url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs12-028/index.html" }, { "trust": 0.3, "url": "http://alerts.hp.com/r?2.1.3kt.2zr.xg7ek.jlu35g..t.ciuo.7ywm.bw89mq%5f%5fcefsfqc0" }, { "trust": 0.3, "url": "http://www.xerox.com/download/security/security-bulletin/1683f-4d960e4b16bb2/cert_xrx13-004_v1.01.pdf" }, { "trust": 0.3, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/key/#package" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2008-0455.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2012-2687.html" }, { "trust": 0.3, "url": "http://bugzilla.redhat.com/):" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0455" }, { "trust": 0.3, "url": "https://access.redhat.com/knowledge/articles/11258" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0883" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#low" }, { "trust": 0.2, "url": "http://www.mandriva.com/security/" }, { "trust": 0.2, "url": "http://httpd.apache.org/security/vulnerabilities_22.html" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0883" }, { "trust": 0.2, "url": "http://www.apache.org/dist/httpd/changes_2.2.23" }, { "trust": 0.2, "url": "http://www.mandriva.com/security/advisories" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/79.html" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2013:0130" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/1627-1/" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=26712" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2013-0512.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-4557.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-4557" }, { "trust": 0.1, "url": "https://access.redhat.com/knowledge/docs/en-us/red_hat_enterprise_linux/6/html/6.4_technical_notes/httpd.html" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=51458" }, { "trust": 0.1, "url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/./vuls/hs12-028/index.html" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/51458/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/blog/325/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/51458/#comments" }, { "trust": 0.1, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0456" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2008-0456.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-3499" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1899" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-4558" }, { "trust": 0.1, "url": "http://support.apple.com/kb/ht1222" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1903" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-3817" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1635" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1025" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0169" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1029" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1643" }, { "trust": 0.1, "url": "http://www.apple.com/support/downloads/" }, { "trust": 0.1, "url": "https://www.traud.de" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1901" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1026" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-4244" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1824" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1027" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1031" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1902" }, { "trust": 0.1, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1033" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-5166" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1032" }, { "trust": 0.1, "url": "http://gpgtools.org" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1030" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2686" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1028" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-5688" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1900" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0166" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-3451" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-4550" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-4549.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-3451.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-4550.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-2379.html" }, { "trust": 0.1, "url": "https://access.redhat.com/knowledge/docs/" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-3428.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-2672.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2378" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-3428" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2672" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-4549" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-2378.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2379" } ], "sources": [ { "db": "VULMON", "id": "CVE-2012-2687" }, { "db": "BID", "id": "55131" }, { "db": "JVNDB", "id": "JVNDB-2012-003837" }, { "db": "PACKETSTORM", "id": "120438" }, { "db": "PACKETSTORM", "id": "117037" }, { "db": "PACKETSTORM", "id": "118513" }, { "db": "PACKETSTORM", "id": "119316" }, { "db": "PACKETSTORM", "id": "116986" }, { "db": "PACKETSTORM", "id": "123228" }, { "db": "PACKETSTORM", "id": "118913" }, { "db": "CNNVD", "id": "CNNVD-201208-378" }, { "db": "NVD", "id": "CVE-2012-2687" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2012-2687" }, { "db": "BID", "id": "55131" }, { "db": "JVNDB", "id": "JVNDB-2012-003837" }, { "db": "PACKETSTORM", "id": "120438" }, { "db": "PACKETSTORM", "id": "117037" }, { "db": "PACKETSTORM", "id": "118513" }, { "db": "PACKETSTORM", "id": "119316" }, { "db": "PACKETSTORM", "id": "116986" }, { "db": "PACKETSTORM", "id": "123228" }, { "db": "PACKETSTORM", "id": "118913" }, { "db": "CNNVD", "id": "CNNVD-201208-378" }, { "db": "NVD", "id": "CVE-2012-2687" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2012-08-22T00:00:00", "db": "VULMON", "id": "CVE-2012-2687" }, { "date": "2012-08-21T00:00:00", "db": "BID", "id": "55131" }, { "date": "2012-08-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-003837" }, { "date": "2013-02-21T16:26:58", "db": "PACKETSTORM", "id": "120438" }, { "date": "2012-10-02T03:46:41", "db": "PACKETSTORM", "id": "117037" }, { "date": "2012-12-02T04:43:56", "db": "PACKETSTORM", "id": "118513" }, { "date": "2013-01-08T16:07:56", "db": "PACKETSTORM", "id": "119316" }, { "date": "2012-09-28T23:55:37", "db": "PACKETSTORM", "id": "116986" }, { "date": "2013-09-13T19:32:22", "db": "PACKETSTORM", "id": "123228" }, { "date": "2012-12-19T05:34:42", "db": "PACKETSTORM", "id": "118913" }, { "date": "2012-08-23T00:00:00", "db": "CNNVD", "id": "CNNVD-201208-378" }, { "date": "2012-08-22T19:55:01.633000", "db": "NVD", "id": "CVE-2012-2687" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-06-06T00:00:00", "db": "VULMON", "id": "CVE-2012-2687" }, { "date": "2015-04-13T21:14:00", "db": "BID", "id": "55131" }, { "date": "2016-08-02T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-003837" }, { "date": "2021-06-07T00:00:00", "db": "CNNVD", "id": "CNNVD-201208-378" }, { "date": "2024-11-21T01:39:26.897000", "db": "NVD", "id": "CVE-2012-2687" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "120438" }, { "db": "PACKETSTORM", "id": "119316" }, { "db": "CNNVD", "id": "CNNVD-201208-378" } ], "trust": 0.8 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache HTTP Server of mod_negotiation Module cross-site scripting vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-003837" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "xss", "sources": [ { "db": "PACKETSTORM", "id": "118513" }, { "db": "CNNVD", "id": "CNNVD-201208-378" } ], "trust": 0.7 } }
var-200806-0101
Vulnerability from variot
Unspecified vulnerability in the Interstage Management Console, as used in Fujitsu Interstage Application Server 6.0 through 9.0.0A, Apworks Modelers-J 6.0 through 7.0, and Studio 8.0.1 and 9.0.0, allows remote attackers to read or delete arbitrary files via unspecified vectors. Very few technical details are currently available. We will update this BID as more information emerges.
Please see the vendor's advisory for a list of affected products and versions.
SOLUTION: Please see the vendor's advisory for workaround details.
PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.
ORIGINAL ADVISORY: http://www.fujitsu.com/global/support/software/security/products-f/interstage-200805e.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200806-0101", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "interstage application server plus", "scope": "eq", "trust": 1.3, "vendor": "fujitsu", "version": "7.0.1" }, { "model": "interstage application server plus", "scope": "eq", "trust": 1.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage application server plus developer", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "v7.0" }, { "model": "interstage application server enterprise", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "v7.0.1" }, { "model": "interstage application server standard j", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "v9.0.0" }, { "model": "interstage application server standard j", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "v9.0.0a" }, { "model": "interstage business application server enterprise", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "v8.0.0" }, { "model": "interstage application server plus", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "v7.0.1" }, { "model": "interstage apworks modelers j", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "v6.0a" }, { "model": "interstage studio enterprise", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "v9.0.0" }, { "model": "interstage application server standard j", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "8.0.0" }, { "model": "interstage application server enterprise", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "v6.0" }, { "model": "interstage application server enterprise", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "v7.0" }, { "model": "interstage application server enterprise", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "v9.0.0" }, { "model": "interstage application server enterprise", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "v7.0.0" }, { "model": "interstage application server enterprise", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server enterprise", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "7.0.1" }, { "model": "interstage application server plus", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "v7.0.0" }, { "model": "interstage application server enterprise", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage application server enterprise", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "v9.0.0a" }, { "model": "interstage application server plus", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "v6.0" }, { "model": "interstage application server plus", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "v7.0" }, { "model": "interstage application server standard j", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "9.0.0" }, { "model": "interstage apworks modelers j", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "v6.0" }, { "model": "interstage apworks modelers j", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "v7.0" }, { "model": "interstage application server standard j", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "8.0.2" }, { "model": "interstage application server enterprise", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "8.0.0" }, { "model": "interstage application server enterprise", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "interstage studio standard j", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "v9.0.0" }, { "model": "interstage application server enterprise", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "9.0.0" }, { "model": "interstage studio enterprise", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "interstage application server enterprise", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "8.0.2" }, { "model": "interstage studio standard j", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "interstage application server plus developer", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "v6.0" }, { "model": "interstage application framework suite", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage apworks", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage business application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage job workload server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage studio", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage web server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "windows nt", "scope": null, "trust": 0.6, "vendor": "microsoft", "version": null }, { "model": "interstage studio standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage studio standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "interstage studio enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage studio enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "interstage business application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.0" }, { "model": "interstage apworks modelers-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage apworks modelers-j edition 6.0a", "scope": null, "trust": 0.3, "vendor": "fujitsu", "version": null }, { "model": "interstage apworks modelers-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server standard-j edition a", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.3" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.2" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0" }, { "model": "interstage application server plus developer", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage application server plus developer", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server enterprise edition a", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.3" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.2" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0.1" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage application server enterprise edition 6.0a", "scope": null, "trust": 0.3, "vendor": "fujitsu", "version": null }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" } ], "sources": [ { "db": "BID", "id": "29624" }, { "db": "JVNDB", "id": "JVNDB-2008-001576" }, { "db": "CNNVD", "id": "CNNVD-200806-174" }, { "db": "NVD", "id": "CVE-2008-2674" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_framework_suite", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_apworks", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_job_workload_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_studio", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_web_server", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2008-001576" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Fujitsu", "sources": [ { "db": "BID", "id": "29624" }, { "db": "CNNVD", "id": "CNNVD-200806-174" } ], "trust": 0.9 }, "cve": "CVE-2008-2674", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2008-2674", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2008-2674", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2008-2674", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-200806-174", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2008-001576" }, { "db": "CNNVD", "id": "CNNVD-200806-174" }, { "db": "NVD", "id": "CVE-2008-2674" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Unspecified vulnerability in the Interstage Management Console, as used in Fujitsu Interstage Application Server 6.0 through 9.0.0A, Apworks Modelers-J 6.0 through 7.0, and Studio 8.0.1 and 9.0.0, allows remote attackers to read or delete arbitrary files via unspecified vectors. \nVery few technical details are currently available. We will update this BID as more information emerges. \n\nPlease see the vendor\u0027s advisory for a list of affected products and\nversions. \n\nSOLUTION:\nPlease see the vendor\u0027s advisory for workaround details. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nhttp://www.fujitsu.com/global/support/software/security/products-f/interstage-200805e.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2008-2674" }, { "db": "JVNDB", "id": "JVNDB-2008-001576" }, { "db": "BID", "id": "29624" }, { "db": "PACKETSTORM", "id": "67148" } ], "trust": 1.98 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2008-2674", "trust": 2.7 }, { "db": "SECUNIA", "id": "30589", "trust": 2.5 }, { "db": "BID", "id": "29624", "trust": 1.9 }, { "db": "JVNDB", "id": "JVNDB-2008-001576", "trust": 1.6 }, { "db": "SECTRACK", "id": "1020235", "trust": 1.6 }, { "db": "VUPEN", "id": "ADV-2008-1771", "trust": 1.6 }, { "db": "BID", "id": "27966", "trust": 0.8 }, { "db": "XF", "id": "42949", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-200806-174", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "67148", "trust": 0.1 } ], "sources": [ { "db": "BID", "id": "29624" }, { "db": "JVNDB", "id": "JVNDB-2008-001576" }, { "db": "PACKETSTORM", "id": "67148" }, { "db": "CNNVD", "id": "CNNVD-200806-174" }, { "db": "NVD", "id": "CVE-2008-2674" } ] }, "id": "VAR-200806-0101", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.16519225 }, "last_update_date": "2024-11-23T22:39:41.026000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "interstage-200805", "trust": 0.8, "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200805e.html" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2008-001576" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2008-2674" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "http://secunia.com/advisories/30589" }, { "trust": 2.0, "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200805e.html" }, { "trust": 1.6, "url": "http://www.securitytracker.com/id?1020235" }, { "trust": 1.6, "url": "http://www.securityfocus.com/bid/29624" }, { "trust": 1.0, "url": "http://www.vupen.com/english/advisories/2008/1771/references" }, { "trust": 1.0, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42949" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2674" }, { "trust": 0.8, "url": "http://www.frsirt.com/english/advisories/2008/1771" }, { "trust": 0.8, "url": "http://jvndb.jvn.jp/ja/contents/2008/jvndb-2008-001576.html" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-2674" }, { "trust": 0.8, "url": "http://www.securityfocus.com/bid/27966" }, { "trust": 0.6, "url": "http://xforce.iss.net/xforce/xfdb/42949" }, { "trust": 0.6, "url": "http://www.frsirt.com/english/advisories/2008/1771/references" }, { "trust": 0.3, "url": "http://www.fujitsu.com/" }, { "trust": 0.1, "url": "http://secunia.com/product/13692/" }, { "trust": 0.1, "url": "http://secunia.com/product/15986/" }, { "trust": 0.1, "url": "http://secunia.com/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/product/13690/" }, { "trust": 0.1, "url": "http://secunia.com/product/13688/" }, { "trust": 0.1, "url": "http://secunia.com/product/13689/" }, { "trust": 0.1, "url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/" }, { "trust": 0.1, "url": "http://secunia.com/product/13693/" }, { "trust": 0.1, "url": "http://secunia.com/product/13687/" }, { "trust": 0.1, "url": "http://secunia.com/product/15610/" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/secunia_security_specialist/" }, { "trust": 0.1, "url": "http://corporate.secunia.com/about_secunia/64/" }, { "trust": 0.1, "url": "http://secunia.com/about_secunia_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/30589/" }, { "trust": 0.1, "url": "http://secunia.com/product/13685/" } ], "sources": [ { "db": "BID", "id": "29624" }, { "db": "JVNDB", "id": "JVNDB-2008-001576" }, { "db": "PACKETSTORM", "id": "67148" }, { "db": "CNNVD", "id": "CNNVD-200806-174" }, { "db": "NVD", "id": "CVE-2008-2674" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "BID", "id": "29624" }, { "db": "JVNDB", "id": "JVNDB-2008-001576" }, { "db": "PACKETSTORM", "id": "67148" }, { "db": "CNNVD", "id": "CNNVD-200806-174" }, { "db": "NVD", "id": "CVE-2008-2674" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2008-06-10T00:00:00", "db": "BID", "id": "29624" }, { "date": "2008-09-03T00:00:00", "db": "JVNDB", "id": "JVNDB-2008-001576" }, { "date": "2008-06-11T00:36:08", "db": "PACKETSTORM", "id": "67148" }, { "date": "2008-06-12T00:00:00", "db": "CNNVD", "id": "CNNVD-200806-174" }, { "date": "2008-06-12T12:21:00", "db": "NVD", "id": "CVE-2008-2674" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2015-05-07T17:28:00", "db": "BID", "id": "29624" }, { "date": "2012-02-15T00:00:00", "db": "JVNDB", "id": "JVNDB-2008-001576" }, { "date": "2009-04-08T00:00:00", "db": "CNNVD", "id": "CNNVD-200806-174" }, { "date": "2024-11-21T00:47:26.340000", "db": "NVD", "id": "CVE-2008-2674" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-200806-174" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Fujitsu Interstage Application Server Interstage Management Console Arbitrary File Read/Delete Vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2008-001576" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "lack of information", "sources": [ { "db": "CNNVD", "id": "CNNVD-200806-174" } ], "trust": 0.6 } }