Vulnerabilites related to ibm - os2
var-199708-0008
Vulnerability from variot
ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts. McAfee Data Loss Prevention (DLP) is a set of data loss prevention solutions from McAfee. The solution protects intellectual property and ensures compliance by protecting the environment in which sensitive data resides (on-premise, in the cloud, or on the endpoint). Cross-site scripting vulnerabilities and cross-site request forgery vulnerabilities exist in McAfee DLP. When the user browses the affected website, his browser will execute any script code provided by the attacker, which may cause the attacker to steal cookie-based authentication, perform unauthorized operations, leak or modify sensitive information, or other forms may exist. s attack. Other attacks may also be possible
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-199708-0008", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "windows", scope: "eq", trust: 1, vendor: "microsoft", version: null, }, { model: "unix", scope: "eq", trust: 1, vendor: "sco", version: null, }, { model: "solaris", scope: "eq", trust: 1, vendor: "oracle", version: null, }, { model: "kernel", scope: "eq", trust: 1, vendor: "linux", version: null, }, { model: "ios", scope: "eq", trust: 1, vendor: "cisco", version: null, }, { model: "os2", scope: "eq", trust: 1, vendor: "ibm", version: null, }, { model: "tru64", scope: "eq", trust: 1, vendor: "hp", version: null, }, { model: "netware", scope: "eq", trust: 1, vendor: "novell", version: null, }, { model: "irix", scope: "eq", trust: 1, vendor: "sgi", version: null, }, { model: "bsdos", scope: "eq", trust: 1, vendor: "windriver", version: null, }, { model: "mac os x", scope: "eq", trust: 1, vendor: "apple", version: null, }, { model: "hp-ux", scope: "eq", trust: 1, vendor: "hp", version: null, }, { model: "macos", scope: "eq", trust: 1, vendor: "apple", version: null, }, { model: "aix", scope: "eq", trust: 1, vendor: "ibm", version: null, }, { model: "kernel", scope: null, trust: 0.6, vendor: "linux", version: null, }, { model: "network data loss prevention", scope: "eq", trust: 0.3, vendor: "mcafee", version: "9.2.2", }, { model: "network data loss prevention", scope: "eq", trust: 0.3, vendor: "mcafee", version: "9.2.1", }, { model: "network data loss prevention", scope: "eq", trust: 0.3, vendor: "mcafee", version: "9.2.0", }, { model: "network data loss prevention", scope: "eq", trust: 0.3, vendor: "mcafee", version: "8.6", }, { model: "network data loss prevention", scope: "ne", trust: 0.3, vendor: "mcafee", version: "9.3", }, ], sources: [ { db: "BID", id: "61811", }, { db: "CNNVD", id: "CNNVD-199708-003", }, { db: "NVD", id: "CVE-1999-0524", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "ANZ Bank, BAE Systems, Graham Bell of Stratsec.Detica, Jamie Ooi, DirecTV, Xylinx, and Telstra", sources: [ { db: "BID", id: "61811", }, { db: "CNNVD", id: "CNNVD-201308-265", }, ], trust: 0.9, }, cve: "CVE-1999-0524", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", exploitabilityScore: 3.9, id: "CVE-1999-0524", impactScore: 2.9, integrityImpact: "NONE", severity: "LOW", trust: 1, vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "VULHUB", availabilityImpact: "NONE", baseScore: 0, confidentialityImpact: "NONE", exploitabilityScore: 3.9, id: "VHN-522", impactScore: 0, integrityImpact: "NONE", severity: "LOW", trust: 0.1, vectorString: "AV:L/AC:L/AU:N/C:N/I:N/A:N", version: "2.0", }, ], cvssV3: [], severity: [ { author: "nvd@nist.gov", id: "CVE-1999-0524", trust: 1, value: "LOW", }, { author: "CNNVD", id: "CNNVD-199708-003", trust: 0.6, value: "LOW", }, { author: "VULHUB", id: "VHN-522", trust: 0.1, value: "LOW", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-522", }, { db: "CNNVD", id: "CNNVD-199708-003", }, { db: "NVD", id: "CVE-1999-0524", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts. McAfee Data Loss Prevention (DLP) is a set of data loss prevention solutions from McAfee. The solution protects intellectual property and ensures compliance by protecting the environment in which sensitive data resides (on-premise, in the cloud, or on the endpoint). \nCross-site scripting vulnerabilities and cross-site request forgery vulnerabilities exist in McAfee DLP. When the user browses the affected website, his browser will execute any script code provided by the attacker, which may cause the attacker to steal cookie-based authentication, perform unauthorized operations, leak or modify sensitive information, or other forms may exist. s attack. Other attacks may also be possible", sources: [ { db: "NVD", id: "CVE-1999-0524", }, { db: "CNNVD", id: "CNNVD-201308-265", }, { db: "BID", id: "61811", }, { db: "VULHUB", id: "VHN-522", }, ], trust: 1.8, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "MCAFEE", id: "SB10053", trust: 2, }, { db: "NVD", id: "CVE-1999-0524", trust: 1.7, }, { db: "JUNIPER", id: "JSA10705", trust: 1.7, }, { db: "OSVDB", id: "95", trust: 1.7, }, { db: "BID", id: "61811", trust: 0.9, }, { db: "CNNVD", id: "CNNVD-199708-003", trust: 0.7, }, { db: "CNNVD", id: "CNNVD-201308-265", trust: 0.6, }, { db: "VULHUB", id: "VHN-522", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-522", }, { db: "BID", id: "61811", }, { db: "CNNVD", id: "CNNVD-199708-003", }, { db: "CNNVD", id: "CNNVD-201308-265", }, { db: "NVD", id: "CVE-1999-0524", }, ], }, id: "VAR-199708-0008", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-522", }, ], trust: 0.01, }, last_update_date: "2024-11-22T20:59:20.509000Z", problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-200", trust: 1.1, }, { problemtype: "NVD-CWE-noinfo", trust: 1, }, ], sources: [ { db: "VULHUB", id: "VHN-522", }, { db: "NVD", id: "CVE-1999-0524", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.9, url: "https://kc.mcafee.com/corporate/index?page=content&id=sb10053", }, { trust: 2.7, url: "http://descriptions.securescout.com/tc/11010", }, { trust: 2.7, url: "http://descriptions.securescout.com/tc/11011", }, { trust: 2.7, url: "http://www.osvdb.org/95", }, { trust: 2.7, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/306", }, { trust: 2.7, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/322", }, { trust: 2.6, url: "http://kb.juniper.net/infocenter/index?page=content&id=jsa10705", }, { trust: 2.6, url: "http://kb.vmware.com/selfservice/microsites/search.do?cmd=displaykc&externalid=1434", }, { trust: 0.6, url: "http://www.securityfocus.com/bid/61811", }, { trust: 0.3, url: "http://www.mcafee.com/us/products/data-protection/data-loss-prevention.aspx", }, { trust: 0.1, url: "http://kb.juniper.net/infocenter/index?page=content&id=jsa10705", }, { trust: 0.1, url: "https://kc.mcafee.com/corporate/index?page=content&id=sb10053", }, { trust: 0.1, url: "http://kb.vmware.com/selfservice/microsites/search.do?cmd=displaykc&externalid=1434", }, ], sources: [ { db: "VULHUB", id: "VHN-522", }, { db: "BID", id: "61811", }, { db: "CNNVD", id: "CNNVD-199708-003", }, { db: "CNNVD", id: "CNNVD-201308-265", }, { db: "NVD", id: "CVE-1999-0524", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-522", }, { db: "BID", id: "61811", }, { db: "CNNVD", id: "CNNVD-199708-003", }, { db: "CNNVD", id: "CNNVD-201308-265", }, { db: "NVD", id: "CVE-1999-0524", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "1997-08-01T00:00:00", db: "VULHUB", id: "VHN-522", }, { date: "2013-08-13T00:00:00", db: "BID", id: "61811", }, { date: "1997-08-01T00:00:00", db: "CNNVD", id: "CNNVD-199708-003", }, { date: "2013-08-20T00:00:00", db: "CNNVD", id: "CNNVD-201308-265", }, { date: "1997-08-01T04:00:00", db: "NVD", id: "CVE-1999-0524", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2017-07-11T00:00:00", db: "VULHUB", id: "VHN-522", }, { date: "2013-08-13T00:00:00", db: "BID", id: "61811", }, { date: "2022-11-17T00:00:00", db: "CNNVD", id: "CNNVD-199708-003", }, { date: "2013-08-20T00:00:00", db: "CNNVD", id: "CNNVD-201308-265", }, { date: "2024-11-20T23:28:56.657000", db: "NVD", id: "CVE-1999-0524", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-199708-003", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Linux kernel Information disclosure vulnerability", sources: [ { db: "CNNVD", id: "CNNVD-199708-003", }, ], trust: 0.6, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "information disclosure", sources: [ { db: "CNNVD", id: "CNNVD-199708-003", }, ], trust: 0.6, }, }
cve-2007-2736
Vulnerability from cvelistv5
Published
2007-05-17 19:00
Modified
2024-08-07 13:49
Severity ?
EPSS score ?
Summary
PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/3928 | exploit, x_refsource_EXPLOIT-DB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/34305 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/37919 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/23992 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T13:49:57.405Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "3928", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/3928", }, { name: "achievo-index-file-include(34305)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/34305", }, { name: "37919", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/37919", }, { name: "23992", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/23992", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2007-05-15T00:00:00", descriptions: [ { lang: "en", value: "PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "3928", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/3928", }, { name: "achievo-index-file-include(34305)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/34305", }, { name: "37919", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/37919", }, { name: "23992", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/23992", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2007-2736", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "3928", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/3928", }, { name: "achievo-index-file-include(34305)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/34305", }, { name: "37919", refsource: "OSVDB", url: "http://osvdb.org/37919", }, { name: "23992", refsource: "BID", url: "http://www.securityfocus.com/bid/23992", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2007-2736", datePublished: "2007-05-17T19:00:00", dateReserved: "2007-05-17T00:00:00", dateUpdated: "2024-08-07T13:49:57.405Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2006-7034
Vulnerability from cvelistv5
Published
2007-02-23 01:00
Modified
2024-08-07 20:50
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in directory.php in Super Link Exchange Script 1.0 might allow remote attackers to execute arbitrary SQL queries via the cat parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/435166/30/4680/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://securityreason.com/securityalert/2285 | third-party-advisory, x_refsource_SREASON | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/26720 | vdb-entry, x_refsource_XF |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T20:50:05.966Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20060525 Super Link Exchange Script v1.0", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/435166/30/4680/threaded", }, { name: "2285", tags: [ "third-party-advisory", "x_refsource_SREASON", "x_transferred", ], url: "http://securityreason.com/securityalert/2285", }, { name: "superlinkexchange-directory-sql-injection(26720)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/26720", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2006-05-25T00:00:00", descriptions: [ { lang: "en", value: "SQL injection vulnerability in directory.php in Super Link Exchange Script 1.0 might allow remote attackers to execute arbitrary SQL queries via the cat parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-16T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20060525 Super Link Exchange Script v1.0", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/435166/30/4680/threaded", }, { name: "2285", tags: [ "third-party-advisory", "x_refsource_SREASON", ], url: "http://securityreason.com/securityalert/2285", }, { name: "superlinkexchange-directory-sql-injection(26720)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/26720", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2006-7034", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "SQL injection vulnerability in directory.php in Super Link Exchange Script 1.0 might allow remote attackers to execute arbitrary SQL queries via the cat parameter.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20060525 Super Link Exchange Script v1.0", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/435166/30/4680/threaded", }, { name: "2285", refsource: "SREASON", url: "http://securityreason.com/securityalert/2285", }, { name: "superlinkexchange-directory-sql-injection(26720)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/26720", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2006-7034", datePublished: "2007-02-23T01:00:00", dateReserved: "2007-02-22T00:00:00", dateUpdated: "2024-08-07T20:50:05.966Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-1999-0524
Vulnerability from cvelistv5
Published
2000-02-04 05:00
Modified
2024-08-01 16:41
Severity ?
EPSS score ?
Summary
ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/322 | vdb-entry, x_refsource_XF | |
| https://kc.mcafee.com/corporate/index?page=content&id=SB10053 | x_refsource_CONFIRM | |
| http://descriptions.securescout.com/tc/11010 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/306 | vdb-entry, x_refsource_XF | |
| http://descriptions.securescout.com/tc/11011 | x_refsource_MISC | |
| http://www.osvdb.org/95 | vdb-entry, x_refsource_OSVDB | |
| http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=1434 | x_refsource_MISC | |
| http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T16:41:45.608Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "icmp-timestamp(322)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/322", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10053", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://descriptions.securescout.com/tc/11010", }, { name: "icmp-netmask(306)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/306", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://descriptions.securescout.com/tc/11011", }, { name: "95", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/95", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=1434", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-10T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "icmp-timestamp(322)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/322", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10053", }, { tags: [ "x_refsource_MISC", ], url: "http://descriptions.securescout.com/tc/11010", }, { name: "icmp-netmask(306)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/306", }, { tags: [ "x_refsource_MISC", ], url: "http://descriptions.securescout.com/tc/11011", }, { name: "95", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/95", }, { tags: [ "x_refsource_MISC", ], url: "http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=1434", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-1999-0524", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "icmp-timestamp(322)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/322", }, { name: "https://kc.mcafee.com/corporate/index?page=content&id=SB10053", refsource: "CONFIRM", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10053", }, { name: "http://descriptions.securescout.com/tc/11010", refsource: "MISC", url: "http://descriptions.securescout.com/tc/11010", }, { name: "icmp-netmask(306)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/306", }, { name: "http://descriptions.securescout.com/tc/11011", refsource: "MISC", url: "http://descriptions.securescout.com/tc/11011", }, { name: "95", refsource: "OSVDB", url: "http://www.osvdb.org/95", }, { name: "http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=1434", refsource: "MISC", url: "http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=1434", }, { name: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", refsource: "CONFIRM", url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-1999-0524", datePublished: "2000-02-04T05:00:00", dateReserved: "1999-06-07T00:00:00", dateUpdated: "2024-08-01T16:41:45.608Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2007-4938
Vulnerability from cvelistv5
Published
2007-09-18 19:00
Modified
2024-08-07 15:17
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values, and a certain wLongsPerEntry value.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/25648 | vdb-entry, x_refsource_BID | |
| http://securityreason.com/securityalert/3144 | third-party-advisory, x_refsource_SREASON | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/36581 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/479222/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/27016 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/45940 | vdb-entry, x_refsource_OSVDB | |
| http://www.vulnhunt.com/advisories/CAL-20070912-1_Multiple_vendor_produce_handling_AVI_file_vulnerabilities.txt | x_refsource_MISC | |
| http://www.mandriva.com/security/advisories?name=MDKSA-2007:192 | vendor-advisory, x_refsource_MANDRIVA |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T15:17:27.081Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "25648", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/25648", }, { name: "3144", tags: [ "third-party-advisory", "x_refsource_SREASON", "x_transferred", ], url: "http://securityreason.com/securityalert/3144", }, { name: "mplayer-avi-file-bo(36581)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/36581", }, { name: "20070912 CAL-20070912-1 Multiple vendor produce handling AVI file vulnerabilities", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/479222/100/0/threaded", }, { name: "27016", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/27016", }, { name: "45940", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/45940", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.vulnhunt.com/advisories/CAL-20070912-1_Multiple_vendor_produce_handling_AVI_file_vulnerabilities.txt", }, { name: "MDKSA-2007:192", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:192", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2007-09-13T00:00:00", descriptions: [ { lang: "en", value: "Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large \"indx truck size\" and nEntriesInuse values, and a certain wLongsPerEntry value.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-15T20:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "25648", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/25648", }, { name: "3144", tags: [ "third-party-advisory", "x_refsource_SREASON", ], url: "http://securityreason.com/securityalert/3144", }, { name: "mplayer-avi-file-bo(36581)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/36581", }, { name: "20070912 CAL-20070912-1 Multiple vendor produce handling AVI file vulnerabilities", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/479222/100/0/threaded", }, { name: "27016", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/27016", }, { name: "45940", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/45940", }, { tags: [ "x_refsource_MISC", ], url: "http://www.vulnhunt.com/advisories/CAL-20070912-1_Multiple_vendor_produce_handling_AVI_file_vulnerabilities.txt", }, { name: "MDKSA-2007:192", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:192", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2007-4938", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large \"indx truck size\" and nEntriesInuse values, and a certain wLongsPerEntry value.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "25648", refsource: "BID", url: "http://www.securityfocus.com/bid/25648", }, { name: "3144", refsource: "SREASON", url: "http://securityreason.com/securityalert/3144", }, { name: "mplayer-avi-file-bo(36581)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/36581", }, { name: "20070912 CAL-20070912-1 Multiple vendor produce handling AVI file vulnerabilities", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/479222/100/0/threaded", }, { name: "27016", refsource: "SECUNIA", url: "http://secunia.com/advisories/27016", }, { name: "45940", refsource: "OSVDB", url: "http://osvdb.org/45940", }, { name: "http://www.vulnhunt.com/advisories/CAL-20070912-1_Multiple_vendor_produce_handling_AVI_file_vulnerabilities.txt", refsource: "MISC", url: "http://www.vulnhunt.com/advisories/CAL-20070912-1_Multiple_vendor_produce_handling_AVI_file_vulnerabilities.txt", }, { name: "MDKSA-2007:192", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:192", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2007-4938", datePublished: "2007-09-18T19:00:00", dateReserved: "2007-09-18T00:00:00", dateUpdated: "2024-08-07T15:17:27.081Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2007-1043
Vulnerability from cvelistv5
Published
2007-02-21 17:00
Modified
2024-08-07 12:43
Severity ?
EPSS score ?
Summary
Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass authentication and gain access via a direct request to (1) update.php and (2) config.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://forums.avenir-geopolitique.net/viewtopic.php?t=2674 | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/460325/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/32563 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/34181 | vdb-entry, x_refsource_OSVDB | |
| http://securityreason.com/securityalert/2275 | third-party-advisory, x_refsource_SREASON | |
| http://www.securityfocus.com/bid/22590 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T12:43:22.287Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://forums.avenir-geopolitique.net/viewtopic.php?t=2674", }, { name: "20070215 Ezboo webstats acces to sensitive files", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/460325/100/0/threaded", }, { name: "ezboo-update-unauthorized-access(32563)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/32563", }, { name: "34181", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/34181", }, { name: "2275", tags: [ "third-party-advisory", "x_refsource_SREASON", "x_transferred", ], url: "http://securityreason.com/securityalert/2275", }, { name: "22590", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/22590", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2007-02-15T00:00:00", descriptions: [ { lang: "en", value: "Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass authentication and gain access via a direct request to (1) update.php and (2) config.php.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-16T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://forums.avenir-geopolitique.net/viewtopic.php?t=2674", }, { name: "20070215 Ezboo webstats acces to sensitive files", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/460325/100/0/threaded", }, { name: "ezboo-update-unauthorized-access(32563)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/32563", }, { name: "34181", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/34181", }, { name: "2275", tags: [ "third-party-advisory", "x_refsource_SREASON", ], url: "http://securityreason.com/securityalert/2275", }, { name: "22590", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/22590", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2007-1043", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass authentication and gain access via a direct request to (1) update.php and (2) config.php.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://forums.avenir-geopolitique.net/viewtopic.php?t=2674", refsource: "MISC", url: "http://forums.avenir-geopolitique.net/viewtopic.php?t=2674", }, { name: "20070215 Ezboo webstats acces to sensitive files", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/460325/100/0/threaded", }, { name: "ezboo-update-unauthorized-access(32563)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/32563", }, { name: "34181", refsource: "OSVDB", url: "http://osvdb.org/34181", }, { name: "2275", refsource: "SREASON", url: "http://securityreason.com/securityalert/2275", }, { name: "22590", refsource: "BID", url: "http://www.securityfocus.com/bid/22590", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2007-1043", datePublished: "2007-02-21T17:00:00", dateReserved: "2007-02-21T00:00:00", dateUpdated: "2024-08-07T12:43:22.287Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2010-2068
Vulnerability from cvelistv5
Published
2010-06-18 16:00
Modified
2024-08-07 02:17
Severity ?
EPSS score ?
Summary
mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T02:17:14.551Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ADV-2010-1436", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2010/1436", }, { name: "[httpd-announce] 20100611 [advisory] httpd Timeout detection flaw (mod_proxy_http) CVE-2010-2068", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://mail-archives.apache.org/mod_mbox/httpd-announce/201006.mbox/%3C4C12933D.4060400%40apache.org%3E", }, { name: "oval:org.mitre.oval:def:6931", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6931", }, { name: "40824", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/40824", }, { name: "oval:org.mitre.oval:def:11491", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11491", }, { name: "20100611 [advisory] httpd Timeout detection flaw (mod_proxy_http) CVE-2010-2068", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/511809/100/0/threaded", }, { name: "41722", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/41722", }, { name: "SI4053", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=nas352ca0ac9460f9b8886257777005dd0e4", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html", }, { name: "APPLE-SA-2011-03-21-1", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html", }, { name: "41490", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/41490", }, { name: "[apache-announce] 20100725 [ANNOUNCEMENT] Apache HTTP Server 2.2.16 Released", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://marc.info/?l=apache-announce&m=128009718610929&w=2", }, { name: "HPSBMA02568", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995", }, { name: "PM16366", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg1PM16366", }, { name: "1024096", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1024096", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://httpd.apache.org/security/vulnerabilities_22.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.apache.org/dist/httpd/patches/apply_to_2.2.15/CVE-2010-2068-r953616.patch", }, { name: "40206", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/40206", }, { name: "apache-modproxyhttp-timeout-info-disc(59413)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/59413", }, { name: "RHSA-2011:0896", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2011-0896.html", }, { name: "SSRT100219", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995", }, { name: "41480", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/41480", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.apache.org/dist/httpd/patches/apply_to_2.3.5/CVE-2010-2068-r953418.patch", }, { name: "MDVSA-2013:150", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150", }, { name: "40827", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/40827", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.apple.com/kb/HT4581", }, { name: "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1888194 [7/13] - /httpd/site/trunk/content/security/json/", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073139 [7/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073149 [7/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1888222 - in /httpd/site/trunk/content/security/json: CVE-2010-2068.json CVE-2010-2791.json CVE-2011-0419.json CVE-2011-3368.json", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r064df0985779b7ee044d3120d71ba59750427cf53f57ba3384e3773f%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2010-06-11T00:00:00", descriptions: [ { lang: "en", value: "mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-06-06T10:07:47", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "ADV-2010-1436", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2010/1436", }, { name: "[httpd-announce] 20100611 [advisory] httpd Timeout detection flaw (mod_proxy_http) CVE-2010-2068", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://mail-archives.apache.org/mod_mbox/httpd-announce/201006.mbox/%3C4C12933D.4060400%40apache.org%3E", }, { name: "oval:org.mitre.oval:def:6931", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6931", }, { name: "40824", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/40824", }, { name: "oval:org.mitre.oval:def:11491", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11491", }, { name: "20100611 [advisory] httpd Timeout detection flaw (mod_proxy_http) CVE-2010-2068", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/511809/100/0/threaded", }, { name: "41722", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/41722", }, { name: "SI4053", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", ], url: "http://www-01.ibm.com/support/docview.wss?uid=nas352ca0ac9460f9b8886257777005dd0e4", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html", }, { name: "APPLE-SA-2011-03-21-1", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html", }, { name: "41490", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/41490", }, { name: "[apache-announce] 20100725 [ANNOUNCEMENT] Apache HTTP Server 2.2.16 Released", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://marc.info/?l=apache-announce&m=128009718610929&w=2", }, { name: "HPSBMA02568", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995", }, { name: "PM16366", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", ], url: "http://www.ibm.com/support/docview.wss?uid=swg1PM16366", }, { name: "1024096", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1024096", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://httpd.apache.org/security/vulnerabilities_22.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.apache.org/dist/httpd/patches/apply_to_2.2.15/CVE-2010-2068-r953616.patch", }, { name: "40206", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/40206", }, { name: "apache-modproxyhttp-timeout-info-disc(59413)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/59413", }, { name: "RHSA-2011:0896", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2011-0896.html", }, { name: "SSRT100219", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995", }, { name: "41480", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/41480", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.apache.org/dist/httpd/patches/apply_to_2.3.5/CVE-2010-2068-r953418.patch", }, { name: "MDVSA-2013:150", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150", }, { name: "40827", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/40827", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.apple.com/kb/HT4581", }, { name: "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1888194 [7/13] - /httpd/site/trunk/content/security/json/", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073139 [7/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073149 [7/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1888222 - in /httpd/site/trunk/content/security/json: CVE-2010-2068.json CVE-2010-2791.json CVE-2011-0419.json CVE-2011-3368.json", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r064df0985779b7ee044d3120d71ba59750427cf53f57ba3384e3773f%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2010-2068", datePublished: "2010-06-18T16:00:00", dateReserved: "2010-05-25T00:00:00", dateUpdated: "2024-08-07T02:17:14.551Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2007-02-23 03:28
Modified
2024-11-21 00:24
Severity ?
Summary
SQL injection vulnerability in directory.php in Super Link Exchange Script 1.0 might allow remote attackers to execute arbitrary SQL queries via the cat parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | mac_os_x | 10.4.9 | |
| hp | hp-ux | * | |
| hp | tru64 | 5.1b_pk2_bl22 | |
| ibm | aix | * | |
| ibm | os2 | * | |
| linux | linux_kernel | * | |
| microsoft | windows_2000 | * | |
| microsoft | windows_2003_server | sp2 | |
| microsoft | windows_95 | * | |
| microsoft | windows_98 | * | |
| microsoft | windows_98se | * | |
| microsoft | windows_me | * | |
| microsoft | windows_nt | 4.0 | |
| microsoft | windows_xp | * | |
| santa_cruz_operation | sco_unix | * | |
| sun | solaris | * | |
| windriver | bsdos | * | |
| super_link_exchange_script | super_link_exchange_script | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*", matchCriteriaId: "786BB737-EA99-4EC6-B742-0C35BF2453F9", vulnerable: false, }, { criteria: "cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*", matchCriteriaId: "61A4F116-1FEE-450E-99AE-6AD9ACDDE570", vulnerable: false, }, { criteria: "cpe:2.3:o:hp:tru64:5.1b_pk2_bl22:*:*:*:*:*:*:*", matchCriteriaId: "5F6E90A8-BF8E-46AD-A0E6-4266EE0AE70C", vulnerable: false, }, { criteria: "cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*", matchCriteriaId: "F7F01A55-7C37-4BAF-A4D4-61E8AC54FF79", vulnerable: false, }, { criteria: "cpe:2.3:o:ibm:os2:*:*:*:*:*:*:*:*", matchCriteriaId: "AD5511BD-2A41-4FF6-BD3F-9448F3F8AC90", vulnerable: false, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "155AD4FB-E527-4103-BCEF-801B653DEA37", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", matchCriteriaId: "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*", matchCriteriaId: "377F7D0C-6B44-4B90-BF90-DAF959880C6D", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_95:*:*:*:*:*:*:*:*", matchCriteriaId: "82F7322B-8022-4D0B-ADB3-D0F5B6F20309", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*", matchCriteriaId: "2D3B703C-79B2-4FA2-9E12-713AB977A880", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*", matchCriteriaId: "AA733AD2-D948-46A0-A063-D29081A56F1F", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*", matchCriteriaId: "799DA395-C7F8-477C-8BC7-5B4B88FB7503", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*", matchCriteriaId: "E53CDA8E-50A8-4509-B070-CCA5604FFB21", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:*:*:*:*", matchCriteriaId: "580B0C9B-DD85-40FA-9D37-BAC0C96D57FC", vulnerable: false, }, { criteria: "cpe:2.3:o:santa_cruz_operation:sco_unix:*:*:*:*:*:*:*:*", matchCriteriaId: "ECCBDA43-9C75-4B36-8C90-EF26B8CD777D", vulnerable: false, }, { criteria: "cpe:2.3:o:sun:solaris:*:*:*:*:*:*:*:*", matchCriteriaId: "469B74F2-4B89-42B8-8638-731E92D463B9", vulnerable: false, }, { criteria: "cpe:2.3:o:windriver:bsdos:*:*:*:*:*:*:*:*", matchCriteriaId: "60ACA374-1434-4C02-8327-17BC9C000B65", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:super_link_exchange_script:super_link_exchange_script:1.0:*:*:*:*:*:*:*", matchCriteriaId: "72865C64-C70A-4CBC-83B7-629DE0DD3532", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "SQL injection vulnerability in directory.php in Super Link Exchange Script 1.0 might allow remote attackers to execute arbitrary SQL queries via the cat parameter.", }, { lang: "es", value: "Vulnerabilidad de inyección SQL en directory.php en Super Link Exchange Script 1.0 podría permitir a atacantes remotos ejecutar consultas SQL de su elección a través del parámetro cat.", }, ], id: "CVE-2006-7034", lastModified: "2024-11-21T00:24:13.820", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2007-02-23T03:28:00.000", references: [ { source: "cve@mitre.org", url: "http://securityreason.com/securityalert/2285", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/435166/30/4680/threaded", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/26720", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securityreason.com/securityalert/2285", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/435166/30/4680/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/26720", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2010-06-18 16:30
Modified
2024-11-21 01:15
Severity ?
Summary
mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | http_server | 2.2.9 | |
| apache | http_server | 2.2.10 | |
| apache | http_server | 2.2.11 | |
| apache | http_server | 2.2.12 | |
| apache | http_server | 2.2.13 | |
| apache | http_server | 2.2.14 | |
| apache | http_server | 2.2.15 | |
| apache | http_server | 2.3.4 | |
| apache | http_server | 2.3.5 | |
| ibm | os2 | * | |
| microsoft | windows | * | |
| novell | netware | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:http_server:2.2.9:*:*:*:*:*:*:*", matchCriteriaId: "AB63EBE5-CF14-491E-ABA5-67116DFE3E5B", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:2.2.10:*:*:*:*:*:*:*", matchCriteriaId: "8C2A33DE-F55F-4FD8-BB00-9C1E006CA65C", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:2.2.11:*:*:*:*:*:*:*", matchCriteriaId: "B1CF6394-95D9-42AF-A442-385EFF9CEFE1", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:2.2.12:*:*:*:*:*:*:*", matchCriteriaId: "02B629FB-88C8-4E85-A137-28770F1E524E", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:2.2.13:*:*:*:*:*:*:*", matchCriteriaId: "03550EF0-DF89-42FE-BF0E-994514EBD947", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:2.2.14:*:*:*:*:*:*:*", matchCriteriaId: "4886CCAB-6D4E-45C7-B177-2E8DBEA15531", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:2.2.15:*:*:*:*:*:*:*", matchCriteriaId: "C35631AC-7C35-4F6A-A95A-3B080E5210ED", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:2.3.4:alpha:*:*:*:*:*:*", matchCriteriaId: "0783256B-6C37-4679-AECD-35B125037DE7", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:2.3.5:alpha:*:*:*:*:*:*", matchCriteriaId: "A1BA6174-944B-4DBD-B5C3-5820A17E334C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:os2:*:*:*:*:*:*:*:*", matchCriteriaId: "AD5511BD-2A41-4FF6-BD3F-9448F3F8AC90", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", matchCriteriaId: "2CF61F35-5905-4BA9-AD7E-7DB261D2F256", vulnerable: false, }, { criteria: "cpe:2.3:o:novell:netware:*:*:*:*:*:*:*:*", matchCriteriaId: "BF45C68A-5F83-4090-A0C1-A09EC2987706", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.", }, { lang: "es", value: "mod_proxy_http.c en mod_proxy_http en el servidor Apache HTTP v2.2.9 hasta v2.2.15, v2.3.4-alpha, y 2.3.5-alpha en Windows, NetWare, y OS/2, en algunas configuraciones que implique grupos de trabajo proxy, no detecta de forma adecuada los \"timeouts\" lo que permite a atacantes remotos obtener una respuesta potencialmente sensibles, destinada a un cliente diferente en circunstancias oportunistas a través de una petición HTTP normal.", }, ], evaluatorImpact: "Per: http://httpd.apache.org/security/vulnerabilities_22.html\r\n\r\n'Only Windows, Netware and OS2 operating systems are affected.'", id: "CVE-2010-2068", lastModified: "2024-11-21T01:15:50.183", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2010-06-18T16:30:01.483", references: [ { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://httpd.apache.org/security/vulnerabilities_22.html", }, { source: "secalert@redhat.com", url: "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html", }, { source: "secalert@redhat.com", url: "http://mail-archives.apache.org/mod_mbox/httpd-announce/201006.mbox/%3C4C12933D.4060400%40apache.org%3E", }, { source: "secalert@redhat.com", url: "http://marc.info/?l=apache-announce&m=128009718610929&w=2", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/40206", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/40824", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/41480", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/41490", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/41722", }, { source: "secalert@redhat.com", url: "http://securitytracker.com/id?1024096", }, { source: "secalert@redhat.com", url: "http://support.apple.com/kb/HT4581", }, { source: "secalert@redhat.com", url: "http://www-01.ibm.com/support/docview.wss?uid=nas352ca0ac9460f9b8886257777005dd0e4", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://www.apache.org/dist/httpd/patches/apply_to_2.2.15/CVE-2010-2068-r953616.patch", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://www.apache.org/dist/httpd/patches/apply_to_2.3.5/CVE-2010-2068-r953418.patch", }, { source: "secalert@redhat.com", url: "http://www.ibm.com/support/docview.wss?uid=swg1PM16366", }, { source: "secalert@redhat.com", url: "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995", }, { source: "secalert@redhat.com", url: "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995", }, { source: "secalert@redhat.com", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150", }, { source: "secalert@redhat.com", url: "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", }, { source: "secalert@redhat.com", url: "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2011-0896.html", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/archive/1/511809/100/0/threaded", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/40827", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2010/1436", }, { source: "secalert@redhat.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/59413", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/r064df0985779b7ee044d3120d71ba59750427cf53f57ba3384e3773f%40%3Ccvs.httpd.apache.org%3E", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3E", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3E", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11491", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6931", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://httpd.apache.org/security/vulnerabilities_22.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://mail-archives.apache.org/mod_mbox/httpd-announce/201006.mbox/%3C4C12933D.4060400%40apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=apache-announce&m=128009718610929&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/40206", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/40824", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/41480", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/41490", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/41722", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securitytracker.com/id?1024096", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://support.apple.com/kb/HT4581", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www-01.ibm.com/support/docview.wss?uid=nas352ca0ac9460f9b8886257777005dd0e4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.apache.org/dist/httpd/patches/apply_to_2.2.15/CVE-2010-2068-r953616.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.apache.org/dist/httpd/patches/apply_to_2.3.5/CVE-2010-2068-r953418.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ibm.com/support/docview.wss?uid=swg1PM16366", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2011-0896.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/511809/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/40827", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2010/1436", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/59413", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r064df0985779b7ee044d3120d71ba59750427cf53f57ba3384e3773f%40%3Ccvs.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11491", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6931", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2007-02-21 17:28
Modified
2024-11-21 00:27
Severity ?
Summary
Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass authentication and gain access via a direct request to (1) update.php and (2) config.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | mac_os_x | 10.4.9 | |
| hp | hp-ux | * | |
| hp | tru64 | 5.1b_pk2_bl22 | |
| ibm | aix | * | |
| ibm | os2 | * | |
| linux | linux_kernel | * | |
| microsoft | windows_2000 | * | |
| microsoft | windows_2003_server | sp2 | |
| microsoft | windows_95 | * | |
| microsoft | windows_98 | * | |
| microsoft | windows_98se | * | |
| microsoft | windows_me | * | |
| microsoft | windows_nt | 4.0 | |
| microsoft | windows_xp | * | |
| santa_cruz_operation | sco_unix | * | |
| sun | solaris | * | |
| windriver | bsdos | * | |
| ezboo | webstats | 3.0.3 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*", matchCriteriaId: "786BB737-EA99-4EC6-B742-0C35BF2453F9", vulnerable: false, }, { criteria: "cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*", matchCriteriaId: "61A4F116-1FEE-450E-99AE-6AD9ACDDE570", vulnerable: false, }, { criteria: "cpe:2.3:o:hp:tru64:5.1b_pk2_bl22:*:*:*:*:*:*:*", matchCriteriaId: "5F6E90A8-BF8E-46AD-A0E6-4266EE0AE70C", vulnerable: false, }, { criteria: "cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*", matchCriteriaId: "F7F01A55-7C37-4BAF-A4D4-61E8AC54FF79", vulnerable: false, }, { criteria: "cpe:2.3:o:ibm:os2:*:*:*:*:*:*:*:*", matchCriteriaId: "AD5511BD-2A41-4FF6-BD3F-9448F3F8AC90", vulnerable: false, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "155AD4FB-E527-4103-BCEF-801B653DEA37", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", matchCriteriaId: "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*", matchCriteriaId: "377F7D0C-6B44-4B90-BF90-DAF959880C6D", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_95:*:*:*:*:*:*:*:*", matchCriteriaId: "82F7322B-8022-4D0B-ADB3-D0F5B6F20309", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*", matchCriteriaId: "2D3B703C-79B2-4FA2-9E12-713AB977A880", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*", matchCriteriaId: "AA733AD2-D948-46A0-A063-D29081A56F1F", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*", matchCriteriaId: "799DA395-C7F8-477C-8BC7-5B4B88FB7503", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*", matchCriteriaId: "E53CDA8E-50A8-4509-B070-CCA5604FFB21", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:*:*:*:*", matchCriteriaId: "580B0C9B-DD85-40FA-9D37-BAC0C96D57FC", vulnerable: false, }, { criteria: "cpe:2.3:o:santa_cruz_operation:sco_unix:*:*:*:*:*:*:*:*", matchCriteriaId: "ECCBDA43-9C75-4B36-8C90-EF26B8CD777D", vulnerable: false, }, { criteria: "cpe:2.3:o:sun:solaris:*:*:*:*:*:*:*:*", matchCriteriaId: "469B74F2-4B89-42B8-8638-731E92D463B9", vulnerable: false, }, { criteria: "cpe:2.3:o:windriver:bsdos:*:*:*:*:*:*:*:*", matchCriteriaId: "60ACA374-1434-4C02-8327-17BC9C000B65", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:ezboo:webstats:3.0.3:*:*:*:*:*:*:*", matchCriteriaId: "E4F3346B-0AB1-4200-BF60-29392FB1EEB7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass authentication and gain access via a direct request to (1) update.php and (2) config.php.", }, { lang: "es", value: "Ezboo webstats, posiblemente la 3.0.3, permite a atacantes remotos evitar la autenticación y obtener una vía de acceso mediante una petición directa al (1) update.php y (2) config.php.", }, ], id: "CVE-2007-1043", lastModified: "2024-11-21T00:27:22.077", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: true, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2007-02-21T17:28:00.000", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Vendor Advisory", ], url: "http://forums.avenir-geopolitique.net/viewtopic.php?t=2674", }, { source: "cve@mitre.org", url: "http://osvdb.org/34181", }, { source: "cve@mitre.org", url: "http://securityreason.com/securityalert/2275", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/460325/100/0/threaded", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/22590", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/32563", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "http://forums.avenir-geopolitique.net/viewtopic.php?t=2674", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/34181", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securityreason.com/securityalert/2275", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/460325/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/22590", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/32563", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
1997-08-01 04:00
Modified
2024-11-20 23:28
Severity ?
Summary
ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", matchCriteriaId: "4781BF1E-8A4E-4AFF-9540-23D523EE30DD", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", matchCriteriaId: "387021A0-AF36-463C-A605-32EA7DAC172E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:-:*:*:*:*:*:*:*", matchCriteriaId: "B6230A85-30D2-4934-A8A0-11499B7B09F8", vulnerable: true, }, { criteria: "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*", matchCriteriaId: "F480AA32-841A-4E68-9343-B2E7548B0A0C", vulnerable: true, }, { criteria: "cpe:2.3:o:hp:tru64:-:*:*:*:*:*:*:*", matchCriteriaId: "06E97148-F1B2-40FB-9C98-AB9FBE867DE7", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", matchCriteriaId: "E492C463-D76E-49B7-A4D4-3B499E422D89", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:os2:-:*:*:*:*:*:*:*", matchCriteriaId: "602ECD33-560E-4CDD-8396-7B6EC002C10A", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:netware:-:*:*:*:*:*:*:*", matchCriteriaId: "61BD8560-99BE-46E5-8366-7CD9CD3427E6", vulnerable: true, }, { criteria: "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*", matchCriteriaId: "F5027746-8216-452D-83C5-2F8E9546F2A5", vulnerable: true, }, { criteria: "cpe:2.3:o:sco:sco_unix:-:*:*:*:*:*:*:*", matchCriteriaId: "97A1D7CF-430A-4348-AC21-DB4BA7FD59F1", vulnerable: true, }, { criteria: "cpe:2.3:o:sgi:irix:-:*:*:*:*:*:*:*", matchCriteriaId: "1B522A89-5F4E-4BA1-8AAF-2613C3A6CEE9", vulnerable: true, }, { criteria: "cpe:2.3:o:windriver:bsdos:-:*:*:*:*:*:*:*", matchCriteriaId: "D0B43723-26A2-40E5-8B2D-B8747CEEA274", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.", }, { lang: "es", value: "Información ICMP como (1) máscara de red y (2) marca de tiempo está permitida desde hosts arbitrarios.", }, ], id: "CVE-1999-0524", lastModified: "2024-11-20T23:28:56.657", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "1997-08-01T04:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://descriptions.securescout.com/tc/11010", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://descriptions.securescout.com/tc/11011", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=1434", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www.osvdb.org/95", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/306", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/322", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10053", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://descriptions.securescout.com/tc/11010", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://descriptions.securescout.com/tc/11011", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=1434", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.osvdb.org/95", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/306", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/322", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10053", }, ], sourceIdentifier: "cve@mitre.org", vendorComments: [ { comment: "Red Hat Enterprise Linux is configured by default to respond to all ICMP requests. Users may configure the firewall to prevent a system from responding to certain ICMP requests.", lastModified: "2010-01-05T00:00:00", organization: "Red Hat", }, ], vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2007-05-17 19:30
Modified
2024-11-21 00:31
Severity ?
Summary
PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | a_ux | * | |
| apple | mac_os_x | * | |
| hp | hp-ux | * | |
| hp | tru64 | * | |
| ibm | os2 | * | |
| linux | linux_kernel | * | |
| microsoft | windows_2000 | * | |
| microsoft | windows_2003_server | * | |
| microsoft | windows_95 | * | |
| microsoft | windows_98 | * | |
| microsoft | windows_98se | * | |
| microsoft | windows_me | * | |
| microsoft | windows_nt | 4.0 | |
| microsoft | windows_xp | * | |
| santa_cruz_operation | sco_unix | * | |
| sun | solaris | * | |
| windriver | bsdos | * | |
| achievo | achievo | 1.1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:a_ux:*:*:*:*:*:*:*:*", matchCriteriaId: "B9E99BBE-C53B-4C23-95AB-61239020E252", vulnerable: false, }, { criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", matchCriteriaId: "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574", vulnerable: false, }, { criteria: "cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*", matchCriteriaId: "61A4F116-1FEE-450E-99AE-6AD9ACDDE570", vulnerable: false, }, { criteria: "cpe:2.3:o:hp:tru64:*:*:*:*:*:*:*:*", matchCriteriaId: "1FE64F3F-48F6-493F-A81E-2B106FF73AC1", vulnerable: false, }, { criteria: "cpe:2.3:o:ibm:os2:*:*:*:*:*:*:*:*", matchCriteriaId: "AD5511BD-2A41-4FF6-BD3F-9448F3F8AC90", vulnerable: false, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "155AD4FB-E527-4103-BCEF-801B653DEA37", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", matchCriteriaId: "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*", matchCriteriaId: "60EC86B8-5C8C-4873-B364-FB1F8EFE1CFF", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_95:*:*:*:*:*:*:*:*", matchCriteriaId: "82F7322B-8022-4D0B-ADB3-D0F5B6F20309", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*", matchCriteriaId: "2D3B703C-79B2-4FA2-9E12-713AB977A880", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*", matchCriteriaId: "AA733AD2-D948-46A0-A063-D29081A56F1F", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*", matchCriteriaId: "799DA395-C7F8-477C-8BC7-5B4B88FB7503", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*", matchCriteriaId: "E53CDA8E-50A8-4509-B070-CCA5604FFB21", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*", matchCriteriaId: "E61F1C9B-44AF-4B35-A7B2-948EEF7639BD", vulnerable: false, }, { criteria: "cpe:2.3:o:santa_cruz_operation:sco_unix:*:*:*:*:*:*:*:*", matchCriteriaId: "ECCBDA43-9C75-4B36-8C90-EF26B8CD777D", vulnerable: false, }, { criteria: "cpe:2.3:o:sun:solaris:*:*:*:*:*:*:*:*", matchCriteriaId: "469B74F2-4B89-42B8-8638-731E92D463B9", vulnerable: false, }, { criteria: "cpe:2.3:o:windriver:bsdos:*:*:*:*:*:*:*:*", matchCriteriaId: "60ACA374-1434-4C02-8327-17BC9C000B65", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:achievo:achievo:1.1.0:*:*:*:*:*:*:*", matchCriteriaId: "A5D5AEF1-38CE-4B89-A15A-89D9BF3BEA55", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter.", }, { lang: "es", value: "Vulnerabilidad de inclusión remota de archivo en PHP en index.php de Achievo 1.1.0 permite a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro config_atkroot.", }, ], id: "CVE-2007-2736", lastModified: "2024-11-21T00:31:31.847", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: true, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2007-05-17T19:30:00.000", references: [ { source: "cve@mitre.org", url: "http://osvdb.org/37919", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/23992", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/34305", }, { source: "cve@mitre.org", url: "https://www.exploit-db.com/exploits/3928", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/37919", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/23992", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/34305", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.exploit-db.com/exploits/3928", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2007-09-18 19:17
Modified
2024-11-21 00:36
Severity ?
Summary
Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values, and a certain wLongsPerEntry value.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | mac_os_x | * | |
| hp | hp-ux | * | |
| hp | tru64 | * | |
| ibm | aix | * | |
| ibm | os2 | * | |
| linux | linux_kernel | * | |
| mandrakesoft | mandrake_linux | 2007 | |
| mandrakesoft | mandrake_linux | 2007 | |
| mandrakesoft | mandrake_linux | 2007.1 | |
| mandrakesoft | mandrake_linux | 2007.1 | |
| microsoft | windows_2000 | * | |
| microsoft | windows_2003_server | * | |
| microsoft | windows_98 | * | |
| microsoft | windows_me | * | |
| microsoft | windows_nt | 4.0 | |
| microsoft | windows_xp | * | |
| santa_cruz_operation | sco_unix | * | |
| sun | solaris | * | |
| windriver | bsdos | * | |
| mplayer | mplayer | 1.0_rc1 | |
| sgi | irix | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", matchCriteriaId: "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574", vulnerable: false, }, { criteria: "cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*", matchCriteriaId: "61A4F116-1FEE-450E-99AE-6AD9ACDDE570", vulnerable: false, }, { criteria: "cpe:2.3:o:hp:tru64:*:*:*:*:*:*:*:*", matchCriteriaId: "1FE64F3F-48F6-493F-A81E-2B106FF73AC1", vulnerable: false, }, { criteria: "cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*", matchCriteriaId: "F7F01A55-7C37-4BAF-A4D4-61E8AC54FF79", vulnerable: false, }, { criteria: "cpe:2.3:o:ibm:os2:*:*:*:*:*:*:*:*", matchCriteriaId: "AD5511BD-2A41-4FF6-BD3F-9448F3F8AC90", vulnerable: false, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "155AD4FB-E527-4103-BCEF-801B653DEA37", vulnerable: false, }, { criteria: "cpe:2.3:o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*", matchCriteriaId: "02362C25-B373-4FB1-AF4A-2AFC7F7D4387", vulnerable: false, }, { criteria: "cpe:2.3:o:mandrakesoft:mandrake_linux:2007:*:x86_64:*:*:*:*:*", matchCriteriaId: "19AD5F8D-6EB9-4E4B-9E82-FFBAB68797E9", vulnerable: false, }, { criteria: "cpe:2.3:o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*", matchCriteriaId: "19D64247-F0A0-4984-84EA-B63FC901F002", vulnerable: false, }, { criteria: "cpe:2.3:o:mandrakesoft:mandrake_linux:2007.1:*:x86_64:*:*:*:*:*", matchCriteriaId: "316AA6EB-7191-479E-99D5-40DA79E340E7", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", matchCriteriaId: "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*", matchCriteriaId: "60EC86B8-5C8C-4873-B364-FB1F8EFE1CFF", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_98:*:*:*:*:*:*:*:*", matchCriteriaId: "AD1B68C0-2676-4F21-8EF0-1749103CB8C2", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*", matchCriteriaId: "799DA395-C7F8-477C-8BC7-5B4B88FB7503", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*", matchCriteriaId: "E53CDA8E-50A8-4509-B070-CCA5604FFB21", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*", matchCriteriaId: "E61F1C9B-44AF-4B35-A7B2-948EEF7639BD", vulnerable: false, }, { criteria: "cpe:2.3:o:santa_cruz_operation:sco_unix:*:*:*:*:*:*:*:*", matchCriteriaId: "ECCBDA43-9C75-4B36-8C90-EF26B8CD777D", vulnerable: false, }, { criteria: "cpe:2.3:o:sun:solaris:*:*:*:*:*:*:*:*", matchCriteriaId: "469B74F2-4B89-42B8-8638-731E92D463B9", vulnerable: false, }, { criteria: "cpe:2.3:o:windriver:bsdos:*:*:*:*:*:*:*:*", matchCriteriaId: "60ACA374-1434-4C02-8327-17BC9C000B65", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:mplayer:mplayer:1.0_rc1:*:*:*:*:*:*:*", matchCriteriaId: "83E84D8D-93DA-47C1-9282-E127CD1862E5", vulnerable: true, }, { criteria: "cpe:2.3:o:sgi:irix:*:*:*:*:*:*:*:*", matchCriteriaId: "056B3397-81A9-4128-9F49-ECEBE1743EE8", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large \"indx truck size\" and nEntriesInuse values, and a certain wLongsPerEntry value.", }, { lang: "es", value: "Desbordamiento de búfer basado en pila en libmpdemux/aviheader.c en MPlayer 1.0rc1 y anteriores permite a atacantes remotos provocar denegación de servicio (caida de aplicación) o posiblemente ejecutar código de su elección a través de un archivo .avi con cierto \"tamaño indx tratado\" y valores nEntriesInuse, y un cierto valor wLongsPerEntry.", }, ], id: "CVE-2007-4938", lastModified: "2024-11-21T00:36:46.050", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.6, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:H/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 10, obtainAllPrivilege: true, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2007-09-18T19:17:00.000", references: [ { source: "cve@mitre.org", url: "http://osvdb.org/45940", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/27016", }, { source: "cve@mitre.org", url: "http://securityreason.com/securityalert/3144", }, { source: "cve@mitre.org", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:192", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/479222/100/0/threaded", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://www.securityfocus.com/bid/25648", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://www.vulnhunt.com/advisories/CAL-20070912-1_Multiple_vendor_produce_handling_AVI_file_vulnerabilities.txt", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/36581", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/45940", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/27016", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securityreason.com/securityalert/3144", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:192", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/479222/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.securityfocus.com/bid/25648", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.vulnhunt.com/advisories/CAL-20070912-1_Multiple_vendor_produce_handling_AVI_file_vulnerabilities.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/36581", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }