Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
30 vulnerabilities by Hewlett-Packard Development Company,L.P
JVNDB-2023-000103
Vulnerability from jvndb - Published: 2023-10-23 14:26 - Updated:2023-10-23 14:26
Severity
Summary
HP ThinUpdate vulnerable to improper server certificate verification
Details
HP ThinUpdate provided by HP Development Company, L.P. is vulnerable to improper server certificate verification (CWE-295).
Narumi Hirai of LAC Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000103.html",
"dc:date": "2023-10-23T14:26+09:00",
"dcterms:issued": "2023-10-23T14:26+09:00",
"dcterms:modified": "2023-10-23T14:26+09:00",
"description": "HP ThinUpdate provided by HP Development Company, L.P. is vulnerable to improper server certificate verification (CWE-295).\r\n\r\nNarumi Hirai of LAC Co., Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000103.html",
"sec:cpe": {
"#text": "cpe:/a:hp:thinupdate",
"@product": "HP ThinUpdate",
"@vendor": "Hewlett-Packard Development Company,L.P",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2023-000103",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN02058996/index.html",
"@id": "JVN#02058996",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-4499",
"@id": "CVE-2023-4499",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-4499",
"@id": "CVE-2023-4499",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "HP ThinUpdate vulnerable to improper server certificate verification"
}
JVNDB-2015-005909
Vulnerability from jvndb - Published: 2015-11-20 13:31 - Updated:2015-11-20 13:31Summary
ArcSight Management Center and ArcSight Logger vulnerable to cross-site scripting
Details
ArcSight Management Center and ArcSight Logger from Hewlett-Packard Development Company L.P. contain a stored cross-site scripting vulnerability (CWE-79).
Mukai Akihito reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-005909.html",
"dc:date": "2015-11-20T13:31+09:00",
"dcterms:issued": "2015-11-20T13:31+09:00",
"dcterms:modified": "2015-11-20T13:31+09:00",
"description": "ArcSight Management Center and ArcSight Logger from Hewlett-Packard Development Company L.P. contain a stored cross-site scripting vulnerability (CWE-79).\r\n\r\nMukai Akihito reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-005909.html",
"sec:cpe": [
{
"#text": "cpe:/a:hp:archsight_management_center",
"@product": "HP ArcSight Management Center",
"@vendor": "Hewlett-Packard Development Company,L.P",
"@version": "2.2"
},
{
"#text": "cpe:/a:hp:arcsight_logger",
"@product": "HP ArcSight Logger",
"@vendor": "Hewlett-Packard Development Company,L.P",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2015-005909",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN51046809/index.html",
"@id": "JVN#51046809",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5441",
"@id": "CVE-2015-5441",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5441",
"@id": "CVE-2015-5441",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "ArcSight Management Center and ArcSight Logger vulnerable to cross-site scripting"
}
JVNDB-2013-000126
Vulnerability from jvndb - Published: 2013-12-26 12:32 - Updated:2013-12-26 12:32Summary
HP Autonomy Ultraseek vulnerable to cross-site scripting
Details
HP Autonomy Ultraseek provided by Hewlett-Packard Development Company, L.P. contains an issue in handling specific character encoding, which may result in cross-site scripting.
NetAgent Co.,Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000126.html",
"dc:date": "2013-12-26T12:32+09:00",
"dcterms:issued": "2013-12-26T12:32+09:00",
"dcterms:modified": "2013-12-26T12:32+09:00",
"description": "HP Autonomy Ultraseek provided by Hewlett-Packard Development Company, L.P. contains an issue in handling specific character encoding, which may result in cross-site scripting.\r\n\r\nNetAgent Co.,Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000126.html",
"sec:cpe": {
"#text": "cpe:/a:hp:autonomy_ultraseek",
"@product": "HP Autonomy Ultraseek",
"@vendor": "Hewlett-Packard Development Company,L.P",
"@version": "2.2"
},
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2013-000126",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN69700259/index.html",
"@id": "JVN#69700259",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6196",
"@id": "CVE-2013-6196",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6196",
"@id": "CVE-2013-6196",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "HP Autonomy Ultraseek vulnerable to cross-site scripting"
}
JVNDB-2013-000052
Vulnerability from jvndb - Published: 2013-06-03 14:28 - Updated:2013-06-03 14:28Summary
HP ProCurve 1700 series switches vulnerable to cross-site request forgery
Details
ProCurve 1700 series switches provided by Hewlett-Packard contain a cross-site request forgery vulnerability.
Darren Willis of Fourteenforty Research Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000052.html",
"dc:date": "2013-06-03T14:28+09:00",
"dcterms:issued": "2013-06-03T14:28+09:00",
"dcterms:modified": "2013-06-03T14:28+09:00",
"description": "ProCurve 1700 series switches provided by Hewlett-Packard contain a cross-site request forgery vulnerability.\r\n\r\nDarren Willis of Fourteenforty Research Institute, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000052.html",
"sec:cpe": [
{
"#text": "cpe:/h:hp:procurve_switch_1700-24",
"@product": "ProCurve Switch 1700-24",
"@vendor": "Hewlett-Packard Development Company,L.P",
"@version": "2.2"
},
{
"#text": "cpe:/h:hp:procurve_switch_1700-8",
"@product": "ProCurve Switch 1700-8",
"@vendor": "Hewlett-Packard Development Company,L.P",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2013-000052",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN48108258/index.html",
"@id": "JVN#48108258",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5216",
"@id": "CVE-2012-5216",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5216",
"@id": "CVE-2012-5216",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
}
],
"title": "HP ProCurve 1700 series switches vulnerable to cross-site request forgery"
}
JVNDB-2011-001632
Vulnerability from jvndb - Published: 2011-06-29 17:55 - Updated:2016-09-08 17:05Summary
Arbitrary Data Insertion Vulnerability in Hitachi Web Server SSL/TLS Protocol
Details
When using SSL on the Hitachi Web Server, it could allow an attacker to insert arbitrary data on the top of communication data.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-001632.html",
"dc:date": "2016-09-08T17:05+09:00",
"dcterms:issued": "2011-06-29T17:55+09:00",
"dcterms:modified": "2016-09-08T17:05+09:00",
"description": "When using SSL on the Hitachi Web Server, it could allow an attacker to insert arbitrary data on the top of communication data.",
"link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-001632.html",
"sec:cpe": [
{
"#text": "cpe:/a:hitachi:hitachi_web_server",
"@product": "Hitachi Web Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hp:matrix_operating_environment",
"@product": "HPE Matrix Operating Environment",
"@vendor": "Hewlett Packard Enterprise Co.",
"@version": "2.2"
},
{
"#text": "cpe:/a:hp:systems_insight_manager",
"@product": "HPE Systems Insight Manager",
"@vendor": "Hewlett Packard Enterprise Co.",
"@version": "2.2"
},
{
"#text": "cpe:/a:hp:virtual_connect",
"@product": "HP Virtual Connect",
"@vendor": "Hewlett-Packard Development Company,L.P",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2011-001632",
"sec:references": [
{
"#text": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002319.html",
"@id": "JVNDB-2009-002319",
"@source": "JVN iPedia"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555",
"@id": "CVE-2009-3555",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3555",
"@id": "CVE-2009-3555",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-noinfo",
"@title": "No Mapping(CWE-noinfo)"
}
],
"title": "Arbitrary Data Insertion Vulnerability in Hitachi Web Server SSL/TLS Protocol"
}
JVNDB-2011-000034
Vulnerability from jvndb - Published: 2011-06-10 16:23 - Updated:2013-03-26 14:46Summary
Java Web Start may insecurely load settings files
Details
Java Web Start provided Oracle may use unsafe methods for determining how to load settings files.
Java Web Start is tool to distribute Java applications over the web and is contained in Java applications such as JRE (Java Runtime Environment) Java Web Start contains an issue with the file search path, which may insecurely load settings files.
Hisashi Kojima of Fujitsu Laboratories, Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000034.html",
"dc:date": "2013-03-26T14:46+09:00",
"dcterms:issued": "2011-06-10T16:23+09:00",
"dcterms:modified": "2013-03-26T14:46+09:00",
"description": "Java Web Start provided Oracle may use unsafe methods for determining how to load settings files.\r\n\r\nJava Web Start is tool to distribute Java applications over the web and is contained in Java applications such as JRE (Java Runtime Environment) Java Web Start contains an issue with the file search path, which may insecurely load settings files.\r\n\r\nHisashi Kojima of Fujitsu Laboratories, Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000034.html",
"sec:cpe": [
{
"#text": "cpe:/a:hp:systems_insight_manager",
"@product": "HP Systems Insight Manager",
"@vendor": "Hewlett-Packard Development Company,L.P",
"@version": "2.2"
},
{
"#text": "cpe:/a:sun:jdk",
"@product": "JDK",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:sun:jre",
"@product": "JRE",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2011-000034",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN09206238/index.html",
"@id": "JVN#09206238",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0786",
"@id": "CVE-2011-0786",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0786",
"@id": "CVE-2011-0786",
"@source": "NVD"
},
{
"#text": "http://www.ipa.go.jp/security/english/vuln/201106_javaweb_en.html",
"@id": "Security Alert for Multiple Vulnerabilities in Java Web Start",
"@source": "IPA SECURITY ALERTS"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Java Web Start may insecurely load settings files"
}
JVNDB-2011-000035
Vulnerability from jvndb - Published: 2011-06-10 16:23 - Updated:2013-03-26 15:14Summary
Java Web Start may insecurely load dynamic libraries
Details
Java Web Start provided Oracle may use unsafe methods for determining how to load DLLs.
Java Web Start is tool to distribute Java applications over the web and is contained in Java applications such as JRE (Java Runtime Environment) Java Web Start contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries.
Hisashi Kojima of Fujitsu Laboratories, Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.
References
| Type | URL | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000035.html",
"dc:date": "2013-03-26T15:14+09:00",
"dcterms:issued": "2011-06-10T16:23+09:00",
"dcterms:modified": "2013-03-26T15:14+09:00",
"description": "Java Web Start provided Oracle may use unsafe methods for determining how to load DLLs.\r\n\r\nJava Web Start is tool to distribute Java applications over the web and is contained in Java applications such as JRE (Java Runtime Environment) Java Web Start contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries.\r\n\r\nHisashi Kojima of Fujitsu Laboratories, Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000035.html",
"sec:cpe": [
{
"#text": "cpe:/a:hp:systems_insight_manager",
"@product": "HP Systems Insight Manager",
"@vendor": "Hewlett-Packard Development Company,L.P",
"@version": "2.2"
},
{
"#text": "cpe:/a:sun:jdk",
"@product": "JDK",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:sun:jre",
"@product": "JRE",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:sun:sdk",
"@product": "SDK",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2011-000035",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN18680611/index.html",
"@id": "JVN#18680611",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0866",
"@id": "CVE-2011-0866",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0866",
"@id": "CVE-2011-0866",
"@source": "NVD"
},
{
"#text": "http://www.ipa.go.jp/security/english/vuln/201106_javaweb_en.html",
"@id": "Security Alert for Multiple Vulnerabilities in Java Web Start",
"@source": "IPA SECURITY ALERTS"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Java Web Start may insecurely load dynamic libraries"
}
JVNDB-2011-000033
Vulnerability from jvndb - Published: 2011-06-10 16:22 - Updated:2013-03-29 14:50Summary
Java Web Start may insecurely load policy files
Details
Java Web Start provided Oracle may use unsafe methods for determining how to load policy files.
Java Web Start is tool to distribute Java applications over the web and is contained in Java applications such as JRE (Java Runtime Environment) Java Web Start contains an issue with the file search path, which may insecurely load policy files.
Hisashi Kojima of Fujitsu Laboratories, Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.
References
| Type | URL | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000033.html",
"dc:date": "2013-03-29T14:50+09:00",
"dcterms:issued": "2011-06-10T16:22+09:00",
"dcterms:modified": "2013-03-29T14:50+09:00",
"description": "Java Web Start provided Oracle may use unsafe methods for determining how to load policy files.\r\n\r\nJava Web Start is tool to distribute Java applications over the web and is contained in Java applications such as JRE (Java Runtime Environment) Java Web Start contains an issue with the file search path, which may insecurely load policy files.\r\n\r\nHisashi Kojima of Fujitsu Laboratories, Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000033.html",
"sec:cpe": [
{
"#text": "cpe:/a:hp:systems_insight_manager",
"@product": "HP Systems Insight Manager",
"@vendor": "Hewlett-Packard Development Company,L.P",
"@version": "2.2"
},
{
"#text": "cpe:/a:sun:jdk",
"@product": "JDK",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:sun:jre",
"@product": "JRE",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2011-000033",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN29212182/index.html",
"@id": "JVN#29212182",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0788",
"@id": "CVE-2011-0788",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0788",
"@id": "CVE-2011-0788",
"@source": "NVD"
},
{
"#text": "http://www.ipa.go.jp/security/english/vuln/201106_javaweb_en.html",
"@id": "Security Alert for Multiple Vulnerabilities in Java Web Start",
"@source": "IPA SECURITY ALERTS"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Java Web Start may insecurely load policy files"
}
JVNDB-2011-000020
Vulnerability from jvndb - Published: 2011-03-10 16:38 - Updated:2018-02-07 17:10Summary
IBM Tivoli vulnerable to denial-of-service (DoS)
Details
IBM Tivoli contains a denial-of-service (DoS) vulnerability.
IBM Tivoli contains a denial-of-service (DoS) vulnerability due to an issue in Java Runtime Environment (JRE).
A wide range of products are affected. For more information, refer to the vendor's website.
References
| Type | URL | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000020.html",
"dc:date": "2018-02-07T17:10+09:00",
"dcterms:issued": "2011-03-10T16:38+09:00",
"dcterms:modified": "2018-02-07T17:10+09:00",
"description": "IBM Tivoli contains a denial-of-service (DoS) vulnerability.\r\n\r\nIBM Tivoli contains a denial-of-service (DoS) vulnerability due to an issue in Java Runtime Environment (JRE).\r\n\r\nA wide range of products are affected. For more information, refer to the vendor\u0027s website.",
"link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000020.html",
"sec:cpe": [
{
"#text": "cpe:/a:hp:systems_insight_manager",
"@product": "HP Systems Insight Manager",
"@vendor": "Hewlett-Packard Development Company,L.P",
"@version": "2.2"
},
{
"#text": "cpe:/a:sun:jdk",
"@product": "JDK",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:sun:jre",
"@product": "JRE",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:sun:sdk",
"@product": "SDK",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2011-000020",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN81294135/index.html",
"@id": "JVN#81294135",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/tr/JVNTR-2011-02/index.html",
"@id": "JVNTR-2011-02",
"@source": "JVNTR"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476",
"@id": "CVE-2010-4476",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4476",
"@id": "CVE-2010-4476",
"@source": "NVD"
},
{
"#text": "http://www.securitytracker.com/id?1025062",
"@id": "1025062",
"@source": "SECTRACK"
},
{
"#text": "http://secunia.com/advisories/43295",
"@id": "SA43295",
"@source": "SECUNIA-R"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-189",
"@title": "Numeric Errors(CWE-189)"
}
],
"title": "IBM Tivoli vulnerable to denial-of-service (DoS)"
}
JVNDB-2011-000017
Vulnerability from jvndb - Published: 2011-03-04 19:29 - Updated:2018-02-07 17:10Summary
IBM WebSphere Application Server vulnerable to denial-of-service (DoS)
Details
IBM WebSphere Application Server (WAS) contains a denial-of-service (DoS) vulnerability.
IBM WebSphere Application Server contains a denial-of-service (DoS) vulnerability due to an issue in Java Runtime Environment (JRE).
According to the developer:
" For other IBM software products that contain an affected version of WAS, require an update. Specifically, WebSphere Process Server (WPS), WebSphere Enterprise Service Bus (WESB), WebSphere Virtual Enterprise (WVE), WebSphere Commerce and others are applicable. Also, IBM HTTP Server is not affected by this vulnerability."
References
| Type | URL | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000017.html",
"dc:date": "2018-02-07T17:10+09:00",
"dcterms:issued": "2011-03-04T19:29+09:00",
"dcterms:modified": "2018-02-07T17:10+09:00",
"description": "IBM WebSphere Application Server (WAS) contains a denial-of-service (DoS) vulnerability.\r\n\r\nIBM WebSphere Application Server contains a denial-of-service (DoS) vulnerability due to an issue in Java Runtime Environment (JRE).\r\n\r\nAccording to the developer:\r\n\r\n\" For other IBM software products that contain an affected version of WAS, require an update. Specifically, WebSphere Process Server (WPS), WebSphere Enterprise Service Bus (WESB), WebSphere Virtual Enterprise (WVE), WebSphere Commerce and others are applicable. Also, IBM HTTP Server is not affected by this vulnerability.\"",
"link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000017.html",
"sec:cpe": [
{
"#text": "cpe:/a:hp:systems_insight_manager",
"@product": "HP Systems Insight Manager",
"@vendor": "Hewlett-Packard Development Company,L.P",
"@version": "2.2"
},
{
"#text": "cpe:/a:ibm:websphere_application_server",
"@product": "IBM WebSphere Application Server",
"@vendor": "IBM Corporation",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2011-000017",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN26301278/index.html",
"@id": "JVN#26301278",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/tr/JVNTR-2011-02/index.html",
"@id": "JVNTR-2011-02",
"@source": "JVNTR"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476",
"@id": "CVE-2010-4476",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4476",
"@id": "CVE-2010-4476",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/43295",
"@id": "SA43295",
"@source": "SECUNIA"
},
{
"#text": "http://www.securitytracker.com/id?1025062",
"@id": "1025062",
"@source": "SECTRACK"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-189",
"@title": "Numeric Errors(CWE-189)"
}
],
"title": "IBM WebSphere Application Server vulnerable to denial-of-service (DoS)"
}
JVNDB-2011-000016
Vulnerability from jvndb - Published: 2011-03-04 19:29 - Updated:2018-02-07 17:10Summary
IBM DB2 vulnerable to denial-of-service (DoS)
Details
IBM DB2 contains a denial-of-service (DoS) vulnerability.
IBM DB2 contains a denial-of-service (DoS) vulnerability due to an issue in Java Runtime Environment (JRE).
References
| Type | URL | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000016.html",
"dc:date": "2018-02-07T17:10+09:00",
"dcterms:issued": "2011-03-04T19:29+09:00",
"dcterms:modified": "2018-02-07T17:10+09:00",
"description": "IBM DB2 contains a denial-of-service (DoS) vulnerability.\r\n\r\nIBM DB2 contains a denial-of-service (DoS) vulnerability due to an issue in Java Runtime Environment (JRE).",
"link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000016.html",
"sec:cpe": [
{
"#text": "cpe:/a:hp:systems_insight_manager",
"@product": "HP Systems Insight Manager",
"@vendor": "Hewlett-Packard Development Company,L.P",
"@version": "2.2"
},
{
"#text": "cpe:/a:ibm:db2",
"@product": "IBM DB2",
"@vendor": "IBM Corporation",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2011-000016",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN16308183/index.html",
"@id": "JVN#16308183",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/tr/JVNTR-2011-02/index.html",
"@id": "JVNTR-2011-02",
"@source": "JVNTR"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476",
"@id": "CVE-2010-4476",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4476",
"@id": "CVE-2010-4476",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/43295",
"@id": "SA43295",
"@source": "SECUNIA"
},
{
"#text": "http://www.securitytracker.com/id?1025062",
"@id": "1025062",
"@source": "SECTRACK"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-189",
"@title": "Numeric Errors(CWE-189)"
}
],
"title": "IBM DB2 vulnerable to denial-of-service (DoS)"
}
JVNDB-2011-000018
Vulnerability from jvndb - Published: 2011-03-04 19:28 - Updated:2018-02-07 17:10Summary
IBM Lotus vulnerable to denial-of-service (DoS)
Details
IBM Lotus product line contains a denial-of-service (DoS) vulnerability.
IBM Lotus product line contains a denial-of-service (DoS) vulnerability due to an issue in Java Runtime Environment (JRE).
References
| Type | URL | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000018.html",
"dc:date": "2018-02-07T17:10+09:00",
"dcterms:issued": "2011-03-04T19:28+09:00",
"dcterms:modified": "2018-02-07T17:10+09:00",
"description": "IBM Lotus product line contains a denial-of-service (DoS) vulnerability.\r\n\r\nIBM Lotus product line contains a denial-of-service (DoS) vulnerability due to an issue in Java Runtime Environment (JRE).",
"link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000018.html",
"sec:cpe": [
{
"#text": "cpe:/a:hp:systems_insight_manager",
"@product": "HP Systems Insight Manager",
"@vendor": "Hewlett-Packard Development Company,L.P",
"@version": "2.2"
},
{
"#text": "cpe:/a:ibm:ibm_forms",
"@product": "IBM Forms",
"@vendor": "IBM Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:ibm:ibm_mashup_center",
"@product": "IBM Mashup Center",
"@vendor": "IBM Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:ibm:lotus_activeinsight",
"@product": "Lotus ActiveInsight",
"@vendor": "IBM Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:ibm:lotus_connections",
"@product": "Lotus Connections",
"@vendor": "IBM Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:ibm:lotus_expeditor",
"@product": "IBM Lotus Expeditor",
"@vendor": "IBM Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:ibm:lotus_mashups",
"@product": "Lotus Mashups",
"@vendor": "IBM Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:ibm:lotus_quickr",
"@product": "IBM Lotus Quickr",
"@vendor": "IBM Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:ibm:lotus_sametime_advanced",
"@product": "Lotus Sametime Advanced",
"@vendor": "IBM Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:ibm:lotus_sametime_standard",
"@product": "Lotus Sametime Standard",
"@vendor": "IBM Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:ibm:lotus_sametime_unified_telephony",
"@product": "Lotus Sametime Unified Telephony",
"@vendor": "IBM Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:ibm:lotus_web_content_management",
"@product": "Lotus Web Content Management",
"@vendor": "IBM Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:ibm:lotus_workforce_management",
"@product": "Lotus Workforce Management",
"@vendor": "IBM Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:ibm:websphere_dashboard_framework",
"@product": "IBM WebSphere Dashboard Framework",
"@vendor": "IBM Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:ibm:websphere_portlet_factory",
"@product": "WebSphere Portlet Factory",
"@vendor": "IBM Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:ibm:workplace_web_content_management",
"@product": "Workplace Web Content Management",
"@vendor": "IBM Corporation",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2011-000018",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN97334690/index.html",
"@id": "JVN#97334690",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/tr/JVNTR-2011-02/index.html",
"@id": "JVNTR-2011-02",
"@source": "JVNTR"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476",
"@id": "CVE-2010-4476",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4476",
"@id": "CVE-2010-4476",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/43295",
"@id": "SA43295",
"@source": "SECUNIA"
},
{
"#text": "http://www.securitytracker.com/id?1025062",
"@id": "1025062",
"@source": "SECTRACK"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-189",
"@title": "Numeric Errors(CWE-189)"
}
],
"title": "IBM Lotus vulnerable to denial-of-service (DoS)"
}
JVNDB-2009-000037
Vulnerability from jvndb - Published: 2009-06-18 17:54 - Updated:2012-09-28 13:40Summary
Apache Tomcat denial of service (DoS) vulnerability
Details
Apache Tomcat from The Apache Software Foundation contains a denial of service (DoS) vulnerability.
Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies.
If Tomcat receives a request with an invalid header via the Java AJP connector, it will not return an error and instead closes the AJP connection. In case this connector is member of a mod_jk load balancing worker, this member will be put into an error state and will be blocked from use for approximately one minute. Thus the behavior can be used for a denial of service attack using a carefully crafted request.
According to the developer, unsupported Apache Tomcat 3.x, 4.0.x, and 5.0.x may also be affected.
For more information, refer to the developer's website.
Yoshihito Fukuyama of NTT OSS Center reported this vulnerability to IPA. JPCERT/CC coordinated with The Apache Software Foundation and the vendors under Information Security Early Warning Partnership.
References
| Type | URL | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000037.html",
"dc:date": "2012-09-28T13:40+09:00",
"dcterms:issued": "2009-06-18T17:54+09:00",
"dcterms:modified": "2012-09-28T13:40+09:00",
"description": "Apache Tomcat from The Apache Software Foundation contains a denial of service (DoS) vulnerability.\r\n\r\nApache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies.\r\nIf Tomcat receives a request with an invalid header via the Java AJP connector, it will not return an error and instead closes the AJP connection. In case this connector is member of a mod_jk load balancing worker, this member will be put into an error state and will be blocked from use for approximately one minute. Thus the behavior can be used for a denial of service attack using a carefully crafted request.\r\n\r\nAccording to the developer, unsupported Apache Tomcat 3.x, 4.0.x, and 5.0.x may also be affected.\r\nFor more information, refer to the developer\u0027s website.\r\n\r\nYoshihito Fukuyama of NTT OSS Center reported this vulnerability to IPA. JPCERT/CC coordinated with The Apache Software Foundation and the vendors under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000037.html",
"sec:cpe": [
{
"#text": "cpe:/a:apache:tomcat",
"@product": "Apache Tomcat",
"@vendor": "Apache Software Foundation",
"@version": "2.2"
},
{
"#text": "cpe:/a:hp:tomcat-based_servlet_engine",
"@product": "HP-UX Tomcat-based Servlet Engine",
"@vendor": "Hewlett-Packard Development Company,L.P",
"@version": "2.2"
},
{
"#text": "cpe:/a:nec:infoframe_documentskipper",
"@product": "InfoFrame DocumentSkipper",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:vmware:esx",
"@product": "VMware ESX",
"@vendor": "VMware",
"@version": "2.2"
},
{
"#text": "cpe:/a:vmware:server",
"@product": "VMware Server",
"@vendor": "VMware",
"@version": "2.2"
},
{
"#text": "cpe:/a:vmware:vcenter",
"@product": "VMware vCenter",
"@vendor": "VMware",
"@version": "2.2"
},
{
"#text": "cpe:/a:vmware:virtualcenter",
"@product": "VMware VirtualCenter",
"@vendor": "VMware",
"@version": "2.2"
},
{
"#text": "cpe:/o:apple:mac_os_x_server",
"@product": "Apple Mac OS X Server",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:hp:hp-ux",
"@product": "HP-UX",
"@vendor": "Hewlett-Packard Development Company,L.P",
"@version": "2.2"
},
{
"#text": "cpe:/o:misc:miraclelinux_asianux_server",
"@product": "Asianux Server",
"@vendor": "Cybertrust Japan Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux",
"@product": "Red Hat Enterprise Linux",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux_desktop",
"@product": "Red Hat Enterprise Linux Desktop",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux_eus",
"@product": "Red Hat Enterprise Linux EUS",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:rhel_desktop_workstation",
"@product": "RHEL Desktop Workstation",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:sun:opensolaris",
"@product": "OpenSolaris",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:sun:solaris",
"@product": "Sun Solaris",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2009-000037",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN87272440/index.html",
"@id": "JVN#87272440",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0033",
"@id": "CVE-2009-0033",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0033",
"@id": "CVE-2009-0033",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/35326",
"@id": "SA35326",
"@source": "SECUNIA"
},
{
"#text": "http://secunia.com/advisories/35344",
"@id": "SA35344",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/35193",
"@id": "35193",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/50928",
"@id": "50928",
"@source": "XF"
},
{
"#text": "http://securitytracker.com/alerts/2009/Jun/1022331.html",
"@id": "1022331",
"@source": "SECTRACK"
},
{
"#text": "http://www.vupen.com/english/advisories/2009/1496",
"@id": "VUPEN/ADV-2009-1496",
"@source": "VUPEN"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
}
],
"title": "Apache Tomcat denial of service (DoS) vulnerability"
}
JVNDB-2009-000036
Vulnerability from jvndb - Published: 2009-06-18 17:53 - Updated:2012-09-28 13:35Summary
Apache Tomcat information disclosure vulnerability
Details
Apache Tomcat from The Apache Software Foundation contains an information disclosure vulnerability.
Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies.
Apache Tomcat contains a vulnerability which may allow information disclosure or access to the contents contained in the WEB-INF directory.
According to the developer, unsupported Apache Tomcat 3.x, 4.0.x, and 5.0.x may also be affected.
For more information, refer to the developer's website.
Minehiko Iida and Yuichiro Suzuki of Development Dept. II Application Management Middleware Div. FUJITSU LIMITED reported this vulnerability to IPA. JPCERT/CC coordinated with The Apache Software Foundation and the vendors under Information Security Early Warning Partnership.
References
| Type | URL | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000036.html",
"dc:date": "2012-09-28T13:35+09:00",
"dcterms:issued": "2009-06-18T17:53+09:00",
"dcterms:modified": "2012-09-28T13:35+09:00",
"description": "Apache Tomcat from The Apache Software Foundation contains an information disclosure vulnerability.\r\n\r\nApache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies.\r\nApache Tomcat contains a vulnerability which may allow information disclosure or access to the contents contained in the WEB-INF directory.\r\n\r\nAccording to the developer, unsupported Apache Tomcat 3.x, 4.0.x, and 5.0.x may also be affected.\r\nFor more information, refer to the developer\u0027s website.\r\n\r\nMinehiko Iida and Yuichiro Suzuki of Development Dept. II Application Management Middleware Div. FUJITSU LIMITED reported this vulnerability to IPA. JPCERT/CC coordinated with The Apache Software Foundation and the vendors under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000036.html",
"sec:cpe": [
{
"#text": "cpe:/a:apache:tomcat",
"@product": "Apache Tomcat",
"@vendor": "Apache Software Foundation",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_application_framework_suite",
"@product": "Interstage Application Framework Suite",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_application_server",
"@product": "Interstage Application Server",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_apworks",
"@product": "Interstage Apworks",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_business_application_server",
"@product": "Interstage Business Application Server",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_job_workload_server",
"@product": "Interstage Job Workload Server",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_studio",
"@product": "Interstage Studio",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_web_server",
"@product": "Interstage Web Server",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:hp:tomcat-based_servlet_engine",
"@product": "HP-UX Tomcat-based Servlet Engine",
"@vendor": "Hewlett-Packard Development Company,L.P",
"@version": "2.2"
},
{
"#text": "cpe:/a:nec:infoframe_documentskipper",
"@product": "InfoFrame DocumentSkipper",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:nec:mcone",
"@product": "MCOne",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:nec:websam_securemaster",
"@product": "WebSAM SECUREMASTER",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:vmware:esx",
"@product": "VMware ESX",
"@vendor": "VMware",
"@version": "2.2"
},
{
"#text": "cpe:/a:vmware:server",
"@product": "VMware Server",
"@vendor": "VMware",
"@version": "2.2"
},
{
"#text": "cpe:/a:vmware:vcenter",
"@product": "VMware vCenter",
"@vendor": "VMware",
"@version": "2.2"
},
{
"#text": "cpe:/a:vmware:virtualcenter",
"@product": "VMware VirtualCenter",
"@vendor": "VMware",
"@version": "2.2"
},
{
"#text": "cpe:/o:apple:mac_os_x_server",
"@product": "Apple Mac OS X Server",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:hp:hp-ux",
"@product": "HP-UX",
"@vendor": "Hewlett-Packard Development Company,L.P",
"@version": "2.2"
},
{
"#text": "cpe:/o:misc:miraclelinux_asianux_server",
"@product": "Asianux Server",
"@vendor": "Cybertrust Japan Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux",
"@product": "Red Hat Enterprise Linux",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux_desktop",
"@product": "Red Hat Enterprise Linux Desktop",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux_eus",
"@product": "Red Hat Enterprise Linux EUS",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:rhel_desktop_workstation",
"@product": "RHEL Desktop Workstation",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:sun:opensolaris",
"@product": "OpenSolaris",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:sun:solaris",
"@product": "Sun Solaris",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2009-000036",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN63832775/index.html",
"@id": "JVN#63832775",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5515",
"@id": "CVE-2008-5515",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5515",
"@id": "CVE-2008-5515",
"@source": "NVD"
},
{
"#text": "http://www.securityfocus.com/bid/35263",
"@id": "35263",
"@source": "BID"
},
{
"#text": "http://www.vupen.com/english/advisories/2009/1520",
"@id": "VUPEN/ADV-2009-1520",
"@source": "VUPEN"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-200",
"@title": "Information Exposure(CWE-200)"
}
],
"title": "Apache Tomcat information disclosure vulnerability"
}
JVNDB-2009-000029
Vulnerability from jvndb - Published: 2009-05-20 16:01 - Updated:2009-05-20 16:01Summary
HP System Management Homepage vulnerable to cross-site scripting
Details
HP System Management Homepage (SMH) from Hewlett-Packard contains a cross-site scripting vulnerability.
HP System Management Homepage (SMH) from Hewlett-Packard is a web-based interface that can manage HP servers.
SMH contains a cross-site scripting vulnerability.
This vulnerability is different from JVN#19240523.
Masashi Shiraishi reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.
References
| Type | URL | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000029.html",
"dc:date": "2009-05-20T16:01+09:00",
"dcterms:issued": "2009-05-20T16:01+09:00",
"dcterms:modified": "2009-05-20T16:01+09:00",
"description": "HP System Management Homepage (SMH) from Hewlett-Packard contains a cross-site scripting vulnerability.\r\n\r\nHP System Management Homepage (SMH) from Hewlett-Packard is a web-based interface that can manage HP servers.\r\nSMH contains a cross-site scripting vulnerability.\r\n\r\nThis vulnerability is different from JVN#19240523.\r\n\r\nMasashi Shiraishi reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000029.html",
"sec:cpe": {
"#text": "cpe:/a:hp:system_management_homepage",
"@product": "HP System Management Homepage",
"@vendor": "Hewlett-Packard Development Company,L.P",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2009-000029",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN02331156/index.html",
"@id": "JVN#02331156",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1418",
"@id": "CVE-2009-1418",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1418",
"@id": "CVE-2009-1418",
"@source": "NVD"
},
{
"#text": "http://securitytracker.com/id?1022242",
"@id": "1022242",
"@source": "SECTRACK"
},
{
"#text": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000029.html",
"@id": "JVNDB-2009-000029",
"@source": "JVNDB_Ja"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "HP System Management Homepage vulnerable to cross-site scripting"
}
JVNDB-2008-001043
Vulnerability from jvndb - Published: 2008-06-13 17:11 - Updated:2008-11-21 12:19Summary
X.Org Foundation X server buffer overflow vulnerability
Details
X server provided by the X.Org Foundation contains a buffer overflow vulnerability.
The X.Org Foundation provides an open source implementation of the X Window System. The X server of this implementation contains a vulnerability in the handling of Portable Compiled Font (PCF) format fonts that can be exploited to cause a buffer overflow.
X.Org Foundation released the X.Org security advisory on January 17, 2008, and CERT/CC released VU#203220 on March 19, 2008 regarding this vulnerability issue.
Takuya Shiozaki of CODE blog (codeblog.org) reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.
References
| Type | URL | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-001043.html",
"dc:date": "2008-11-21T12:19+09:00",
"dcterms:issued": "2008-06-13T17:11+09:00",
"dcterms:modified": "2008-11-21T12:19+09:00",
"description": "X server provided by the X.Org Foundation contains a buffer overflow vulnerability. \r\n\r\nThe X.Org Foundation provides an open source implementation of the X Window System. The X server of this implementation contains a vulnerability in the handling of Portable Compiled Font (PCF) format fonts that can be exploited to cause a buffer overflow. \r\n\r\nX.Org Foundation released the X.Org security advisory on January 17, 2008, and CERT/CC released VU#203220 on March 19, 2008 regarding this vulnerability issue. \r\n\r\nTakuya Shiozaki of CODE blog (codeblog.org) reported this vulnerability to IPA. \r\nJPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-001043.html",
"sec:cpe": [
{
"#text": "cpe:/a:fujitsu:pc-x",
"@product": "FUJITSU PC-X",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:suse:suse_open_enterprise_server",
"@product": "Open Enterprise Server",
"@vendor": "SUSE",
"@version": "2.2"
},
{
"#text": "cpe:/a:suse:suse_sles",
"@product": "SUSE SLES",
"@vendor": "SUSE",
"@version": "2.2"
},
{
"#text": "cpe:/a:x.org:x.org_x11",
"@product": "X.Org X11",
"@vendor": "X.Org Foundation",
"@version": "2.2"
},
{
"#text": "cpe:/a:xfree86_project:xfree86",
"@product": "XFree86",
"@vendor": "XFree86 Project",
"@version": "2.2"
},
{
"#text": "cpe:/o:apple:mac_os_x",
"@product": "Apple Mac OS X",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:apple:mac_os_x_server",
"@product": "Apple Mac OS X Server",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:canonical:ubuntu_linux",
"@product": "Ubuntu",
"@vendor": "Canonical",
"@version": "2.2"
},
{
"#text": "cpe:/o:fedoraproject:fedora",
"@product": "Fedora",
"@vendor": "Fedora Project",
"@version": "2.2"
},
{
"#text": "cpe:/o:gentoo:linux_x11",
"@product": "Gentoo Linux x11-base/xorg-server",
"@vendor": "Gentoo Foundation, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:gentoo:linux_x11-libs",
"@product": "Gentoo Linux x11-libs/libXfont",
"@vendor": "Gentoo Foundation, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:hp:hp-ux",
"@product": "HP-UX",
"@vendor": "Hewlett-Packard Development Company,L.P",
"@version": "2.2"
},
{
"#text": "cpe:/o:ibm:aix",
"@product": "IBM AIX",
"@vendor": "IBM Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:mandriva:linux-xfree86",
"@product": "Mandriva Linux XFree86",
"@vendor": "Mandriva, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:mandriva:linux-xorg",
"@product": "Mandriva Linux xorg-x11",
"@vendor": "Mandriva, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:misc:miraclelinux_asianux_server",
"@product": "Asianux Server",
"@vendor": "Cybertrust Japan Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:openbsd:openbsd",
"@product": "OpenBSD",
"@vendor": "OpenBSD",
"@version": "2.2"
},
{
"#text": "cpe:/o:opensuse_project:opensuse",
"@product": "openSUSE",
"@vendor": "openSUSE project",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux",
"@product": "Red Hat Enterprise Linux",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux_desktop",
"@product": "Red Hat Enterprise Linux Desktop",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:linux_advanced_workstation",
"@product": "Red Hat Linux Advanced Workstation",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:rhel_desktop_workstation",
"@product": "RHEL Desktop Workstation",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:sun:solaris",
"@product": "Sun Solaris",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:suse:linux_desktop",
"@product": "Novell Linux Desktop",
"@vendor": "SUSE",
"@version": "2.2"
},
{
"#text": "cpe:/o:suse:linux_enterprise_desktop",
"@product": "SUSE Linux Enterprise Desktop",
"@vendor": "SUSE",
"@version": "2.2"
},
{
"#text": "cpe:/o:suse:linux_enterprise_server",
"@product": "SUSE Linux Enterprise Server",
"@vendor": "SUSE",
"@version": "2.2"
},
{
"#text": "cpe:/o:suse:linux_pos",
"@product": "Novell Linux POS",
"@vendor": "SUSE",
"@version": "2.2"
},
{
"#text": "cpe:/o:suse:suse_linux",
"@product": "SUSE LINUX",
"@vendor": "SUSE",
"@version": "2.2"
},
{
"#text": "cpe:/o:suse:suse_sle_sdk",
"@product": "SLE SDK",
"@vendor": "SUSE",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "7.4",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2008-001043",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN88935101/index.html",
"@id": "JVN#88935101",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/tr/TRTA08-079A/index.html",
"@id": "TRTA08-079A",
"@source": "JVNTR"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0006",
"@id": "CVE-2008-0006",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0006",
"@id": "CVE-2008-0006",
"@source": "NVD"
},
{
"#text": "http://www.ipa.go.jp/security/english/vuln/200806_XOrg_press_en.html",
"@id": "Security Alert for X.Org Foundation X Server Vulnerability",
"@source": "IPA SECURITY ALERTS"
},
{
"#text": "http://www.us-cert.gov/cas/alerts/SA08-079A.html",
"@id": "SA08-079A",
"@source": "CERT-SA"
},
{
"#text": "http://www.kb.cert.org/vuls/id/203220",
"@id": "VU#203220",
"@source": "CERT-VN"
},
{
"#text": "http://www.us-cert.gov/cas/techalerts/TA08-079A.html",
"@id": "TA08-079A",
"@source": "CERT-TA"
},
{
"#text": "http://secunia.com/advisories/28532/",
"@id": "SA28532",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/27352",
"@id": "27352",
"@source": "BID"
},
{
"#text": "http://securitytracker.com/id?1019232",
"@id": "1019232",
"@source": "SECTRACK"
},
{
"#text": "http://www.frsirt.com/english/advisories/2008/0179",
"@id": "FrSIRT/ADV-2008-0179",
"@source": "FRSIRT"
},
{
"#text": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001043.html",
"@id": "JVNDB-2008-001043",
"@source": "JVNDB_Ja"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-119",
"@title": "Buffer Errors(CWE-119)"
}
],
"title": "X.Org Foundation X server buffer overflow vulnerability"
}
JVNDB-2005-000601
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2014-05-22 18:04Summary
OpenSSL version rollback vulnerability
Details
OpenSSL from OpenSSL Project contains a version rollback vulnerability. If a specific option is used on a server running OpenSSL, an attacker can force the client and the server to negotiate the SSL 2.0 protocol even if these parties both request TLS 1.0 protocol by crafting an attack on the communication path.
RFC 2246, defining the TLS protocol, defines that when TLS 1.0 is available, SSL 2.0 should not be used in order to avoid version rollback attacks.
References
| Type | URL | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000601.html",
"dc:date": "2014-05-22T18:04+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2014-05-22T18:04+09:00",
"description": "OpenSSL from OpenSSL Project contains a version rollback vulnerability. If a specific option is used on a server running OpenSSL, an attacker can force the client and the server to negotiate the SSL 2.0 protocol even if these parties both request TLS 1.0 protocol by crafting an attack on the communication path.\r\n\r\nRFC 2246, defining the TLS protocol, defines that when TLS 1.0 is available, SSL 2.0 should not be used in order to avoid version rollback attacks.",
"link": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000601.html",
"sec:cpe": [
{
"#text": "cpe:/a:hitachi:cosminexus_application_server_enterprise",
"@product": "Cosminexus Application Server Enterprise",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_application_server_standard",
"@product": "Cosminexus Application Server Standard",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_application_server_version_5",
"@product": "Cosminexus Application Server Version 5",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_developer_light_version_6",
"@product": "Cosminexus Developer Light Version 6",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_developer_professional_version_6",
"@product": "Cosminexus Developer Professional Version 6",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_developer_standard_version_6",
"@product": "Cosminexus Developer Standard Version 6",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_developer_version_5",
"@product": "Cosminexus Developer Version 5",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_server_-_enterprise_edition",
"@product": "Cosminexus Server - Enterprise Edition",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_server_-_standard_edition",
"@product": "Cosminexus Server - Standard Edition",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_server_-_standard_edition_version_4",
"@product": "Cosminexus Server - Standard Edition Version 4",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_server_-_web_edition",
"@product": "Cosminexus Server - Web Edition",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_server_-_web_edition_version_4",
"@product": "Cosminexus Server - Web Edition Version 4",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:hitachi_web_server",
"@product": "Hitachi Web Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_application_server_enterprise",
"@product": "uCosminexus Application Server Enterprise",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_application_server_smart_edition",
"@product": "uCosminexus Application Server Smart Edition",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_application_server_standard",
"@product": "uCosminexus Application Server Standard",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_developer",
"@product": "uCosminexus Developer",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_developer_light",
"@product": "uCosminexus Developer Light",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_developer_standard",
"@product": "uCosminexus Developer Standard",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_service_architect",
"@product": "uCosminexus Service Architect",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_service_platform",
"@product": "uCosminexus Service Platform",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:openssl:openssl",
"@product": "OpenSSL",
"@vendor": "OpenSSL Project",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:interscan_messaging_security_suite",
"@product": "InterScan Messaging Security Suite",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:interscan_viruswall",
"@product": "TrendMicro InterScan VirusWall",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:interscan_web_security_suite",
"@product": "TrendMicro InterScan Web Security Suite",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/h:fujitsu:fmse-c301",
"@product": "FMSE-C301",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/h:fujitsu:ipcom",
"@product": "IPCOM Series",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/o:hp:hp-ux",
"@product": "HP-UX",
"@vendor": "Hewlett-Packard Development Company,L.P",
"@version": "2.2"
},
{
"#text": "cpe:/o:misc:miraclelinux_asianux_server",
"@product": "Asianux Server",
"@vendor": "Cybertrust Japan Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux",
"@product": "Red Hat Enterprise Linux",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:linux_advanced_workstation",
"@product": "Red Hat Linux Advanced Workstation",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:sun:solaris",
"@product": "Sun Solaris",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_appliance_server",
"@product": "Turbolinux Appliance Server",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_fuji",
"@product": "Turbolinux FUJI",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_multimedia",
"@product": "Turbolinux Multimedia",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_personal",
"@product": "Turbolinux Personal",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_server",
"@product": "Turbolinux Server",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_wizpy",
"@product": "wizpy",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2005-000601",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN23632449/index.html",
"@id": "JVN#23632449",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2969",
"@id": "CVE-2005-2969",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-2969",
"@id": "CVE-2005-2969",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/17151/",
"@id": "SA17151",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/15071",
"@id": "15071",
"@source": "BID"
},
{
"#text": "http://www.securiteam.com/securitynews/6Y00D0AEBW.html",
"@id": "6Y00D0AEBW",
"@source": "SECTEAM"
},
{
"#text": "http://www.frsirt.com/english/advisories/2005/2036",
"@id": "FrSIRT/ADV-2005-2036",
"@source": "FRSIRT"
}
],
"title": "OpenSSL version rollback vulnerability"
}
JVNDB-2007-000819
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2013-07-18 18:58Summary
Cross-site scripting vulnerability in Apache HTTP Server "mod_imap" and "mod_imagemap"
Details
mod_imap and mod_imagemap modules of the Apache HTTP Server are vulnerable to cross-site scripting.
The Apache HTTP Server is open source web server software. The Apache HTTP Server modules mod_imap and mod_imagemap provide server-side imagemap processing capability.
The Apache HTTP Server modules mod_imap and mod_imagemap are vulnerable to cross-site scripting.
References
| Type | URL | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000819.html",
"dc:date": "2013-07-18T18:58+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2013-07-18T18:58+09:00",
"description": "mod_imap and mod_imagemap modules of the Apache HTTP Server are vulnerable to cross-site scripting.\r\n\r\nThe Apache HTTP Server is open source web server software. The Apache HTTP Server modules mod_imap and mod_imagemap provide server-side imagemap processing capability.\r\nThe Apache HTTP Server modules mod_imap and mod_imagemap are vulnerable to cross-site scripting.",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000819.html",
"sec:cpe": [
{
"#text": "cpe:/a:apache:http_server",
"@product": "Apache HTTP Server",
"@vendor": "Apache Software Foundation",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_application_framework_suite",
"@product": "Interstage Application Framework Suite",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_application_server",
"@product": "Interstage Application Server",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_apworks",
"@product": "Interstage Apworks",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_business_application_server",
"@product": "Interstage Business Application Server",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_job_workload_server",
"@product": "Interstage Job Workload Server",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_studio",
"@product": "Interstage Studio",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_web_server",
"@product": "Interstage Web Server",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:systemwalker_resource_coordinator",
"@product": "Systemwalker Resource Coordinator",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_application_server",
"@product": "Cosminexus Application Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_developer",
"@product": "Cosminexus Developer",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_server",
"@product": "Cosminexus Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:hitachi_web_server",
"@product": "Hitachi Web Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_application_server",
"@product": "uCosminexus Application Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_developer",
"@product": "uCosminexus Developer",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_service",
"@product": "uCosminexus Service",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:ibm:http_server",
"@product": "IBM HTTP Server",
"@vendor": "IBM Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:oracle:http_server",
"@product": "Oracle HTTP Server",
"@vendor": "Oracle Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:redhat:rhel_application_stack",
"@product": "Red Hat Application Stack",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/h:nec:wanbooster",
"@product": "WanBooster",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:apple:mac_os_x",
"@product": "Apple Mac OS X",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:apple:mac_os_x_server",
"@product": "Apple Mac OS X Server",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:hp:hp-ux",
"@product": "HP-UX",
"@vendor": "Hewlett-Packard Development Company,L.P",
"@version": "2.2"
},
{
"#text": "cpe:/o:misc:miraclelinux_asianux_server",
"@product": "Asianux Server",
"@vendor": "Cybertrust Japan Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux",
"@product": "Red Hat Enterprise Linux",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux_desktop",
"@product": "Red Hat Enterprise Linux Desktop",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:linux_advanced_workstation",
"@product": "Red Hat Linux Advanced Workstation",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:rhel_desktop_workstation",
"@product": "RHEL Desktop Workstation",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:sun:solaris",
"@product": "Sun Solaris",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_appliance_server",
"@product": "Turbolinux Appliance Server",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_fuji",
"@product": "Turbolinux FUJI",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_multimedia",
"@product": "Turbolinux Multimedia",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_personal",
"@product": "Turbolinux Personal",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_server",
"@product": "Turbolinux Server",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-000819",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN80057925/index.html",
"@id": "JVN#80057925",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/tr/TRTA08-079A/index.html",
"@id": "TRTA08-079A",
"@source": "JVNTR"
},
{
"#text": "https://jvn.jp/en/tr/TRTA08-150A/index.html",
"@id": "TRTA08-150A",
"@source": "JVNTR"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000",
"@id": "CVE-2007-5000",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5000",
"@id": "CVE-2007-5000",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/28046",
"@id": "SA28046",
"@source": "SECUNIA"
},
{
"#text": "http://secunia.com/advisories/28073",
"@id": "SA28073",
"@source": "SECUNIA"
},
{
"#text": "http://www.frsirt.com/english/advisories/2007/4201",
"@id": "FrSIRT/ADV-2007-4201",
"@source": "FRSIRT"
},
{
"#text": "http://www.frsirt.com/english/advisories/2007/4202",
"@id": "FrSIRT/ADV-2007-4202",
"@source": "FRSIRT"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Cross-site scripting vulnerability in Apache HTTP Server \"mod_imap\" and \"mod_imagemap\""
}
JVNDB-2007-000297
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-07-11 13:47Summary
Apache Tomcat Accept-Language Header Cross-Site Scripting Vulnerability
Details
Apache Tomcat from the Apache Software Foundation contains a cross-site scripting vulnerability in the Accept-Language header handling.
Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies.
Apache Tomcat contains a cross-site scripting vulnerability. It occurs when the value of the Accept-Language header sent from a client is non-standard.
The vendor has confirmed that this vulnerability occurs when an outdated version of Flash is used.
References
| Type | URL | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000297.html",
"dc:date": "2008-07-11T13:47+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-07-11T13:47+09:00",
"description": "Apache Tomcat from the Apache Software Foundation contains a cross-site scripting vulnerability in the Accept-Language header handling.\r\n\r\nApache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies.\r\n\r\nApache Tomcat contains a cross-site scripting vulnerability. It occurs when the value of the Accept-Language header sent from a client is non-standard.\r\n\r\nThe vendor has confirmed that this vulnerability occurs when an outdated version of Flash is used.",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000297.html",
"sec:cpe": [
{
"#text": "cpe:/a:apache:tomcat",
"@product": "Apache Tomcat",
"@vendor": "Apache Software Foundation",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_application_framework_suite",
"@product": "Interstage Application Framework Suite",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_application_server",
"@product": "Interstage Application Server",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_apworks",
"@product": "Interstage Apworks",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_business_application_server",
"@product": "Interstage Business Application Server",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_job_workload_server",
"@product": "Interstage Job Workload Server",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_web_server",
"@product": "Interstage Web Server",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_application_server",
"@product": "Cosminexus Application Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_developer",
"@product": "Cosminexus Developer",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_application_server",
"@product": "uCosminexus Application Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_developer",
"@product": "uCosminexus Developer",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_service",
"@product": "uCosminexus Service",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:nec:webotx_application_server",
"@product": "WebOTX Application Server",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:apple:mac_os_x_server",
"@product": "Apple Mac OS X Server",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:hp:hp-ux",
"@product": "HP-UX",
"@vendor": "Hewlett-Packard Development Company,L.P",
"@version": "2.2"
},
{
"#text": "cpe:/o:misc:miraclelinux_asianux_server",
"@product": "Asianux Server",
"@vendor": "Cybertrust Japan Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:sun:solaris",
"@product": "Sun Solaris",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-000297",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN16535199/index.html",
"@id": "JVN#16535199",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1358",
"@id": "CVE-2007-1358",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1358",
"@id": "CVE-2007-1358",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/25721",
"@id": "SA25721",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/24524",
"@id": "24524",
"@source": "BID"
},
{
"#text": "http://www.securitytracker.com/id?1018269",
"@id": "1018269",
"@source": "SECTRACK"
},
{
"#text": "http://www.frsirt.com/english/advisories/2007/1729",
"@id": "FrSIRT/ADV-2007-1729",
"@source": "FRSIRT"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Apache Tomcat Accept-Language Header Cross-Site Scripting Vulnerability"
}
JVNDB-2007-000456
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-07-11 13:48Summary
Apache Tomcat sample web application cross-site scripting vulnerability
Details
Apache Tomcat, from the Apache Software Foundation, contains a cross-site scripting vulnerability in its sample program.
Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies.
jsp-examples, a sample web application included in Apache Tomcat, contains a cross-site scripting vulnerability.
References
| Type | URL | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000456.html",
"dc:date": "2008-07-11T13:48+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-07-11T13:48+09:00",
"description": "Apache Tomcat, from the Apache Software Foundation, contains a cross-site scripting vulnerability in its sample program.\r\n\r\nApache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies.\r\n\r\njsp-examples, a sample web application included in Apache Tomcat, contains a cross-site scripting vulnerability.",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000456.html",
"sec:cpe": [
{
"#text": "cpe:/a:apache:tomcat",
"@product": "Apache Tomcat",
"@vendor": "Apache Software Foundation",
"@version": "2.2"
},
{
"#text": "cpe:/o:apple:mac_os_x",
"@product": "Apple Mac OS X",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:apple:mac_os_x_server",
"@product": "Apple Mac OS X Server",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:hp:hp-ux",
"@product": "HP-UX",
"@vendor": "Hewlett-Packard Development Company,L.P",
"@version": "2.2"
},
{
"#text": "cpe:/o:misc:miraclelinux_asianux_server",
"@product": "Asianux Server",
"@vendor": "Cybertrust Japan Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux",
"@product": "Red Hat Enterprise Linux",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux_desktop",
"@product": "Red Hat Enterprise Linux Desktop",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:rhel_desktop_workstation",
"@product": "RHEL Desktop Workstation",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-000456",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN64851600/index.html",
"@id": "JVN#64851600",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2449",
"@id": "CVE-2007-2449",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2449",
"@id": "CVE-2007-2449",
"@source": "NVD"
},
{
"#text": "http://www.securityfocus.com/bid/24476",
"@id": "24476",
"@source": "BID"
},
{
"#text": "http://securitytracker.com/id?1018245",
"@id": "1018245",
"@source": "SECTRACK"
},
{
"#text": "http://www.frsirt.com/english/advisories/2007/2213",
"@id": "FrSIRT/ADV-2007-2213",
"@source": "FRSIRT"
}
],
"title": "Apache Tomcat sample web application cross-site scripting vulnerability"
}
JVNDB-2006-000326
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00Summary
Mozilla Firefox vulnerable to HTTP response splitting
Details
(1)Mozilla Firefox contains a vulnerability in the way it interprets HTTP 1.0 responses from a server.
(2)Mozilla Firefox, a web browser from Mozilla Corporation and Mozilla Japan, fails to properly handles multiple HTTP headers in server responses.
References
| Type | URL | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000326.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "(1)Mozilla Firefox contains a vulnerability in the way it interprets HTTP 1.0 responses from a server.\r\n\r\n(2)Mozilla Firefox, a web browser from Mozilla Corporation and Mozilla Japan, fails to properly handles multiple HTTP headers in server responses.",
"link": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000326.html",
"sec:cpe": [
{
"#text": "cpe:/a:mozilla:firefox",
"@product": "Mozilla Firefox",
"@vendor": "mozilla.org contributors",
"@version": "2.2"
},
{
"#text": "cpe:/a:mozilla:seamonkey",
"@product": "Mozilla SeaMonkey",
"@vendor": "mozilla.org contributors",
"@version": "2.2"
},
{
"#text": "cpe:/a:mozilla:thunderbird",
"@product": "Mozilla Thunderbird",
"@vendor": "mozilla.org contributors",
"@version": "2.2"
},
{
"#text": "cpe:/o:hp:hp-ux",
"@product": "HP-UX",
"@vendor": "Hewlett-Packard Development Company,L.P",
"@version": "2.2"
},
{
"#text": "cpe:/o:misc:miraclelinux_asianux_server",
"@product": "Asianux Server",
"@vendor": "Cybertrust Japan Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux",
"@product": "Red Hat Enterprise Linux",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:linux_advanced_workstation",
"@product": "Red Hat Linux Advanced Workstation",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2006-000326",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN62734622/index.html",
"@id": "JVN#62734622",
"@source": "JVN"
},
{
"#text": "http://jvn.jp/en/jp/JVN28513736/index.html",
"@id": "JVN#28513736",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2786",
"@id": "CVE-2006-2786",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-2786",
"@id": "CVE-2006-2786",
"@source": "NVD"
},
{
"#text": "http://www.securityfocus.com/bid/18228",
"@id": "18228",
"@source": "BID"
},
{
"#text": "http://www.frsirt.com/english/advisories/2006/2106",
"@id": "FrSIRT/ADV-2006-2106",
"@source": "FRSIRT"
}
],
"title": "Mozilla Firefox vulnerable to HTTP response splitting"
}
JVNDB-2005-000798
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00Summary
MitakeSearch cross-site scripting vulnerability
Details
MitakeSearch, a fulltext search system from Hewlett-Packard Japan, contains a cross-site scripting vulnerability due to improper validation of input character strings in the ranking CGI script file, ranking.pl.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000798.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "MitakeSearch, a fulltext search system from Hewlett-Packard Japan, contains a cross-site scripting vulnerability due to improper validation of input character strings in the ranking CGI script file, ranking.pl.",
"link": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000798.html",
"sec:cpe": {
"#text": "cpe:/a:hp:mitakesearch",
"@product": "MitakeSearch",
"@vendor": "Hewlett-Packard Development Company,L.P",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2005-000798",
"sec:references": {
"#text": "http://jvn.jp/en/jp/JVN76357668/index.html",
"@id": "JVN#76357668",
"@source": "JVN"
},
"title": "MitakeSearch cross-site scripting vulnerability"
}
JVNDB-2007-000176
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00Summary
Mozilla Firefox cross-site scripting vulnerability
Details
Mozilla Firefox, web browser from Mozilla Corporation and Mozilla Japan, contains a cross-site scripting vulnerability.
Mozilla Firefox interprets HTML data improperly and activates event handlers for invalid HTML elements, leading to a cross-site scripting vulnerability.
References
| Type | URL | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | ||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000176.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "Mozilla Firefox, web browser from Mozilla Corporation and Mozilla Japan, contains a cross-site scripting vulnerability.\r\n\r\nMozilla Firefox interprets HTML data improperly and activates event handlers for invalid HTML elements, leading to a cross-site scripting vulnerability.",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000176.html",
"sec:cpe": [
{
"#text": "cpe:/a:mozilla:firefox",
"@product": "Mozilla Firefox",
"@vendor": "mozilla.org contributors",
"@version": "2.2"
},
{
"#text": "cpe:/a:mozilla:seamonkey",
"@product": "Mozilla SeaMonkey",
"@vendor": "mozilla.org contributors",
"@version": "2.2"
},
{
"#text": "cpe:/a:redhat:rhel_optional_productivity_applications",
"@product": "RHEL Optional Productivity Applications",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:hp:hp-ux",
"@product": "HP-UX",
"@vendor": "Hewlett-Packard Development Company,L.P",
"@version": "2.2"
},
{
"#text": "cpe:/o:misc:miraclelinux_asianux_server",
"@product": "Asianux Server",
"@vendor": "Cybertrust Japan Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux",
"@product": "Red Hat Enterprise Linux",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux_desktop",
"@product": "Red Hat Enterprise Linux Desktop",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:linux_advanced_workstation",
"@product": "Red Hat Linux Advanced Workstation",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:rhel_desktop_workstation",
"@product": "RHEL Desktop Workstation",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux",
"@product": "Turbolinux",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_desktop",
"@product": "Turbolinux Desktop",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_home",
"@product": "Turbolinux Home",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_multimedia",
"@product": "Turbolinux Multimedia",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_personal",
"@product": "Turbolinux Personal",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_server",
"@product": "Turbolinux Server",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-000176",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN38605899/index.html",
"@id": "JVN#38605899",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0995",
"@id": "CVE-2007-0995",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0995",
"@id": "CVE-2007-0995",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/24205/",
"@id": "SA24205",
"@source": "SECUNIA"
},
{
"#text": "http://secunia.com/advisories/24238/",
"@id": "SA24238",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/22694",
"@id": "22694",
"@source": "BID"
},
{
"#text": "http://www.frsirt.com/english/advisories/2007/0718",
"@id": "FrSIRT/ADV-2007-0718",
"@source": "FRSIRT"
}
],
"title": "Mozilla Firefox cross-site scripting vulnerability"
}
JVNDB-2005-000727
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2014-05-22 18:03Summary
mod_imap cross-site scripting vulnerability
Details
The "mod_imap" and "mod_imagemap" modules of the Apache HTTP Server are used for implementing server-side image map processing.
mod_imap and mod_imagemap are affected by a cross-site scripting vulnerability when referer values are used in an image map in such a way that they do not handle HTTP_REFERER properly.
References
| Type | URL | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000727.html",
"dc:date": "2014-05-22T18:03+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2014-05-22T18:03+09:00",
"description": "The \"mod_imap\" and \"mod_imagemap\" modules of the Apache HTTP Server are used for implementing server-side image map processing.\r\nmod_imap and mod_imagemap are affected by a cross-site scripting vulnerability when referer values are used in an image map in such a way that they do not handle HTTP_REFERER properly.",
"link": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000727.html",
"sec:cpe": [
{
"#text": "cpe:/a:apache:http_server",
"@product": "Apache HTTP Server",
"@vendor": "Apache Software Foundation",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_application_server_enterprise",
"@product": "Cosminexus Application Server Enterprise",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_application_server_standard",
"@product": "Cosminexus Application Server Standard",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_application_server_version_5",
"@product": "Cosminexus Application Server Version 5",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_developer_light_version_6",
"@product": "Cosminexus Developer Light Version 6",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_developer_professional_version_6",
"@product": "Cosminexus Developer Professional Version 6",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_developer_standard_version_6",
"@product": "Cosminexus Developer Standard Version 6",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_developer_version_5",
"@product": "Cosminexus Developer Version 5",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_server_-_enterprise_edition",
"@product": "Cosminexus Server - Enterprise Edition",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_server_-_standard_edition",
"@product": "Cosminexus Server - Standard Edition",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_server_-_standard_edition_version_4",
"@product": "Cosminexus Server - Standard Edition Version 4",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_server_-_web_edition",
"@product": "Cosminexus Server - Web Edition",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_server_-_web_edition_version_4",
"@product": "Cosminexus Server - Web Edition Version 4",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:hitachi_web_server",
"@product": "Hitachi Web Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_application_server_enterprise",
"@product": "uCosminexus Application Server Enterprise",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_application_server_smart_edition",
"@product": "uCosminexus Application Server Smart Edition",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_application_server_standard",
"@product": "uCosminexus Application Server Standard",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_developer",
"@product": "uCosminexus Developer",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_developer_light",
"@product": "uCosminexus Developer Light",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_developer_standard",
"@product": "uCosminexus Developer Standard",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_service_architect",
"@product": "uCosminexus Service Architect",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_service_platform",
"@product": "uCosminexus Service Platform",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:ibm:http_server",
"@product": "IBM HTTP Server",
"@vendor": "IBM Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:oracle:http_server",
"@product": "Oracle HTTP Server",
"@vendor": "Oracle Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:apple:mac_os_x",
"@product": "Apple Mac OS X",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:apple:mac_os_x_server",
"@product": "Apple Mac OS X Server",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:hp:hp-ux",
"@product": "HP-UX",
"@vendor": "Hewlett-Packard Development Company,L.P",
"@version": "2.2"
},
{
"#text": "cpe:/o:misc:miraclelinux_asianux_server",
"@product": "Asianux Server",
"@vendor": "Cybertrust Japan Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux",
"@product": "Red Hat Enterprise Linux",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:linux_advanced_workstation",
"@product": "Red Hat Linux Advanced Workstation",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:sun:solaris",
"@product": "Sun Solaris",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux",
"@product": "Turbolinux",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_desktop",
"@product": "Turbolinux Desktop",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_fuji",
"@product": "Turbolinux FUJI",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_home",
"@product": "Turbolinux Home",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_multimedia",
"@product": "Turbolinux Multimedia",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_personal",
"@product": "Turbolinux Personal",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_server",
"@product": "Turbolinux Server",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2005-000727",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN06045169/index.html",
"@id": "JVN#06045169",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/tr/TRTA08-079A/index.html",
"@id": "TRTA08-079A",
"@source": "JVNTR"
},
{
"#text": "https://jvn.jp/en/tr/TRTA08-150A/index.html",
"@id": "TRTA08-150A",
"@source": "JVNTR"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352",
"@id": "CVE-2005-3352",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-3352",
"@id": "CVE-2005-3352",
"@source": "NVD"
},
{
"#text": "http://www.us-cert.gov/cas/alerts/SA08-079A.html",
"@id": "SA08-079A",
"@source": "CERT-SA"
},
{
"#text": "http://www.us-cert.gov/cas/alerts/SA08-150A.html",
"@id": "SA08-150A",
"@source": "CERT-SA"
},
{
"#text": "http://www.us-cert.gov/cas/techalerts/TA08-079A.html",
"@id": "TA08-079A",
"@source": "CERT-TA"
},
{
"#text": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html",
"@id": "TA08-150A",
"@source": "CERT-TA"
},
{
"#text": "http://www.securityfocus.com/bid/15834",
"@id": "15834",
"@source": "BID"
}
],
"title": "mod_imap cross-site scripting vulnerability"
}
JVNDB-2007-001022
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2009-11-16 11:52Summary
Apache UTF-7 Encoding Cross-Site Scripting Vulnerability
Details
The mod_autoindex.c module in Apache HTTP Server is vulnerable to a cross-site scripting attack. When the charset on a server-generated page is undefined, the vulnerability allows attackers to inject arbitrary scripts or HTML via the P parameter using the UTF-7 charset.
References
| Type | URL | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-001022.html",
"dc:date": "2009-11-16T11:52+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2009-11-16T11:52+09:00",
"description": "The mod_autoindex.c module in Apache HTTP Server is vulnerable to a cross-site scripting attack. When the charset on a server-generated page is undefined, the vulnerability allows attackers to inject arbitrary scripts or HTML via the P parameter using the UTF-7 charset.",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-001022.html",
"sec:cpe": [
{
"#text": "cpe:/a:apache:http_server",
"@product": "Apache HTTP Server",
"@vendor": "Apache Software Foundation",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_application_framework_suite",
"@product": "Interstage Application Framework Suite",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_application_server",
"@product": "Interstage Application Server",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_apworks",
"@product": "Interstage Apworks",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_business_application_server",
"@product": "Interstage Business Application Server",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_job_workload_server",
"@product": "Interstage Job Workload Server",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_studio",
"@product": "Interstage Studio",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_web_server",
"@product": "Interstage Web Server",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:systemwalker_resource_coordinator",
"@product": "Systemwalker Resource Coordinator",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:hitachi_web_server",
"@product": "Hitachi Web Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_application_server",
"@product": "uCosminexus Application Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_service",
"@product": "uCosminexus Service",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:apple:mac_os_x_server",
"@product": "Apple Mac OS X Server",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:hp:hp-ux",
"@product": "HP-UX",
"@vendor": "Hewlett-Packard Development Company,L.P",
"@version": "2.2"
},
{
"#text": "cpe:/o:misc:miraclelinux_asianux_server",
"@product": "Asianux Server",
"@vendor": "Cybertrust Japan Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux",
"@product": "Red Hat Enterprise Linux",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux_desktop",
"@product": "Red Hat Enterprise Linux Desktop",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:linux_advanced_workstation",
"@product": "Red Hat Linux Advanced Workstation",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:rhel_desktop_workstation",
"@product": "RHEL Desktop Workstation",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_appliance_server",
"@product": "Turbolinux Appliance Server",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_fuji",
"@product": "Turbolinux FUJI",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_multimedia",
"@product": "Turbolinux Multimedia",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_personal",
"@product": "Turbolinux Personal",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_server",
"@product": "Turbolinux Server",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-001022",
"sec:references": [
{
"#text": "http://jvn.jp/en/tr/TRTA08-150A/index.html",
"@id": "TRTA08-150A",
"@source": "JVNTR"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4465",
"@id": "CVE-2007-4465",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4465",
"@id": "CVE-2007-4465",
"@source": "NVD"
},
{
"#text": "http://www.us-cert.gov/cas/alerts/SA08-150A.html",
"@id": "SA08-150A",
"@source": "CERT-SA"
},
{
"#text": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html",
"@id": "TA08-150A",
"@source": "CERT-TA"
},
{
"#text": "http://www.securityfocus.com/bid/25653",
"@id": "25653",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/36586",
"@id": "36586",
"@source": "XF"
},
{
"#text": "http://www.securitytracker.com/id?1019194",
"@id": "1019194",
"@source": "SECTRACK"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Apache UTF-7 Encoding Cross-Site Scripting Vulnerability"
}
JVNDB-2004-000593
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00Summary
LDAP server update function vulnerable to buffer overflow
Details
Some LDAP servers contain a buffer overflow vulnerability in the update processing.
References
| Type | URL | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2004/JVNDB-2004-000593.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "Some LDAP servers contain a buffer overflow vulnerability in the update processing.",
"link": "https://jvndb.jvn.jp/en/contents/2004/JVNDB-2004-000593.html",
"sec:cpe": [
{
"#text": "cpe:/a:hitachi:hitachi_directory_server",
"@product": "Hitachi Directory Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:netscape:netscape_directory_server",
"@product": "Netscape Directory Server",
"@vendor": "Netscape",
"@version": "2.2"
},
{
"#text": "cpe:/a:sun:java_system_directory_server",
"@product": "Sun Java System Directory Server",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:sun:one_directory_server",
"@product": "Sun ONE Directory Server",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:hp:hp-ux",
"@product": "HP-UX",
"@vendor": "Hewlett-Packard Development Company,L.P",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2004-000593",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN1BF8D7AA/index.html",
"@id": "JVN#1BF8D7AA",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1236",
"@id": "CVE-2004-1236",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-1236",
"@id": "CVE-2004-1236",
"@source": "NVD"
},
{
"#text": "http://www.kb.cert.org/vuls/id/258905",
"@id": "VU#258905",
"@source": "CERT-VN"
},
{
"#text": "http://www.ciac.org/ciac/bulletins/p-083.shtml",
"@id": "p-083",
"@source": "CIAC"
},
{
"#text": "http://secunia.com/advisories/14960",
"@id": "SA14960",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/12099",
"@id": "12099",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/18676",
"@id": "18676",
"@source": "XF"
}
],
"title": "LDAP server update function vulnerable to buffer overflow"
}
JVNDB-2007-000420
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00Summary
HP System Management Homepage cross-site scripting vulnerability
Details
A cross-site scripting vulnerability exists in Hewlett-Packard HP System Management Homepage (SMH).
HP System Management Homepage (SMH) from Hewlett-Packard is a web-based interface that can manage HP servers. A cross-site scripting vulnerability exists in SMH.
It is also confirmed that Compaq System Management Homepage, the product previous to SMH, contains a similar cross-site scripting vulnerability.
The vendor recommends users to upgrade to SMH, as Compaq System Management Homepage is an outdated product and is no longer available. For more information, refer to the vendor's website.
References
| Type | URL | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000420.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "A cross-site scripting vulnerability exists in Hewlett-Packard HP System Management Homepage (SMH).\r\n\r\nHP System Management Homepage (SMH) from Hewlett-Packard is a web-based interface that can manage HP servers. A cross-site scripting vulnerability exists in SMH.\r\n\r\nIt is also confirmed that Compaq System Management Homepage, the product previous to SMH, contains a similar cross-site scripting vulnerability.\r\n\r\nThe vendor recommends users to upgrade to SMH, as Compaq System Management Homepage is an outdated product and is no longer available. For more information, refer to the vendor\u0027s website.",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000420.html",
"sec:cpe": {
"#text": "cpe:/a:hp:system_management_homepage",
"@product": "HP System Management Homepage",
"@vendor": "Hewlett-Packard Development Company,L.P",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-000420",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN19240523/index.html",
"@id": "JVN#19240523",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3062",
"@id": "CVE-2007-3062",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3062",
"@id": "CVE-2007-3062",
"@source": "NVD"
},
{
"#text": "http://www.jpcert.or.jp/wr/2007/wr072101.txt",
"@id": "JPCERT-WR-2007-2101",
"@source": "JPCERT-WR"
},
{
"#text": "http://www.kb.cert.org/vuls/id/292457",
"@id": "VU#292457",
"@source": "CERT-VN"
},
{
"#text": "http://secunia.com/advisories/25493",
"@id": "SA25493",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/24256",
"@id": "24256",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/34656",
"@id": "34656",
"@source": "XF"
},
{
"#text": "http://www.securitytracker.com/id?1018179",
"@id": "1018179",
"@source": "SECTRACK"
},
{
"#text": "http://www.frsirt.com/english/advisories/2007/2013",
"@id": "FrSIRT/ADV-2007-2013",
"@source": "FRSIRT"
}
],
"title": "HP System Management Homepage cross-site scripting vulnerability"
}
JVNDB-2007-000598
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00Summary
Apache Tomcat Host Manager cross-site scripting vulnerability
Details
Apache Tomcat, from the Apache Software Foundation, contains a cross-site scripting vulnerability.
Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies.
The Host Manager Servlet does not properly filter user supplied data. This enables an cross-site scripting attack.
References
| Type | URL | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000598.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "Apache Tomcat, from the Apache Software Foundation, contains a cross-site scripting vulnerability.\r\n\r\nApache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies.\r\n\r\nThe Host Manager Servlet does not properly filter user supplied data. This enables an cross-site scripting attack.",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000598.html",
"sec:cpe": [
{
"#text": "cpe:/a:apache:tomcat",
"@product": "Apache Tomcat",
"@vendor": "Apache Software Foundation",
"@version": "2.2"
},
{
"#text": "cpe:/o:hp:hp-ux",
"@product": "HP-UX",
"@vendor": "Hewlett-Packard Development Company,L.P",
"@version": "2.2"
},
{
"#text": "cpe:/o:misc:miraclelinux_asianux_server",
"@product": "Asianux Server",
"@vendor": "Cybertrust Japan Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux",
"@product": "Red Hat Enterprise Linux",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux_desktop",
"@product": "Red Hat Enterprise Linux Desktop",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:rhel_desktop_workstation",
"@product": "RHEL Desktop Workstation",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-000598",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN59851336/index.html",
"@id": "JVN#59851336",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3386",
"@id": "CVE-2007-3386",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3386",
"@id": "CVE-2007-3386",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/26465/",
"@id": "SA26465",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/25314",
"@id": "25314",
"@source": "BID"
},
{
"#text": "http://www.frsirt.com/english/advisories/2007/2880",
"@id": "FrSIRT/ADV-2007-2880",
"@source": "FRSIRT"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Apache Tomcat Host Manager cross-site scripting vulnerability"
}
JVNDB-2007-000295
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2009-08-06 11:39Summary
APOP password recovery vulnerability
Details
POP3 is a protocol for receiving email from mail servers. APOP is an authentication mechanism used by the POP3 protocol.
It is reported that APOP passwords could be recovered by third parties.
In its successful attack, the attacker spoofs itself as the mail server, provides challenge strings to the client, and collects the responses from the client. The attacker should repeat this process for a certain period of time without alerting the user of the attack.
References
| Type | URL | ||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000295.html",
"dc:date": "2009-08-06T11:39+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2009-08-06T11:39+09:00",
"description": "POP3 is a protocol for receiving email from mail servers. APOP is an authentication mechanism used by the POP3 protocol.\r\n\r\nIt is reported that APOP passwords could be recovered by third parties.\r\n\r\nIn its successful attack, the attacker spoofs itself as the mail server, provides challenge strings to the client, and collects the responses from the client. The attacker should repeat this process for a certain period of time without alerting the user of the attack.",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000295.html",
"sec:cpe": [
{
"#text": "cpe:/a:claws_mail:claws_mail",
"@product": "Claws Mail",
"@vendor": "Claws Mail",
"@version": "2.2"
},
{
"#text": "cpe:/a:fetchmail:fetchmail",
"@product": "Fetchmail",
"@vendor": "Fetchmail Project",
"@version": "2.2"
},
{
"#text": "cpe:/a:mozilla:seamonkey",
"@product": "Mozilla SeaMonkey",
"@vendor": "mozilla.org contributors",
"@version": "2.2"
},
{
"#text": "cpe:/a:mozilla:thunderbird",
"@product": "Mozilla Thunderbird",
"@vendor": "mozilla.org contributors",
"@version": "2.2"
},
{
"#text": "cpe:/a:mutt:mutt",
"@product": "Mutt",
"@vendor": "Mutt",
"@version": "2.2"
},
{
"#text": "cpe:/a:redhat:rhel_optional_productivity_applications",
"@product": "RHEL Optional Productivity Applications",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:sylpheed:sylpheed",
"@product": "Sylpheed",
"@vendor": "Sylpheed",
"@version": "2.2"
},
{
"#text": "cpe:/o:hp:hp-ux",
"@product": "HP-UX",
"@vendor": "Hewlett-Packard Development Company,L.P",
"@version": "2.2"
},
{
"#text": "cpe:/o:misc:miraclelinux_asianux_server",
"@product": "Asianux Server",
"@vendor": "Cybertrust Japan Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux",
"@product": "Red Hat Enterprise Linux",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux_desktop",
"@product": "Red Hat Enterprise Linux Desktop",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux_eus",
"@product": "Red Hat Enterprise Linux EUS",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:linux_advanced_workstation",
"@product": "Red Hat Linux Advanced Workstation",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:rhel_desktop_workstation",
"@product": "RHEL Desktop Workstation",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux",
"@product": "Turbolinux",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_desktop",
"@product": "Turbolinux Desktop",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_fuji",
"@product": "Turbolinux FUJI",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_home",
"@product": "Turbolinux Home",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_multimedia",
"@product": "Turbolinux Multimedia",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_personal",
"@product": "Turbolinux Personal",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_server",
"@product": "Turbolinux Server",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_wizpy",
"@product": "wizpy",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "5.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:C/I:N/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-000295",
"sec:references": [
{
"#text": "http://jvn.jp/cert/JVNTA07-151A/index.html",
"@id": "JVNTA07-151A",
"@source": "JVN"
},
{
"#text": "http://jvn.jp/en/jp/JVN19445002/index.html",
"@id": "JVN#19445002",
"@source": "JVN"
},
{
"#text": "http://jvn.jp/tr/TRTA07-151A/index.html",
"@id": "TRTA07-151A",
"@source": "JVNTR"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1558",
"@id": "CVE-2007-1558",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1558",
"@id": "CVE-2007-1558",
"@source": "NVD"
},
{
"#text": "http://www.us-cert.gov/cas/alerts/SA07-151A.html",
"@id": "SA07-151A",
"@source": "CERT-SA"
},
{
"#text": "http://www.us-cert.gov/cas/techalerts/TA07-151A.html",
"@id": "TA07-151A",
"@source": "CERT-TA"
},
{
"#text": "http://www.securityfocus.com/bid/23257",
"@id": "23257",
"@source": "BID"
},
{
"#text": "http://www.securitytracker.com/id?1018008",
"@id": "1018008",
"@source": "SECTRACK"
},
{
"#text": "http://www.frsirt.com/english/advisories/2007/1466",
"@id": "FrSIRT/ADV-2007-1466",
"@source": "FRSIRT"
},
{
"#text": "http://www.frsirt.com/english/advisories/2007/1480",
"@id": "FrSIRT/ADV-2007-1480",
"@source": "FRSIRT"
},
{
"#text": "http://www.frsirt.com/english/advisories/2007/1468",
"@id": "FrSIRT/ADV-2007-1468",
"@source": "FRSIRT"
},
{
"#text": "http://www.frsirt.com/english/advisories/2007/1467",
"@id": "FrSIRT/ADV-2007-1467",
"@source": "FRSIRT"
},
{
"#text": "http://www.ietf.org/rfc/rfc1939.txt",
"@id": "RFC1939:Post Office Protocol - Version 3",
"@source": "IETF"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "APOP password recovery vulnerability"
}
JVNDB-2007-000457
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-07-11 13:48Summary
Apache Tomcat cross-site scripting vulnerability
Details
Apache Tomcat, from the Apache Software Foundation, contains a cross-site scripting vulnerability.
Apache Tomcat, provided by the Apache Software Foundation, is an implementation of Java Servlets and JavaServer Pages technologies.
Apache Tomcat Web Application Manager contains a cross-site scripting vulnerability.
References
| Type | URL | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000457.html",
"dc:date": "2008-07-11T13:48+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-07-11T13:48+09:00",
"description": "Apache Tomcat, from the Apache Software Foundation, contains a cross-site scripting vulnerability.\r\n\r\nApache Tomcat, provided by the Apache Software Foundation, is an implementation of Java Servlets and JavaServer Pages technologies.\r\nApache Tomcat Web Application Manager contains a cross-site scripting vulnerability.",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000457.html",
"sec:cpe": [
{
"#text": "cpe:/a:apache:tomcat",
"@product": "Apache Tomcat",
"@vendor": "Apache Software Foundation",
"@version": "2.2"
},
{
"#text": "cpe:/o:apple:mac_os_x",
"@product": "Apple Mac OS X",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:apple:mac_os_x_server",
"@product": "Apple Mac OS X Server",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:hp:hp-ux",
"@product": "HP-UX",
"@vendor": "Hewlett-Packard Development Company,L.P",
"@version": "2.2"
},
{
"#text": "cpe:/o:misc:miraclelinux_asianux_server",
"@product": "Asianux Server",
"@vendor": "Cybertrust Japan Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux",
"@product": "Red Hat Enterprise Linux",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux_desktop",
"@product": "Red Hat Enterprise Linux Desktop",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:rhel_desktop_workstation",
"@product": "RHEL Desktop Workstation",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:sun:solaris",
"@product": "Sun Solaris",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-000457",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN07100457/index.html",
"@id": "JVN#07100457",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2450",
"@id": "CVE-2007-2450",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2450",
"@id": "CVE-2007-2450",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/25678/",
"@id": "SA25678",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/24475",
"@id": "24475",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/34868",
"@id": "34868",
"@source": "XF"
},
{
"#text": "http://www.securitytracker.com/id?1018245",
"@id": "1018245",
"@source": "SECTRACK"
},
{
"#text": "http://www.frsirt.com/english/advisories/2007/2213",
"@id": "FrSIRT/ADV-2007-2213",
"@source": "FRSIRT"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Apache Tomcat cross-site scripting vulnerability"
}