Vulnerabilites related to oracle - http_server
Vulnerability from fkie_nvd
Published
2021-04-22 22:15
Modified
2024-11-21 06:02
Severity ?
Summary
Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle HTTP Server accessible data as well as unauthorized read access to a subset of Oracle HTTP Server accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N).
References
▼ | URL | Tags | |
---|---|---|---|
secalert_us@oracle.com | https://www.oracle.com/security-alerts/cpuapr2021.html | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuapr2021.html | Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
oracle | http_server | 11.1.1.9.0 | |
oracle | http_server | 12.2.1.3.0 | |
oracle | http_server | 12.2.1.4.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:http_server:11.1.1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "EBD2676F-EE9D-4462-ABA5-C11CE726849C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "DFC79B17-E9D2-44D5-93ED-2F959E7A3D43", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "AD04BEE5-E9A8-4584-A68C-0195CE9C402C", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle HTTP Server accessible data as well as unauthorized read access to a subset of Oracle HTTP Server accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)." }, { "lang": "es", "value": "Una vulnerabilidad en el producto Oracle HTTP Server de Oracle Fusion Middleware (componente: Web Listener).\u0026#xa0;Las versiones compatibles que est\u00e1n afectadas son 11.1.1.9.0, 12.2.1.3.0 y 12.2.1.4.0.\u0026#xa0;Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante no autenticado con acceso a la red por medio de HTTP comprometer a Oracle HTTP Server.\u0026#xa0;Los ataques con \u00e9xito requieren la interacci\u00f3n humana de una persona diferente del atacante.\u0026#xa0;Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en una actualizaci\u00f3n no autorizada, insertar o eliminar el acceso a algunos de los datos accesibles de Oracle HTTP Server, as\u00ed como en el acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle HTTP Server.\u0026#xa0;CVSS 3.1 Puntuaci\u00f3n Base 5.4 (Impactos en la Confidencialidad e Integridad).\u0026#xa0;Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)" } ], "id": "CVE-2021-2315", "lastModified": "2024-11-21T06:02:52.300", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "secalert_us@oracle.com", "type": "Secondary" } ] }, "published": "2021-04-22T22:15:17.557", "references": [ { "source": "secalert_us@oracle.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2021-12-07 22:15
Modified
2024-11-21 06:28
Severity ?
Summary
ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large (e.g., 300KB) HTTP request can occupy one of the limited NGINX worker processes for minutes and consume almost all of the available CPU on the machine. Modsecurity 2 is similarly vulnerable: the affected versions include 2.8.0 through 2.9.4.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
trustwave | modsecurity | * | |
trustwave | modsecurity | * | |
f5 | nginx_modsecurity_waf | r24 | |
f5 | nginx_modsecurity_waf | r25 | |
debian | debian_linux | 9.0 | |
debian | debian_linux | 10.0 | |
debian | debian_linux | 11.0 | |
oracle | http_server | 12.2.1.3.0 | |
oracle | http_server | 12.2.1.4.0 | |
oracle | zfs_storage_appliance_kit | 8.8 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:trustwave:modsecurity:*:*:*:*:*:*:*:*", "matchCriteriaId": "A7085082-64B3-4129-89D3-DCABF3C627A4", "versionEndExcluding": "2.9.5", "versionStartIncluding": "2.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:trustwave:modsecurity:*:*:*:*:*:*:*:*", "matchCriteriaId": "8A1F00F0-6D1E-42BC-850E-BFBB7685BE0C", "versionEndExcluding": "3.0.6", "versionStartIncluding": "3.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:nginx_modsecurity_waf:r24:*:*:*:*:*:*:*", "matchCriteriaId": "241BDE1D-8BA6-4D65-9C13-AC06737DB329", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:nginx_modsecurity_waf:r25:*:*:*:*:*:*:*", "matchCriteriaId": "25F3AE46-B782-42F8-9516-BD979CB9061F", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "DFC79B17-E9D2-44D5-93ED-2F959E7A3D43", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "AD04BEE5-E9A8-4584-A68C-0195CE9C402C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*", "matchCriteriaId": "D3E503FB-6279-4D4A-91D8-E237ECF9D2B0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large (e.g., 300KB) HTTP request can occupy one of the limited NGINX worker processes for minutes and consume almost all of the available CPU on the machine. Modsecurity 2 is similarly vulnerable: the affected versions include 2.8.0 through 2.9.4." }, { "lang": "es", "value": "ModSecurity versiones 3.x hasta 3.0.5, maneja inapropiadamente los objetos JSON excesivamente anidados. Los objetos JSON dise\u00f1ados con un anidamiento de decenas de miles de metros de profundidad pod\u00edan hacer que el servidor web no pudiera atender peticiones leg\u00edtimas. Incluso una petici\u00f3n HTTP moderadamente grande (por ejemplo, 300KB) puede ocupar uno de los limitados procesos de trabajo de NGINX durante minutos y consumir casi toda la CPU disponible en la m\u00e1quina. Modsecurity 2 es igualmente vulnerable: las versiones afectadas incluyen la 2.8.0 hasta la 2.9.4" } ], "id": "CVE-2021-42717", "lastModified": "2024-11-21T06:28:01.980", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-12-07T22:15:06.950", "references": [ { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00042.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2021/dsa-5023" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Mitigation", "Vendor Advisory" ], "url": "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-dos-vulnerability-in-json-parsing-cve-2021-42717/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00042.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2021/dsa-5023" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Mitigation", "Vendor Advisory" ], "url": "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-dos-vulnerability-in-json-parsing-cve-2021-42717/" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-674" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-03-14 11:15
Modified
2024-11-21 06:47
Severity ?
Summary
If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
apache | http_server | * | |
fedoraproject | fedora | 34 | |
fedoraproject | fedora | 35 | |
fedoraproject | fedora | 36 | |
debian | debian_linux | 9.0 | |
oracle | enterprise_manager_ops_center | 12.4.0.0 | |
oracle | http_server | 12.2.1.3.0 | |
oracle | http_server | 12.2.1.4.0 | |
oracle | zfs_storage_appliance_kit | 8.8 | |
apple | mac_os_x | * | |
apple | mac_os_x | 10.15.7 | |
apple | mac_os_x | 10.15.7 | |
apple | mac_os_x | 10.15.7 | |
apple | mac_os_x | 10.15.7 | |
apple | mac_os_x | 10.15.7 | |
apple | mac_os_x | 10.15.7 | |
apple | mac_os_x | 10.15.7 | |
apple | mac_os_x | 10.15.7 | |
apple | mac_os_x | 10.15.7 | |
apple | mac_os_x | 10.15.7 | |
apple | mac_os_x | 10.15.7 | |
apple | mac_os_x | 10.15.7 | |
apple | macos | * | |
apple | macos | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "E4ABADEE-0A1F-4D0D-B32E-128DF9942FE5", "versionEndIncluding": "2.4.52", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "B095CC03-7077-4A58-AB25-CC5380CDCE5A", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "DFC79B17-E9D2-44D5-93ED-2F959E7A3D43", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "AD04BEE5-E9A8-4584-A68C-0195CE9C402C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*", "matchCriteriaId": "D3E503FB-6279-4D4A-91D8-E237ECF9D2B0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "DB8A73F8-3074-4B32-B9F6-343B6B1988C5", "versionEndExcluding": "10.15.7", "versionStartIncluding": "10.15", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*", "matchCriteriaId": "F1F4BF7F-90D4-4668-B4E6-B06F4070F448", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*", "matchCriteriaId": "0F441A43-1669-478D-9EC8-E96882DE4F9F", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*", "matchCriteriaId": "D425C653-37A2-448C-BF2F-B684ADB08A26", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*", "matchCriteriaId": "A54D63B7-B92B-47C3-B1C5-9892E5873A98", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-004:*:*:*:*:*:*", "matchCriteriaId": "3456176F-9185-4EE2-A8CE-3D989D674AB7", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-005:*:*:*:*:*:*", "matchCriteriaId": "D337EE21-2F00-484D-9285-F2B0248D7A19", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-006:*:*:*:*:*:*", "matchCriteriaId": "012052B5-9AA7-4FD3-9C80-5F615330039D", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-007:*:*:*:*:*:*", "matchCriteriaId": "50F21A3C-0AC3-48C5-A4F8-5A7B478875B4", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-008:*:*:*:*:*:*", "matchCriteriaId": "8E974DC6-F7D9-4389-9AF9-863F6E419CE6", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-001:*:*:*:*:*:*", "matchCriteriaId": "156A6382-2BD3-4882-90B2-8E7CF6659E17", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-002:*:*:*:*:*:*", "matchCriteriaId": "20A2FDB2-6712-406A-9896-C0B44508B07D", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-003:*:*:*:*:*:*", "matchCriteriaId": "49F537A0-DC42-4176-B22F-C80D179DD99D", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "09A6345C-D813-43BA-B12E-789C80653F86", "versionEndExcluding": "11.6.6", "versionStartIncluding": "11.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "35154201-43EA-4C22-B0BA-D1A24C46D320", "versionEndExcluding": "12.4", "versionStartIncluding": "12.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier." }, { "lang": "es", "value": "Si LimitXMLRequestBody est\u00e1 configurado para permitir cuerpos de petici\u00f3n de m\u00e1s de 350 MB (por defecto 1M) en sistemas de 32 bits, es producido un desbordamiento de enteros que causa posteriormente escrituras fuera de l\u00edmites. Este problema afecta a Apache HTTP Server 2.4.52 y anteriores" } ], "id": "CVE-2022-22721", "lastModified": "2024-11-21T06:47:19.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-03-14T11:15:09.133", "references": [ { "source": "security@apache.org", "tags": [ "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2022/May/33" }, { "source": "security@apache.org", "tags": [ "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2022/May/35" }, { "source": "security@apache.org", "tags": [ "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2022/May/38" }, { "source": "security@apache.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2022/03/14/2" }, { "source": "security@apache.org", "tags": [ "Vendor Advisory" ], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "source": "security@apache.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html" }, { "source": "security@apache.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/" }, { "source": "security@apache.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/" }, { "source": "security@apache.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/" }, { "source": "security@apache.org", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202208-20" }, { "source": "security@apache.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20220321-0001/" }, { "source": "security@apache.org", "tags": [ "Third Party Advisory" ], "url": "https://support.apple.com/kb/HT213255" }, { "source": "security@apache.org", "tags": [ "Third Party Advisory" ], "url": "https://support.apple.com/kb/HT213256" }, { "source": "security@apache.org", "tags": [ "Third Party Advisory" ], "url": "https://support.apple.com/kb/HT213257" }, { "source": "security@apache.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "source": "security@apache.org", "tags": [ "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2022/May/33" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2022/May/35" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2022/May/38" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2022/03/14/2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202208-20" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20220321-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://support.apple.com/kb/HT213255" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://support.apple.com/kb/HT213256" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://support.apple.com/kb/HT213257" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" } ], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-190" } ], "source": "security@apache.org", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-190" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2007-01-17 02:28
Modified
2024-11-21 00:25
Severity ?
Summary
Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application Server 9.0.4.2 and 10.1.2.0.0, and Collaboration Suite 9.0.4.2 has unknown impact and attack vectors related to the Oracle Process Mgmt & Notification component, aka OPMN02.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
oracle | application_server | 9.0.4.3 | |
oracle | application_server | 10.1.2.0.0 | |
oracle | collaboration_suite | 9.0.4.2 | |
oracle | http_server | 9.0.1.5 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:application_server:9.0.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "9CA9867F-D7BC-4230-9584-C2FBB6642482", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:application_server:10.1.2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "2328BA88-C390-46EA-8C30-9F0A001C10EB", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:collaboration_suite:9.0.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "8548B5B0-F465-4424-A316-50FDDE450A24", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:http_server:9.0.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "F02F8061-EF0A-4275-80FA-B6D69ED78100", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application Server 9.0.4.2 and 10.1.2.0.0, and Collaboration Suite 9.0.4.2 has unknown impact and attack vectors related to the Oracle Process Mgmt \u0026 Notification component, aka OPMN02." }, { "lang": "es", "value": "Vulnerabilidad no especificada en Oracle HTTP Server 9.0.1.5, Application Server 9.0.4.2 y 10.1.2.0.0, y Collaboration Suite 9.0.4.2 tienen impacto y vectores de ataque desconocidos relacionados con el componente de Administraci\u00f3n y Notificaci\u00f3n de Procesos Oracle (Oracle Process Mgmt \u0026 Notification), tambi\u00e9n conocido como OPMN02." } ], "id": "CVE-2007-0282", "lastModified": "2024-11-21T00:25:26.210", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.2, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 3.1, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2007-01-17T02:28:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/23794" }, { "source": "cve@mitre.org", "url": "http://securitytracker.com/id?1017522" }, { "source": "cve@mitre.org", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/22083" }, { "source": "cve@mitre.org", "tags": [ "Patch", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-017A.html" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31541" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/23794" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1017522" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/22083" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-017A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31541" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2015-12-06 20:59
Modified
2024-11-21 02:28
Severity ?
Summary
The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "7A594A00-699D-4899-AEE5-E6B9B948FB62", "versionEndExcluding": "10.11.4", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:api_gateway:11.1.2.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "0F27F67F-FE01-4D53-8A89-96C84DE49F2F", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "A5553591-073B-45E3-999F-21B8BA2EEE22", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "EFDB5ADE-F4DF-4054-8628-5EF6C5DB864B", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "59C4F882-5B42-43E6-9CCC-D2AB23117A7C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "726DB59B-00C7-444E-83F7-CB31032482AB", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:exalogic_infrastructure:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "CB059A52-DE6D-47FB-98E8-5A788E1C0FC0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:exalogic_infrastructure:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "D70580AD-2134-49D3-BE15-020023A10E87", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:http_server:11.5.10.2:*:*:*:*:*:*:*", "matchCriteriaId": "ECBEAF3E-B4AA-48DE-AD14-A1B79630DD80", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:life_sciences_data_hub:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "5C4DAF41-56BC-4AFA-9189-C7F6555FE05A", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:sun_ray_software:11.1:*:*:*:*:*:*:*", "matchCriteriaId": "44A1C87F-DB77-4BD7-93BF-ADB70F2E9DEA", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:transportation_management:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "606B0DB7-A09D-47A2-B9FC-2852C149D5E9", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:transportation_management:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "D0216F26-3BA1-48A2-9BE2-31EA3F0239F5", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:vm_server:3.2:*:*:*:*:*:x86:*", "matchCriteriaId": "FC9E8528-0FB8-4BF0-A9EF-6CC84A2631A1", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*", "matchCriteriaId": "3F2DB6DC-9A66-47D3-BE56-6E89E2682417", "versionEndExcluding": "4.3.36", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*", "matchCriteriaId": "1D516C30-6F10-4531-B0A4-4479815CD966", "versionEndExcluding": "5.0.14", "versionStartIncluding": "5.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:oracle:integrated_lights_out_manager_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D5DF5E36-74D2-4DFB-B1D0-A5D3D709C252", "versionEndIncluding": "4.0.4", "versionStartIncluding": "3.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:oracle:linux:5:-:*:*:*:*:*:*", "matchCriteriaId": "62A2AC02-A933-4E51-810E-5D040B476B7B", "vulnerable": true }, { "criteria": "cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*", "matchCriteriaId": "D7B037A8-72A6-4DFF-94B2-D688A5F6F876", "vulnerable": true }, { "criteria": "cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*", "matchCriteriaId": "44B8FEDF-6CB0-46E9-9AD7-4445B001C158", "vulnerable": true }, { "criteria": "cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*", "matchCriteriaId": "964B57CD-CB8A-4520-B358-1C93EC5EF2DC", "vulnerable": true }, { "criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "93668270-B838-483C-8BE7-F1D8FBF45A6B", "versionEndExcluding": "0.9.8zh", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "4A4E8B83-D5BA-4026-AE58-41A6775C25E2", "versionEndExcluding": "1.0.0t", "versionStartIncluding": "1.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "D5080085-7307-47DE-8CB4-90E5EB43E735", "versionEndExcluding": "1.0.1q", "versionStartIncluding": "1.0.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "4C72E267-D0DC-4B13-80D4-6425FFE290BB", "versionEndExcluding": "1.0.2e", "versionStartIncluding": "1.0.2", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "1C8D871B-AEA1-4407-AEE3-47EC782250FF", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "6755B6AD-0422-467B-8115-34A60B1D1A40", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", "matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*", "matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*", "matchCriteriaId": "35BBD83D-BDC7-4678-BE94-639F59281139", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", "matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application." }, { "lang": "es", "value": "La implementaci\u00f3n ASN1_TFLG_COMBINE en crypto/asn1/tasn_dec.c en OpenSSL en versiones anteriores a 0.9.8zh, 1.0.0 en versiones anteriores a 1.0.0t, 1.0.1 en versiones anteriores a 1.0.1q y 1.0.2 en versiones anteriores a 1.0.2e no maneja correctamente los errores provocados por datos X509_ATTRIBUTE malformados, lo que permite a atacantes remotos obtener informaci\u00f3n sensible de memoria de proceso desencadenando un fallo de decodificaci\u00f3n en una aplicaci\u00f3n PKCS#7 o CMS." } ], "id": "CVE-2015-3195", "lastModified": "2024-11-21T02:28:52.787", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2015-12-06T20:59:05.973", "references": [ { "source": "secalert@redhat.com", "tags": [ "Broken Link" ], "url": "http://fortiguard.com/advisory/openssl-advisory-december-2015" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10733" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.html" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.html" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00071.html" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00087.html" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00103.html" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=145382583417444\u0026w=2" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "http://openssl.org/news/secadv/20151203.txt" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-2616.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-2617.html" }, { "source": "secalert@redhat.com", "tags": [ "Broken Link" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-2056.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2015/dsa-3413" }, { "source": "secalert@redhat.com", "tags": [ "Broken Link" ], "url": "http://www.fortiguard.com/advisory/openssl-advisory-december-2015" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/78626" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/91787" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1034294" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.754583" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2830-1" }, { "source": "secalert@redhat.com", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" }, { "source": "secalert@redhat.com", "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=cc598f321fbac9c04da5766243ed55d55948637d" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944173" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://support.apple.com/HT206167" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://fortiguard.com/advisory/openssl-advisory-december-2015" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10733" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00071.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00087.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00103.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=145382583417444\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://openssl.org/news/secadv/20151203.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-2616.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-2617.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-2056.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2015/dsa-3413" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.fortiguard.com/advisory/openssl-advisory-december-2015" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/78626" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/91787" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1034294" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.754583" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2830-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=cc598f321fbac9c04da5766243ed55d55948637d" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944173" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://support.apple.com/HT206167" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-200" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2021-09-16 15:15
Modified
2024-11-21 06:19
Severity ?
Summary
ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
apache | http_server | * | |
fedoraproject | fedora | 34 | |
fedoraproject | fedora | 35 | |
debian | debian_linux | 9.0 | |
debian | debian_linux | 10.0 | |
debian | debian_linux | 11.0 | |
netapp | cloud_backup | - | |
netapp | clustered_data_ontap | - | |
netapp | storagegrid | - | |
oracle | http_server | 12.2.1.3.0 | |
oracle | http_server | 12.2.1.4.0 | |
oracle | instantis_enterprisetrack | 17.1 | |
oracle | instantis_enterprisetrack | 17.2 | |
oracle | instantis_enterprisetrack | 17.3 | |
oracle | zfs_storage_appliance_kit | 8.8 | |
siemens | sinec_nms | * | |
siemens | sinema_server | 14.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "1691C7CE-5CDA-4B9A-854E-3B58C1115526", "versionEndIncluding": "2.4.48", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", "matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*", "matchCriteriaId": "8ADFF451-740F-4DBA-BD23-3881945D3E40", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "DFC79B17-E9D2-44D5-93ED-2F959E7A3D43", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "AD04BEE5-E9A8-4584-A68C-0195CE9C402C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*", "matchCriteriaId": "82EA4BA7-C38B-4AF3-8914-9E3D089EBDD4", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*", "matchCriteriaId": "B9C9BC66-FA5F-4774-9BDA-7AB88E2839C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*", "matchCriteriaId": "7F69B9A5-F21B-4904-9F27-95C0F7A628E3", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*", "matchCriteriaId": "D3E503FB-6279-4D4A-91D8-E237ECF9D2B0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:siemens:sinec_nms:*:*:*:*:*:*:*:*", "matchCriteriaId": "D09241FF-5652-4020-A626-D604134D5020", "vulnerable": true }, { "criteria": "cpe:2.3:a:siemens:sinema_server:14.0:-:*:*:*:*:*:*", "matchCriteriaId": "B0A5CC25-A323-4D49-8989-5A417D12D646", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier." }, { "lang": "es", "value": "la funci\u00f3n ap_escape_quotes() puede escribir m\u00e1s all\u00e1 del final de un buffer cuando se le da una entrada maliciosa. Ning\u00fan m\u00f3dulo incluido pasa datos no confiables a estas funciones, pero los m\u00f3dulos externos o de terceros pueden hacerlo. Este problema afecta a Apache HTTP Server versiones 2.4.48 y anteriores" } ], "id": "CVE-2021-39275", "lastModified": "2024-11-21T06:19:05.913", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-09-16T15:15:07.580", "references": [ { "source": "security@apache.org", "tags": [ "Third Party Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf" }, { "source": "security@apache.org", "tags": [ "Release Notes", "Vendor Advisory" ], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "source": "security@apache.org", "url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E" }, { "source": "security@apache.org", "url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E" }, { "source": "security@apache.org", "url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E" }, { "source": "security@apache.org", "url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E" }, { "source": "security@apache.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html" }, { "source": "security@apache.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/" }, { "source": "security@apache.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/" }, { "source": "security@apache.org", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202208-20" }, { "source": "security@apache.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20211008-0004/" }, { "source": "security@apache.org", "tags": [ "Third Party Advisory" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ" }, { "source": "security@apache.org", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2021/dsa-4982" }, { "source": "security@apache.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "source": "security@apache.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Release Notes", "Vendor Advisory" ], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202208-20" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20211008-0004/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2021/dsa-4982" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" } ], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-787" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2002-08-12 04:00
Modified
2024-11-20 23:39
Severity ?
Summary
OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not properly handle ASCII representations of integers on 64 bit platforms, which could allow attackers to cause a denial of service and possibly execute arbitrary code.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
openssl | openssl | 0.9.1c | |
openssl | openssl | 0.9.2b | |
openssl | openssl | 0.9.3 | |
openssl | openssl | 0.9.4 | |
openssl | openssl | 0.9.5 | |
openssl | openssl | 0.9.5a | |
openssl | openssl | 0.9.6 | |
openssl | openssl | 0.9.6a | |
openssl | openssl | 0.9.6b | |
openssl | openssl | 0.9.6c | |
openssl | openssl | 0.9.6d | |
openssl | openssl | 0.9.7 | |
openssl | openssl | 0.9.7 | |
oracle | application_server | * | |
oracle | application_server | 1.0.2 | |
oracle | application_server | 1.0.2.1s | |
oracle | application_server | 1.0.2.2 | |
oracle | corporate_time_outlook_connector | 3.1 | |
oracle | corporate_time_outlook_connector | 3.1.1 | |
oracle | corporate_time_outlook_connector | 3.1.2 | |
oracle | corporate_time_outlook_connector | 3.3 | |
oracle | http_server | 9.0.1 | |
oracle | http_server | 9.2.0 | |
apple | mac_os_x | 10.0 | |
apple | mac_os_x | 10.0.1 | |
apple | mac_os_x | 10.0.2 | |
apple | mac_os_x | 10.0.3 | |
apple | mac_os_x | 10.0.4 | |
apple | mac_os_x | 10.1 | |
apple | mac_os_x | 10.1.1 | |
apple | mac_os_x | 10.1.2 | |
apple | mac_os_x | 10.1.3 | |
apple | mac_os_x | 10.1.4 | |
apple | mac_os_x | 10.1.5 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*", "matchCriteriaId": "14D983EC-61B0-4FD9-89B5-9878E4CE4405", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*", "matchCriteriaId": "B5D7BE3C-8CA2-4FB2-B4AE-B201D88C2A9D", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*", "matchCriteriaId": "BC4C5F05-BC0B-478D-9A6F-7C804777BA41", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*", "matchCriteriaId": "8847BD34-BDE6-4AE9-96D9-75B9CF93A6A8", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*", "matchCriteriaId": "4EDB5A09-BE86-4352-9799-A875649EDB7D", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*", "matchCriteriaId": "F03FA9C0-24C7-46AC-92EC-7834BC34C79B", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*", "matchCriteriaId": "B5E4742C-A983-4F00-B24F-AB280C0E876D", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*", "matchCriteriaId": "8A0628DF-3A4C-4078-B615-22260671EABF", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*", "matchCriteriaId": "962FCB86-15AD-4399-8B7D-EC1DEA919C59", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*", "matchCriteriaId": "0FCA45CE-4127-47AD-BBA8-8A6DD83AE1C7", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*", "matchCriteriaId": "7CA1CA40-7DB5-4DCA-97A8-9A8CF4FECECC", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*", "matchCriteriaId": "9E3AB748-E463-445C-ABAB-4FEDDFD1878B", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*", "matchCriteriaId": "660E4B8D-AABA-4520-BC4D-CF8E76E07C05", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:application_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "AD38E99A-864A-4E99-B6A5-12AACDA822E3", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:application_server:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "CC62E1B2-6964-4459-A1EF-A6A087C2960F", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:application_server:1.0.2.1s:*:*:*:*:*:*:*", "matchCriteriaId": "6A6F28FD-6EAD-4EDD-B9A1-0B120D0F0919", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:application_server:1.0.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "DC4ED2EB-1E90-4E99-AAD6-5D838800F9B7", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:corporate_time_outlook_connector:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "DABDE61F-A7DD-40A4-9569-8525A63BAA56", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:corporate_time_outlook_connector:3.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "FFAA0056-56FF-4D0F-8B44-066A4BFED1B3", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:corporate_time_outlook_connector:3.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "6C3C821C-C479-4AAC-84EA-63C798CAB00A", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:corporate_time_outlook_connector:3.3:*:*:*:*:*:*:*", "matchCriteriaId": "CCAF6167-65C1-4ACB-A75A-53922B64D281", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:http_server:9.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "8B72A661-9EAA-4B9B-8865-17C8A29871BB", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:http_server:9.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "7485BFF1-6863-4165-BE36-D656F39CF5EF", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:apple:mac_os_x:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "99C273D1-ADFE-4B4C-B543-7B9CA741A117", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "0BC31B69-3DE1-4CF3-ADC9-CA0BF1714CBF", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "77CC671C-6D89-4279-86F7-DDE1D4D9A0CA", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "8E4B77F6-E71C-45ED-96CC-7872AD2FCBF8", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "066ABC3B-B395-42D2-95C0-5B810F91A6F0", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.1:*:*:*:*:*:*:*", "matchCriteriaId": "01BC19FC-6E03-4000-AE4B-232E47FA76F2", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "421FC2DD-0CF7-44A2-A63C-5221689E2363", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "0F8B70BC-42B7-453A-B506-7BE69D49A4B5", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "FAAC6EA5-DCB2-4A50-A8BC-25CC43FAEF9B", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "CA32F7D8-02F8-4CFE-B193-2888807BC4D6", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "A9DCDE70-07DA-4F0B-805F-6BA03D410CD6", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not properly handle ASCII representations of integers on 64 bit platforms, which could allow attackers to cause a denial of service and possibly execute arbitrary code." }, { "lang": "es", "value": "OpenSSL 0.9.6.d y anteriores, y 0.9.7-beta2 y anteriores, no manejan adecuadamente las representaciones ASCII de enteros en plataformas de 64 bits, lo que podr\u00eda permitir a atacantes causar una denegaci\u00f3n de servicio y posiblemente ejecutar c\u00f3digo arbitrario." } ], "id": "CVE-2002-0655", "lastModified": "2024-11-20T23:39:34.033", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2002-08-12T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txt" }, { "source": "cve@mitre.org", "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txt" }, { "source": "cve@mitre.org", "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc" }, { "source": "cve@mitre.org", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000513" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.cert.org/advisories/CA-2002-23.html" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/308891" }, { "source": "cve@mitre.org", "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-046.php" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/5364" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000513" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.cert.org/advisories/CA-2002-23.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/308891" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-046.php" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/5364" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-07-02 19:15
Modified
2024-11-21 04:44
Severity ?
Summary
A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation. If that curl is invoked by a privileged user it can do anything it wants.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
haxx | curl | * | |
microsoft | windows | - | |
oracle | enterprise_manager_ops_center | 12.3.3 | |
oracle | enterprise_manager_ops_center | 12.4.0 | |
oracle | http_server | 12.2.1.3.0 | |
oracle | http_server | 12.2.1.4.0 | |
oracle | mysql_server | * | |
oracle | mysql_server | * | |
oracle | oss_support_tools | 20.0 | |
netapp | oncommand_insight | - | |
netapp | oncommand_unified_manager | * | |
netapp | oncommand_unified_manager | * | |
netapp | oncommand_workflow_automation | - | |
netapp | snapcenter | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*", "matchCriteriaId": "22551EE7-6395-4539-981E-034E01D82A76", "versionEndIncluding": "7.65.1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "37209C6F-EF99-4D21-9608-B3A06D283D24", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "DFC79B17-E9D2-44D5-93ED-2F959E7A3D43", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "AD04BEE5-E9A8-4584-A68C-0195CE9C402C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "52A7407B-96A0-4B45-A7EC-5D99A5828AC8", "versionEndIncluding": "5.7.27", "versionStartIncluding": "5.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "B89DD070-1301-4EF9-B46E-7F7D7F2A7A0E", "versionEndIncluding": "8.0.17", "versionStartIncluding": "8.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:oss_support_tools:20.0:*:*:*:*:*:*:*", "matchCriteriaId": "8252A7F5-2FB5-4E73-864D-D11F21F5EC56", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "6AADE2A6-B78C-4B9C-8FAB-58DB50F69D84", "versionStartIncluding": "7.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "37C50706-4EB7-4AC0-BFE2-B3929F79B5D7", "versionStartIncluding": "9.5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", "matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl \u003c= 7.65.1 automatically run the code (as an openssl \"engine\") on invocation. If that curl is invoked by a privileged user it can do anything it wants." }, { "lang": "es", "value": "Un usuario o programa no privilegiado puede colocar un c\u00f3digo y un archivo de configuraci\u00f3n en una ruta (path) no privilegiada conocida (bajo C:/usr/local/) que har\u00e1 que curl anterior a versi\u00f3n 7.65.1 incluy\u00e9ndola, ejecute autom\u00e1ticamente el c\u00f3digo en la invocaci\u00f3n (como un \"engine\" openssl). Si ese curl es invocado por un usuario privilegiado, este puede hacer lo que desee." } ], "id": "CVE-2019-5443", "lastModified": "2024-11-21T04:44:56.657", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-07-02T19:15:10.790", "references": [ { "source": "support@hackerone.com", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2019/06/24/1" }, { "source": "support@hackerone.com", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/108881" }, { "source": "support@hackerone.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://curl.haxx.se/docs/CVE-2019-5443.html" }, { "source": "support@hackerone.com", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20191017-0002/" }, { "source": "support@hackerone.com", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "source": "support@hackerone.com", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "source": "support@hackerone.com", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2019/06/24/1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/108881" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://curl.haxx.se/docs/CVE-2019-5443.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20191017-0002/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" } ], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-94" } ], "source": "support@hackerone.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-427" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2007-01-17 02:28
Modified
2024-11-21 00:25
Severity ?
Summary
Multiple unspecified vulnerabilities in Oracle HTTP Server 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.0, 10.1.2.0.1, 10.1.2.0.2, 10.1.2.1, and 10.1.3.0; and Collaboration Suite 9.0.4.2 and 10.1.2; have unknown impact and attack vectors related to the Oracle HTTP Server, aka (1) OHS03 and (2) OHS04.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
oracle | application_server | 9.0.4.3 | |
oracle | application_server | 10.1.2.0.2 | |
oracle | application_server | 10.1.2.2 | |
oracle | collaboration_suite | 9.0.4.2 | |
oracle | collaboration_suite | 10.1.2 | |
oracle | http_server | 9.0.1.5 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:application_server:9.0.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "9CA9867F-D7BC-4230-9584-C2FBB6642482", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:application_server:10.1.2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "F0B4BAA9-D045-4D2B-8220-47F47ED936DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:application_server:10.1.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "5B0223F3-A9D4-4A4F-8934-761D83CD5494", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:collaboration_suite:9.0.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "8548B5B0-F465-4424-A316-50FDDE450A24", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:collaboration_suite:10.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "DDF7ABE6-0AFB-4A74-A533-2D390991A6CA", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:http_server:9.0.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "F02F8061-EF0A-4275-80FA-B6D69ED78100", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Multiple unspecified vulnerabilities in Oracle HTTP Server 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.0, 10.1.2.0.1, 10.1.2.0.2, 10.1.2.1, and 10.1.3.0; and Collaboration Suite 9.0.4.2 and 10.1.2; have unknown impact and attack vectors related to the Oracle HTTP Server, aka (1) OHS03 and (2) OHS04." }, { "lang": "es", "value": "M\u00faltiples vulnerabilidades no especificadas en Oracle HTTP Server 9.0.1.5, 9.2.0.8, 10.1.0.5, y 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.0, 10.1.2.0.1, 10.1.2.0.2, 10.1.2.1, y 10.1.3.0; y Collaboration Suite 9.0.4.2 y 10.1.2; tienen impacto y vectores de ataque desconocidos relacionados con el servidor HTTP de Oracle, tambi\u00e9n conocidos como (1) OHS03 y (2) OHS04." } ], "id": "CVE-2007-0281", "lastModified": "2024-11-21T00:25:26.000", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2007-01-17T02:28:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://osvdb.org/32883" }, { "source": "cve@mitre.org", "url": "http://osvdb.org/32884" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/23794" }, { "source": "cve@mitre.org", "url": "http://securitytracker.com/id?1017522" }, { "source": "cve@mitre.org", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/22083" }, { "source": "cve@mitre.org", "tags": [ "Patch", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-017A.html" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31541" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/32883" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/32884" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/23794" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1017522" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/22083" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-017A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31541" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-07-11 20:15
Modified
2024-11-21 05:24
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Improper Input Validation Vulnerability.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
dell | bsafe_crypto-c-micro-edition | * | |
dell | bsafe_micro-edition-suite | * | |
oracle | database | 12.1.0.2 | |
oracle | database | 19c | |
oracle | database | 21c | |
oracle | http_server | 12.2.1.3.0 | |
oracle | http_server | 12.2.1.4.0 | |
oracle | security_service | 12.2.1.3.0 | |
oracle | security_service | 12.2.1.4.0 | |
oracle | weblogic_server_proxy_plug-in | 12.2.1.3.0 | |
oracle | weblogic_server_proxy_plug-in | 12.2.1.4.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:dell:bsafe_crypto-c-micro-edition:*:*:*:*:*:*:*:*", "matchCriteriaId": "6C3D1B15-8F35-4976-8BA0-35816ECE6A92", "versionEndExcluding": "4.1.5", "vulnerable": true }, { "criteria": "cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*", "matchCriteriaId": "4AA9AC46-4B4A-4776-A15D-42A0AF64D64E", "versionEndExcluding": "4.6", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*", "matchCriteriaId": "89FE33CE-5995-4C53-8331-B49156F852B3", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*", "matchCriteriaId": "C1E05472-8F3A-4E46-90E5-50EA6D555FDC", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:database:21c:*:*:*:enterprise:*:*:*", "matchCriteriaId": "02E34416-E767-4F61-8D2C-0D0202351F91", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "DFC79B17-E9D2-44D5-93ED-2F959E7A3D43", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "AD04BEE5-E9A8-4584-A68C-0195CE9C402C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:security_service:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "9FD166F7-8A83-4BC7-A392-E830E87F841B", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:security_service:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "D345C2D3-6AA5-4573-8397-ED1EB0153DB9", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "9A4AE8A2-62D9-4C08-A608-A057895E4E46", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "5E29C004-51D7-4BBE-B28A-EE6B7B10F89F", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Improper Input Validation Vulnerability." }, { "lang": "es", "value": "Dell BSAFE Crypto-C Micro Edition, versiones anteriores a la 4.1.5, y Dell BSAFE Micro Edition Suite, versiones anteriores a la 4.6, contienen una vulnerabilidad de validaci\u00f3n de entrada inadecuada" } ], "id": "CVE-2020-29508", "lastModified": "2024-11-21T05:24:08.733", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security_alert@emc.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-07-11T20:15:08.207", "references": [ { "source": "security_alert@emc.com", "tags": [ "Vendor Advisory" ], "url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities" }, { "source": "security_alert@emc.com", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" } ], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-331" } ], "source": "security_alert@emc.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-20" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
1997-07-23 04:00
Modified
2024-11-20 23:30
Severity ?
Summary
Oracle Webserver 2.1, when serving PL/SQL stored procedures, allows remote attackers to cause a denial of service via a long HTTP GET request.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
oracle | http_server | 2.1 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:http_server:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "6E2CAB4B-7CF6-4671-8E3C-5CA57B935403", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Oracle Webserver 2.1, when serving PL/SQL stored procedures, allows remote attackers to cause a denial of service via a long HTTP GET request." } ], "id": "CVE-1999-1068", "lastModified": "2024-11-20T23:30:12.917", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "1997-07-23T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=87602661419366\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=87602661419366\u0026w=2" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-03-30 05:00
Modified
2024-11-20 23:51
Severity ?
Summary
The p_submit_url value in the sample login form in the Oracle 9i Application Server (9iAS) Single Sign-on Administrators Guide, Release 2(9.0.2) for Oracle SSO allows remote attackers to spoof the login page, which could allow users to inadvertently reveal their username and password.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
oracle | application_server | 1.0.2 | |
oracle | application_server | 1.0.2.1s | |
oracle | application_server | 1.0.2.2 | |
oracle | application_server | 1.0.2.2.2 | |
oracle | application_server | 9.0.2 | |
oracle | application_server | 9.0.2.0.0 | |
oracle | application_server | 9.0.2.0.1 | |
oracle | application_server | 9.0.2.1 | |
oracle | application_server | 9.0.2.2 | |
oracle | application_server | 9.0.2.3 | |
oracle | application_server | 9.0.3 | |
oracle | application_server | 9.0.3.1 | |
oracle | http_server | 8.1.7 | |
oracle | http_server | 9.0.1 | |
oracle | http_server | 9.2.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:application_server:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "CC62E1B2-6964-4459-A1EF-A6A087C2960F", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:application_server:1.0.2.1s:*:*:*:*:*:*:*", "matchCriteriaId": "6A6F28FD-6EAD-4EDD-B9A1-0B120D0F0919", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:application_server:1.0.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "DC4ED2EB-1E90-4E99-AAD6-5D838800F9B7", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:application_server:1.0.2.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "C0160E00-D722-40CE-976C-77CB91C1B94D", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:application_server:9.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "CFAE1E8A-644B-42FD-B149-89AD420BD7A7", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:application_server:9.0.2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "8075E330-5819-4105-9BB7-4DCC3C0EAEF9", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:application_server:9.0.2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "CB346764-EDF2-4BE1-A273-C2CE9A173CFB", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:application_server:9.0.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "E59B89D9-AAF9-40CB-931C-EB4958491B99", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:application_server:9.0.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "C64888FB-133F-4930-8368-1BD2A4FB11A6", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:application_server:9.0.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "87DEB7BD-FB71-4C22-A0FF-89923B263DC2", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:application_server:9.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "BAAD1A33-4333-4AFB-8D49-1274AE345BA9", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:application_server:9.0.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "852BF209-3C6F-403B-920D-50C46D37515B", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:http_server:8.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "54FCC402-401B-4830-8181-78E49E1F1F72", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:http_server:9.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "8B72A661-9EAA-4B9B-8865-17C8A29871BB", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:http_server:9.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "7485BFF1-6863-4165-BE36-D656F39CF5EF", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The p_submit_url value in the sample login form in the Oracle 9i Application Server (9iAS) Single Sign-on Administrators Guide, Release 2(9.0.2) for Oracle SSO allows remote attackers to spoof the login page, which could allow users to inadvertently reveal their username and password." } ], "id": "CVE-2004-1877", "lastModified": "2024-11-20T23:51:57.527", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2004-03-30T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=108067040722235\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/10009" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15676" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=108067040722235\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/10009" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15676" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2021-12-30 22:15
Modified
2024-11-21 06:37
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of service via crafted capture file
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
wireshark | wireshark | 3.6.0 | |
fedoraproject | fedora | 34 | |
fedoraproject | fedora | 35 | |
oracle | http_server | 12.2.1.3.0 | |
oracle | http_server | 12.2.1.4.0 | |
oracle | zfs_storage_appliance_kit | 8.8 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:wireshark:wireshark:3.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "0A897845-0C8C-46EA-B65A-C7AE826074F4", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "DFC79B17-E9D2-44D5-93ED-2F959E7A3D43", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "AD04BEE5-E9A8-4584-A68C-0195CE9C402C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*", "matchCriteriaId": "D3E503FB-6279-4D4A-91D8-E237ECF9D2B0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of service via crafted capture file" }, { "lang": "es", "value": "Un bloqueo en pcapng file parser en Wireshark versi\u00f3n 3.6.0 permite una denegaci\u00f3n de servicio por medio de un archivo de captura dise\u00f1ado.\n" } ], "id": "CVE-2021-4183", "lastModified": "2024-11-21T06:37:05.413", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "cve@gitlab.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-12-30T22:15:10.247", "references": [ { "source": "cve@gitlab.com", "tags": [ "Third Party Advisory" ], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-4183.json" }, { "source": "cve@gitlab.com", "tags": [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://gitlab.com/wireshark/wireshark/-/issues/17755" }, { "source": "cve@gitlab.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q6XGBKWSQFCVYUN4ZK3O3NJIFP3OAFVT/" }, { "source": "cve@gitlab.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5AEK3XTOIOGCGUILUFISMGX54YJXWGJ/" }, { "source": "cve@gitlab.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202210-04" }, { "source": "cve@gitlab.com", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "source": "cve@gitlab.com", "tags": [ "Vendor Advisory" ], "url": "https://www.wireshark.org/security/wnpa-sec-2021-19.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-4183.json" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://gitlab.com/wireshark/wireshark/-/issues/17755" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q6XGBKWSQFCVYUN4ZK3O3NJIFP3OAFVT/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5AEK3XTOIOGCGUILUFISMGX54YJXWGJ/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202210-04" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.wireshark.org/security/wnpa-sec-2021-19.html" } ], "sourceIdentifier": "cve@gitlab.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-125" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2020-04-15 14:15
Modified
2024-11-21 05:26
Severity ?
Summary
Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). The supported version that is affected is 11.1.1.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle HTTP Server accessible data as well as unauthorized read access to a subset of Oracle HTTP Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).
References
▼ | URL | Tags | |
---|---|---|---|
secalert_us@oracle.com | https://www.oracle.com/security-alerts/cpuapr2020.html | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuapr2020.html | Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
oracle | http_server | 11.1.1.9.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:http_server:11.1.1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "EBD2676F-EE9D-4462-ABA5-C11CE726849C", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). The supported version that is affected is 11.1.1.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle HTTP Server accessible data as well as unauthorized read access to a subset of Oracle HTTP Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)." }, { "lang": "es", "value": "Vulnerabilidad en el producto Oracle HTTP Server de Oracle Fusion Middleware (componente: Web Listener). La versi\u00f3n compatible que est\u00e1 afectada es la 11.1.1.9.0. Una vulnerabilidad explotable f\u00e1cilmente permite a un atacante no autenticado con acceso a la red por medio de HTTP comprometer a Oracle HTTP Server. Los ataques con \u00e9xito de esta vulnerabilidad puedan resultar en una actualizaci\u00f3n no autorizada, insertar o eliminar el acceso a algunos de los datos accesibles de Oracle HTTP Server, as\u00ed como tambi\u00e9n en el acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle HTTP Server. CVSS 3.0 Puntuaci\u00f3n Base 6.5 (Impactos de la confidencialidad y la integridad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)." } ], "id": "CVE-2020-2952", "lastModified": "2024-11-21T05:26:43.087", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "secalert_us@oracle.com", "type": "Secondary" } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2020-04-15T14:15:37.437", "references": [ { "source": "secalert_us@oracle.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-03-14 11:15
Modified
2024-11-21 06:49
Severity ?
Summary
Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
apache | http_server | * | |
fedoraproject | fedora | 34 | |
fedoraproject | fedora | 35 | |
fedoraproject | fedora | 36 | |
debian | debian_linux | 9.0 | |
oracle | http_server | 12.2.1.3.0 | |
oracle | http_server | 12.2.1.4.0 | |
oracle | zfs_storage_appliance_kit | 8.8 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "7B9D7ED5-E23A-4A60-9A6D-AB0D9BF73775", "versionEndIncluding": "2.4.52", "versionStartIncluding": "2.4.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "DFC79B17-E9D2-44D5-93ED-2F959E7A3D43", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "AD04BEE5-E9A8-4584-A68C-0195CE9C402C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*", "matchCriteriaId": "D3E503FB-6279-4D4A-91D8-E237ECF9D2B0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions." }, { "lang": "es", "value": "Una vulnerabilidad de escritura fuera de l\u00edmites en mod_sed de Apache HTTP Server permite a un atacante sobrescribir la memoria de la pila con datos posiblemente proporcionados por el atacante. Este problema afecta a Apache HTTP Server 2.4 versiones 2.4.52 y anteriores" } ], "id": "CVE-2022-23943", "lastModified": "2024-11-21T06:49:29.970", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-03-14T11:15:09.187", "references": [ { "source": "security@apache.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2022/03/14/1" }, { "source": "security@apache.org", "tags": [ "Vendor Advisory" ], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "source": "security@apache.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html" }, { "source": "security@apache.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/" }, { "source": "security@apache.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/" }, { "source": "security@apache.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/" }, { "source": "security@apache.org", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202208-20" }, { "source": "security@apache.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20220321-0001/" }, { "source": "security@apache.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "source": "security@apache.org", "tags": [ "Third Party Advisory" ], "url": "https://www.tenable.com/security/tns-2022-08" }, { "source": "security@apache.org", "tags": [ "Third Party Advisory" ], "url": "https://www.tenable.com/security/tns-2022-09" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2022/03/14/1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202208-20" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20220321-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.tenable.com/security/tns-2022-08" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.tenable.com/security/tns-2022-09" } ], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-190" }, { "lang": "en", "value": "CWE-787" } ], "source": "security@apache.org", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-787" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2023-10-17 22:15
Modified
2024-11-21 07:44
Severity ?
Summary
Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle HTTP Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
References
▼ | URL | Tags | |
---|---|---|---|
secalert_us@oracle.com | https://www.oracle.com/security-alerts/cpuoct2023.html | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuoct2023.html | Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
oracle | http_server | 12.2.1.4.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "AD04BEE5-E9A8-4584-A68C-0195CE9C402C", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle HTTP Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." }, { "lang": "es", "value": "Vulnerabilidad en el producto Oracle HTTP Server de Oracle Fusion Middleware (componente: Web Listener). La versi\u00f3n compatible afectada es 12.2.1.4.0. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometer Oracle HTTP Server. Los ataques exitosos de esta vulnerabilidad pueden resultar en un acceso no autorizado a datos cr\u00edticos o un acceso completo a todos los datos accesibles de Oracle HTTP Server. CVSS 3.1 Puntaje base 7.5 (Impactos en la confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." } ], "id": "CVE-2023-22019", "lastModified": "2024-11-21T07:44:06.997", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "secalert_us@oracle.com", "type": "Primary" } ] }, "published": "2023-10-17T22:15:11.747", "references": [ { "source": "secalert_us@oracle.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuoct2023.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuoct2023.html" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" }, { "description": [ { "lang": "en", "value": "CWE-200" } ], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] }
Vulnerability from fkie_nvd
Published
2022-03-14 11:15
Modified
2024-11-21 06:47
Severity ?
Summary
A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
apache | http_server | * | |
debian | debian_linux | 9.0 | |
fedoraproject | fedora | 34 | |
fedoraproject | fedora | 35 | |
fedoraproject | fedora | 36 | |
oracle | http_server | 12.2.1.3.0 | |
oracle | http_server | 12.2.1.4.0 | |
oracle | zfs_storage_appliance_kit | 8.8 | |
apple | mac_os_x | 10.15.7 | |
apple | mac_os_x | 10.15.7 | |
apple | mac_os_x | 10.15.7 | |
apple | mac_os_x | 10.15.7 | |
apple | mac_os_x | 10.15.7 | |
apple | mac_os_x | 10.15.7 | |
apple | mac_os_x | 10.15.7 | |
apple | mac_os_x | 10.15.7 | |
apple | mac_os_x | 10.15.7 | |
apple | mac_os_x | 10.15.7 | |
apple | mac_os_x | 10.15.7 | |
apple | mac_os_x | 10.15.7 | |
apple | mac_os_x | 10.15.7 | |
apple | macos | * | |
apple | macos | * | |
apple | macos | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "E4ABADEE-0A1F-4D0D-B32E-128DF9942FE5", "versionEndIncluding": "2.4.52", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "DFC79B17-E9D2-44D5-93ED-2F959E7A3D43", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "AD04BEE5-E9A8-4584-A68C-0195CE9C402C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*", "matchCriteriaId": "D3E503FB-6279-4D4A-91D8-E237ECF9D2B0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:*:*:*:*:*:*:*", "matchCriteriaId": "89161D20-EB9C-4EC0-8D82-75B27CE49264", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*", "matchCriteriaId": "F1F4BF7F-90D4-4668-B4E6-B06F4070F448", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*", "matchCriteriaId": "0F441A43-1669-478D-9EC8-E96882DE4F9F", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*", "matchCriteriaId": "D425C653-37A2-448C-BF2F-B684ADB08A26", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*", "matchCriteriaId": "A54D63B7-B92B-47C3-B1C5-9892E5873A98", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-004:*:*:*:*:*:*", "matchCriteriaId": "3456176F-9185-4EE2-A8CE-3D989D674AB7", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-005:*:*:*:*:*:*", "matchCriteriaId": "D337EE21-2F00-484D-9285-F2B0248D7A19", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-006:*:*:*:*:*:*", "matchCriteriaId": "012052B5-9AA7-4FD3-9C80-5F615330039D", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-007:*:*:*:*:*:*", "matchCriteriaId": "50F21A3C-0AC3-48C5-A4F8-5A7B478875B4", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-008:*:*:*:*:*:*", "matchCriteriaId": "8E974DC6-F7D9-4389-9AF9-863F6E419CE6", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-001:*:*:*:*:*:*", "matchCriteriaId": "156A6382-2BD3-4882-90B2-8E7CF6659E17", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-002:*:*:*:*:*:*", "matchCriteriaId": "20A2FDB2-6712-406A-9896-C0B44508B07D", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-003:*:*:*:*:*:*", "matchCriteriaId": "49F537A0-DC42-4176-B22F-C80D179DD99D", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "3BD2A211-4E62-40BF-9BA0-5239FA6F0AF8", "versionEndExcluding": "10.15.7", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "09A6345C-D813-43BA-B12E-789C80653F86", "versionEndExcluding": "11.6.6", "versionStartIncluding": "11.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "56A8A170-44A7-4334-88B0-CB4413E28E53", "versionEndExcluding": "12.4", "versionStartIncluding": "12.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier." }, { "lang": "es", "value": "Un cuerpo de petici\u00f3n cuidadosamente dise\u00f1ado puede causar una lectura en una zona de memoria aleatoria que podr\u00eda causar al proceso un bloqueo. Este problema afecta al servidor HTTP Apache versiones 2.4.52 y anteriores" } ], "id": "CVE-2022-22719", "lastModified": "2024-11-21T06:47:18.700", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-03-14T11:15:09.023", "references": [ { "source": "security@apache.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2022/May/33" }, { "source": "security@apache.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2022/May/35" }, { "source": "security@apache.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2022/May/38" }, { "source": "security@apache.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2022/03/14/4" }, { "source": "security@apache.org", "tags": [ "Vendor Advisory" ], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "source": "security@apache.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html" }, { "source": "security@apache.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/" }, { "source": "security@apache.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/" }, { "source": "security@apache.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/" }, { "source": "security@apache.org", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202208-20" }, { "source": "security@apache.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20220321-0001/" }, { "source": "security@apache.org", "tags": [ "Third Party Advisory" ], "url": "https://support.apple.com/kb/HT213255" }, { "source": "security@apache.org", "tags": [ "Third Party Advisory" ], "url": "https://support.apple.com/kb/HT213256" }, { "source": "security@apache.org", "tags": [ "Third Party Advisory" ], "url": "https://support.apple.com/kb/HT213257" }, { "source": "security@apache.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2022/May/33" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2022/May/35" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2022/May/38" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2022/03/14/4" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202208-20" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20220321-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://support.apple.com/kb/HT213255" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://support.apple.com/kb/HT213256" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://support.apple.com/kb/HT213257" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" } ], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-665" } ], "source": "security@apache.org", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-665" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2021-12-20 12:15
Modified
2024-11-21 06:31
Severity ?
Summary
A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "5D91E7B1-C692-4ECB-BFDF-968D8F8A5832", "versionEndIncluding": "2.4.51", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*", "matchCriteriaId": "7A939B08-CFD8-44D6-B06A-71819E7EFF21", "versionEndExcluding": "5.20.0", "versionStartIncluding": "5.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "F2AD8797-A70D-4FC7-8A7B-1EF9F43AB4DF", "versionEndIncluding": "9.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*", "matchCriteriaId": "CBE1A019-7BB6-4226-8AC4-9D6927ADAEFA", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*", "matchCriteriaId": "B98BAEB2-A540-4E8A-A946-C4331B913AFD", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "B8FBE260-E306-4215-80C0-D2D27CA43E0F", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "676F28B8-F780-4441-8062-53E1D69200DF", "versionEndIncluding": "9.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "9D164570-BB85-4090-B3C6-2CAB324BDAD6", "versionEndIncluding": "9.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "DFC79B17-E9D2-44D5-93ED-2F959E7A3D43", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "AD04BEE5-E9A8-4584-A68C-0195CE9C402C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*", "matchCriteriaId": "82EA4BA7-C38B-4AF3-8914-9E3D089EBDD4", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*", "matchCriteriaId": "B9C9BC66-FA5F-4774-9BDA-7AB88E2839C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*", "matchCriteriaId": "7F69B9A5-F21B-4904-9F27-95C0F7A628E3", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*", "matchCriteriaId": "D3E503FB-6279-4D4A-91D8-E237ECF9D2B0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*", "matchCriteriaId": "F1F4BF7F-90D4-4668-B4E6-B06F4070F448", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*", "matchCriteriaId": "0F441A43-1669-478D-9EC8-E96882DE4F9F", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*", "matchCriteriaId": "D425C653-37A2-448C-BF2F-B684ADB08A26", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*", "matchCriteriaId": "A54D63B7-B92B-47C3-B1C5-9892E5873A98", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-004:*:*:*:*:*:*", "matchCriteriaId": "3456176F-9185-4EE2-A8CE-3D989D674AB7", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-005:*:*:*:*:*:*", "matchCriteriaId": "D337EE21-2F00-484D-9285-F2B0248D7A19", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-006:*:*:*:*:*:*", "matchCriteriaId": "012052B5-9AA7-4FD3-9C80-5F615330039D", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-007:*:*:*:*:*:*", "matchCriteriaId": "50F21A3C-0AC3-48C5-A4F8-5A7B478875B4", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-008:*:*:*:*:*:*", "matchCriteriaId": "8E974DC6-F7D9-4389-9AF9-863F6E419CE6", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-001:*:*:*:*:*:*", "matchCriteriaId": "156A6382-2BD3-4882-90B2-8E7CF6659E17", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-002:*:*:*:*:*:*", "matchCriteriaId": "20A2FDB2-6712-406A-9896-C0B44508B07D", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-003:*:*:*:*:*:*", "matchCriteriaId": "49F537A0-DC42-4176-B22F-C80D179DD99D", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "3BD2A211-4E62-40BF-9BA0-5239FA6F0AF8", "versionEndExcluding": "10.15.7", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "09A6345C-D813-43BA-B12E-789C80653F86", "versionEndExcluding": "11.6.6", "versionStartIncluding": "11.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "35154201-43EA-4C22-B0BA-D1A24C46D320", "versionEndExcluding": "12.4", "versionStartIncluding": "12.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier." }, { "lang": "es", "value": "Un cuerpo de petici\u00f3n cuidadosamente dise\u00f1ado puede causar un desbordamiento de b\u00fafer en el analizador multiparte mod_lua (r:parsebody() llamado desde scripts Lua). El equipo de Apache httpd no presenta constancia de que se presente una explotaci\u00f3n para esta vulnerabilidad, aunque podr\u00eda ser posible dise\u00f1ar uno. Este problema afecta a Apache HTTP Server versiones 2.4.51 y anteriores" } ], "id": "CVE-2021-44790", "lastModified": "2024-11-21T06:31:33.257", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-12-20T12:15:07.440", "references": [ { "source": "security@apache.org", "tags": [ "Vendor Advisory" ], "url": "http://httpd.apache.org/security/vulnerabilities_24.html" }, { "source": "security@apache.org", "url": "http://packetstormsecurity.com/files/171631/Apache-2.4.x-Buffer-Overflow.html" }, { "source": "security@apache.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2022/May/33" }, { "source": "security@apache.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2022/May/35" }, { "source": "security@apache.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2022/May/38" }, { "source": "security@apache.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2021/12/20/4" }, { "source": "security@apache.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFSWOH4X77CV7AH7C4RMHUBDWKQDL4YH/" }, { "source": "security@apache.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/" }, { "source": "security@apache.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/" }, { "source": "security@apache.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/" }, { "source": "security@apache.org", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202208-20" }, { "source": "security@apache.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20211224-0001/" }, { "source": "security@apache.org", "tags": [ "Third Party Advisory" ], "url": "https://support.apple.com/kb/HT213255" }, { "source": "security@apache.org", "tags": [ "Third Party Advisory" ], "url": "https://support.apple.com/kb/HT213256" }, { "source": "security@apache.org", "tags": [ "Third Party Advisory" ], "url": "https://support.apple.com/kb/HT213257" }, { "source": "security@apache.org", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2022/dsa-5035" }, { "source": "security@apache.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "source": "security@apache.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "source": "security@apache.org", "tags": [ "Third Party Advisory" ], "url": "https://www.tenable.com/security/tns-2022-01" }, { "source": "security@apache.org", "tags": [ "Third Party Advisory" ], "url": "https://www.tenable.com/security/tns-2022-03" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://httpd.apache.org/security/vulnerabilities_24.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://packetstormsecurity.com/files/171631/Apache-2.4.x-Buffer-Overflow.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2022/May/33" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2022/May/35" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2022/May/38" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2021/12/20/4" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFSWOH4X77CV7AH7C4RMHUBDWKQDL4YH/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202208-20" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20211224-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://support.apple.com/kb/HT213255" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://support.apple.com/kb/HT213256" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://support.apple.com/kb/HT213257" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2022/dsa-5035" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.tenable.com/security/tns-2022-01" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.tenable.com/security/tns-2022-03" } ], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-787" } ], "source": "security@apache.org", "type": "Primary" }, { "description": [ { "lang": "en", "value": "CWE-787" } ], "source": "nvd@nist.gov", "type": "Secondary" } ] }
Vulnerability from fkie_nvd
Published
2021-10-20 11:16
Modified
2024-11-21 06:03
Severity ?
Summary
Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). The supported version that is affected is 11.1.1.9.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle HTTP Server accessible data. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
oracle | http_server | 11.1.1.9.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:http_server:11.1.1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "EBD2676F-EE9D-4462-ABA5-C11CE726849C", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). The supported version that is affected is 11.1.1.9.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle HTTP Server accessible data. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)." }, { "lang": "es", "value": "Una vulnerabilidad en el producto Oracle HTTP Server de Oracle Fusion Middleware (componente: Web Listener). La versi\u00f3n compatible que est\u00e1 afectada es 11.1.1.9.0. Una vulnerabilidad dif\u00edcil de explotar permite a un atacante no autenticado con acceso a la red por medio de HTTP comprometer el Servidor HTTP de Oracle. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en una actualizaci\u00f3n no autorizada, insertar o eliminar el acceso a algunos de los datos accesibles de Oracle HTTP Server. CVSS 3.1 Puntuaci\u00f3n Base 3.7 (impactos en la Integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)" } ], "id": "CVE-2021-2480", "lastModified": "2024-11-21T06:03:11.987", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "secalert_us@oracle.com", "type": "Secondary" } ] }, "published": "2021-10-20T11:16:18.330", "references": [ { "source": "secalert_us@oracle.com", "tags": [ "Vendor Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2020-04-21 14:15
Modified
2024-11-21 05:11
Severity ?
Summary
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f).
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "90907017-473C-48CA-9441-DAFAF5F81049", "versionEndIncluding": "1.1.1f", "versionStartIncluding": "1.1.1d", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:freebsd:freebsd:12.1:-:*:*:*:*:*:*", "matchCriteriaId": "BD730B6A-F123-4685-ACB3-4F20AAAB77F3", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:application_server:12.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "CDD7E6AC-A613-4938-91D1-402DA2038875", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:enterprise_manager_for_storage_management:13.3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "F87918FE-62C0-4DC5-8894-847DFB5B7E5F", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:enterprise_manager_for_storage_management:13.4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "61516569-C48F-4362-B334-8CA10EDB0EC2", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "37209C6F-EF99-4D21-9608-B3A06D283D24", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "AD04BEE5-E9A8-4584-A68C-0195CE9C402C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*", "matchCriteriaId": "0B1CAD50-749F-4ADB-A046-BF3585677A58", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*", "matchCriteriaId": "C6C5EC81-F74A-4280-A041-EC5EE36D0919", "versionEndIncluding": "5.6.48", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*", "matchCriteriaId": "E1A68EF8-15AA-42A7-9734-6F9470EB35CD", "versionEndIncluding": "5.7.30", "versionStartIncluding": "5.7.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*", "matchCriteriaId": "0E1A3769-E443-4511-B349-B5304F5E6EBD", "versionEndIncluding": "8.0.20", "versionStartIncluding": "8.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:mysql_connectors:*:*:*:*:*:*:*:*", "matchCriteriaId": "7F198EB3-A3AB-42EA-BF3A-D8BB4D9210EE", "versionEndIncluding": "8.0.20", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*", "matchCriteriaId": "9A3BBE71-CA00-4F54-9210-FC7572C87CFB", "versionEndIncluding": "4.0.12", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*", "matchCriteriaId": "73573516-EDA0-4176-A3ED-2F7006C87F8E", "versionEndIncluding": "8.0.20", "versionStartIncluding": "8.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*", "matchCriteriaId": "9E07B577-50FE-43B4-8AAD-4C267A494A36", "versionEndIncluding": "8.0.21", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*", "matchCriteriaId": "D0A735B4-4F3C-416B-8C08-9CB21BAD2889", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", "matchCriteriaId": "7E1E416B-920B-49A0-9523-382898C2979D", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*", "matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*", "matchCriteriaId": "C8AF00C6-B97F-414D-A8DF-057E6BFD8597", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62", "versionStartIncluding": "7.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", "versionStartIncluding": "9.5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", "matchCriteriaId": "24B8DB06-590A-4008-B0AB-FCD1401C77C6", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*", "matchCriteriaId": "4BB0FDCF-3750-44C6-AC5C-0CC2AAD14093", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", "matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true }, { "criteria": "cpe:2.3:o:broadcom:fabric_operating_system:-:*:*:*:*:*:*:*", "matchCriteriaId": "046FB51E-B768-44D3-AEB5-D857145CA840", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:jdedwards:enterpriseone:*:*:*:*:*:*:*:*", "matchCriteriaId": "0E4475E9-FF6F-4B94-8989-D8E2EB69F782", "versionEndExcluding": "9.2.5.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:*", "matchCriteriaId": "4ACF85D6-6B45-43DA-9C01-F0208186F014", "versionEndExcluding": "6.0.9", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the \"signature_algorithms_cert\" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f)." }, { "lang": "es", "value": "Las aplicaciones de Servidor o Cliente que llaman a la funci\u00f3n SSL_check_chain() durante o despu\u00e9s del protocolo de enlace de TLS versi\u00f3n 1.3, puede bloquear debido a una desreferencia del puntero NULL como resultado de un manejo incorrecto de la extensi\u00f3n TLS \"signature_algorithms_cert\". El bloqueo ocurre si se recibe un algoritmo de firma no comprobada o ni reconocido del peer. Esto podr\u00eda ser explotado por un peer malicioso en un ataque de Denegaci\u00f3n de Servicio. OpenSSL versiones 1.1.1d, 1.1.1e y 1.1.1f est\u00e1n afectadas por este problema. Este problema no afectaba a OpenSSL versiones anteriores a la versi\u00f3n 1.1.1d. Corregido en OpenSSL versi\u00f3n 1.1.1g (Afectado en la versi\u00f3n 1.1.1d-1.1.1f)." } ], "id": "CVE-2020-1967", "lastModified": "2024-11-21T05:11:45.023", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2020-04-21T14:15:11.287", "references": [ { "source": "openssl-security@openssl.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00004.html" }, { "source": "openssl-security@openssl.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00011.html" }, { "source": "openssl-security@openssl.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://packetstormsecurity.com/files/157527/OpenSSL-signature_algorithms_cert-Denial-Of-Service.html" }, { "source": "openssl-security@openssl.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2020/May/5" }, { "source": "openssl-security@openssl.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2020/04/22/2" }, { "source": "openssl-security@openssl.org", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=eb563247aef3e83dda7679c43f9649270462e5b1" }, { "source": "openssl-security@openssl.org", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://github.com/irsl/CVE-2020-1967" }, { "source": "openssl-security@openssl.org", "tags": [ "Third Party Advisory" ], "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44440" }, { "source": "openssl-security@openssl.org", "url": "https://lists.apache.org/thread.html/r66ea9c436da150683432db5fbc8beb8ae01886c6459ac30c2cea7345%40%3Cdev.tomcat.apache.org%3E" }, { "source": "openssl-security@openssl.org", "url": "https://lists.apache.org/thread.html/r94d6ac3f010a38fccf4f432b12180a13fa1cf303559bd805648c9064%40%3Cdev.tomcat.apache.org%3E" }, { "source": "openssl-security@openssl.org", "url": "https://lists.apache.org/thread.html/r9a41e304992ce6aec6585a87842b4f2e692604f5c892c37e3b0587ee%40%3Cdev.tomcat.apache.org%3E" }, { "source": "openssl-security@openssl.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDHOAATPWJCXRNFMJ2SASDBBNU5RJONY/" }, { "source": "openssl-security@openssl.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXDDAOWSAIEFQNBHWYE6PPYFV4QXGMCD/" }, { "source": "openssl-security@openssl.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVEP3LAK4JSPRXFO4QF4GG2IVXADV3SO/" }, { "source": "openssl-security@openssl.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:11.openssl.asc" }, { "source": "openssl-security@openssl.org", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202004-10" }, { "source": "openssl-security@openssl.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20200424-0003/" }, { "source": "openssl-security@openssl.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20200717-0004/" }, { "source": "openssl-security@openssl.org", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2020/dsa-4661" }, { "source": "openssl-security@openssl.org", "tags": [ "Vendor Advisory" ], "url": "https://www.openssl.org/news/secadv/20200421.txt" }, { "source": "openssl-security@openssl.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "source": "openssl-security@openssl.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "source": "openssl-security@openssl.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "source": "openssl-security@openssl.org", "tags": [ "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "source": "openssl-security@openssl.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "source": "openssl-security@openssl.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "source": "openssl-security@openssl.org", "tags": [ "Third Party Advisory" ], "url": "https://www.synology.com/security/advisory/Synology_SA_20_05" }, { "source": "openssl-security@openssl.org", "tags": [ "Third Party Advisory" ], "url": "https://www.synology.com/security/advisory/Synology_SA_20_05_OpenSSL" }, { "source": "openssl-security@openssl.org", "tags": [ "Third Party Advisory" ], "url": "https://www.tenable.com/security/tns-2020-03" }, { "source": "openssl-security@openssl.org", "tags": [ "Third Party Advisory" ], "url": "https://www.tenable.com/security/tns-2020-04" }, { "source": "openssl-security@openssl.org", "tags": [ "Third Party Advisory" ], "url": "https://www.tenable.com/security/tns-2020-11" }, { "source": "openssl-security@openssl.org", "tags": [ "Third Party Advisory" ], "url": "https://www.tenable.com/security/tns-2021-10" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00004.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00011.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://packetstormsecurity.com/files/157527/OpenSSL-signature_algorithms_cert-Denial-Of-Service.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2020/May/5" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2020/04/22/2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=eb563247aef3e83dda7679c43f9649270462e5b1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://github.com/irsl/CVE-2020-1967" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44440" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r66ea9c436da150683432db5fbc8beb8ae01886c6459ac30c2cea7345%40%3Cdev.tomcat.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r94d6ac3f010a38fccf4f432b12180a13fa1cf303559bd805648c9064%40%3Cdev.tomcat.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r9a41e304992ce6aec6585a87842b4f2e692604f5c892c37e3b0587ee%40%3Cdev.tomcat.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDHOAATPWJCXRNFMJ2SASDBBNU5RJONY/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXDDAOWSAIEFQNBHWYE6PPYFV4QXGMCD/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVEP3LAK4JSPRXFO4QF4GG2IVXADV3SO/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:11.openssl.asc" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202004-10" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20200424-0003/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20200717-0004/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2020/dsa-4661" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.openssl.org/news/secadv/20200421.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.synology.com/security/advisory/Synology_SA_20_05" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.synology.com/security/advisory/Synology_SA_20_05_OpenSSL" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.tenable.com/security/tns-2020-03" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.tenable.com/security/tns-2020-04" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.tenable.com/security/tns-2020-11" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.tenable.com/security/tns-2021-10" } ], "sourceIdentifier": "openssl-security@openssl.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-476" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-02-06 20:29
Modified
2024-11-21 03:53
Severity ?
Summary
libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
haxx | libcurl | * | |
canonical | ubuntu_linux | 14.04 | |
canonical | ubuntu_linux | 16.04 | |
canonical | ubuntu_linux | 18.04 | |
canonical | ubuntu_linux | 18.10 | |
debian | debian_linux | 9.0 | |
netapp | clustered_data_ontap | * | |
siemens | sinema_remote_connect_client | * | |
oracle | communications_operations_monitor | 3.4 | |
oracle | communications_operations_monitor | 4.0 | |
oracle | http_server | 12.2.1.3.0 | |
oracle | secure_global_desktop | 5.4 | |
redhat | enterprise_linux | 8.0 | |
f5 | big-ip_access_policy_manager | * | |
f5 | big-ip_access_policy_manager | * | |
f5 | big-ip_access_policy_manager | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*", "matchCriteriaId": "0572AA2C-5E33-4612-8BDE-0859690EA089", "versionEndExcluding": "7.64.0", "versionStartIncluding": "7.36.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:clustered_data_ontap:*:*:*:*:*:*:*:*", "matchCriteriaId": "B0E976A9-6253-4DF5-9370-471D0469B395", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:siemens:sinema_remote_connect_client:*:*:*:*:*:*:*:*", "matchCriteriaId": "626EEBF4-73B9-44B3-BF55-50EC9139EF66", "versionEndIncluding": "2.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*", "matchCriteriaId": "D52F557F-D0A0-43D3-85F1-F10B6EBFAEDF", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "E3517A27-E6EE-497C-9996-F78171BBE90F", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "DFC79B17-E9D2-44D5-93ED-2F959E7A3D43", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:*", "matchCriteriaId": "B5265C91-FF5C-4451-A7C2-D388A65ACFA2", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "6FCB6C17-33AC-4E5E-8633-7490058CA51F", "versionEndIncluding": "13.1.3", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "FCBAF5C1-3761-47BB-AD8E-A55A64D33AF3", "versionEndIncluding": "14.1.2", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "D6A53E3C-3E09-4100-8D5A-10AD4973C230", "versionEndIncluding": "15.0.1", "versionStartIncluding": "15.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds." }, { "lang": "es", "value": "Libcurl, desde la versi\u00f3n 7.36.0 hasta antes de la 7.64.0, es vulnerable a una lectura de memoria din\u00e1mica (heap) fuera de l\u00edmites. La funci\u00f3n que gestiona los mensajes entrantes NTLM de tipo 2 (\"lib/vauth/ntlm.c:ntlm_decode_type2_target\") no valida los datos entrantes correctamente y est\u00e1 sujeta a una vulnerabilidad de desbordamiento de enteros. Mediante ese desbordamiento, un servidor NTLM malicioso o roto podr\u00eda enga\u00f1ar a libcurl para que acepte una mala combinaci\u00f3n de longitud + desplazamiento que conducir\u00eda a una lectura del b\u00fafer fuera de l\u00edmites." } ], "id": "CVE-2018-16890", "lastModified": "2024-11-21T03:53:32.740", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "version": "3.0" }, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "secalert@redhat.com", "type": "Secondary" } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-02-06T20:29:00.243", "references": [ { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/106947" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:3701" }, { "source": "secalert@redhat.com", "tags": [ "Issue Tracking", "Mitigation", "Patch", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16890" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf" }, { "source": "secalert@redhat.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://curl.haxx.se/docs/CVE-2018-16890.html" }, { "source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E" }, { "source": "secalert@redhat.com", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20190315-0001/" }, { "source": "secalert@redhat.com", "url": "https://support.f5.com/csp/article/K03314397?utm_source=f5support\u0026amp%3Butm_medium=RSS" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/3882-1/" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2019/dsa-4386" }, { "source": "secalert@redhat.com", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "source": "secalert@redhat.com", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/106947" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:3701" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Mitigation", "Patch", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16890" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://curl.haxx.se/docs/CVE-2018-16890.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20190315-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.f5.com/csp/article/K03314397?utm_source=f5support\u0026amp%3Butm_medium=RSS" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/3882-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2019/dsa-4386" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-125" } ], "source": "secalert@redhat.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-125" }, { "lang": "en", "value": "CWE-190" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-10-18 01:07
Modified
2024-11-21 00:18
Severity ?
Summary
Unspecified vulnerability in Oracle HTTP Server 9.2.0.7, Oracle Collaboration Suite 9.0.4.2, and Oracle E-Business Suite and Applications 11.5.10CU2 has unknown impact and remote attack vectors related to HTTPS and SSL, aka Vuln# OHS05.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
oracle | collaboration_suite | 9.0.4.2 | |
oracle | e-business_suite | 11.5.10.2 | |
oracle | http_server | 9.2.0.7 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:collaboration_suite:9.0.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "8548B5B0-F465-4424-A316-50FDDE450A24", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.10.2:*:*:*:*:*:*:*", "matchCriteriaId": "80B61990-9CC2-4215-9879-AC817F4E6767", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:http_server:9.2.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "B0BF041B-FD41-4EBD-87EC-7C23C195EF83", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in Oracle HTTP Server 9.2.0.7, Oracle Collaboration Suite 9.0.4.2, and Oracle E-Business Suite and Applications 11.5.10CU2 has unknown impact and remote attack vectors related to HTTPS and SSL, aka Vuln# OHS05." }, { "lang": "es", "value": "Vulnerabilidad no especifica en Oracle HTTP Server 9.2.0.7, Oracle Collaboration Suite 9.0.4.2, y Oracle E-Business Suite y Applications 11.5.10CU2 tiene impacto y vectores de ataque remotos relacionados con HTTPS y SSL, tambi\u00e9n conocido como Vuln# OHS05." } ], "id": "CVE-2006-5348", "lastModified": "2024-11-21T00:18:51.940", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2006-10-18T01:07:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/22396" }, { "source": "cve@mitre.org", "url": "http://securitytracker.com/id?1017077" }, { "source": "cve@mitre.org", "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html" }, { "source": "cve@mitre.org", "url": "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/449711/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/449711/100/0/threaded" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/20588" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-291A.html" }, { "source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/4065" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/22396" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1017077" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/449711/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/449711/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/20588" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-291A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/4065" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-07-11 20:15
Modified
2024-11-21 05:26
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Improper Input Validation Vulnerability.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
dell | bsafe_crypto-c-micro-edition | * | |
dell | bsafe_micro-edition-suite | * | |
oracle | database | 12.1.0.2 | |
oracle | database | 19c | |
oracle | database | 21c | |
oracle | http_server | 12.2.1.3.0 | |
oracle | http_server | 12.2.1.4.0 | |
oracle | security_service | 12.2.1.3.0 | |
oracle | security_service | 12.2.1.4.0 | |
oracle | weblogic_server_proxy_plug-in | 12.2.1.3.0 | |
oracle | weblogic_server_proxy_plug-in | 12.2.1.4.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:dell:bsafe_crypto-c-micro-edition:*:*:*:*:*:*:*:*", "matchCriteriaId": "6C3D1B15-8F35-4976-8BA0-35816ECE6A92", "versionEndExcluding": "4.1.5", "vulnerable": true }, { "criteria": "cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*", "matchCriteriaId": "84735DD4-8297-4476-9013-967E9E323D9F", "versionEndExcluding": "4.5.2", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*", "matchCriteriaId": "89FE33CE-5995-4C53-8331-B49156F852B3", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*", "matchCriteriaId": "C1E05472-8F3A-4E46-90E5-50EA6D555FDC", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:database:21c:*:*:*:enterprise:*:*:*", "matchCriteriaId": "02E34416-E767-4F61-8D2C-0D0202351F91", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "DFC79B17-E9D2-44D5-93ED-2F959E7A3D43", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "AD04BEE5-E9A8-4584-A68C-0195CE9C402C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:security_service:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "9FD166F7-8A83-4BC7-A392-E830E87F841B", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:security_service:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "D345C2D3-6AA5-4573-8397-ED1EB0153DB9", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "9A4AE8A2-62D9-4C08-A608-A057895E4E46", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "5E29C004-51D7-4BBE-B28A-EE6B7B10F89F", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Improper Input Validation Vulnerability." }, { "lang": "es", "value": "Dell BSAFE Crypto-C Micro Edition, versiones anteriores a 4.1.5, y Dell BSAFE Micro Edition Suite, versiones anteriores a 4.5.2, contienen una vulnerabilidad de Comprobaci\u00f3n de Entrada Inapropiada" } ], "id": "CVE-2020-35169", "lastModified": "2024-11-21T05:26:53.670", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "security_alert@emc.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-07-11T20:15:08.543", "references": [ { "source": "security_alert@emc.com", "tags": [ "Vendor Advisory" ], "url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities" }, { "source": "security_alert@emc.com", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" } ], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-347" } ], "source": "security_alert@emc.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-20" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2021-12-30 22:15
Modified
2024-11-21 06:37
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
wireshark | wireshark | * | |
wireshark | wireshark | 3.6.0 | |
fedoraproject | fedora | 34 | |
fedoraproject | fedora | 35 | |
debian | debian_linux | 9.0 | |
oracle | http_server | 12.2.1.3.0 | |
oracle | http_server | 12.2.1.4.0 | |
oracle | zfs_storage_appliance_kit | 8.8 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*", "matchCriteriaId": "83F60A42-E459-4528-90B6-E44ED732B1B2", "versionEndIncluding": "3.4.10", "versionStartIncluding": "3.4.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:wireshark:wireshark:3.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "0A897845-0C8C-46EA-B65A-C7AE826074F4", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "DFC79B17-E9D2-44D5-93ED-2F959E7A3D43", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "AD04BEE5-E9A8-4584-A68C-0195CE9C402C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*", "matchCriteriaId": "D3E503FB-6279-4D4A-91D8-E237ECF9D2B0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file" }, { "lang": "es", "value": "Un bucle infinito en BitTorrent DHT dissector en Wireshark versiones 3.6.0 y 3.4.0 a 3.4.10, permite una denegaci\u00f3n de servicio por medio de una inyecci\u00f3n de paquetes o de un archivo de captura dise\u00f1ado.\n" } ], "id": "CVE-2021-4184", "lastModified": "2024-11-21T06:37:05.590", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "cve@gitlab.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-12-30T22:15:10.307", "references": [ { "source": "cve@gitlab.com", "tags": [ "Third Party Advisory" ], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-4184.json" }, { "source": "cve@gitlab.com", "tags": [ "Exploit", "Issue Tracking", "Third Party Advisory" ], "url": "https://gitlab.com/wireshark/wireshark/-/issues/17754" }, { "source": "cve@gitlab.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00041.html" }, { "source": "cve@gitlab.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q6XGBKWSQFCVYUN4ZK3O3NJIFP3OAFVT/" }, { "source": "cve@gitlab.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5AEK3XTOIOGCGUILUFISMGX54YJXWGJ/" }, { "source": "cve@gitlab.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202210-04" }, { "source": "cve@gitlab.com", "tags": [ "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "source": "cve@gitlab.com", "tags": [ "Vendor Advisory" ], "url": "https://www.wireshark.org/security/wnpa-sec-2021-18.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-4184.json" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Issue Tracking", "Third Party Advisory" ], "url": "https://gitlab.com/wireshark/wireshark/-/issues/17754" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00041.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q6XGBKWSQFCVYUN4ZK3O3NJIFP3OAFVT/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5AEK3XTOIOGCGUILUFISMGX54YJXWGJ/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202210-04" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.wireshark.org/security/wnpa-sec-2021-18.html" } ], "sourceIdentifier": "cve@gitlab.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-835" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2018-01-18 02:29
Modified
2024-11-21 04:03
Severity ?
Summary
Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle HTTP Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
▼ | URL | Tags | |
---|---|---|---|
secalert_us@oracle.com | http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | Patch, Vendor Advisory | |
secalert_us@oracle.com | http://www.securityfocus.com/bid/102565 | Third Party Advisory, VDB Entry | |
secalert_us@oracle.com | http://www.securitytracker.com/id/1040210 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102565 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040210 | Third Party Advisory, VDB Entry |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
oracle | http_server | 11.1.1.7.0 | |
oracle | http_server | 11.1.1.9.0 | |
oracle | http_server | 12.1.3.0.0 | |
oracle | http_server | 12.2.1.2.0 | |
oracle | http_server | 12.2.1.3.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:http_server:11.1.1.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "911FBD5E-213D-482F-81A9-C3B8CE7D903A", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:http_server:11.1.1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "EBD2676F-EE9D-4462-ABA5-C11CE726849C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:http_server:12.1.3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "6505AE29-5091-4C72-AF6B-932DEF53A8D2", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:http_server:12.2.1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "38A45A86-3B7E-4245-B717-2A6E868BE6BE", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "DFC79B17-E9D2-44D5-93ED-2F959E7A3D43", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle HTTP Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." }, { "lang": "es", "value": "Vulnerabilidad en el componente Oracle HTTP Server de Oracle Fusion Middleware (subcomponente: Web Listener). Las versiones soportadas que se han visto afectadas son la 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.2.0 y la 12.2.1.3.0. Esta vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar con acceso en red v\u00eda HTTP comprometa la seguridad de Oracle HTTP Server. Los ataques exitosos a esta vulnerabilidad pueden dar lugar a que el atacante consiga provocar una denegaci\u00f3n de servicio parcial (DoS parcial) de Oracle HTTP Server. CVSS 3.0 Base Score 5.3 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." } ], "id": "CVE-2018-2561", "lastModified": "2024-11-21T04:03:56.197", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2018-01-18T02:29:17.443", "references": [ { "source": "secalert_us@oracle.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/102565" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1040210" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/102565" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1040210" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2009-06-08 01:00
Modified
2024-11-21 01:03
Severity ?
Summary
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
apache | apr-util | * | |
apple | mac_os_x | * | |
suse | linux_enterprise_server | 9 | |
debian | debian_linux | 4.0 | |
canonical | ubuntu_linux | 6.06 | |
canonical | ubuntu_linux | 8.04 | |
canonical | ubuntu_linux | 8.10 | |
canonical | ubuntu_linux | 9.04 | |
fedoraproject | fedora | 9 | |
fedoraproject | fedora | 10 | |
fedoraproject | fedora | 11 | |
oracle | http_server | - | |
apache | http_server | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:apache:apr-util:*:*:*:*:*:*:*:*", "matchCriteriaId": "13B90E83-A762-4896-9E77-908FBA4B154A", "versionEndExcluding": "1.3.7", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "8333C974-DF5B-4098-A766-EB8D875817F5", "versionEndExcluding": "10.6.2", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*", "matchCriteriaId": "4CD2D897-E321-4CED-92E0-11A98B52053C", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*", "matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*", "matchCriteriaId": "7EBFE35C-E243-43D1-883D-4398D71763CC", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*", "matchCriteriaId": "4747CC68-FAF4-482F-929A-9DA6C24CB663", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*", "matchCriteriaId": "A5D026D0-EF78-438D-BEDD-FC8571F3ACEB", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*", "matchCriteriaId": "743CBBB1-C140-4FEF-B40E-FAE4511B1140", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*", "matchCriteriaId": "7000D33B-F3C7-43E8-8FC7-9B97AADC3E12", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*", "matchCriteriaId": "B3BB5EDB-520B-4DEF-B06E-65CA13152824", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:http_server:-:*:*:*:*:*:*:*", "matchCriteriaId": "E290BD43-5AB2-4641-B4AC-BC99FFBF7833", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "8BBBCFC4-2CFE-42A2-BE6F-2710EB3921A9", "versionEndExcluding": "2.2.12", "versionStartIncluding": "2.2.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564." }, { "lang": "es", "value": "El parseador XML en el interfaz apr_xml_* en xml/apr_xml.c en Apache APR-util anteriores a v1.3.7 tal y como es utilizado en los m\u00f3dulos mod_dav y mod_dav_svn en el servidor HTTP de Apache, permite a atacantes remotos producir una denegaci\u00f3n de servicio (agotamiento de memoria) a trav\u00e9s de un documento XML manipulado que contiene un gran numero de referencias anidadas, como se demostr\u00f3 en la petici\u00f3n PROPFIND, una vulnerabilidad similar a CVE-2003-1564." } ], "id": "CVE-2009-1955", "lastModified": "2024-11-21T01:03:46.790", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2009-06-08T01:00:00.687", "references": [ { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Patch" ], "url": "http://marc.info/?l=apr-dev\u0026m=124396021826125\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Mailing List" ], "url": "http://marc.info/?l=bugtraq\u0026m=129190899612998\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Mailing List" ], "url": "http://marc.info/?l=bugtraq\u0026m=129190899612998\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "http://secunia.com/advisories/34724" }, { "source": "cve@mitre.org", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "http://secunia.com/advisories/35284" }, { "source": "cve@mitre.org", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "http://secunia.com/advisories/35360" }, { "source": "cve@mitre.org", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "http://secunia.com/advisories/35395" }, { "source": "cve@mitre.org", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "http://secunia.com/advisories/35444" }, { "source": "cve@mitre.org", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "http://secunia.com/advisories/35487" }, { "source": "cve@mitre.org", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "http://secunia.com/advisories/35565" }, { "source": "cve@mitre.org", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "http://secunia.com/advisories/35710" }, { "source": "cve@mitre.org", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "http://secunia.com/advisories/35797" }, { "source": "cve@mitre.org", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "http://secunia.com/advisories/35843" }, { "source": "cve@mitre.org", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "http://secunia.com/advisories/36473" }, { "source": "cve@mitre.org", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "http://secunia.com/advisories/37221" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://security.gentoo.org/glsa/glsa-200907-03.xml" }, { "source": "cve@mitre.org", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.538210" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://support.apple.com/kb/HT3937" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "http://svn.apache.org/viewvc?view=rev\u0026revision=781403" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0123" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK88342" }, { "source": "cve@mitre.org", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK91241" }, { "source": "cve@mitre.org", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK99478" }, { "source": "cve@mitre.org", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.debian.org/security/2009/dsa-1812" }, { "source": "cve@mitre.org", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:131" }, { "source": "cve@mitre.org", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" }, { "source": "cve@mitre.org", "tags": [ "Mailing List" ], "url": "http://www.openwall.com/lists/oss-security/2009/06/03/4" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" }, { "source": "cve@mitre.org", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2009-1107.html" }, { "source": "cve@mitre.org", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2009-1108.html" }, { "source": "cve@mitre.org", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/archive/1/506053/100/0/threaded" }, { "source": "cve@mitre.org", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/35253" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/usn-786-1" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/usn-787-1" }, { "source": "cve@mitre.org", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "http://www.vupen.com/english/advisories/2009/1907" }, { "source": "cve@mitre.org", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "http://www.vupen.com/english/advisories/2009/3184" }, { "source": "cve@mitre.org", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "http://www.vupen.com/english/advisories/2010/1107" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Patch" ], "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Patch" ], "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Patch" ], "url": "https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Patch" ], "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Patch" ], "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Patch" ], "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Patch" ], "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Patch" ], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Patch" ], "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Patch" ], "url": "https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Patch" ], "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Patch" ], "url": "https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Patch" ], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Patch" ], "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E" }, { "source": "cve@mitre.org", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10270" }, { "source": "cve@mitre.org", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12473" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "VDB Entry" ], "url": "https://www.exploit-db.com/exploits/8842" }, { "source": "cve@mitre.org", "tags": [ "Mailing List" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01173.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01201.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01228.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch" ], "url": "http://marc.info/?l=apr-dev\u0026m=124396021826125\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List" ], "url": "http://marc.info/?l=bugtraq\u0026m=129190899612998\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List" ], "url": "http://marc.info/?l=bugtraq\u0026m=129190899612998\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "http://secunia.com/advisories/34724" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "http://secunia.com/advisories/35284" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "http://secunia.com/advisories/35360" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "http://secunia.com/advisories/35395" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "http://secunia.com/advisories/35444" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "http://secunia.com/advisories/35487" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "http://secunia.com/advisories/35565" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "http://secunia.com/advisories/35710" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "http://secunia.com/advisories/35797" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "http://secunia.com/advisories/35843" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "http://secunia.com/advisories/36473" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "http://secunia.com/advisories/37221" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://security.gentoo.org/glsa/glsa-200907-03.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.538210" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://support.apple.com/kb/HT3937" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://svn.apache.org/viewvc?view=rev\u0026revision=781403" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0123" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK88342" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK91241" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK99478" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.debian.org/security/2009/dsa-1812" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:131" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List" ], "url": "http://www.openwall.com/lists/oss-security/2009/06/03/4" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2009-1107.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2009-1108.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/archive/1/506053/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/35253" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/usn-786-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/usn-787-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "http://www.vupen.com/english/advisories/2009/1907" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "http://www.vupen.com/english/advisories/2009/3184" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "http://www.vupen.com/english/advisories/2010/1107" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch" ], "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch" ], "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch" ], "url": "https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch" ], "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch" ], "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch" ], "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch" ], "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch" ], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch" ], "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch" ], "url": "https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch" ], "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch" ], "url": "https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch" ], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch" ], "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10270" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12473" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "VDB Entry" ], "url": "https://www.exploit-db.com/exploits/8842" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01173.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01201.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01228.html" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-776" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2021-09-16 15:15
Modified
2024-11-21 06:11
Severity ?
Summary
Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
apache | http_server | * | |
fedoraproject | fedora | 34 | |
fedoraproject | fedora | 35 | |
debian | debian_linux | 9.0 | |
debian | debian_linux | 10.0 | |
debian | debian_linux | 11.0 | |
netapp | cloud_backup | - | |
netapp | clustered_data_ontap | - | |
netapp | storagegrid | - | |
tenable | tenable.sc | * | |
oracle | communications_cloud_native_core_network_function_cloud_native_environment | 1.10.0 | |
oracle | enterprise_manager_base_platform | 13.4.0.0 | |
oracle | enterprise_manager_base_platform | 13.5.0.0 | |
oracle | http_server | 12.2.1.3.0 | |
oracle | http_server | 12.2.1.4.0 | |
oracle | instantis_enterprisetrack | 17.1 | |
oracle | instantis_enterprisetrack | 17.2 | |
oracle | instantis_enterprisetrack | 17.3 | |
oracle | peoplesoft_enterprise_peopletools | 8.58 | |
oracle | zfs_storage_appliance_kit | 8.8 | |
broadcom | brocade_fabric_operating_system_firmware | - | |
siemens | ruggedcom_nms | * | |
siemens | sinec_nms | * | |
siemens | sinema_remote_connect_server | * | |
siemens | sinema_server | 14.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "1691C7CE-5CDA-4B9A-854E-3B58C1115526", "versionEndIncluding": "2.4.48", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", "matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*", "matchCriteriaId": "8ADFF451-740F-4DBA-BD23-3881945D3E40", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*", "matchCriteriaId": "A686FAF0-1383-4BBB-B7F5-CBCCAB55B356", "versionEndIncluding": "5.19.1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "C2A5B24D-BDF2-423C-98EA-A40778C01A05", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "6E8758C8-87D3-450A-878B-86CE8C9FC140", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "DFC79B17-E9D2-44D5-93ED-2F959E7A3D43", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "AD04BEE5-E9A8-4584-A68C-0195CE9C402C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*", "matchCriteriaId": "82EA4BA7-C38B-4AF3-8914-9E3D089EBDD4", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*", "matchCriteriaId": "B9C9BC66-FA5F-4774-9BDA-7AB88E2839C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*", "matchCriteriaId": "7F69B9A5-F21B-4904-9F27-95C0F7A628E3", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*", "matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*", "matchCriteriaId": "D3E503FB-6279-4D4A-91D8-E237ECF9D2B0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:broadcom:brocade_fabric_operating_system_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "B2748912-FC54-47F6-8C0C-B96784765B8E", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:siemens:ruggedcom_nms:*:*:*:*:*:*:*:*", "matchCriteriaId": "414A7F48-EFA5-4D86-9F8D-5A179A6CFC39", "vulnerable": true }, { "criteria": "cpe:2.3:a:siemens:sinec_nms:*:*:*:*:*:*:*:*", "matchCriteriaId": "D09241FF-5652-4020-A626-D604134D5020", "vulnerable": true }, { "criteria": "cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "98CC9C9A-FE14-4D50-A8EC-C309229356C8", "versionEndExcluding": "3.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:siemens:sinema_server:14.0:-:*:*:*:*:*:*", "matchCriteriaId": "B0A5CC25-A323-4D49-8989-5A417D12D646", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier." }, { "lang": "es", "value": "Unas peticiones malformadas pueden causar que el servidor haga desreferencia a un puntero NULL. Este problema afecta a Apache HTTP Server versiones 2.4.48 y anteriores" } ], "id": "CVE-2021-34798", "lastModified": "2024-11-21T06:11:13.650", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-09-16T15:15:07.267", "references": [ { "source": "security@apache.org", "tags": [ "Release Notes", "Vendor Advisory" ], "url": "http://httpd.apache.org/security/vulnerabilities_24.html" }, { "source": "security@apache.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf" }, { "source": "security@apache.org", "tags": [ "Third Party Advisory" ], "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10379" }, { "source": "security@apache.org", "url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E" }, { "source": "security@apache.org", "url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E" }, { "source": "security@apache.org", "url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E" }, { "source": "security@apache.org", "url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E" }, { "source": "security@apache.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html" }, { "source": "security@apache.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/" }, { "source": "security@apache.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/" }, { "source": "security@apache.org", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202208-20" }, { "source": "security@apache.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20211008-0004/" }, { "source": "security@apache.org", "tags": [ "Third Party Advisory" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ" }, { "source": "security@apache.org", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2021/dsa-4982" }, { "source": "security@apache.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "source": "security@apache.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "source": "security@apache.org", "tags": [ "Third Party Advisory" ], "url": "https://www.tenable.com/security/tns-2021-17" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Release Notes", "Vendor Advisory" ], "url": "http://httpd.apache.org/security/vulnerabilities_24.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10379" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202208-20" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20211008-0004/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2021/dsa-4982" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.tenable.com/security/tns-2021-17" } ], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-476" } ], "source": "security@apache.org", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-476" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-02-09 23:15
Modified
2024-11-21 06:38
Severity ?
Summary
A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
python | python | * | |
python | python | * | |
python | python | * | |
python | python | * | |
python | python | 3.10.0 | |
python | python | 3.10.0 | |
python | python | 3.10.0 | |
python | python | 3.10.0 | |
python | python | 3.10.0 | |
python | python | 3.10.0 | |
netapp | active_iq_unified_manager | - | |
netapp | hci | - | |
netapp | management_services_for_element_software | - | |
netapp | ontap_select_deploy_administration_utility | - | |
netapp | solidfire\,_enterprise_sds_\&_hci_storage_node | - | |
netapp | hci_compute_node | - | |
fedoraproject | fedora | 34 | |
fedoraproject | fedora | 35 | |
oracle | http_server | 12.2.1.3.0 | |
oracle | http_server | 12.2.1.4.0 | |
oracle | zfs_storage_appliance_kit | 8.8 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "matchCriteriaId": "C0AA4B12-CF3C-4327-983C-9067D7D97B57", "versionEndExcluding": "3.6.14", "vulnerable": true }, { "criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "matchCriteriaId": "63D83236-D590-43D4-82C0-B0C656E02A29", "versionEndExcluding": "3.7.11", "versionStartIncluding": "3.7.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "matchCriteriaId": "AEAFF8F2-FA7C-4FFA-B592-E37EF28D6B59", "versionEndExcluding": "3.8.11", "versionStartIncluding": "3.8.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "matchCriteriaId": "91FD0AF9-B011-4238-8CF1-BDEA0399AF82", "versionEndExcluding": "3.9.5", "versionStartIncluding": "3.9.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:python:python:3.10.0:alpha1:*:*:*:*:*:*", "matchCriteriaId": "D3A22303-914F-4EB6-9CCE-EE0D5EDB424B", "vulnerable": true }, { "criteria": "cpe:2.3:a:python:python:3.10.0:alpha2:*:*:*:*:*:*", "matchCriteriaId": "349F5466-4F47-47FB-B600-55DB4F919E1A", "vulnerable": true }, { "criteria": "cpe:2.3:a:python:python:3.10.0:alpha3:*:*:*:*:*:*", "matchCriteriaId": "14EE982A-1DA9-4D34-B748-862DE731BE69", "vulnerable": true }, { "criteria": "cpe:2.3:a:python:python:3.10.0:alpha4:*:*:*:*:*:*", "matchCriteriaId": "D0B1D471-35D3-4289-8C74-63C36233C18D", "vulnerable": true }, { "criteria": "cpe:2.3:a:python:python:3.10.0:alpha5:*:*:*:*:*:*", "matchCriteriaId": "D613BB2D-D583-44CC-9C22-38CE434FDDFD", "vulnerable": true }, { "criteria": "cpe:2.3:a:python:python:3.10.0:alpha6:*:*:*:*:*:*", "matchCriteriaId": "2075995B-9D49-4EFE-9743-5ACE0B6DEF62", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vsphere:*:*", "matchCriteriaId": "E8F29E19-3A64-4426-A2AA-F169440267CC", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:hci:-:*:*:*:*:*:*:*", "matchCriteriaId": "8A6E548F-62E9-40CB-85DA-FDAA0F0096C6", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "86B51137-28D9-41F2-AFA2-3CC22B4954D1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", "matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:solidfire\\,_enterprise_sds_\\\u0026_hci_storage_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "DAA3919C-B2B1-4CB5-BA76-7A079AAFFC52", "vulnerable": true }, { "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "DFC79B17-E9D2-44D5-93ED-2F959E7A3D43", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "AD04BEE5-E9A8-4584-A68C-0195CE9C402C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*", "matchCriteriaId": "D3E503FB-6279-4D4A-91D8-E237ECF9D2B0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like \u0027\\r\u0027 and \u0027\\n\u0027 in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14." }, { "lang": "es", "value": "Se ha encontrado un fallo en Python, concretamente en el m\u00f3dulo urllib.parse. Este m\u00f3dulo ayuda a dividir las cadenas de localizadores de recursos uniformes (URL) en componentes. El problema involucra como el m\u00e9todo urlparse no sanea la entrada y permite caracteres como \"\\r\" y \"\\n\" en la ruta de la URL. Este fallo permite a un atacante introducir una URL dise\u00f1ada, conllevando a ataques de inyecci\u00f3n. Este fallo afecta a Python versiones anteriores a 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 y 3.6.14" } ], "id": "CVE-2022-0391", "lastModified": "2024-11-21T06:38:31.507", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-02-09T23:15:16.580", "references": [ { "source": "secalert@redhat.com", "tags": [ "Exploit", "Issue Tracking", "Patch", "Vendor Advisory" ], "url": "https://bugs.python.org/issue43882" }, { "source": "secalert@redhat.com", "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html" }, { "source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CSD2YBXP3ZF44E44QMIIAR5VTO35KTRB/" }, { "source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDBDBAU6HUPZHISBOARTXZ5GKHF2VH5U/" }, { "source": "secalert@redhat.com", "url": "https://security.gentoo.org/glsa/202305-02" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20220225-0009/" }, { "source": "secalert@redhat.com", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Issue Tracking", "Patch", "Vendor Advisory" ], "url": "https://bugs.python.org/issue43882" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CSD2YBXP3ZF44E44QMIIAR5VTO35KTRB/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDBDBAU6HUPZHISBOARTXZ5GKHF2VH5U/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/202305-02" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20220225-0009/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-74" } ], "source": "secalert@redhat.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-74" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2021-12-20 12:15
Modified
2024-11-21 06:30
Severity ?
Summary
A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included).
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "F280AFE0-EB05-4ABF-85A7-9518AD485C49", "versionEndExcluding": "2.4.52", "versionStartIncluding": "2.4.7", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*", "matchCriteriaId": "3304C5DC-0353-4AC8-884E-2154C9224BE9", "versionEndExcluding": "5.20.0", "versionStartIncluding": "5.14.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*", "matchCriteriaId": "161BA9E6-265F-4245-8053-5734333322E5", "versionEndExcluding": "202201.1", "versionStartIncluding": "5.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "02712DD6-D944-4452-8015-000B9851D257", "versionEndExcluding": "9.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "E3517A27-E6EE-497C-9996-F78171BBE90F", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*", "matchCriteriaId": "CBE1A019-7BB6-4226-8AC4-9D6927ADAEFA", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*", "matchCriteriaId": "B98BAEB2-A540-4E8A-A946-C4331B913AFD", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "B8FBE260-E306-4215-80C0-D2D27CA43E0F", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "274BCA96-2E6A-4B77-B69E-E2093A668D28", "versionEndExcluding": "9.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "8D4B738B-08CF-44F6-A939-39F5BEAF03B2", "versionEndExcluding": "9.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:http_server:-:*:*:*:*:*:*:*", "matchCriteriaId": "E290BD43-5AB2-4641-B4AC-BC99FFBF7833", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "DFC79B17-E9D2-44D5-93ED-2F959E7A3D43", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "AD04BEE5-E9A8-4584-A68C-0195CE9C402C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*", "matchCriteriaId": "82EA4BA7-C38B-4AF3-8914-9E3D089EBDD4", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*", "matchCriteriaId": "B9C9BC66-FA5F-4774-9BDA-7AB88E2839C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*", "matchCriteriaId": "7F69B9A5-F21B-4904-9F27-95C0F7A628E3", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:*:*:*:*:*:*:*", "matchCriteriaId": "89161D20-EB9C-4EC0-8D82-75B27CE49264", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*", "matchCriteriaId": "F1F4BF7F-90D4-4668-B4E6-B06F4070F448", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*", "matchCriteriaId": "0F441A43-1669-478D-9EC8-E96882DE4F9F", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*", "matchCriteriaId": "D425C653-37A2-448C-BF2F-B684ADB08A26", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*", "matchCriteriaId": "A54D63B7-B92B-47C3-B1C5-9892E5873A98", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-004:*:*:*:*:*:*", "matchCriteriaId": "3456176F-9185-4EE2-A8CE-3D989D674AB7", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-005:*:*:*:*:*:*", "matchCriteriaId": "D337EE21-2F00-484D-9285-F2B0248D7A19", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-006:*:*:*:*:*:*", "matchCriteriaId": "012052B5-9AA7-4FD3-9C80-5F615330039D", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-007:*:*:*:*:*:*", "matchCriteriaId": "50F21A3C-0AC3-48C5-A4F8-5A7B478875B4", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-008:*:*:*:*:*:*", "matchCriteriaId": "8E974DC6-F7D9-4389-9AF9-863F6E419CE6", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-001:*:*:*:*:*:*", "matchCriteriaId": "156A6382-2BD3-4882-90B2-8E7CF6659E17", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-002:*:*:*:*:*:*", "matchCriteriaId": "20A2FDB2-6712-406A-9896-C0B44508B07D", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-003:*:*:*:*:*:*", "matchCriteriaId": "49F537A0-DC42-4176-B22F-C80D179DD99D", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "3BD2A211-4E62-40BF-9BA0-5239FA6F0AF8", "versionEndExcluding": "10.15.7", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "09A6345C-D813-43BA-B12E-789C80653F86", "versionEndExcluding": "11.6.6", "versionStartIncluding": "11.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "56A8A170-44A7-4334-88B0-CB4413E28E53", "versionEndExcluding": "12.4", "versionStartIncluding": "12.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included)." }, { "lang": "es", "value": "Un URI dise\u00f1ado que es enviado a httpd configurado como proxy directo (ProxyRequests on) puede causar un fallo (desreferencia de puntero NULL) o, en el caso de configuraciones que mezclan declaraciones de proxy directo e inverso, puede permitir que las peticiones se dirijan a un endpoint de socket de dominio Unix declarado (Server Side Request Forgery). Este problema afecta a Apache HTTP Server versiones 2.4.7 hasta 2.4.51 (incluy\u00e9ndola)" } ], "id": "CVE-2021-44224", "lastModified": "2024-11-21T06:30:37.133", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-12-20T12:15:07.393", "references": [ { "source": "security@apache.org", "tags": [ "Vendor Advisory" ], "url": "http://httpd.apache.org/security/vulnerabilities_24.html" }, { "source": "security@apache.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2022/May/33" }, { "source": "security@apache.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2022/May/35" }, { "source": "security@apache.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2022/May/38" }, { "source": "security@apache.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2021/12/20/3" }, { "source": "security@apache.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFSWOH4X77CV7AH7C4RMHUBDWKQDL4YH/" }, { "source": "security@apache.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/" }, { "source": "security@apache.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/" }, { "source": "security@apache.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/" }, { "source": "security@apache.org", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202208-20" }, { "source": "security@apache.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20211224-0001/" }, { "source": "security@apache.org", "tags": [ "Third Party Advisory" ], "url": "https://support.apple.com/kb/HT213255" }, { "source": "security@apache.org", "tags": [ "Third Party Advisory" ], "url": "https://support.apple.com/kb/HT213256" }, { "source": "security@apache.org", "tags": [ "Third Party Advisory" ], "url": "https://support.apple.com/kb/HT213257" }, { "source": "security@apache.org", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2022/dsa-5035" }, { "source": "security@apache.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "source": "security@apache.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "source": "security@apache.org", "tags": [ "Third Party Advisory" ], "url": "https://www.tenable.com/security/tns-2022-01" }, { "source": "security@apache.org", "tags": [ "Third Party Advisory" ], "url": "https://www.tenable.com/security/tns-2022-03" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://httpd.apache.org/security/vulnerabilities_24.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2022/May/33" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2022/May/35" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2022/May/38" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2021/12/20/3" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFSWOH4X77CV7AH7C4RMHUBDWKQDL4YH/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202208-20" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20211224-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://support.apple.com/kb/HT213255" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://support.apple.com/kb/HT213256" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://support.apple.com/kb/HT213257" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2022/dsa-5035" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.tenable.com/security/tns-2022-01" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.tenable.com/security/tns-2022-03" } ], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-476" } ], "source": "security@apache.org", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-476" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2021-09-16 15:15
Modified
2024-11-21 06:13
Severity ?
Summary
A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
apache | http_server | * | |
fedoraproject | fedora | 34 | |
fedoraproject | fedora | 35 | |
debian | debian_linux | 9.0 | |
debian | debian_linux | 10.0 | |
debian | debian_linux | 11.0 | |
netapp | cloud_backup | - | |
netapp | clustered_data_ontap | - | |
netapp | storagegrid | - | |
oracle | communications_cloud_native_core_network_function_cloud_native_environment | 1.10.0 | |
oracle | enterprise_manager_base_platform | 13.4.0.0 | |
oracle | enterprise_manager_base_platform | 13.5.0.0 | |
oracle | http_server | 12.2.1.3.0 | |
oracle | http_server | 12.2.1.4.0 | |
oracle | instantis_enterprisetrack | 17.1 | |
oracle | instantis_enterprisetrack | 17.2 | |
oracle | instantis_enterprisetrack | 17.3 | |
oracle | peoplesoft_enterprise_peopletools | 8.58 | |
oracle | zfs_storage_appliance_kit | 8.8 | |
broadcom | brocade_fabric_operating_system_firmware | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "C16E260F-1413-466B-9EFA-0196E6B5A0BB", "versionEndIncluding": "2.4.48", "versionStartIncluding": "2.4.30", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", "matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*", "matchCriteriaId": "8ADFF451-740F-4DBA-BD23-3881945D3E40", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "C2A5B24D-BDF2-423C-98EA-A40778C01A05", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "6E8758C8-87D3-450A-878B-86CE8C9FC140", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "DFC79B17-E9D2-44D5-93ED-2F959E7A3D43", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "AD04BEE5-E9A8-4584-A68C-0195CE9C402C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*", "matchCriteriaId": "82EA4BA7-C38B-4AF3-8914-9E3D089EBDD4", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*", "matchCriteriaId": "B9C9BC66-FA5F-4774-9BDA-7AB88E2839C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*", "matchCriteriaId": "7F69B9A5-F21B-4904-9F27-95C0F7A628E3", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*", "matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*", "matchCriteriaId": "D3E503FB-6279-4D4A-91D8-E237ECF9D2B0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:broadcom:brocade_fabric_operating_system_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "B2748912-FC54-47F6-8C0C-B96784765B8E", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive)." }, { "lang": "es", "value": "Una uri-path de petici\u00f3n cuidadosamente dise\u00f1ada puede causar que la funci\u00f3n mod_proxy_uwsgi lea por encima de la memoria asignada y se bloquee (DoS). Este problema afecta a Apache HTTP Server versiones 2.4.30 a 2.4.48 (incluy\u00e9ndola)" } ], "id": "CVE-2021-36160", "lastModified": "2024-11-21T06:13:13.723", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-09-16T15:15:07.330", "references": [ { "source": "security@apache.org", "tags": [ "Release Notes", "Vendor Advisory" ], "url": "http://httpd.apache.org/security/vulnerabilities_24.html" }, { "source": "security@apache.org", "url": "https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3Cbugs.httpd.apache.org%3E" }, { "source": "security@apache.org", "url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E" }, { "source": "security@apache.org", "url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E" }, { "source": "security@apache.org", "url": "https://lists.apache.org/thread.html/r73260f6ba9fb52e43d860905fc90462ba5a814afda2d011f32bbd41c%40%3Cbugs.httpd.apache.org%3E" }, { "source": "security@apache.org", "url": "https://lists.apache.org/thread.html/r7f2746e916ed370239bc1a1025e5ebbf345f79df9ea0ea39e44acfbb%40%3Cbugs.httpd.apache.org%3E" }, { "source": "security@apache.org", "url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E" }, { "source": "security@apache.org", "url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E" }, { "source": "security@apache.org", "url": "https://lists.apache.org/thread.html/r94a61a1517133a19dcf40016e87454ea86e355d06a0cec4c778530f3%40%3Cbugs.httpd.apache.org%3E" }, { "source": "security@apache.org", "url": "https://lists.apache.org/thread.html/ra1c05a392587bfe34383dffe1213edc425de8d4afc25b7cefab3e781%40%3Cbugs.httpd.apache.org%3E" }, { "source": "security@apache.org", "url": "https://lists.apache.org/thread.html/ra87a69d0703d09dc52b86e32b08f8d7327af10acdd5f577a4e82596a%40%3Cbugs.httpd.apache.org%3E" }, { "source": "security@apache.org", "url": "https://lists.apache.org/thread.html/rb2341c8786d0f9924f5b666e82d8d170b4804f50a523d750551bef1a%40%3Cbugs.httpd.apache.org%3E" }, { "source": "security@apache.org", "url": "https://lists.apache.org/thread.html/re4162adc051c1a0a79e7a24093f3776373e8733abaff57253fef341d%40%3Ccvs.httpd.apache.org%3E" }, { "source": "security@apache.org", "url": "https://lists.apache.org/thread.html/ree7519d71415ecdd170ff1889cab552d71758d2ba2904a17ded21a70%40%3Ccvs.httpd.apache.org%3E" }, { "source": "security@apache.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00016.html" }, { "source": "security@apache.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00016.html" }, { "source": "security@apache.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/" }, { "source": "security@apache.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/" }, { "source": "security@apache.org", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202208-20" }, { "source": "security@apache.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20211008-0004/" }, { "source": "security@apache.org", "tags": [ "Third Party Advisory" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ" }, { "source": "security@apache.org", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2021/dsa-4982" }, { "source": "security@apache.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "source": "security@apache.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Release Notes", "Vendor Advisory" ], "url": "http://httpd.apache.org/security/vulnerabilities_24.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3Cbugs.httpd.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r73260f6ba9fb52e43d860905fc90462ba5a814afda2d011f32bbd41c%40%3Cbugs.httpd.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r7f2746e916ed370239bc1a1025e5ebbf345f79df9ea0ea39e44acfbb%40%3Cbugs.httpd.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r94a61a1517133a19dcf40016e87454ea86e355d06a0cec4c778530f3%40%3Cbugs.httpd.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/ra1c05a392587bfe34383dffe1213edc425de8d4afc25b7cefab3e781%40%3Cbugs.httpd.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/ra87a69d0703d09dc52b86e32b08f8d7327af10acdd5f577a4e82596a%40%3Cbugs.httpd.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/rb2341c8786d0f9924f5b666e82d8d170b4804f50a523d750551bef1a%40%3Cbugs.httpd.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/re4162adc051c1a0a79e7a24093f3776373e8733abaff57253fef341d%40%3Ccvs.httpd.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/ree7519d71415ecdd170ff1889cab552d71758d2ba2904a17ded21a70%40%3Ccvs.httpd.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00016.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00016.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202208-20" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20211008-0004/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2021/dsa-4982" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" } ], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-125" } ], "source": "security@apache.org", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-125" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:52
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
oracle | http_server | 8.1.7 | |
oracle | http_server | 9.0.1 | |
oracle | http_server | 9.2.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:http_server:8.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "54FCC402-401B-4830-8181-78E49E1F1F72", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:http_server:9.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "8B72A661-9EAA-4B9B-8865-17C8A29871BB", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:http_server:9.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "7485BFF1-6863-4165-BE36-D656F39CF5EF", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request." } ], "id": "CVE-2004-2115", "lastModified": "2024-11-20T23:52:31.787", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-12-31T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=107496560106967\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/9484" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14930" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=107496560106967\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/9484" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14930" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-02-18 05:15
Modified
2024-11-21 06:51
Severity ?
Summary
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
libexpat_project | libexpat | * | |
debian | debian_linux | 10.0 | |
debian | debian_linux | 11.0 | |
fedoraproject | fedora | 34 | |
fedoraproject | fedora | 35 | |
oracle | http_server | 12.2.1.3.0 | |
oracle | http_server | 12.2.1.4.0 | |
oracle | zfs_storage_appliance_kit | 8.8 | |
siemens | sinema_remote_connect_server | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*", "matchCriteriaId": "00DE2EDB-AEA7-4BA2-9588-A6C05BE661E4", "versionEndExcluding": "2.4.5", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "DFC79B17-E9D2-44D5-93ED-2F959E7A3D43", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "AD04BEE5-E9A8-4584-A68C-0195CE9C402C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*", "matchCriteriaId": "D3E503FB-6279-4D4A-91D8-E237ECF9D2B0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "98CC9C9A-FE14-4D50-A8EC-C309229356C8", "versionEndExcluding": "3.1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames." }, { "lang": "es", "value": "En Expat (tambi\u00e9n se conoce como libexpat) versiones anteriores a 2.4.5, se presenta un desbordamiento de enteros en storeRawNames" } ], "id": "CVE-2022-25315", "lastModified": "2024-11-21T06:51:59.067", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-02-18T05:15:08.237", "references": [ { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2022/02/19/1" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://github.com/libexpat/libexpat/pull/559" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html" }, { "source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/" }, { "source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202209-24" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20220303-0008/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2022/dsa-5085" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2022/02/19/1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://github.com/libexpat/libexpat/pull/559" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202209-24" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20220303-0008/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2022/dsa-5085" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-190" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2015-04-01 02:00
Modified
2024-11-21 02:28
Severity ?
Summary
The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.
References