Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2014-AVI-244
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans Oracle Solaris. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
Title | Publication Time | Tags | |||
---|---|---|---|---|---|
|
{ "$ref": "https://www.cert.ssi.gouv.fr/openapi.json", "affected_systems": [ { "description": "Solaris 8", "product": { "name": "N/A", "vendor": { "name": "Oracle", "scada": false } } }, { "description": "Solaris 11.1", "product": { "name": "N/A", "vendor": { "name": "Oracle", "scada": false } } }, { "description": "Solaris 9", "product": { "name": "N/A", "vendor": { "name": "Oracle", "scada": false } } }, { "description": "Solaris 10", "product": { "name": "N/A", "vendor": { "name": "Oracle", "scada": false } } } ], "affected_systems_content": null, "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n", "cves": [ { "name": "CVE-2013-4286", "url": "https://www.cve.org/CVERecord?id=CVE-2013-4286" }, { "name": "CVE-2013-0200", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0200" }, { "name": "CVE-2013-4590", "url": "https://www.cve.org/CVERecord?id=CVE-2013-4590" }, { "name": "CVE-2013-6712", "url": "https://www.cve.org/CVERecord?id=CVE-2013-6712" }, { "name": "CVE-2013-6420", "url": "https://www.cve.org/CVERecord?id=CVE-2013-6420" }, { "name": "CVE-2013-1571", "url": "https://www.cve.org/CVERecord?id=CVE-2013-1571" }, { "name": "CVE-2012-4037", "url": "https://www.cve.org/CVERecord?id=CVE-2012-4037" }, { "name": "CVE-2006-4810", "url": "https://www.cve.org/CVERecord?id=CVE-2006-4810" }, { "name": "CVE-2013-4242", "url": "https://www.cve.org/CVERecord?id=CVE-2013-4242" }, { "name": "CVE-2010-0205", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0205" }, { "name": "CVE-2010-2249", "url": "https://www.cve.org/CVERecord?id=CVE-2010-2249" }, { "name": "CVE-2013-4248", "url": "https://www.cve.org/CVERecord?id=CVE-2013-4248" }, { "name": "CVE-2014-0098", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0098" }, { "name": "CVE-2010-1205", "url": "https://www.cve.org/CVERecord?id=CVE-2010-1205" }, { "name": "CVE-2014-1943", "url": "https://www.cve.org/CVERecord?id=CVE-2014-1943" }, { "name": "CVE-2014-2281", "url": "https://www.cve.org/CVERecord?id=CVE-2014-2281" }, { "name": "CVE-2013-4496", "url": "https://www.cve.org/CVERecord?id=CVE-2013-4496" }, { "name": "CVE-2013-4322", "url": "https://www.cve.org/CVERecord?id=CVE-2013-4322" }, { "name": "CVE-2013-5211", "url": "https://www.cve.org/CVERecord?id=CVE-2013-5211" }, { "name": "CVE-2014-0033", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0033" }, { "name": "CVE-2014-0591", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0591" }, { "name": "CVE-2012-3544", "url": "https://www.cve.org/CVERecord?id=CVE-2012-3544" }, { "name": "CVE-2014-2283", "url": "https://www.cve.org/CVERecord?id=CVE-2014-2283" }, { "name": "CVE-2013-6438", "url": "https://www.cve.org/CVERecord?id=CVE-2013-6438" }, { "name": "CVE-2014-2270", "url": "https://www.cve.org/CVERecord?id=CVE-2014-2270" }, { "name": "CVE-2013-4238", "url": "https://www.cve.org/CVERecord?id=CVE-2013-4238" }, { "name": "CVE-2014-1912", "url": "https://www.cve.org/CVERecord?id=CVE-2014-1912" }, { "name": "CVE-2014-2282", "url": "https://www.cve.org/CVERecord?id=CVE-2014-2282" } ], "initial_release_date": "2014-05-27T00:00:00", "last_revision_date": "2014-05-27T00:00:00", "links": [], "reference": "CERTFR-2014-AVI-244", "revisions": [ { "description": "version initiale.", "revision_date": "2014-05-27T00:00:00.000000" } ], "risks": [ { "description": "Injection de code indirecte \u00e0 distance" }, { "description": "Ex\u00e9cution de code arbitraire \u00e0 distance" }, { "description": "D\u00e9ni de service \u00e0 distance" }, { "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es" }, { "description": "D\u00e9ni de service" }, { "description": "Contournement de la politique de s\u00e9curit\u00e9" }, { "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur" } ], "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eOracle Solaris\u003c/span\u003e. Certaines d\u0027entre elles permettent\n\u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par\nl\u0027\u00e9diteur, une ex\u00e9cution de code arbitraire \u00e0 distance et un d\u00e9ni de\nservice \u00e0 distance.\n", "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Solaris", "vendor_advisories": [ { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Oracle du 22 mai 2014", "url": "http://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html" } ] }
CVE-2013-4322 (GCVE-0-2013-4322)
Vulnerability from cvelistv5
Published
2014-02-26 11:00
Modified
2024-08-06 16:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T16:38:01.901Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/security/advisories/VMSA-2014-0008.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1549522" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" }, { "name": "RHSA-2014:0686", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://rhn.redhat.com/errata/RHSA-2014-0686.html" }, { "name": "MDVSA-2015:052", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:052" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1549523" }, { "name": "59724", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59724" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1069905" }, { "name": "MDVSA-2015:084", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:084" }, { "name": "DSA-3530", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3530" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://tomcat.apache.org/security-7.html" }, { "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678113" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://tomcat.apache.org/security-8.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677147" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://advisories.mageia.org/MGASA-2014-0148.html" }, { "name": "59722", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59722" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://tomcat.apache.org/security-6.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013" }, { "name": "59675", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59675" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" }, { "name": "USN-2130-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2130-1" }, { "name": "59873", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59873" }, { "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2014/Dec/23" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21667883" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1556540" }, { "name": "HPSBOV03503", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=144498216801440\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" }, { "name": "65767", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/65767" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1521834" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675886" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1521864" }, { "name": "59036", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59036" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-02-25T00:00:00", "descriptions": [ { "lang": "en", "value": "Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-02-13T16:09:40", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/security/advisories/VMSA-2014-0008.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1549522" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" }, { "name": "RHSA-2014:0686", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://rhn.redhat.com/errata/RHSA-2014-0686.html" }, { "name": "MDVSA-2015:052", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:052" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1549523" }, { "name": "59724", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59724" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1069905" }, { "name": "MDVSA-2015:084", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:084" }, { "name": "DSA-3530", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3530" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://tomcat.apache.org/security-7.html" }, { "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678113" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://tomcat.apache.org/security-8.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677147" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://advisories.mageia.org/MGASA-2014-0148.html" }, { "name": "59722", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59722" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://tomcat.apache.org/security-6.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013" }, { "name": "59675", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59675" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" }, { "name": "USN-2130-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2130-1" }, { "name": "59873", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59873" }, { "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2014/Dec/23" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21667883" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1556540" }, { "name": "HPSBOV03503", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=144498216801440\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" }, { "name": "65767", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/65767" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1521834" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675886" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1521864" }, { "name": "59036", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59036" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4322", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.vmware.com/security/advisories/VMSA-2014-0008.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2014-0008.html" }, { "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1549522", "refsource": "CONFIRM", "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1549522" }, { "name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" }, { "name": "RHSA-2014:0686", "refsource": "REDHAT", "url": "https://rhn.redhat.com/errata/RHSA-2014-0686.html" }, { "name": "MDVSA-2015:052", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:052" }, { "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1549523", "refsource": "CONFIRM", "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1549523" }, { "name": "59724", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59724" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1069905", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1069905" }, { "name": "MDVSA-2015:084", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:084" }, { "name": "DSA-3530", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3530" }, { "name": "http://tomcat.apache.org/security-7.html", "refsource": "CONFIRM", "url": "http://tomcat.apache.org/security-7.html" }, { "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678113", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678113" }, { "name": "http://tomcat.apache.org/security-8.html", "refsource": "CONFIRM", "url": "http://tomcat.apache.org/security-8.html" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21677147", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677147" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231" }, { "name": "http://advisories.mageia.org/MGASA-2014-0148.html", "refsource": "CONFIRM", "url": "http://advisories.mageia.org/MGASA-2014-0148.html" }, { "name": "59722", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59722" }, { "name": "http://tomcat.apache.org/security-6.html", "refsource": "CONFIRM", "url": "http://tomcat.apache.org/security-6.html" }, { "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013", "refsource": "CONFIRM", "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013" }, { "name": "59675", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59675" }, { "name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" }, { "name": "USN-2130-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2130-1" }, { "name": "59873", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59873" }, { "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2014/Dec/23" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21667883", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21667883" }, { "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1556540", "refsource": "CONFIRM", "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1556540" }, { "name": "HPSBOV03503", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=144498216801440\u0026w=2" }, { "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" }, { "name": "65767", "refsource": "BID", "url": "http://www.securityfocus.com/bid/65767" }, { "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1521834", "refsource": "CONFIRM", "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1521834" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21675886", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675886" }, { "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1521864", "refsource": "CONFIRM", "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1521864" }, { "name": "59036", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59036" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-4322", "datePublished": "2014-02-26T11:00:00", "dateReserved": "2013-06-12T00:00:00", "dateUpdated": "2024-08-06T16:38:01.901Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2013-4286 (GCVE-0-2013-4286)
Vulnerability from cvelistv5
Published
2014-02-26 11:00
Modified
2024-08-06 16:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T16:38:01.900Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2014:0345", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0345.html" }, { "name": "59733", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59733" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" }, { "name": "RHSA-2014:0686", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://rhn.redhat.com/errata/RHSA-2014-0686.html" }, { "name": "MDVSA-2015:052", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:052" }, { "name": "59724", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59724" }, { "name": "DSA-3530", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3530" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://tomcat.apache.org/security-7.html" }, { "name": "57675", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/57675" }, { "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" }, { "name": "RHSA-2014:0344", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0344.html" }, { "name": "HPSBUX03150", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=141390017113542\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678113" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://tomcat.apache.org/security-8.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677147" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://advisories.mageia.org/MGASA-2014-0148.html" }, { "name": "59722", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59722" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://tomcat.apache.org/security-6.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013" }, { "name": "59675", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59675" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" }, { "name": "USN-2130-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2130-1" }, { "name": "59873", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59873" }, { "name": "RHSA-2014:0343", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0343.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1521854" }, { "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2014/Dec/23" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21667883" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1069921" }, { "name": "HPSBOV03503", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=144498216801440\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1552565" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675886" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1521829" }, { "name": "65773", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/65773" }, { "name": "59036", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59036" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-02-25T00:00:00", "descriptions": [ { "lang": "en", "value": "Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request\u0027s length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a \"Transfer-Encoding: chunked\" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-02-13T16:09:50", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2014:0345", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0345.html" }, { "name": "59733", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59733" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" }, { "name": "RHSA-2014:0686", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://rhn.redhat.com/errata/RHSA-2014-0686.html" }, { "name": "MDVSA-2015:052", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:052" }, { "name": "59724", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59724" }, { "name": "DSA-3530", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3530" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://tomcat.apache.org/security-7.html" }, { "name": "57675", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/57675" }, { "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" }, { "name": "RHSA-2014:0344", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0344.html" }, { "name": "HPSBUX03150", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=141390017113542\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678113" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://tomcat.apache.org/security-8.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677147" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://advisories.mageia.org/MGASA-2014-0148.html" }, { "name": "59722", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59722" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://tomcat.apache.org/security-6.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013" }, { "name": "59675", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59675" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" }, { "name": "USN-2130-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2130-1" }, { "name": "59873", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59873" }, { "name": "RHSA-2014:0343", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0343.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1521854" }, { "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2014/Dec/23" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21667883" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1069921" }, { "name": "HPSBOV03503", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=144498216801440\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1552565" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675886" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1521829" }, { "name": "65773", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/65773" }, { "name": "59036", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59036" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4286", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request\u0027s length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a \"Transfer-Encoding: chunked\" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2014:0345", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-0345.html" }, { "name": "59733", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59733" }, { "name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" }, { "name": "RHSA-2014:0686", "refsource": "REDHAT", "url": "https://rhn.redhat.com/errata/RHSA-2014-0686.html" }, { "name": "MDVSA-2015:052", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:052" }, { "name": "59724", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59724" }, { "name": "DSA-3530", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3530" }, { "name": "http://tomcat.apache.org/security-7.html", "refsource": "CONFIRM", "url": "http://tomcat.apache.org/security-7.html" }, { "name": "57675", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/57675" }, { "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" }, { "name": "RHSA-2014:0344", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-0344.html" }, { "name": "HPSBUX03150", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=141390017113542\u0026w=2" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678113", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678113" }, { "name": "http://tomcat.apache.org/security-8.html", "refsource": "CONFIRM", "url": "http://tomcat.apache.org/security-8.html" }, { "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21677147", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677147" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231" }, { "name": "http://advisories.mageia.org/MGASA-2014-0148.html", "refsource": "CONFIRM", "url": "http://advisories.mageia.org/MGASA-2014-0148.html" }, { "name": "59722", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59722" }, { "name": "http://tomcat.apache.org/security-6.html", "refsource": "CONFIRM", "url": "http://tomcat.apache.org/security-6.html" }, { "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013", "refsource": "CONFIRM", "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013" }, { "name": "59675", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59675" }, { "name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" }, { "name": "USN-2130-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2130-1" }, { "name": "59873", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59873" }, { "name": "RHSA-2014:0343", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-0343.html" }, { "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1521854", "refsource": "CONFIRM", "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1521854" }, { "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2014/Dec/23" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21667883", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21667883" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1069921", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1069921" }, { "name": "HPSBOV03503", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=144498216801440\u0026w=2" }, { "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" }, { "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1552565", "refsource": "CONFIRM", "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1552565" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21675886", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675886" }, { "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1521829", "refsource": "CONFIRM", "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1521829" }, { "name": "65773", "refsource": "BID", "url": "http://www.securityfocus.com/bid/65773" }, { "name": "59036", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59036" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-4286", "datePublished": "2014-02-26T11:00:00", "dateReserved": "2013-06-12T00:00:00", "dateUpdated": "2024-08-06T16:38:01.900Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2014-1912 (GCVE-0-2014-1912)
Vulnerability from cvelistv5
Published
2014-02-28 18:00
Modified
2024-08-06 09:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T09:58:16.132Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://hg.python.org/cpython/rev/87673659d8f7" }, { "name": "openSUSE-SU-2014:0518", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00035.html" }, { "name": "openSUSE-SU-2014:0597", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00008.html" }, { "name": "RHSA-2015:1064", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1064.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://pastebin.com/raw.php?i=GHXSmNEg" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://bugs.python.org/issue20246" }, { "name": "DSA-2880", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2014/dsa-2880" }, { "name": "GLSA-201503-10", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201503-10" }, { "name": "65379", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/65379" }, { "name": "[oss-security] 20140212 Re: CVE request? buffer overflow in socket.recvfrom_into", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2014/02/12/16" }, { "name": "APPLE-SA-2015-08-13-2", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html" }, { "name": "RHSA-2015:1330", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1330.html" }, { "name": "31875", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "http://www.exploit-db.com/exploits/31875" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.trustedsec.com/february-2014/python-remote-code-execution-socket-recvfrom_into/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT205031" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "name": "USN-2125-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2125-1" }, { "name": "1029831", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1029831" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-01-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-04T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://hg.python.org/cpython/rev/87673659d8f7" }, { "name": "openSUSE-SU-2014:0518", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00035.html" }, { "name": "openSUSE-SU-2014:0597", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00008.html" }, { "name": "RHSA-2015:1064", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1064.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://pastebin.com/raw.php?i=GHXSmNEg" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://bugs.python.org/issue20246" }, { "name": "DSA-2880", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2014/dsa-2880" }, { "name": "GLSA-201503-10", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201503-10" }, { "name": "65379", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/65379" }, { "name": "[oss-security] 20140212 Re: CVE request? buffer overflow in socket.recvfrom_into", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2014/02/12/16" }, { "name": "APPLE-SA-2015-08-13-2", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html" }, { "name": "RHSA-2015:1330", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1330.html" }, { "name": "31875", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "http://www.exploit-db.com/exploits/31875" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.trustedsec.com/february-2014/python-remote-code-execution-socket-recvfrom_into/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT205031" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "name": "USN-2125-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2125-1" }, { "name": "1029831", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1029831" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-1912", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://hg.python.org/cpython/rev/87673659d8f7", "refsource": "CONFIRM", "url": "http://hg.python.org/cpython/rev/87673659d8f7" }, { "name": "openSUSE-SU-2014:0518", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00035.html" }, { "name": "openSUSE-SU-2014:0597", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00008.html" }, { "name": "RHSA-2015:1064", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-1064.html" }, { "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" }, { "name": "http://pastebin.com/raw.php?i=GHXSmNEg", "refsource": "MISC", "url": "http://pastebin.com/raw.php?i=GHXSmNEg" }, { "name": "http://bugs.python.org/issue20246", "refsource": "CONFIRM", "url": "http://bugs.python.org/issue20246" }, { "name": "DSA-2880", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-2880" }, { "name": "GLSA-201503-10", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201503-10" }, { "name": "65379", "refsource": "BID", "url": "http://www.securityfocus.com/bid/65379" }, { "name": "[oss-security] 20140212 Re: CVE request? buffer overflow in socket.recvfrom_into", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/02/12/16" }, { "name": "APPLE-SA-2015-08-13-2", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html" }, { "name": "RHSA-2015:1330", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-1330.html" }, { "name": "31875", "refsource": "EXPLOIT-DB", "url": "http://www.exploit-db.com/exploits/31875" }, { "name": "https://www.trustedsec.com/february-2014/python-remote-code-execution-socket-recvfrom_into/", "refsource": "MISC", "url": "https://www.trustedsec.com/february-2014/python-remote-code-execution-socket-recvfrom_into/" }, { "name": "https://support.apple.com/kb/HT205031", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT205031" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "name": "USN-2125-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2125-1" }, { "name": "1029831", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1029831" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-1912", "datePublished": "2014-02-28T18:00:00", "dateReserved": "2014-02-07T00:00:00", "dateUpdated": "2024-08-06T09:58:16.132Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2013-4248 (GCVE-0-2013-4248)
Vulnerability from cvelistv5
Published
2013-08-18 01:00
Modified
2024-08-06 16:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
References
URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T16:38:01.539Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "54657", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/54657" }, { "name": "DSA-2742", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2013/dsa-2742" }, { "name": "openSUSE-SU-2013:1964", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00126.html" }, { "name": "61776", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/61776" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=2874696a5a8d46639d261571f915c493cd875897" }, { "name": "59652", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59652" }, { "name": "55078", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/55078" }, { "name": "HPSBUX03150", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=141390017113542\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT6150" }, { "name": "USN-1937-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-1937-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.php.net/ChangeLog-5.php" }, { "name": "54478", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/54478" }, { "name": "RHSA-2013:1307", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1307.html" }, { "name": "1028924", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1028924" }, { "name": "openSUSE-SU-2013:1963", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00125.html" }, { "name": "RHSA-2013:1615", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1615.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-08-15T00:00:00", "descriptions": [ { "lang": "en", "value": "The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a \u0027\\0\u0027 character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-11-25T19:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "54657", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/54657" }, { "name": "DSA-2742", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2013/dsa-2742" }, { "name": "openSUSE-SU-2013:1964", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00126.html" }, { "name": "61776", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/61776" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=2874696a5a8d46639d261571f915c493cd875897" }, { "name": "59652", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59652" }, { "name": "55078", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/55078" }, { "name": "HPSBUX03150", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=141390017113542\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT6150" }, { "name": "USN-1937-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-1937-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.php.net/ChangeLog-5.php" }, { "name": "54478", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/54478" }, { "name": "RHSA-2013:1307", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1307.html" }, { "name": "1028924", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1028924" }, { "name": "openSUSE-SU-2013:1963", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00125.html" }, { "name": "RHSA-2013:1615", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1615.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4248", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a \u0027\\0\u0027 character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "54657", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/54657" }, { "name": "DSA-2742", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2013/dsa-2742" }, { "name": "openSUSE-SU-2013:1964", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00126.html" }, { "name": "61776", "refsource": "BID", "url": "http://www.securityfocus.com/bid/61776" }, { "name": "http://git.php.net/?p=php-src.git;a=commit;h=2874696a5a8d46639d261571f915c493cd875897", "refsource": "CONFIRM", "url": "http://git.php.net/?p=php-src.git;a=commit;h=2874696a5a8d46639d261571f915c493cd875897" }, { "name": "59652", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59652" }, { "name": "55078", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/55078" }, { "name": "HPSBUX03150", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=141390017113542\u0026w=2" }, { "name": "http://support.apple.com/kb/HT6150", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT6150" }, { "name": "USN-1937-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1937-1" }, { "name": "http://www.php.net/ChangeLog-5.php", "refsource": "CONFIRM", "url": "http://www.php.net/ChangeLog-5.php" }, { "name": "54478", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/54478" }, { "name": "RHSA-2013:1307", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-1307.html" }, { "name": "1028924", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1028924" }, { "name": "openSUSE-SU-2013:1963", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00125.html" }, { "name": "RHSA-2013:1615", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-1615.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-4248", "datePublished": "2013-08-18T01:00:00", "dateReserved": "2013-06-12T00:00:00", "dateUpdated": "2024-08-06T16:38:01.539Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2014-2270 (GCVE-0-2014-2270)
Vulnerability from cvelistv5
Published
2014-03-14 15:00
Modified
2024-08-06 10:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T10:06:00.288Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-2163-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2163-1" }, { "name": "[oss-security] 20140305 Re: CVE Request: file: crashes when checking softmagic for some corrupt PE executables", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://seclists.org/oss-sec/2014/q1/504" }, { "name": "USN-2162-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2162-1" }, { "name": "[oss-security] 20140303 CVE Request: file: crashes when checking softmagic for some corrupt PE executables", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://seclists.org/oss-sec/2014/q1/473" }, { "name": "openSUSE-SU-2014:0367", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00037.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://bugs.gw.com/view.php?id=313" }, { "name": "[oss-security] 20140305 Re: CVE Request: file: crashes when checking softmagic for some corrupt PE executables", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://seclists.org/oss-sec/2014/q1/505" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.php.net/ChangeLog-5.php" }, { "name": "openSUSE-SU-2014:0364", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00034.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT6443" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/file/file/commit/447558595a3650db2886cd2f416ad0beba965801" }, { "name": "RHSA-2014:1765", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html" }, { "name": "GLSA-201503-08", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201503-08" }, { "name": "openSUSE-SU-2014:0435", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00084.html" }, { "name": "DSA-2873", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2014/dsa-2873" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-03-11T00:00:00", "descriptions": [ { "lang": "en", "value": "softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-06-30T16:57:01", "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian" }, "references": [ { "name": "USN-2163-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2163-1" }, { "name": "[oss-security] 20140305 Re: CVE Request: file: crashes when checking softmagic for some corrupt PE executables", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://seclists.org/oss-sec/2014/q1/504" }, { "name": "USN-2162-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2162-1" }, { "name": "[oss-security] 20140303 CVE Request: file: crashes when checking softmagic for some corrupt PE executables", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://seclists.org/oss-sec/2014/q1/473" }, { "name": "openSUSE-SU-2014:0367", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00037.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://bugs.gw.com/view.php?id=313" }, { "name": "[oss-security] 20140305 Re: CVE Request: file: crashes when checking softmagic for some corrupt PE executables", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://seclists.org/oss-sec/2014/q1/505" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.php.net/ChangeLog-5.php" }, { "name": "openSUSE-SU-2014:0364", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00034.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT6443" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/file/file/commit/447558595a3650db2886cd2f416ad0beba965801" }, { "name": "RHSA-2014:1765", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html" }, { "name": "GLSA-201503-08", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201503-08" }, { "name": "openSUSE-SU-2014:0435", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00084.html" }, { "name": "DSA-2873", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2014/dsa-2873" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@debian.org", "ID": "CVE-2014-2270", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "USN-2163-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2163-1" }, { "name": "[oss-security] 20140305 Re: CVE Request: file: crashes when checking softmagic for some corrupt PE executables", "refsource": "MLIST", "url": "http://seclists.org/oss-sec/2014/q1/504" }, { "name": "USN-2162-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2162-1" }, { "name": "[oss-security] 20140303 CVE Request: file: crashes when checking softmagic for some corrupt PE executables", "refsource": "MLIST", "url": "http://seclists.org/oss-sec/2014/q1/473" }, { "name": "openSUSE-SU-2014:0367", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00037.html" }, { "name": "http://bugs.gw.com/view.php?id=313", "refsource": "CONFIRM", "url": "http://bugs.gw.com/view.php?id=313" }, { "name": "[oss-security] 20140305 Re: CVE Request: file: crashes when checking softmagic for some corrupt PE executables", "refsource": "MLIST", "url": "http://seclists.org/oss-sec/2014/q1/505" }, { "name": "http://www.php.net/ChangeLog-5.php", "refsource": "CONFIRM", "url": "http://www.php.net/ChangeLog-5.php" }, { "name": "openSUSE-SU-2014:0364", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00034.html" }, { "name": "http://support.apple.com/kb/HT6443", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT6443" }, { "name": "https://github.com/file/file/commit/447558595a3650db2886cd2f416ad0beba965801", "refsource": "CONFIRM", "url": "https://github.com/file/file/commit/447558595a3650db2886cd2f416ad0beba965801" }, { "name": "RHSA-2014:1765", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html" }, { "name": "GLSA-201503-08", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201503-08" }, { "name": "openSUSE-SU-2014:0435", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00084.html" }, { "name": "DSA-2873", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-2873" } ] } } } }, "cveMetadata": { "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "assignerShortName": "debian", "cveId": "CVE-2014-2270", "datePublished": "2014-03-14T15:00:00", "dateReserved": "2014-03-04T00:00:00", "dateUpdated": "2024-08-06T10:06:00.288Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2013-6438 (GCVE-0-2013-6438)
Vulnerability from cvelistv5
Published
2014-03-18 01:00
Modified
2024-08-06 17:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T17:39:01.191Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_input_validation_vulnerabilities_in1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://puppet.com/security/cve/cve-2013-6438" }, { "name": "59315", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59315" }, { "name": "58230", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/58230" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/HT204659" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://advisories.mageia.org/MGASA-2014-0135.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10698" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES" }, { "name": "GLSA-201408-12", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-201408-12.xml" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676092" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/dav/main/util.c?r1=1528718\u0026r2=1556428\u0026diff_format=h" }, { "name": "60536", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/60536" }, { "name": "66303", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/66303" }, { "name": "HPSBUX03102", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2" }, { "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" }, { "name": "HPSBUX03150", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=141390017113542\u0026w=2" }, { "name": "APPLE-SA-2014-10-16-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html" }, { "name": "59345", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59345" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" }, { "name": "APPLE-SA-2015-04-08-2", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT6535" }, { "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2014/Dec/23" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/dav/main/util.c" }, { "name": "SSRT101681", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676091" }, { "name": "USN-2152-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2152-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.apache.org/dist/httpd/CHANGES_2.4.9" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21669554" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [9/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1888194 [9/13] - /httpd/site/trunk/content/security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [9/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-03-17T00:00:00", "descriptions": [ { "lang": "en", "value": "The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-06T10:11:56", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_input_validation_vulnerabilities_in1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://puppet.com/security/cve/cve-2013-6438" }, { "name": "59315", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59315" }, { "name": "58230", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/58230" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/HT204659" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://advisories.mageia.org/MGASA-2014-0135.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10698" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES" }, { "name": "GLSA-201408-12", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-201408-12.xml" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676092" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/dav/main/util.c?r1=1528718\u0026r2=1556428\u0026diff_format=h" }, { "name": "60536", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/60536" }, { "name": "66303", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/66303" }, { "name": "HPSBUX03102", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2" }, { "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" }, { "name": "HPSBUX03150", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=141390017113542\u0026w=2" }, { "name": "APPLE-SA-2014-10-16-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html" }, { "name": "59345", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59345" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" }, { "name": "APPLE-SA-2015-04-08-2", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT6535" }, { "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2014/Dec/23" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/dav/main/util.c" }, { "name": "SSRT101681", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676091" }, { "name": "USN-2152-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2152-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.apache.org/dist/httpd/CHANGES_2.4.9" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21669554" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [9/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1888194 [9/13] - /httpd/site/trunk/content/security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [9/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-6438", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://blogs.oracle.com/sunsecurity/entry/multiple_input_validation_vulnerabilities_in1", "refsource": "CONFIRM", "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_input_validation_vulnerabilities_in1" }, { "name": "https://puppet.com/security/cve/cve-2013-6438", "refsource": "CONFIRM", "url": "https://puppet.com/security/cve/cve-2013-6438" }, { "name": "59315", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59315" }, { "name": "58230", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/58230" }, { "name": "https://support.apple.com/HT204659", "refsource": "CONFIRM", "url": "https://support.apple.com/HT204659" }, { "name": "http://advisories.mageia.org/MGASA-2014-0135.html", "refsource": "CONFIRM", "url": "http://advisories.mageia.org/MGASA-2014-0135.html" }, { "name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" }, { "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10698", "refsource": "CONFIRM", "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10698" }, { "name": "http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES", "refsource": "CONFIRM", "url": "http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES" }, { "name": "GLSA-201408-12", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-201408-12.xml" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676092", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676092" }, { "name": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/dav/main/util.c?r1=1528718\u0026r2=1556428\u0026diff_format=h", "refsource": "CONFIRM", "url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/dav/main/util.c?r1=1528718\u0026r2=1556428\u0026diff_format=h" }, { "name": "60536", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/60536" }, { "name": "66303", "refsource": "BID", "url": "http://www.securityfocus.com/bid/66303" }, { "name": "HPSBUX03102", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2" }, { "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded" }, { "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" }, { "name": "HPSBUX03150", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=141390017113542\u0026w=2" }, { "name": "APPLE-SA-2014-10-16-1", "refsource": "APPLE", "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html" }, { "name": "59345", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59345" }, { "name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" }, { "name": "APPLE-SA-2015-04-08-2", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" }, { "name": "https://support.apple.com/kb/HT6535", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT6535" }, { "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2014/Dec/23" }, { "name": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/dav/main/util.c", "refsource": "CONFIRM", "url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/dav/main/util.c" }, { "name": "SSRT101681", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2" }, { "name": "https://httpd.apache.org/security/vulnerabilities_24.html", "refsource": "CONFIRM", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676091", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676091" }, { "name": "USN-2152-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2152-1" }, { "name": "http://www.apache.org/dist/httpd/CHANGES_2.4.9", "refsource": "CONFIRM", "url": "http://www.apache.org/dist/httpd/CHANGES_2.4.9" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21669554", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21669554" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [9/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1888194 [9/13] - /httpd/site/trunk/content/security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [9/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-6438", "datePublished": "2014-03-18T01:00:00", "dateReserved": "2013-11-04T00:00:00", "dateUpdated": "2024-08-06T17:39:01.191Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2014-2282 (GCVE-0-2014-2282)
Vulnerability from cvelistv5
Published
2014-03-11 01:00
Modified
2024-08-06 10:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The dissect_protocol_data_parameter function in epan/dissectors/packet-m3ua.c in the M3UA dissector in Wireshark 1.10.x before 1.10.6 does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) via a crafted SS7 MTP3 packet.
References
URL | Tags | |||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T10:06:00.382Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "57480", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/57480" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.wireshark.org/security/wnpa-sec-2014-02.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-m3ua.c?r1=51608\u0026r2=51607\u0026pathrev=51608" }, { "name": "openSUSE-SU-2014:0382", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00046.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark10" }, { "name": "1029907", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1029907" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://anonsvn.wireshark.org/viewvc?view=revision\u0026revision=51608" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9699" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-03-07T00:00:00", "descriptions": [ { "lang": "en", "value": "The dissect_protocol_data_parameter function in epan/dissectors/packet-m3ua.c in the M3UA dissector in Wireshark 1.10.x before 1.10.6 does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) via a crafted SS7 MTP3 packet." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2015-05-14T16:57:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "57480", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/57480" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.wireshark.org/security/wnpa-sec-2014-02.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-m3ua.c?r1=51608\u0026r2=51607\u0026pathrev=51608" }, { "name": "openSUSE-SU-2014:0382", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00046.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark10" }, { "name": "1029907", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1029907" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://anonsvn.wireshark.org/viewvc?view=revision\u0026revision=51608" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9699" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-2282", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The dissect_protocol_data_parameter function in epan/dissectors/packet-m3ua.c in the M3UA dissector in Wireshark 1.10.x before 1.10.6 does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) via a crafted SS7 MTP3 packet." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "57480", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/57480" }, { "name": "http://www.wireshark.org/security/wnpa-sec-2014-02.html", "refsource": "CONFIRM", "url": "http://www.wireshark.org/security/wnpa-sec-2014-02.html" }, { "name": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-m3ua.c?r1=51608\u0026r2=51607\u0026pathrev=51608", "refsource": "CONFIRM", "url": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-m3ua.c?r1=51608\u0026r2=51607\u0026pathrev=51608" }, { "name": "openSUSE-SU-2014:0382", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00046.html" }, { "name": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark10", "refsource": "CONFIRM", "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark10" }, { "name": "1029907", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1029907" }, { "name": "http://anonsvn.wireshark.org/viewvc?view=revision\u0026revision=51608", "refsource": "CONFIRM", "url": "http://anonsvn.wireshark.org/viewvc?view=revision\u0026revision=51608" }, { "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9699", "refsource": "CONFIRM", "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9699" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-2282", "datePublished": "2014-03-11T01:00:00", "dateReserved": "2014-03-05T00:00:00", "dateUpdated": "2024-08-06T10:06:00.382Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2013-4590 (GCVE-0-2013-4590)
Vulnerability from cvelistv5
Published
2014-02-26 11:00
Modified
2024-08-06 16:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T16:45:15.235Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/security/advisories/VMSA-2014-0008.html" }, { "name": "MDVSA-2015:052", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:052" }, { "name": "59724", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59724" }, { "name": "MDVSA-2015:084", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:084" }, { "name": "DSA-3530", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3530" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://tomcat.apache.org/security-7.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://tomcat.apache.org/security-8.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677147" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1549528" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://advisories.mageia.org/MGASA-2014-0148.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1069911" }, { "name": "59722", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59722" }, { "name": "65768", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/65768" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://tomcat.apache.org/security-6.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013" }, { "name": "59873", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59873" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21667883" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1558828" }, { "name": "HPSBOV03503", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=144498216801440\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675886" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1549529" }, { "name": "59036", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59036" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-02-25T00:00:00", "descriptions": [ { "lang": "en", "value": "Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain \"Tomcat internals\" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-02-13T16:10:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/security/advisories/VMSA-2014-0008.html" }, { "name": "MDVSA-2015:052", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:052" }, { "name": "59724", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59724" }, { "name": "MDVSA-2015:084", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:084" }, { "name": "DSA-3530", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3530" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://tomcat.apache.org/security-7.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://tomcat.apache.org/security-8.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677147" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1549528" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://advisories.mageia.org/MGASA-2014-0148.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1069911" }, { "name": "59722", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59722" }, { "name": "65768", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/65768" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://tomcat.apache.org/security-6.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013" }, { "name": "59873", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59873" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21667883" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1558828" }, { "name": "HPSBOV03503", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=144498216801440\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675886" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1549529" }, { "name": "59036", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59036" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4590", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain \"Tomcat internals\" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.vmware.com/security/advisories/VMSA-2014-0008.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2014-0008.html" }, { "name": "MDVSA-2015:052", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:052" }, { "name": "59724", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59724" }, { "name": "MDVSA-2015:084", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:084" }, { "name": "DSA-3530", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3530" }, { "name": "http://tomcat.apache.org/security-7.html", "refsource": "CONFIRM", "url": "http://tomcat.apache.org/security-7.html" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "name": "http://tomcat.apache.org/security-8.html", "refsource": "CONFIRM", "url": "http://tomcat.apache.org/security-8.html" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21677147", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677147" }, { "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1549528", "refsource": "CONFIRM", "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1549528" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231" }, { "name": "http://advisories.mageia.org/MGASA-2014-0148.html", "refsource": "CONFIRM", "url": "http://advisories.mageia.org/MGASA-2014-0148.html" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1069911", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1069911" }, { "name": "59722", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59722" }, { "name": "65768", "refsource": "BID", "url": "http://www.securityfocus.com/bid/65768" }, { "name": "http://tomcat.apache.org/security-6.html", "refsource": "CONFIRM", "url": "http://tomcat.apache.org/security-6.html" }, { "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013", "refsource": "CONFIRM", "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013" }, { "name": "59873", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59873" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21667883", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21667883" }, { "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1558828", "refsource": "CONFIRM", "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1558828" }, { "name": "HPSBOV03503", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=144498216801440\u0026w=2" }, { "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21675886", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675886" }, { "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1549529", "refsource": "CONFIRM", "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1549529" }, { "name": "59036", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59036" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-4590", "datePublished": "2014-02-26T11:00:00", "dateReserved": "2013-06-12T00:00:00", "dateUpdated": "2024-08-06T16:45:15.235Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2014-2283 (GCVE-0-2014-2283)
Vulnerability from cvelistv5
Published
2014-03-11 01:00
Modified
2024-08-06 10:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
epan/dissectors/packet-rlc in the RLC dissector in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 uses inconsistent memory-management approaches, which allows remote attackers to cause a denial of service (use-after-free error and application crash) via a crafted UMTS Radio Link Control packet.
References
URL | Tags | |||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T10:06:00.273Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "57489", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/57489" }, { "name": "57480", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/57480" }, { "name": "openSUSE-SU-2014:0382", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00046.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark10" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=217293ba4a0353bf5d657e74fe8623dd3c86fe08" }, { "name": "1029907", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1029907" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9802" }, { "name": "openSUSE-SU-2014:0383", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00047.html" }, { "name": "DSA-2871", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2014/dsa-2871" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9730" }, { "name": "RHSA-2014:0342", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0342.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.wireshark.org/security/wnpa-sec-2014-03.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-03-07T00:00:00", "descriptions": [ { "lang": "en", "value": "epan/dissectors/packet-rlc in the RLC dissector in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 uses inconsistent memory-management approaches, which allows remote attackers to cause a denial of service (use-after-free error and application crash) via a crafted UMTS Radio Link Control packet." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2015-05-14T16:57:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "57489", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/57489" }, { "name": "57480", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/57480" }, { "name": "openSUSE-SU-2014:0382", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00046.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark10" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=217293ba4a0353bf5d657e74fe8623dd3c86fe08" }, { "name": "1029907", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1029907" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9802" }, { "name": "openSUSE-SU-2014:0383", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00047.html" }, { "name": "DSA-2871", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2014/dsa-2871" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9730" }, { "name": "RHSA-2014:0342", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0342.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.wireshark.org/security/wnpa-sec-2014-03.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-2283", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "epan/dissectors/packet-rlc in the RLC dissector in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 uses inconsistent memory-management approaches, which allows remote attackers to cause a denial of service (use-after-free error and application crash) via a crafted UMTS Radio Link Control packet." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "57489", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/57489" }, { "name": "57480", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/57480" }, { "name": "openSUSE-SU-2014:0382", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00046.html" }, { "name": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark10", "refsource": "CONFIRM", "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark10" }, { "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=217293ba4a0353bf5d657e74fe8623dd3c86fe08", "refsource": "CONFIRM", "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=217293ba4a0353bf5d657e74fe8623dd3c86fe08" }, { "name": "1029907", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1029907" }, { "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9802", "refsource": "CONFIRM", "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9802" }, { "name": "openSUSE-SU-2014:0383", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00047.html" }, { "name": "DSA-2871", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-2871" }, { "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9730", "refsource": "CONFIRM", "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9730" }, { "name": "RHSA-2014:0342", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-0342.html" }, { "name": "http://www.wireshark.org/security/wnpa-sec-2014-03.html", "refsource": "CONFIRM", "url": "http://www.wireshark.org/security/wnpa-sec-2014-03.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-2283", "datePublished": "2014-03-11T01:00:00", "dateReserved": "2014-03-05T00:00:00", "dateUpdated": "2024-08-06T10:06:00.273Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2010-2249 (GCVE-0-2010-2249)
Vulnerability from cvelistv5
Published
2010-06-30 18:00
Modified
2024-08-07 02:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.
References
URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T02:25:07.563Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=90cfcecc09febb8d6c8c1d37ea7bb7cf0f4b00f3#patch20" }, { "name": "MDVSA-2010:133", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:133" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/security/advisories/VMSA-2010-0014.html" }, { "name": "41174", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/41174" }, { "name": "ADV-2010-1877", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/1877" }, { "name": "ADV-2010-3045", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/3045" }, { "name": "1024723", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1024723" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT4435" }, { "name": "ADV-2010-1837", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/1837" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT4457" }, { "name": "ADV-2010-1755", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/1755" }, { "name": "ADV-2010-3046", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/3046" }, { "name": "40472", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/40472" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT4566" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=608644" }, { "name": "40302", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/40302" }, { "name": "APPLE-SA-2010-11-10-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" }, { "name": "40336", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/40336" }, { "name": "libpng-scal-dos(59816)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59816" }, { "name": "41574", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/41574" }, { "name": "USN-960-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-960-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.libpng.org/pub/png/libpng.html" }, { "name": "APPLE-SA-2011-03-02-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html" }, { "name": "42317", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/42317" }, { "name": "[security-announce] 20100923 VMSA-2010-0014 VMware Workstation, Player, and ACE address several security issues", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://lists.vmware.com/pipermail/security-announce/2010/000105.html" }, { "name": "FEDORA-2010-10823", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044283.html" }, { "name": "DSA-2072", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2010/dsa-2072" }, { "name": "40547", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/40547" }, { "name": "42314", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/42314" }, { "name": "ADV-2010-1637", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/1637" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT4554" }, { "name": "SUSE-SR:2010:017", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html" }, { "name": "APPLE-SA-2011-03-09-2", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html" }, { "name": "SSA:2010-180-01", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.613061" }, { "name": "FEDORA-2010-10833", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044397.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT4456" }, { "name": "ADV-2010-2491", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/2491" }, { "name": "ADV-2010-1846", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/1846" }, { "name": "APPLE-SA-2010-11-22-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html" }, { "name": "ADV-2010-1612", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/1612" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2010-06-28T00:00:00", "descriptions": [ { "lang": "en", "value": "Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-16T14:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=90cfcecc09febb8d6c8c1d37ea7bb7cf0f4b00f3#patch20" }, { "name": "MDVSA-2010:133", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:133" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/security/advisories/VMSA-2010-0014.html" }, { "name": "41174", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/41174" }, { "name": "ADV-2010-1877", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/1877" }, { "name": "ADV-2010-3045", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/3045" }, { "name": "1024723", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1024723" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT4435" }, { "name": "ADV-2010-1837", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/1837" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT4457" }, { "name": "ADV-2010-1755", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/1755" }, { "name": "ADV-2010-3046", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/3046" }, { "name": "40472", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/40472" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT4566" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=608644" }, { "name": "40302", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/40302" }, { "name": "APPLE-SA-2010-11-10-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" }, { "name": "40336", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/40336" }, { "name": "libpng-scal-dos(59816)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59816" }, { "name": "41574", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/41574" }, { "name": "USN-960-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-960-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.libpng.org/pub/png/libpng.html" }, { "name": "APPLE-SA-2011-03-02-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html" }, { "name": "42317", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/42317" }, { "name": "[security-announce] 20100923 VMSA-2010-0014 VMware Workstation, Player, and ACE address several security issues", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://lists.vmware.com/pipermail/security-announce/2010/000105.html" }, { "name": "FEDORA-2010-10823", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044283.html" }, { "name": "DSA-2072", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2010/dsa-2072" }, { "name": "40547", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/40547" }, { "name": "42314", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/42314" }, { "name": "ADV-2010-1637", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/1637" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT4554" }, { "name": "SUSE-SR:2010:017", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html" }, { "name": "APPLE-SA-2011-03-09-2", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html" }, { "name": "SSA:2010-180-01", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.613061" }, { "name": "FEDORA-2010-10833", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044397.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT4456" }, { "name": "ADV-2010-2491", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/2491" }, { "name": "ADV-2010-1846", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/1846" }, { "name": "APPLE-SA-2010-11-22-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html" }, { "name": "ADV-2010-1612", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/1612" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2010-2249", "datePublished": "2010-06-30T18:00:00", "dateReserved": "2010-06-09T00:00:00", "dateUpdated": "2024-08-07T02:25:07.563Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2013-6712 (GCVE-0-2013-6712)
Vulnerability from cvelistv5
Published
2013-11-28 02:00
Modified
2024-08-06 17:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification.
References
URL | Tags | ||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T17:46:22.680Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "DSA-2816", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2013/dsa-2816" }, { "name": "HPSBMU03112", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04463322" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/HT204659" }, { "name": "openSUSE-SU-2013:1964", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00126.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=12fe4e90be7bfa2a763197079f68f5568a14e071" }, { "name": "APPLE-SA-2015-04-08-2", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" }, { "name": "openSUSE-SU-2013:1963", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00125.html" }, { "name": "RHSA-2014:1765", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html" }, { "name": "SSRT101447", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04463322" }, { "name": "USN-2055-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2055-1" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugs.php.net/bug.php?id=66060" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-11-27T00:00:00", "descriptions": [ { "lang": "en", "value": "The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-08T21:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "DSA-2816", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2013/dsa-2816" }, { "name": "HPSBMU03112", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04463322" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/HT204659" }, { "name": "openSUSE-SU-2013:1964", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00126.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=12fe4e90be7bfa2a763197079f68f5568a14e071" }, { "name": "APPLE-SA-2015-04-08-2", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" }, { "name": "openSUSE-SU-2013:1963", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00125.html" }, { "name": "RHSA-2014:1765", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html" }, { "name": "SSRT101447", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04463322" }, { "name": "USN-2055-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2055-1" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugs.php.net/bug.php?id=66060" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-6712", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "DSA-2816", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2013/dsa-2816" }, { "name": "HPSBMU03112", "refsource": "HP", "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04463322" }, { "name": "https://support.apple.com/HT204659", "refsource": "CONFIRM", "url": "https://support.apple.com/HT204659" }, { "name": "openSUSE-SU-2013:1964", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00126.html" }, { "name": "http://git.php.net/?p=php-src.git;a=commit;h=12fe4e90be7bfa2a763197079f68f5568a14e071", "refsource": "CONFIRM", "url": "http://git.php.net/?p=php-src.git;a=commit;h=12fe4e90be7bfa2a763197079f68f5568a14e071" }, { "name": "APPLE-SA-2015-04-08-2", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" }, { "name": "openSUSE-SU-2013:1963", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00125.html" }, { "name": "RHSA-2014:1765", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html" }, { "name": "SSRT101447", "refsource": "HP", "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04463322" }, { "name": "USN-2055-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2055-1" }, { "name": "https://bugs.php.net/bug.php?id=66060", "refsource": "MISC", "url": "https://bugs.php.net/bug.php?id=66060" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-6712", "datePublished": "2013-11-28T02:00:00", "dateReserved": "2013-11-08T00:00:00", "dateUpdated": "2024-08-06T17:46:22.680Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2010-1205 (GCVE-0-2010-1205)
Vulnerability from cvelistv5
Published
2010-06-30 18:00
Modified
2024-08-07 01:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T01:14:06.655Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "MDVSA-2010:133", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:133" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/security/advisories/VMSA-2010-0014.html" }, { "name": "41174", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/41174" }, { "name": "ADV-2010-1877", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/1877" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://googlechromereleases.blogspot.com/2010/07/stable-channel-update.html" }, { "name": "ADV-2010-3045", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/3045" }, { "name": "libpng-rowdata-bo(59815)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59815" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT4435" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-41.html" }, { "name": "oval:org.mitre.oval:def:11851", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11851" }, { "name": "ADV-2010-1837", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/1837" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=570451" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT4457" }, { "name": "ADV-2010-1755", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/1755" }, { "name": "ADV-2010-3046", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/3046" }, { "name": "40472", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/40472" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT4566" }, { "name": "40302", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/40302" }, { "name": "APPLE-SA-2010-11-10-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" }, { "name": "40336", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/40336" }, { "name": "41574", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/41574" }, { "name": "USN-960-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-960-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://blackberry.com/btsc/KB27244" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.libpng.org/pub/png/libpng.html" }, { "name": "APPLE-SA-2010-08-24-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html" }, { "name": "APPLE-SA-2011-03-02-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html" }, { "name": "42317", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/42317" }, { "name": "[security-announce] 20100923 VMSA-2010-0014 VMware Workstation, Player, and ACE address several security issues", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://lists.vmware.com/pipermail/security-announce/2010/000105.html" }, { "name": "FEDORA-2010-10823", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044283.html" }, { "name": "DSA-2072", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2010/dsa-2072" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT4312" }, { "name": "40547", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/40547" }, { "name": "42314", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/42314" }, { "name": "ADV-2010-1637", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/1637" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT4554" }, { "name": "SUSE-SR:2010:017", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html" }, { "name": "APPLE-SA-2011-03-09-2", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html" }, { "name": "SSA:2010-180-01", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.613061" }, { "name": "FEDORA-2010-10833", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044397.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugs.webkit.org/show_bug.cgi?id=40798" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT4456" }, { "name": "ADV-2010-2491", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/2491" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://trac.webkit.org/changeset/61816" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=188eb6b42602bf7d7ae708a21897923b6a83fe7c#patch18" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://code.google.com/p/chromium/issues/detail?id=45983" }, { "name": "ADV-2010-1846", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/1846" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=608238" }, { "name": "APPLE-SA-2010-11-22-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html" }, { "name": "ADV-2010-1612", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/1612" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2010-06-28T00:00:00", "descriptions": [ { "lang": "en", "value": "Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-18T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "MDVSA-2010:133", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:133" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/security/advisories/VMSA-2010-0014.html" }, { "name": "41174", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/41174" }, { "name": "ADV-2010-1877", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/1877" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://googlechromereleases.blogspot.com/2010/07/stable-channel-update.html" }, { "name": "ADV-2010-3045", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/3045" }, { "name": "libpng-rowdata-bo(59815)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59815" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT4435" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-41.html" }, { "name": "oval:org.mitre.oval:def:11851", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11851" }, { "name": "ADV-2010-1837", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/1837" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=570451" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT4457" }, { "name": "ADV-2010-1755", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/1755" }, { "name": "ADV-2010-3046", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/3046" }, { "name": "40472", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/40472" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT4566" }, { "name": "40302", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/40302" }, { "name": "APPLE-SA-2010-11-10-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" }, { "name": "40336", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/40336" }, { "name": "41574", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/41574" }, { "name": "USN-960-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-960-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://blackberry.com/btsc/KB27244" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.libpng.org/pub/png/libpng.html" }, { "name": "APPLE-SA-2010-08-24-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html" }, { "name": "APPLE-SA-2011-03-02-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html" }, { "name": "42317", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/42317" }, { "name": "[security-announce] 20100923 VMSA-2010-0014 VMware Workstation, Player, and ACE address several security issues", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://lists.vmware.com/pipermail/security-announce/2010/000105.html" }, { "name": "FEDORA-2010-10823", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044283.html" }, { "name": "DSA-2072", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2010/dsa-2072" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT4312" }, { "name": "40547", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/40547" }, { "name": "42314", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/42314" }, { "name": "ADV-2010-1637", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/1637" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT4554" }, { "name": "SUSE-SR:2010:017", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html" }, { "name": "APPLE-SA-2011-03-09-2", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html" }, { "name": "SSA:2010-180-01", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.613061" }, { "name": "FEDORA-2010-10833", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044397.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugs.webkit.org/show_bug.cgi?id=40798" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT4456" }, { "name": "ADV-2010-2491", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/2491" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://trac.webkit.org/changeset/61816" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=188eb6b42602bf7d7ae708a21897923b6a83fe7c#patch18" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://code.google.com/p/chromium/issues/detail?id=45983" }, { "name": "ADV-2010-1846", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/1846" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=608238" }, { "name": "APPLE-SA-2010-11-22-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html" }, { "name": "ADV-2010-1612", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/1612" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-1205", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "MDVSA-2010:133", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:133" }, { "name": "http://www.vmware.com/security/advisories/VMSA-2010-0014.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2010-0014.html" }, { "name": "41174", "refsource": "BID", "url": "http://www.securityfocus.com/bid/41174" }, { "name": "ADV-2010-1877", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/1877" }, { "name": "http://googlechromereleases.blogspot.com/2010/07/stable-channel-update.html", "refsource": "CONFIRM", "url": "http://googlechromereleases.blogspot.com/2010/07/stable-channel-update.html" }, { "name": "ADV-2010-3045", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/3045" }, { "name": "libpng-rowdata-bo(59815)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59815" }, { "name": "http://support.apple.com/kb/HT4435", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT4435" }, { "name": "http://www.mozilla.org/security/announce/2010/mfsa2010-41.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-41.html" }, { "name": "oval:org.mitre.oval:def:11851", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11851" }, { "name": "ADV-2010-1837", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/1837" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=570451", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=570451" }, { "name": "http://support.apple.com/kb/HT4457", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT4457" }, { "name": "ADV-2010-1755", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/1755" }, { "name": "ADV-2010-3046", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/3046" }, { "name": "40472", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/40472" }, { "name": "http://support.apple.com/kb/HT4566", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT4566" }, { "name": "40302", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/40302" }, { "name": "APPLE-SA-2010-11-10-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" }, { "name": "40336", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/40336" }, { "name": "41574", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/41574" }, { "name": "USN-960-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-960-1" }, { "name": "http://blackberry.com/btsc/KB27244", "refsource": "CONFIRM", "url": "http://blackberry.com/btsc/KB27244" }, { "name": "http://www.libpng.org/pub/png/libpng.html", "refsource": "CONFIRM", "url": "http://www.libpng.org/pub/png/libpng.html" }, { "name": "APPLE-SA-2010-08-24-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html" }, { "name": "APPLE-SA-2011-03-02-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html" }, { "name": "42317", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/42317" }, { "name": "[security-announce] 20100923 VMSA-2010-0014 VMware Workstation, Player, and ACE address several security issues", "refsource": "MLIST", "url": "http://lists.vmware.com/pipermail/security-announce/2010/000105.html" }, { "name": "FEDORA-2010-10823", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044283.html" }, { "name": "DSA-2072", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2010/dsa-2072" }, { "name": "http://support.apple.com/kb/HT4312", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT4312" }, { "name": "40547", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/40547" }, { "name": "42314", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/42314" }, { "name": "ADV-2010-1637", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/1637" }, { "name": "http://support.apple.com/kb/HT4554", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT4554" }, { "name": "SUSE-SR:2010:017", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html" }, { "name": "APPLE-SA-2011-03-09-2", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html" }, { "name": "SSA:2010-180-01", "refsource": "SLACKWARE", "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.613061" }, { "name": "FEDORA-2010-10833", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044397.html" }, { "name": "https://bugs.webkit.org/show_bug.cgi?id=40798", "refsource": "CONFIRM", "url": "https://bugs.webkit.org/show_bug.cgi?id=40798" }, { "name": "http://support.apple.com/kb/HT4456", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT4456" }, { "name": "ADV-2010-2491", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/2491" }, { "name": "http://trac.webkit.org/changeset/61816", "refsource": "CONFIRM", "url": "http://trac.webkit.org/changeset/61816" }, { "name": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commitdiff;h=188eb6b42602bf7d7ae708a21897923b6a83fe7c#patch18", "refsource": "CONFIRM", "url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commitdiff;h=188eb6b42602bf7d7ae708a21897923b6a83fe7c#patch18" }, { "name": "http://code.google.com/p/chromium/issues/detail?id=45983", "refsource": "CONFIRM", "url": "http://code.google.com/p/chromium/issues/detail?id=45983" }, { "name": "ADV-2010-1846", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/1846" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=608238", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=608238" }, { "name": "APPLE-SA-2010-11-22-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html" }, { "name": "ADV-2010-1612", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/1612" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-1205", "datePublished": "2010-06-30T18:00:00", "dateReserved": "2010-03-30T00:00:00", "dateUpdated": "2024-08-07T01:14:06.655Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2014-2281 (GCVE-0-2014-2281)
Vulnerability from cvelistv5
Published
2014-03-11 01:00
Modified
2024-08-06 10:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The nfs_name_snoop_add_name function in epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 does not validate a certain length value, which allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted NFS packet.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T10:05:59.947Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "57489", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/57489" }, { "name": "RHSA-2014:0341", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0341.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9672" }, { "name": "57480", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/57480" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.wireshark.org/security/wnpa-sec-2014-01.html" }, { "name": "openSUSE-SU-2014:0382", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00046.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark10" }, { "name": "1029907", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1029907" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://anonsvn.wireshark.org/viewvc?view=revision\u0026revision=54875" }, { "name": "openSUSE-SU-2014:0383", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00047.html" }, { "name": "DSA-2871", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2014/dsa-2871" }, { "name": "RHSA-2014:0342", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0342.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-nfs.c?r1=54875\u0026r2=54874\u0026pathrev=54875" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-03-07T00:00:00", "descriptions": [ { "lang": "en", "value": "The nfs_name_snoop_add_name function in epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 does not validate a certain length value, which allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted NFS packet." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2015-05-14T16:57:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "57489", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/57489" }, { "name": "RHSA-2014:0341", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0341.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9672" }, { "name": "57480", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/57480" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.wireshark.org/security/wnpa-sec-2014-01.html" }, { "name": "openSUSE-SU-2014:0382", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00046.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark10" }, { "name": "1029907", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1029907" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://anonsvn.wireshark.org/viewvc?view=revision\u0026revision=54875" }, { "name": "openSUSE-SU-2014:0383", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00047.html" }, { "name": "DSA-2871", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2014/dsa-2871" }, { "name": "RHSA-2014:0342", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0342.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-nfs.c?r1=54875\u0026r2=54874\u0026pathrev=54875" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-2281", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The nfs_name_snoop_add_name function in epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 does not validate a certain length value, which allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted NFS packet." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "57489", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/57489" }, { "name": "RHSA-2014:0341", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-0341.html" }, { "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9672", "refsource": "CONFIRM", "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9672" }, { "name": "57480", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/57480" }, { "name": "http://www.wireshark.org/security/wnpa-sec-2014-01.html", "refsource": "CONFIRM", "url": "http://www.wireshark.org/security/wnpa-sec-2014-01.html" }, { "name": "openSUSE-SU-2014:0382", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00046.html" }, { "name": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark10", "refsource": "CONFIRM", "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark10" }, { "name": "1029907", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1029907" }, { "name": "http://anonsvn.wireshark.org/viewvc?view=revision\u0026revision=54875", "refsource": "CONFIRM", "url": "http://anonsvn.wireshark.org/viewvc?view=revision\u0026revision=54875" }, { "name": "openSUSE-SU-2014:0383", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00047.html" }, { "name": "DSA-2871", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-2871" }, { "name": "RHSA-2014:0342", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-0342.html" }, { "name": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-nfs.c?r1=54875\u0026r2=54874\u0026pathrev=54875", "refsource": "CONFIRM", "url": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-nfs.c?r1=54875\u0026r2=54874\u0026pathrev=54875" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-2281", "datePublished": "2014-03-11T01:00:00", "dateReserved": "2014-03-05T00:00:00", "dateUpdated": "2024-08-06T10:05:59.947Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2014-0591 (GCVE-0-2014-0591)
Vulnerability from cvelistv5
Published
2014-01-14 02:00
Modified
2024-08-06 09:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The query_findclosestnsec3 function in query.c in named in ISC BIND 9.6, 9.7, and 9.8 before 9.8.6-P2 and 9.9 before 9.9.4-P2, and 9.6-ESV before 9.6-ESV-R10-P2, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a crafted DNS query to an authoritative nameserver that uses the NSEC3 signing feature.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T09:20:19.832Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1029589", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1029589" }, { "name": "RHSA-2014:0043", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0043.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1051717" }, { "name": "DSA-3023", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2014/dsa-3023" }, { "name": "MDVSA-2014:002", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:002" }, { "name": "APPLE-SA-2014-10-16-3", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html" }, { "name": "56574", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56574" }, { "name": "openSUSE-SU-2014:0199", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00016.html" }, { "name": "56522", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56522" }, { "name": "FEDORA-2014-0858", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126761.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://linux.oracle.com/errata/ELSA-2014-1244" }, { "name": "56442", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56442" }, { "name": "SSA:2014-028-01", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred" ], "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2014\u0026m=slackware-security.524465" }, { "name": "61199", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/61199" }, { "name": "SUSE-SU-2015:0480", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00009.html" }, { "name": "HPSBUX02961", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=138995561732658\u0026w=2" }, { "name": "56427", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56427" }, { "name": "56871", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56871" }, { "name": "SSA:2014-175-01", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred" ], "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2014\u0026m=slackware-security.518391" }, { "name": "openSUSE-SU-2014:0202", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00019.html" }, { "name": "56425", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56425" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://kb.isc.org/article/AA-01085" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT6536" }, { "name": "56493", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56493" }, { "name": "FEDORA-2014-0811", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126772.html" }, { "name": "FreeBSD-SA-14:04", "tags": [ "vendor-advisory", "x_refsource_FREEBSD", "x_transferred" ], "url": "http://www.freebsd.org/security/advisories/FreeBSD-SA-14:04.bind.asc" }, { "name": "SSRT101420", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=138995561732658\u0026w=2" }, { "name": "101973", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/101973" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://kb.isc.org/article/AA-01078" }, { "name": "61343", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/61343" }, { "name": "61117", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/61117" }, { "name": "64801", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/64801" }, { "name": "USN-2081-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2081-1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-01-13T00:00:00", "descriptions": [ { "lang": "en", "value": "The query_findclosestnsec3 function in query.c in named in ISC BIND 9.6, 9.7, and 9.8 before 9.8.6-P2 and 9.9 before 9.9.4-P2, and 9.6-ESV before 9.6-ESV-R10-P2, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a crafted DNS query to an authoritative nameserver that uses the NSEC3 signing feature." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-02T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "1029589", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1029589" }, { "name": "RHSA-2014:0043", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0043.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1051717" }, { "name": "DSA-3023", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2014/dsa-3023" }, { "name": "MDVSA-2014:002", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:002" }, { "name": "APPLE-SA-2014-10-16-3", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html" }, { "name": "56574", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56574" }, { "name": "openSUSE-SU-2014:0199", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00016.html" }, { "name": "56522", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56522" }, { "name": "FEDORA-2014-0858", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126761.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://linux.oracle.com/errata/ELSA-2014-1244" }, { "name": "56442", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56442" }, { "name": "SSA:2014-028-01", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE" ], "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2014\u0026m=slackware-security.524465" }, { "name": "61199", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/61199" }, { "name": "SUSE-SU-2015:0480", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00009.html" }, { "name": "HPSBUX02961", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=138995561732658\u0026w=2" }, { "name": "56427", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56427" }, { "name": "56871", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56871" }, { "name": "SSA:2014-175-01", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE" ], "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2014\u0026m=slackware-security.518391" }, { "name": "openSUSE-SU-2014:0202", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00019.html" }, { "name": "56425", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56425" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://kb.isc.org/article/AA-01085" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT6536" }, { "name": "56493", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56493" }, { "name": "FEDORA-2014-0811", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126772.html" }, { "name": "FreeBSD-SA-14:04", "tags": [ "vendor-advisory", "x_refsource_FREEBSD" ], "url": "http://www.freebsd.org/security/advisories/FreeBSD-SA-14:04.bind.asc" }, { "name": "SSRT101420", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=138995561732658\u0026w=2" }, { "name": "101973", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/101973" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://kb.isc.org/article/AA-01078" }, { "name": "61343", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/61343" }, { "name": "61117", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/61117" }, { "name": "64801", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/64801" }, { "name": "USN-2081-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2081-1" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-0591", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The query_findclosestnsec3 function in query.c in named in ISC BIND 9.6, 9.7, and 9.8 before 9.8.6-P2 and 9.9 before 9.9.4-P2, and 9.6-ESV before 9.6-ESV-R10-P2, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a crafted DNS query to an authoritative nameserver that uses the NSEC3 signing feature." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "1029589", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1029589" }, { "name": "RHSA-2014:0043", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-0043.html" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1051717", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1051717" }, { "name": "DSA-3023", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-3023" }, { "name": "MDVSA-2014:002", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:002" }, { "name": "APPLE-SA-2014-10-16-3", "refsource": "APPLE", "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html" }, { "name": "56574", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56574" }, { "name": "openSUSE-SU-2014:0199", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00016.html" }, { "name": "56522", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56522" }, { "name": "FEDORA-2014-0858", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126761.html" }, { "name": "http://linux.oracle.com/errata/ELSA-2014-1244", "refsource": "CONFIRM", "url": "http://linux.oracle.com/errata/ELSA-2014-1244" }, { "name": "56442", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56442" }, { "name": "SSA:2014-028-01", "refsource": "SLACKWARE", "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2014\u0026m=slackware-security.524465" }, { "name": "61199", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/61199" }, { "name": "SUSE-SU-2015:0480", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00009.html" }, { "name": "HPSBUX02961", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=138995561732658\u0026w=2" }, { "name": "56427", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56427" }, { "name": "56871", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56871" }, { "name": "SSA:2014-175-01", "refsource": "SLACKWARE", "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2014\u0026m=slackware-security.518391" }, { "name": "openSUSE-SU-2014:0202", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00019.html" }, { "name": "56425", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56425" }, { "name": "https://kb.isc.org/article/AA-01085", "refsource": "CONFIRM", "url": "https://kb.isc.org/article/AA-01085" }, { "name": "https://support.apple.com/kb/HT6536", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT6536" }, { "name": "56493", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56493" }, { "name": "FEDORA-2014-0811", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126772.html" }, { "name": "FreeBSD-SA-14:04", "refsource": "FREEBSD", "url": "http://www.freebsd.org/security/advisories/FreeBSD-SA-14:04.bind.asc" }, { "name": "SSRT101420", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=138995561732658\u0026w=2" }, { "name": "101973", "refsource": "OSVDB", "url": "http://osvdb.org/101973" }, { "name": "https://kb.isc.org/article/AA-01078", "refsource": "CONFIRM", "url": "https://kb.isc.org/article/AA-01078" }, { "name": "61343", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/61343" }, { "name": "61117", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/61117" }, { "name": "64801", "refsource": "BID", "url": "http://www.securityfocus.com/bid/64801" }, { "name": "USN-2081-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2081-1" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-0591", "datePublished": "2014-01-14T02:00:00", "dateReserved": "2013-12-27T00:00:00", "dateUpdated": "2024-08-06T09:20:19.832Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2013-5211 (GCVE-0-2013-5211)
Vulnerability from cvelistv5
Published
2014-01-02 11:00
Modified
2024-08-06 17:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.
References
URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T17:06:52.374Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "59288", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59288" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232" }, { "name": "openSUSE-SU-2014:1149", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00031.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" }, { "name": "HPSBUX02960", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=138971294629419\u0026w=2" }, { "name": "TA14-013A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/ncas/alerts/TA14-013A" }, { "name": "64692", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/64692" }, { "name": "VU#348126", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/348126" }, { "name": "HPSBOV03505", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=144182594518755\u0026w=2" }, { "name": "[oss-security] 20131230 CVE to the ntp monlist DDoS issue?", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://openwall.com/lists/oss-security/2013/12/30/6" }, { "name": "59726", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59726" }, { "name": "1030433", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1030433" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-dev/ntp-dev-4.2.7p26.tar.gz" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-051-04" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory.asc" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095861" }, { "name": "[pool] 20111210 Odd surge in traffic today", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://lists.ntp.org/pipermail/pool/2011-December/005616.html" }, { "name": "[oss-security] 20131230 Re: CVE to the ntp monlist DDoS issue?", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://openwall.com/lists/oss-security/2013/12/30/7" }, { "name": "SSRT101419", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=138971294629419\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095892" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://bugs.ntp.org/show_bug.cgi?id=1532" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://puppet.com/security/cve/puppetlabs-ntp-nov-2015-advisory" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-12-30T00:00:00", "descriptions": [ { "lang": "en", "value": "The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-08T10:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "59288", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59288" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232" }, { "name": "openSUSE-SU-2014:1149", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00031.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" }, { "name": "HPSBUX02960", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=138971294629419\u0026w=2" }, { "name": "TA14-013A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/ncas/alerts/TA14-013A" }, { "name": "64692", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/64692" }, { "name": "VU#348126", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/348126" }, { "name": "HPSBOV03505", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=144182594518755\u0026w=2" }, { "name": "[oss-security] 20131230 CVE to the ntp monlist DDoS issue?", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://openwall.com/lists/oss-security/2013/12/30/6" }, { "name": "59726", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59726" }, { "name": "1030433", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1030433" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-dev/ntp-dev-4.2.7p26.tar.gz" }, { "tags": [ "x_refsource_MISC" ], "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-051-04" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory.asc" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095861" }, { "name": "[pool] 20111210 Odd surge in traffic today", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://lists.ntp.org/pipermail/pool/2011-December/005616.html" }, { "name": "[oss-security] 20131230 Re: CVE to the ntp monlist DDoS issue?", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://openwall.com/lists/oss-security/2013/12/30/7" }, { "name": "SSRT101419", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=138971294629419\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095892" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://bugs.ntp.org/show_bug.cgi?id=1532" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://puppet.com/security/cve/puppetlabs-ntp-nov-2015-advisory" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-5211", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "59288", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59288" }, { "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232", "refsource": "CONFIRM", "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232" }, { "name": "openSUSE-SU-2014:1149", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00031.html" }, { "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" }, { "name": "HPSBUX02960", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=138971294629419\u0026w=2" }, { "name": "TA14-013A", "refsource": "CERT", "url": "http://www.us-cert.gov/ncas/alerts/TA14-013A" }, { "name": "64692", "refsource": "BID", "url": "http://www.securityfocus.com/bid/64692" }, { "name": "VU#348126", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/348126" }, { "name": "HPSBOV03505", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=144182594518755\u0026w=2" }, { "name": "[oss-security] 20131230 CVE to the ntp monlist DDoS issue?", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2013/12/30/6" }, { "name": "59726", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59726" }, { "name": "1030433", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1030433" }, { "name": "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-dev/ntp-dev-4.2.7p26.tar.gz", "refsource": "CONFIRM", "url": "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-dev/ntp-dev-4.2.7p26.tar.gz" }, { "name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-051-04", "refsource": "MISC", "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-051-04" }, { "name": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory.asc", "refsource": "CONFIRM", "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory.asc" }, { "name": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095861", "refsource": "CONFIRM", "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095861" }, { "name": "[pool] 20111210 Odd surge in traffic today", "refsource": "MLIST", "url": "http://lists.ntp.org/pipermail/pool/2011-December/005616.html" }, { "name": "[oss-security] 20131230 Re: CVE to the ntp monlist DDoS issue?", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2013/12/30/7" }, { "name": "SSRT101419", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=138971294629419\u0026w=2" }, { "name": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095892", "refsource": "CONFIRM", "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095892" }, { "name": "http://bugs.ntp.org/show_bug.cgi?id=1532", "refsource": "CONFIRM", "url": "http://bugs.ntp.org/show_bug.cgi?id=1532" }, { "name": "https://puppet.com/security/cve/puppetlabs-ntp-nov-2015-advisory", "refsource": "CONFIRM", "url": "https://puppet.com/security/cve/puppetlabs-ntp-nov-2015-advisory" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-5211", "datePublished": "2014-01-02T11:00:00", "dateReserved": "2013-08-15T00:00:00", "dateUpdated": "2024-08-06T17:06:52.374Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2013-6420 (GCVE-0-2013-6420)
Vulnerability from cvelistv5
Published
2013-12-17 02:00
Modified
2024-08-06 17:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function.
References
URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T17:39:01.267Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "DSA-2816", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2013/dsa-2816" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=c1224573c773b6845e83505f717fbf820fc18415" }, { "name": "RHSA-2013:1824", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1824.html" }, { "name": "HPSBMU03112", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04463322" }, { "name": "openSUSE-SU-2013:1964", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00126.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://forums.interworx.com/threads/8000-InterWorx-Version-5-0-14-Released-on-Beta-Channel%21" }, { "name": "59652", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59652" }, { "name": "64225", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/64225" }, { "name": "RHSA-2013:1826", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1826.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT6150" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.php.net/ChangeLog-5.php" }, { "name": "RHSA-2013:1815", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1815.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1036830" }, { "name": "openSUSE-SU-2013:1963", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00125.html" }, { "name": "RHSA-2013:1813", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1813.html" }, { "name": "1029472", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1029472" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.sektioneins.de/advisories/advisory-012013-php-openssl_x509_parse-memory-corruption-vulnerability.html" }, { "name": "SSRT101447", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04463322" }, { "name": "RHSA-2013:1825", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1825.html" }, { "name": "USN-2055-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2055-1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-12-10T00:00:00", "descriptions": [ { "lang": "en", "value": "The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-08T21:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "DSA-2816", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2013/dsa-2816" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=c1224573c773b6845e83505f717fbf820fc18415" }, { "name": "RHSA-2013:1824", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1824.html" }, { "name": "HPSBMU03112", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04463322" }, { "name": "openSUSE-SU-2013:1964", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00126.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://forums.interworx.com/threads/8000-InterWorx-Version-5-0-14-Released-on-Beta-Channel%21" }, { "name": "59652", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59652" }, { "name": "64225", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/64225" }, { "name": "RHSA-2013:1826", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1826.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT6150" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.php.net/ChangeLog-5.php" }, { "name": "RHSA-2013:1815", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1815.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1036830" }, { "name": "openSUSE-SU-2013:1963", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00125.html" }, { "name": "RHSA-2013:1813", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1813.html" }, { "name": "1029472", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1029472" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.sektioneins.de/advisories/advisory-012013-php-openssl_x509_parse-memory-corruption-vulnerability.html" }, { "name": "SSRT101447", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04463322" }, { "name": "RHSA-2013:1825", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1825.html" }, { "name": "USN-2055-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2055-1" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-6420", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "DSA-2816", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2013/dsa-2816" }, { "name": "http://git.php.net/?p=php-src.git;a=commit;h=c1224573c773b6845e83505f717fbf820fc18415", "refsource": "CONFIRM", "url": "http://git.php.net/?p=php-src.git;a=commit;h=c1224573c773b6845e83505f717fbf820fc18415" }, { "name": "RHSA-2013:1824", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-1824.html" }, { "name": "HPSBMU03112", "refsource": "HP", "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04463322" }, { "name": "openSUSE-SU-2013:1964", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00126.html" }, { "name": "http://forums.interworx.com/threads/8000-InterWorx-Version-5-0-14-Released-on-Beta-Channel!", "refsource": "CONFIRM", "url": "http://forums.interworx.com/threads/8000-InterWorx-Version-5-0-14-Released-on-Beta-Channel!" }, { "name": "59652", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59652" }, { "name": "64225", "refsource": "BID", "url": "http://www.securityfocus.com/bid/64225" }, { "name": "RHSA-2013:1826", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-1826.html" }, { "name": "http://support.apple.com/kb/HT6150", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT6150" }, { "name": "http://www.php.net/ChangeLog-5.php", "refsource": "CONFIRM", "url": "http://www.php.net/ChangeLog-5.php" }, { "name": "RHSA-2013:1815", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-1815.html" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1036830", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1036830" }, { "name": "openSUSE-SU-2013:1963", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00125.html" }, { "name": "RHSA-2013:1813", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-1813.html" }, { "name": "1029472", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1029472" }, { "name": "https://www.sektioneins.de/advisories/advisory-012013-php-openssl_x509_parse-memory-corruption-vulnerability.html", "refsource": "MISC", "url": "https://www.sektioneins.de/advisories/advisory-012013-php-openssl_x509_parse-memory-corruption-vulnerability.html" }, { "name": "SSRT101447", "refsource": "HP", "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04463322" }, { "name": "RHSA-2013:1825", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-1825.html" }, { "name": "USN-2055-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2055-1" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-6420", "datePublished": "2013-12-17T02:00:00", "dateReserved": "2013-11-04T00:00:00", "dateUpdated": "2024-08-06T17:39:01.267Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2013-4496 (GCVE-0-2013-4496)
Vulnerability from cvelistv5
Published
2014-03-14 10:00
Modified
2024-08-06 16:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Samba 3.x before 3.6.23, 4.0.x before 4.0.16, and 4.1.x before 4.1.6 does not enforce the password-guessing protection mechanism for all interfaces, which makes it easier for remote attackers to obtain access via brute-force ChangePasswordUser2 (1) SAMR or (2) RAP attempts.
References
URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T16:45:15.202Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.samba.org/samba/history/samba-4.1.6.html" }, { "name": "FEDORA-2014-9132", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.samba.org/show_bug.cgi?id=10245" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.samba.org/samba/security/CVE-2013-4496" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://advisories.mageia.org/MGASA-2014-0138.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.samba.org/samba/history/samba-4.0.16.html" }, { "name": "openSUSE-SU-2014:0405", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00063.html" }, { "name": "GLSA-201502-15", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-201502-15.xml" }, { "name": "FEDORA-2014-7672", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html" }, { "name": "MDVSA-2015:082", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:082" }, { "name": "openSUSE-SU-2016:1106", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html" }, { "name": "openSUSE-SU-2014:0404", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00062.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993" }, { "name": "openSUSE-SU-2016:1107", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html" }, { "name": "66336", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/66336" }, { "name": "RHSA-2014:0330", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0330.html" }, { "name": "USN-2156-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2156-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.samba.org/samba/history/samba-3.6.23.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-03-11T00:00:00", "descriptions": [ { "lang": "en", "value": "Samba 3.x before 3.6.23, 4.0.x before 4.0.16, and 4.1.x before 4.1.6 does not enforce the password-guessing protection mechanism for all interfaces, which makes it easier for remote attackers to obtain access via brute-force ChangePasswordUser2 (1) SAMR or (2) RAP attempts." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-05T14:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.samba.org/samba/history/samba-4.1.6.html" }, { "name": "FEDORA-2014-9132", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.samba.org/show_bug.cgi?id=10245" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.samba.org/samba/security/CVE-2013-4496" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://advisories.mageia.org/MGASA-2014-0138.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.samba.org/samba/history/samba-4.0.16.html" }, { "name": "openSUSE-SU-2014:0405", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00063.html" }, { "name": "GLSA-201502-15", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-201502-15.xml" }, { "name": "FEDORA-2014-7672", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html" }, { "name": "MDVSA-2015:082", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:082" }, { "name": "openSUSE-SU-2016:1106", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html" }, { "name": "openSUSE-SU-2014:0404", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00062.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993" }, { "name": "openSUSE-SU-2016:1107", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html" }, { "name": "66336", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/66336" }, { "name": "RHSA-2014:0330", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0330.html" }, { "name": "USN-2156-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2156-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.samba.org/samba/history/samba-3.6.23.html" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-4496", "datePublished": "2014-03-14T10:00:00", "dateReserved": "2013-06-12T00:00:00", "dateUpdated": "2024-08-06T16:45:15.202Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2006-4810 (GCVE-0-2006-4810)
Vulnerability from cvelistv5
Published
2006-11-08 21:00
Modified
2024-08-07 19:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in the readline function in util/texindex.c, as used by the (1) texi2dvi and (2) texindex commands, in texinfo 4.8 and earlier allows local users to execute arbitrary code via a crafted Texinfo file.
References
URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T19:23:41.175Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "22725", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22725" }, { "name": "MDKSA-2006:203", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:203" }, { "name": "RHSA-2006:0727", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2006-0727.html" }, { "name": "22777", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22777" }, { "name": "USN-379-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-379-1" }, { "name": "20959", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/20959" }, { "name": "22995", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22995" }, { "name": "ADV-2006-4412", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/4412" }, { "name": "20070404 VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/464745/100/0/threaded" }, { "name": "SUSE-SR:2006:028", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2006_28_sr.html" }, { "name": "23015", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23015" }, { "name": "ADV-2007-1267", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/1267" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://issues.rpath.com/browse/RPL-810" }, { "name": "GLSA-200611-16", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200611-16.xml" }, { "name": "23335", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23335" }, { "name": "23112", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23112" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/support/vi3/doc/esx-2559638-patch.html" }, { "name": "2006-0063", "tags": [ "vendor-advisory", "x_refsource_TRUSTIX", "x_transferred" ], "url": "http://www.trustix.org/errata/2006/0063/" }, { "name": "20061101-01-P", "tags": [ "vendor-advisory", "x_refsource_SGI", "x_transferred" ], "url": "ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P" }, { "name": "24788", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24788" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://cvs.savannah.gnu.org/viewcvs/texinfo/texinfo/util/texindex.c?r1=1.16\u0026r2=1.17" }, { "name": "20061127 rPSA-2006-0219-1 info install-info texinfo", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/452723/100/0/threaded" }, { "name": "22898", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22898" }, { "name": "22929", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22929" }, { "name": "oval:org.mitre.oval:def:10893", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10893" }, { "name": "texinfo-texindex-bo(30158)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30158" }, { "name": "OpenPKG-SA-2006.034", "tags": [ "vendor-advisory", "x_refsource_OPENPKG", "x_transferred" ], "url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.034-texinfo.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/support/vi3/doc/esx-1121906-patch.html" }, { "name": "22798", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22798" }, { "name": "DSA-1219", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2006/dsa-1219" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-11-08T00:00:00", "descriptions": [ { "lang": "en", "value": "Buffer overflow in the readline function in util/texindex.c, as used by the (1) texi2dvi and (2) texindex commands, in texinfo 4.8 and earlier allows local users to execute arbitrary code via a crafted Texinfo file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-17T20:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "22725", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22725" }, { "name": "MDKSA-2006:203", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:203" }, { "name": "RHSA-2006:0727", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2006-0727.html" }, { "name": "22777", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22777" }, { "name": "USN-379-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-379-1" }, { "name": "20959", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/20959" }, { "name": "22995", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22995" }, { "name": "ADV-2006-4412", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/4412" }, { "name": "20070404 VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/464745/100/0/threaded" }, { "name": "SUSE-SR:2006:028", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2006_28_sr.html" }, { "name": "23015", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23015" }, { "name": "ADV-2007-1267", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/1267" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://issues.rpath.com/browse/RPL-810" }, { "name": "GLSA-200611-16", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200611-16.xml" }, { "name": "23335", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23335" }, { "name": "23112", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23112" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/support/vi3/doc/esx-2559638-patch.html" }, { "name": "2006-0063", "tags": [ "vendor-advisory", "x_refsource_TRUSTIX" ], "url": "http://www.trustix.org/errata/2006/0063/" }, { "name": "20061101-01-P", "tags": [ "vendor-advisory", "x_refsource_SGI" ], "url": "ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P" }, { "name": "24788", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24788" }, { "tags": [ "x_refsource_MISC" ], "url": "http://cvs.savannah.gnu.org/viewcvs/texinfo/texinfo/util/texindex.c?r1=1.16\u0026r2=1.17" }, { "name": "20061127 rPSA-2006-0219-1 info install-info texinfo", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/452723/100/0/threaded" }, { "name": "22898", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22898" }, { "name": "22929", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22929" }, { "name": "oval:org.mitre.oval:def:10893", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10893" }, { "name": "texinfo-texindex-bo(30158)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30158" }, { "name": "OpenPKG-SA-2006.034", "tags": [ "vendor-advisory", "x_refsource_OPENPKG" ], "url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.034-texinfo.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/support/vi3/doc/esx-1121906-patch.html" }, { "name": "22798", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22798" }, { "name": "DSA-1219", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2006/dsa-1219" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2006-4810", "datePublished": "2006-11-08T21:00:00", "dateReserved": "2006-09-15T00:00:00", "dateUpdated": "2024-08-07T19:23:41.175Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2010-0205 (GCVE-0-2010-0205)
Vulnerability from cvelistv5
Published
2010-03-03 19:00
Modified
2024-08-07 00:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a "decompression bomb" attack.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T00:37:54.124Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/security/advisories/VMSA-2010-0014.html" }, { "name": "ADV-2010-0517", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/0517" }, { "name": "ADV-2010-0682", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/0682" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT4435" }, { "name": "62670", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/62670" }, { "name": "MDVSA-2010:063", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:063" }, { "name": "ADV-2010-0605", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/0605" }, { "name": "FEDORA-2010-3414", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037364.html" }, { "name": "ADV-2010-0626", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/0626" }, { "name": "ADV-2010-0686", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/0686" }, { "name": "39251", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/39251" }, { "name": "ADV-2010-1107", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/1107" }, { "name": "MDVSA-2010:064", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:064" }, { "name": "libpng-pngdecompresschunk-dos(56661)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56661" }, { "name": "SUSE-SR:2010:011", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html" }, { "name": "USN-913-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://ubuntu.com/usn/usn-913-1" }, { "name": "APPLE-SA-2010-11-10-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" }, { "name": "SUSE-SR:2010:013", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html" }, { "name": "DSA-2032", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2010/dsa-2032" }, { "name": "41574", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/41574" }, { "name": "[security-announce] 20100923 VMSA-2010-0014 VMware Workstation, Player, and ACE address several security issues", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://lists.vmware.com/pipermail/security-announce/2010/000105.html" }, { "name": "FEDORA-2010-3375", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037355.html" }, { "name": "38774", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/38774" }, { "name": "SUSE-SR:2010:012", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html" }, { "name": "ADV-2010-0637", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/0637" }, { "name": "VU#576029", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/576029" }, { "name": "FEDORA-2010-4683", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037607.html" }, { "name": "38478", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/38478" }, { "name": "ADV-2010-2491", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/2491" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://libpng.sourceforge.net/ADVISORY-1.4.1.html" }, { "name": "1023674", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1023674" }, { "name": "ADV-2010-0847", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/0847" }, { "name": "ADV-2010-0667", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/0667" }, { "name": "FEDORA-2010-2988", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037237.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://libpng.sourceforge.net/decompression_bombs.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2010-03-01T00:00:00", "descriptions": [ { "lang": "en", "value": "The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a \"decompression bomb\" attack." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-16T14:57:01", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/security/advisories/VMSA-2010-0014.html" }, { "name": "ADV-2010-0517", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/0517" }, { "name": "ADV-2010-0682", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/0682" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT4435" }, { "name": "62670", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/62670" }, { "name": "MDVSA-2010:063", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:063" }, { "name": "ADV-2010-0605", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/0605" }, { "name": "FEDORA-2010-3414", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037364.html" }, { "name": "ADV-2010-0626", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/0626" }, { "name": "ADV-2010-0686", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/0686" }, { "name": "39251", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/39251" }, { "name": "ADV-2010-1107", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/1107" }, { "name": "MDVSA-2010:064", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:064" }, { "name": "libpng-pngdecompresschunk-dos(56661)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56661" }, { "name": "SUSE-SR:2010:011", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html" }, { "name": "USN-913-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://ubuntu.com/usn/usn-913-1" }, { "name": "APPLE-SA-2010-11-10-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" }, { "name": "SUSE-SR:2010:013", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html" }, { "name": "DSA-2032", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2010/dsa-2032" }, { "name": "41574", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/41574" }, { "name": "[security-announce] 20100923 VMSA-2010-0014 VMware Workstation, Player, and ACE address several security issues", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://lists.vmware.com/pipermail/security-announce/2010/000105.html" }, { "name": "FEDORA-2010-3375", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037355.html" }, { "name": "38774", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/38774" }, { "name": "SUSE-SR:2010:012", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html" }, { "name": "ADV-2010-0637", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/0637" }, { "name": "VU#576029", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/576029" }, { "name": "FEDORA-2010-4683", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037607.html" }, { "name": "38478", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/38478" }, { "name": "ADV-2010-2491", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/2491" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://libpng.sourceforge.net/ADVISORY-1.4.1.html" }, { "name": "1023674", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1023674" }, { "name": "ADV-2010-0847", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/0847" }, { "name": "ADV-2010-0667", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/0667" }, { "name": "FEDORA-2010-2988", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037237.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://libpng.sourceforge.net/decompression_bombs.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cert@cert.org", "ID": "CVE-2010-0205", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a \"decompression bomb\" attack." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.vmware.com/security/advisories/VMSA-2010-0014.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2010-0014.html" }, { "name": "ADV-2010-0517", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/0517" }, { "name": "ADV-2010-0682", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/0682" }, { "name": "http://support.apple.com/kb/HT4435", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT4435" }, { "name": "62670", "refsource": "OSVDB", "url": "http://osvdb.org/62670" }, { "name": "MDVSA-2010:063", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:063" }, { "name": "ADV-2010-0605", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/0605" }, { "name": "FEDORA-2010-3414", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037364.html" }, { "name": "ADV-2010-0626", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/0626" }, { "name": "ADV-2010-0686", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/0686" }, { "name": "39251", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/39251" }, { "name": "ADV-2010-1107", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/1107" }, { "name": "MDVSA-2010:064", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:064" }, { "name": "libpng-pngdecompresschunk-dos(56661)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56661" }, { "name": "SUSE-SR:2010:011", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html" }, { "name": "USN-913-1", "refsource": "UBUNTU", "url": "http://ubuntu.com/usn/usn-913-1" }, { "name": "APPLE-SA-2010-11-10-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" }, { "name": "SUSE-SR:2010:013", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html" }, { "name": "DSA-2032", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2010/dsa-2032" }, { "name": "41574", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/41574" }, { "name": "[security-announce] 20100923 VMSA-2010-0014 VMware Workstation, Player, and ACE address several security issues", "refsource": "MLIST", "url": "http://lists.vmware.com/pipermail/security-announce/2010/000105.html" }, { "name": "FEDORA-2010-3375", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037355.html" }, { "name": "38774", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38774" }, { "name": "SUSE-SR:2010:012", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html" }, { "name": "ADV-2010-0637", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/0637" }, { "name": "VU#576029", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/576029" }, { "name": "FEDORA-2010-4683", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037607.html" }, { "name": "38478", "refsource": "BID", "url": "http://www.securityfocus.com/bid/38478" }, { "name": "ADV-2010-2491", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/2491" }, { "name": "http://libpng.sourceforge.net/ADVISORY-1.4.1.html", "refsource": "CONFIRM", "url": "http://libpng.sourceforge.net/ADVISORY-1.4.1.html" }, { "name": "1023674", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1023674" }, { "name": "ADV-2010-0847", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/0847" }, { "name": "ADV-2010-0667", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/0667" }, { "name": "FEDORA-2010-2988", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037237.html" }, { "name": "http://libpng.sourceforge.net/decompression_bombs.html", "refsource": "CONFIRM", "url": "http://libpng.sourceforge.net/decompression_bombs.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2010-0205", "datePublished": "2010-03-03T19:00:00", "dateReserved": "2010-01-06T00:00:00", "dateUpdated": "2024-08-07T00:37:54.124Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2013-0200 (GCVE-0-2013-0200)
Vulnerability from cvelistv5
Published
2013-03-06 20:00
Modified
2024-08-06 14:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
HP Linux Imaging and Printing (HPLIP) through 3.12.4 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/hpcupsfilterc_#.bmp, (2) /tmp/hpcupsfilterk_#.bmp, (3) /tmp/hpcups_job#.out, (4) /tmp/hpijs_#####.out, or (5) /tmp/hpps_job#.out temporary file, a different vulnerability than CVE-2011-2722.
References
URL | Tags | |||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T14:18:09.510Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "55083", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/55083" }, { "name": "USN-1981-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-1981-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "ftp://ftp.scientificlinux.org/linux/scientific/6x/SRPMS/vendor/hplip-3.12.4-4.el6.src.rpm" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=902163" }, { "name": "DSA-2829", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2013/dsa-2829" }, { "name": "MDVSA-2013:088", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:088" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://hplipopensource.com/hplip-web/release_notes.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0072" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-01-20T00:00:00", "descriptions": [ { "lang": "en", "value": "HP Linux Imaging and Printing (HPLIP) through 3.12.4 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/hpcupsfilterc_#.bmp, (2) /tmp/hpcupsfilterk_#.bmp, (3) /tmp/hpcups_job#.out, (4) /tmp/hpijs_#####.out, or (5) /tmp/hpps_job#.out temporary file, a different vulnerability than CVE-2011-2722." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2014-02-05T15:57:02", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "55083", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/55083" }, { "name": "USN-1981-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-1981-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "ftp://ftp.scientificlinux.org/linux/scientific/6x/SRPMS/vendor/hplip-3.12.4-4.el6.src.rpm" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=902163" }, { "name": "DSA-2829", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2013/dsa-2829" }, { "name": "MDVSA-2013:088", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:088" }, { "tags": [ "x_refsource_MISC" ], "url": "http://hplipopensource.com/hplip-web/release_notes.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0072" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-0200", "datePublished": "2013-03-06T20:00:00", "dateReserved": "2012-12-06T00:00:00", "dateUpdated": "2024-08-06T14:18:09.510Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2013-4242 (GCVE-0-2013-4242)
Vulnerability from cvelistv5
Published
2013-08-19 23:00
Modified
2024-08-06 16:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload.
References
URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T16:38:01.611Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" }, { "name": "DSA-2731", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2013/dsa-2731" }, { "name": "54332", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/54332" }, { "name": "54321", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/54321" }, { "name": "54375", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/54375" }, { "name": "openSUSE-SU-2013:1294", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00003.html" }, { "name": "61464", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/61464" }, { "name": "USN-1923-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-1923-1" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://eprint.iacr.org/2013/448" }, { "name": "[gnupg-announce] 20130725 [Announce] [security fix] GnuPG 1.4.14 released", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000330.html" }, { "name": "VU#976534", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/976534" }, { "name": "DSA-2730", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2013/dsa-2730" }, { "name": "RHSA-2013:1457", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1457.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717880" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705" }, { "name": "54318", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/54318" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-07-18T00:00:00", "descriptions": [ { "lang": "en", "value": "GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-12-06T18:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" }, { "name": "DSA-2731", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2013/dsa-2731" }, { "name": "54332", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/54332" }, { "name": "54321", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/54321" }, { "name": "54375", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/54375" }, { "name": "openSUSE-SU-2013:1294", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00003.html" }, { "name": "61464", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/61464" }, { "name": "USN-1923-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-1923-1" }, { "tags": [ "x_refsource_MISC" ], "url": "http://eprint.iacr.org/2013/448" }, { "name": "[gnupg-announce] 20130725 [Announce] [security fix] GnuPG 1.4.14 released", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000330.html" }, { "name": "VU#976534", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/976534" }, { "name": "DSA-2730", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2013/dsa-2730" }, { "name": "RHSA-2013:1457", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1457.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717880" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705" }, { "name": "54318", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/54318" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4242", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" }, { "name": "DSA-2731", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2013/dsa-2731" }, { "name": "54332", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/54332" }, { "name": "54321", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/54321" }, { "name": "54375", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/54375" }, { "name": "openSUSE-SU-2013:1294", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00003.html" }, { "name": "61464", "refsource": "BID", "url": "http://www.securityfocus.com/bid/61464" }, { "name": "USN-1923-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1923-1" }, { "name": "http://eprint.iacr.org/2013/448", "refsource": "MISC", "url": "http://eprint.iacr.org/2013/448" }, { "name": "[gnupg-announce] 20130725 [Announce] [security fix] GnuPG 1.4.14 released", "refsource": "MLIST", "url": "http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000330.html" }, { "name": "VU#976534", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/976534" }, { "name": "DSA-2730", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2013/dsa-2730" }, { "name": "RHSA-2013:1457", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-1457.html" }, { "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717880", "refsource": "MISC", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717880" }, { "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705", "refsource": "CONFIRM", "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705" }, { "name": "54318", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/54318" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-4242", "datePublished": "2013-08-19T23:00:00", "dateReserved": "2013-06-12T00:00:00", "dateUpdated": "2024-08-06T16:38:01.611Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2014-1943 (GCVE-0-2014-1943)
Vulnerability from cvelistv5
Published
2014-02-18 19:00
Modified
2024-08-06 09:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.
References
URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T09:58:15.828Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "openSUSE-SU-2014:0367", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00037.html" }, { "name": "[file] 20140211 segfault in magic_buffer", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://mx.gw.com/pipermail/file/2014/001330.html" }, { "name": "[file] 20142010 segfault in magic_buffer", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://mx.gw.com/pipermail/file/2014/001327.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.php.net/ChangeLog-5.php" }, { "name": "[file] 20140213 segfault in magic_buffer", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://mx.gw.com/pipermail/file/2014/001337.html" }, { "name": "openSUSE-SU-2014:0364", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00034.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT6443" }, { "name": "RHSA-2014:1765", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html" }, { "name": "[file] 20140211 segfault in magic_buffer", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://mx.gw.com/pipermail/file/2014/001334.html" }, { "name": "USN-2126-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2126-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/glensc/file/blob/FILE5_17/ChangeLog" }, { "name": "DSA-2868", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2014/dsa-2868" }, { "name": "USN-2123-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2123-1" }, { "name": "DSA-2861", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2014/dsa-2861" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-02-10T00:00:00", "descriptions": [ { "lang": "en", "value": "Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2014-11-13T13:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "openSUSE-SU-2014:0367", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00037.html" }, { "name": "[file] 20140211 segfault in magic_buffer", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://mx.gw.com/pipermail/file/2014/001330.html" }, { "name": "[file] 20142010 segfault in magic_buffer", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://mx.gw.com/pipermail/file/2014/001327.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.php.net/ChangeLog-5.php" }, { "name": "[file] 20140213 segfault in magic_buffer", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://mx.gw.com/pipermail/file/2014/001337.html" }, { "name": "openSUSE-SU-2014:0364", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00034.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT6443" }, { "name": "RHSA-2014:1765", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html" }, { "name": "[file] 20140211 segfault in magic_buffer", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://mx.gw.com/pipermail/file/2014/001334.html" }, { "name": "USN-2126-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2126-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/glensc/file/blob/FILE5_17/ChangeLog" }, { "name": "DSA-2868", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2014/dsa-2868" }, { "name": "USN-2123-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2123-1" }, { "name": "DSA-2861", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2014/dsa-2861" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-1943", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "openSUSE-SU-2014:0367", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00037.html" }, { "name": "[file] 20140211 segfault in magic_buffer", "refsource": "MLIST", "url": "http://mx.gw.com/pipermail/file/2014/001330.html" }, { "name": "[file] 20142010 segfault in magic_buffer", "refsource": "MLIST", "url": "http://mx.gw.com/pipermail/file/2014/001327.html" }, { "name": "http://www.php.net/ChangeLog-5.php", "refsource": "CONFIRM", "url": "http://www.php.net/ChangeLog-5.php" }, { "name": "[file] 20140213 segfault in magic_buffer", "refsource": "MLIST", "url": "http://mx.gw.com/pipermail/file/2014/001337.html" }, { "name": "openSUSE-SU-2014:0364", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00034.html" }, { "name": "http://support.apple.com/kb/HT6443", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT6443" }, { "name": "RHSA-2014:1765", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html" }, { "name": "[file] 20140211 segfault in magic_buffer", "refsource": "MLIST", "url": "http://mx.gw.com/pipermail/file/2014/001334.html" }, { "name": "USN-2126-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2126-1" }, { "name": "https://github.com/glensc/file/blob/FILE5_17/ChangeLog", "refsource": "CONFIRM", "url": "https://github.com/glensc/file/blob/FILE5_17/ChangeLog" }, { "name": "DSA-2868", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-2868" }, { "name": "USN-2123-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2123-1" }, { "name": "DSA-2861", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-2861" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-1943", "datePublished": "2014-02-18T19:00:00", "dateReserved": "2014-02-10T00:00:00", "dateUpdated": "2024-08-06T09:58:15.828Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2012-4037 (GCVE-0-2012-4037)
Vulnerability from cvelistv5
Published
2012-08-15 20:00
Modified
2024-08-06 20:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the web client in Transmission before 2.61 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) created by, or (3) name field in a torrent file.
References
URL | Tags | |||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T20:21:04.201Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.madirish.net/541" }, { "name": "50769", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/50769" }, { "name": "20120726 Transmission BitTorrent XSS Vulnerability", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-07/0349.html" }, { "name": "54705", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/54705" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://trac.transmissionbt.com/wiki/Changes#version-2.61" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://trac.transmissionbt.com/ticket/4979" }, { "name": "50027", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/50027" }, { "name": "USN-1584-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-1584-1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-07-26T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the web client in Transmission before 2.61 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) created by, or (3) name field in a torrent file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2012-10-30T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://www.madirish.net/541" }, { "name": "50769", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/50769" }, { "name": "20120726 Transmission BitTorrent XSS Vulnerability", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-07/0349.html" }, { "name": "54705", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/54705" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://trac.transmissionbt.com/wiki/Changes#version-2.61" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://trac.transmissionbt.com/ticket/4979" }, { "name": "50027", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/50027" }, { "name": "USN-1584-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-1584-1" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-4037", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the web client in Transmission before 2.61 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) created by, or (3) name field in a torrent file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.madirish.net/541", "refsource": "MISC", "url": "http://www.madirish.net/541" }, { "name": "50769", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/50769" }, { "name": "20120726 Transmission BitTorrent XSS Vulnerability", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-07/0349.html" }, { "name": "54705", "refsource": "BID", "url": "http://www.securityfocus.com/bid/54705" }, { "name": "https://trac.transmissionbt.com/wiki/Changes#version-2.61", "refsource": "CONFIRM", "url": "https://trac.transmissionbt.com/wiki/Changes#version-2.61" }, { "name": "https://trac.transmissionbt.com/ticket/4979", "refsource": "CONFIRM", "url": "https://trac.transmissionbt.com/ticket/4979" }, { "name": "50027", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/50027" }, { "name": "USN-1584-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1584-1" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-4037", "datePublished": "2012-08-15T20:00:00", "dateReserved": "2012-07-20T00:00:00", "dateUpdated": "2024-08-06T20:21:04.201Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2012-3544 (GCVE-0-2012-3544)
Vulnerability from cvelistv5
Published
2013-06-01 10:00
Modified
2024-08-06 20:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T20:13:50.140Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1378702" }, { "name": "59797", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/59797" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1378921" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://tomcat.apache.org/security-7.html" }, { "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1476592" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java?r1=1476592\u0026r2=1476591\u0026pathrev=1476592" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://tomcat.apache.org/security-6.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" }, { "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2014/Dec/23" }, { "name": "20130510 [SECURITY] CVE-2012-3544 Chunked transfer encoding extension size is not limited", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2013-05/0042.html" }, { "name": "USN-1841-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-1841-1" }, { "name": "64758", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/64758" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-05-10T00:00:00", "descriptions": [ { "lang": "en", "value": "Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-02-13T16:10:03", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1378702" }, { "name": "59797", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/59797" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1378921" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://tomcat.apache.org/security-7.html" }, { "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1476592" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java?r1=1476592\u0026r2=1476591\u0026pathrev=1476592" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://tomcat.apache.org/security-6.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" }, { "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2014/Dec/23" }, { "name": "20130510 [SECURITY] CVE-2012-3544 Chunked transfer encoding extension size is not limited", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2013-05/0042.html" }, { "name": "USN-1841-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-1841-1" }, { "name": "64758", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/64758" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-3544", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1378702", "refsource": "CONFIRM", "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1378702" }, { "name": "59797", "refsource": "BID", "url": "http://www.securityfocus.com/bid/59797" }, { "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1378921", "refsource": "CONFIRM", "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1378921" }, { "name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" }, { "name": "http://tomcat.apache.org/security-7.html", "refsource": "CONFIRM", "url": "http://tomcat.apache.org/security-7.html" }, { "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded" }, { "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1476592", "refsource": "CONFIRM", "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1476592" }, { "name": "http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java?r1=1476592\u0026r2=1476591\u0026pathrev=1476592", "refsource": "CONFIRM", "url": "http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java?r1=1476592\u0026r2=1476591\u0026pathrev=1476592" }, { "name": "http://tomcat.apache.org/security-6.html", "refsource": "CONFIRM", "url": "http://tomcat.apache.org/security-6.html" }, { "name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" }, { "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2014/Dec/23" }, { "name": "20130510 [SECURITY] CVE-2012-3544 Chunked transfer encoding extension size is not limited", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2013-05/0042.html" }, { "name": "USN-1841-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1841-1" }, { "name": "64758", "refsource": "BID", "url": "http://www.securityfocus.com/bid/64758" }, { "name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-3544", "datePublished": "2013-06-01T10:00:00", "dateReserved": "2012-06-14T00:00:00", "dateUpdated": "2024-08-06T20:13:50.140Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2014-0033 (GCVE-0-2014-0033)
Vulnerability from cvelistv5
Published
2014-02-26 11:00
Modified
2024-08-06 08:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
org/apache/catalina/connector/CoyoteAdapter.java in Apache Tomcat 6.0.33 through 6.0.37 does not consider the disableURLRewriting setting when handling a session ID in a URL, which allows remote attackers to conduct session fixation attacks via a crafted URL.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T08:58:26.560Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1069919" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1558822" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" }, { "name": "65769", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/65769" }, { "name": "DSA-3530", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3530" }, { "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677147" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231" }, { "name": "59722", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59722" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://tomcat.apache.org/security-6.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" }, { "name": "USN-2130-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2130-1" }, { "name": "59873", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59873" }, { "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2014/Dec/23" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675886" }, { "name": "59036", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59036" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-02-25T00:00:00", "descriptions": [ { "lang": "en", "value": "org/apache/catalina/connector/CoyoteAdapter.java in Apache Tomcat 6.0.33 through 6.0.37 does not consider the disableURLRewriting setting when handling a session ID in a URL, which allows remote attackers to conduct session fixation attacks via a crafted URL." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-02-13T16:09:44", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1069919" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1558822" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" }, { "name": "65769", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/65769" }, { "name": "DSA-3530", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3530" }, { "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677147" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231" }, { "name": "59722", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59722" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://tomcat.apache.org/security-6.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" }, { "name": "USN-2130-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2130-1" }, { "name": "59873", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59873" }, { "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2014/Dec/23" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675886" }, { "name": "59036", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59036" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-0033", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "org/apache/catalina/connector/CoyoteAdapter.java in Apache Tomcat 6.0.33 through 6.0.37 does not consider the disableURLRewriting setting when handling a session ID in a URL, which allows remote attackers to conduct session fixation attacks via a crafted URL." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1069919", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1069919" }, { "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1558822", "refsource": "CONFIRM", "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1558822" }, { "name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" }, { "name": "65769", "refsource": "BID", "url": "http://www.securityfocus.com/bid/65769" }, { "name": "DSA-3530", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3530" }, { "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21677147", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677147" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231" }, { "name": "59722", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59722" }, { "name": "http://tomcat.apache.org/security-6.html", "refsource": "CONFIRM", "url": "http://tomcat.apache.org/security-6.html" }, { "name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" }, { "name": "USN-2130-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2130-1" }, { "name": "59873", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59873" }, { "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2014/Dec/23" }, { "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21675886", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675886" }, { "name": "59036", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59036" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-0033", "datePublished": "2014-02-26T11:00:00", "dateReserved": "2013-12-03T00:00:00", "dateUpdated": "2024-08-06T08:58:26.560Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2013-1571 (GCVE-0-2013-1571)
Vulnerability from cvelistv5
Published
2013-06-18 22:00
Modified
2024-08-06 15:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Javadoc. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to frame injection in HTML that is generated by Javadoc.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T15:04:49.488Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2013:1060", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1060.html" }, { "name": "HPSBUX02908", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=137545592101387\u0026w=2" }, { "name": "RHSA-2014:0414", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2014:0414" }, { "name": "GLSA-201406-32", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" }, { "name": "SUSE-SU-2013:1257", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=973474" }, { "name": "HPSBUX02907", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=137545505800971\u0026w=2" }, { "name": "54154", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/54154" }, { "name": "RHSA-2013:1455", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html" }, { "name": "SSRT101305", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880" }, { "name": "oval:org.mitre.oval:def:17215", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17215" }, { "name": "oval:org.mitre.oval:def:19518", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19518" }, { "name": "HPSBUX02922", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880" }, { "name": "SUSE-SU-2013:1263", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html" }, { "name": "RHSA-2013:1059", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1059.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644197" }, { "name": "VU#225657", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/225657" }, { "name": "SUSE-SU-2013:1293", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html" }, { "name": "60634", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/60634" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/langtools/rev/17ee569d0c01" }, { "name": "RHSA-2013:1081", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1081.html" }, { "name": "TA13-169A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/ncas/alerts/TA13-169A" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://advisories.mageia.org/MGASA-2013-0185.html" }, { "name": "RHSA-2013:0963", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0963.html" }, { "name": "SUSE-SU-2013:1255", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html" }, { "name": "RHSA-2013:1456", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html" }, { "name": "oval:org.mitre.oval:def:19667", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19667" }, { "name": "MDVSA-2013:183", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:183" }, { "name": "oval:org.mitre.oval:def:19718", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19718" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21642336" }, { "name": "SUSE-SU-2013:1305", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[openoffice-commits] 20200305 svn commit: r1874832 - in /openoffice/ooo-site/trunk/content: download/checksums.html download/globalvars.js download/test/globalvars.js security/cves/CVE-2012-0037.html security/cves/CVE-2013-1571.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/re0504f08000df786e51795940501e81a5d0ae981ecca68141e87ece0%40%3Ccommits.openoffice.apache.org%3E" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-06-18T00:00:00", "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Javadoc. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to frame injection in HTML that is generated by Javadoc." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-03-05T13:06:06", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "RHSA-2013:1060", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1060.html" }, { "name": "HPSBUX02908", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=137545592101387\u0026w=2" }, { "name": "RHSA-2014:0414", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2014:0414" }, { "name": "GLSA-201406-32", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" }, { "name": "SUSE-SU-2013:1257", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=973474" }, { "name": "HPSBUX02907", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=137545505800971\u0026w=2" }, { "name": "54154", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/54154" }, { "name": "RHSA-2013:1455", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html" }, { "name": "SSRT101305", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880" }, { "name": "oval:org.mitre.oval:def:17215", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17215" }, { "name": "oval:org.mitre.oval:def:19518", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19518" }, { "name": "HPSBUX02922", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880" }, { "name": "SUSE-SU-2013:1263", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html" }, { "name": "RHSA-2013:1059", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1059.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644197" }, { "name": "VU#225657", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/225657" }, { "name": "SUSE-SU-2013:1293", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html" }, { "name": "60634", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/60634" }, { "tags": [ "x_refsource_MISC" ], "url": "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/langtools/rev/17ee569d0c01" }, { "name": "RHSA-2013:1081", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1081.html" }, { "name": "TA13-169A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/ncas/alerts/TA13-169A" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://advisories.mageia.org/MGASA-2013-0185.html" }, { "name": "RHSA-2013:0963", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0963.html" }, { "name": "SUSE-SU-2013:1255", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html" }, { "name": "RHSA-2013:1456", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html" }, { "name": "oval:org.mitre.oval:def:19667", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19667" }, { "name": "MDVSA-2013:183", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:183" }, { "name": "oval:org.mitre.oval:def:19718", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19718" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21642336" }, { "name": "SUSE-SU-2013:1305", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[openoffice-commits] 20200305 svn commit: r1874832 - in /openoffice/ooo-site/trunk/content: download/checksums.html download/globalvars.js download/test/globalvars.js security/cves/CVE-2012-0037.html security/cves/CVE-2013-1571.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/re0504f08000df786e51795940501e81a5d0ae981ecca68141e87ece0%40%3Ccommits.openoffice.apache.org%3E" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2013-1571", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unspecified vulnerability in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Javadoc. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to frame injection in HTML that is generated by Javadoc." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2013:1060", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-1060.html" }, { "name": "HPSBUX02908", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=137545592101387\u0026w=2" }, { "name": "RHSA-2014:0414", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2014:0414" }, { "name": "GLSA-201406-32", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" }, { "name": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" }, { "name": "SUSE-SU-2013:1257", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=973474", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=973474" }, { "name": "HPSBUX02907", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=137545505800971\u0026w=2" }, { "name": "54154", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/54154" }, { "name": "RHSA-2013:1455", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html" }, { "name": "SSRT101305", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880" }, { "name": "oval:org.mitre.oval:def:17215", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17215" }, { "name": "oval:org.mitre.oval:def:19518", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19518" }, { "name": "HPSBUX02922", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880" }, { "name": "SUSE-SU-2013:1263", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html" }, { "name": "RHSA-2013:1059", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-1059.html" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21644197", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644197" }, { "name": "VU#225657", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/225657" }, { "name": "SUSE-SU-2013:1293", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html" }, { "name": "60634", "refsource": "BID", "url": "http://www.securityfocus.com/bid/60634" }, { "name": "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/langtools/rev/17ee569d0c01", "refsource": "MISC", "url": "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/langtools/rev/17ee569d0c01" }, { "name": "RHSA-2013:1081", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-1081.html" }, { "name": "TA13-169A", "refsource": "CERT", "url": "http://www.us-cert.gov/ncas/alerts/TA13-169A" }, { "name": "http://advisories.mageia.org/MGASA-2013-0185.html", "refsource": "CONFIRM", "url": "http://advisories.mageia.org/MGASA-2013-0185.html" }, { "name": "RHSA-2013:0963", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-0963.html" }, { "name": "SUSE-SU-2013:1255", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html" }, { "name": "RHSA-2013:1456", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html" }, { "name": "oval:org.mitre.oval:def:19667", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19667" }, { "name": "MDVSA-2013:183", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:183" }, { "name": "oval:org.mitre.oval:def:19718", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19718" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21642336", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21642336" }, { "name": "SUSE-SU-2013:1305", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E" }, { "name": "[openoffice-commits] 20200305 svn commit: r1874832 - in /openoffice/ooo-site/trunk/content: download/checksums.html download/globalvars.js download/test/globalvars.js security/cves/CVE-2012-0037.html security/cves/CVE-2013-1571.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/re0504f08000df786e51795940501e81a5d0ae981ecca68141e87ece0@%3Ccommits.openoffice.apache.org%3E" } ] } } } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2013-1571", "datePublished": "2013-06-18T22:00:00", "dateReserved": "2013-01-30T00:00:00", "dateUpdated": "2024-08-06T15:04:49.488Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2013-4238 (GCVE-0-2013-4238)
Vulnerability from cvelistv5
Published
2013-08-18 01:00
Modified
2024-08-06 16:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T16:38:01.666Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2013:1582", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1582.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" }, { "name": "openSUSE-SU-2013:1463", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00043.html" }, { "name": "openSUSE-SU-2013:1440", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00029.html" }, { "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded" }, { "name": "DSA-2880", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2014/dsa-2880" }, { "name": "USN-1982-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-1982-1" }, { "name": "openSUSE-SU-2013:1437", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00026.html" }, { "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2014/Dec/23" }, { "name": "openSUSE-SU-2013:1462", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00042.html" }, { "name": "openSUSE-SU-2013:1438", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00027.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=996381" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://bugs.python.org/issue18709" }, { "name": "openSUSE-SU-2013:1439", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00028.html" }, { "name": "openSUSE-SU-2020:0086", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-08-15T00:00:00", "descriptions": [ { "lang": "en", "value": "The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a \u0027\\0\u0027 character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-01-21T21:06:34", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2013:1582", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1582.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" }, { "name": "openSUSE-SU-2013:1463", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00043.html" }, { "name": "openSUSE-SU-2013:1440", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00029.html" }, { "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded" }, { "name": "DSA-2880", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2014/dsa-2880" }, { "name": "USN-1982-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-1982-1" }, { "name": "openSUSE-SU-2013:1437", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00026.html" }, { "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2014/Dec/23" }, { "name": "openSUSE-SU-2013:1462", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00042.html" }, { "name": "openSUSE-SU-2013:1438", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00027.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=996381" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://bugs.python.org/issue18709" }, { "name": "openSUSE-SU-2013:1439", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00028.html" }, { "name": "openSUSE-SU-2020:0086", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-4238", "datePublished": "2013-08-18T01:00:00", "dateReserved": "2013-06-12T00:00:00", "dateUpdated": "2024-08-06T16:38:01.666Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2014-0098 (GCVE-0-2014-0098)
Vulnerability from cvelistv5
Published
2014-03-18 01:00
Modified
2024-08-06 09:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T09:05:38.970Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_input_validation_vulnerabilities_in1" }, { "name": "59315", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59315" }, { "name": "58230", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/58230" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/HT204659" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/loggers/mod_log_config.c" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://advisories.mageia.org/MGASA-2014-0135.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10698" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15320.html" }, { "name": "GLSA-201408-12", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-201408-12.xml" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676092" }, { "name": "58915", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/58915" }, { "name": "60536", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/60536" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://puppet.com/security/cve/cve-2014-0098" }, { "name": "66303", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/66303" }, { "name": "HPSBUX03102", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2" }, { "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" }, { "name": "HPSBUX03150", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=141390017113542\u0026w=2" }, { "name": "59219", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59219" }, { "name": "APPLE-SA-2014-10-16-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html" }, { "name": "59345", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59345" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" }, { "name": "APPLE-SA-2015-04-08-2", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT6535" }, { "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2014/Dec/23" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/loggers/mod_log_config.c?r1=1575394\u0026r2=1575400\u0026diff_format=h" }, { "name": "SSRT101681", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676091" }, { "name": "USN-2152-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2152-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.apache.org/dist/httpd/CHANGES_2.4.9" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21668973" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [9/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1888194 [9/13] - /httpd/site/trunk/content/security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [9/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210603 svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-03-17T00:00:00", "descriptions": [ { "lang": "en", "value": "The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-06T10:12:12", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_input_validation_vulnerabilities_in1" }, { "name": "59315", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59315" }, { "name": "58230", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/58230" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/HT204659" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/loggers/mod_log_config.c" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://advisories.mageia.org/MGASA-2014-0135.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10698" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15320.html" }, { "name": "GLSA-201408-12", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-201408-12.xml" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676092" }, { "name": "58915", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/58915" }, { "name": "60536", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/60536" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://puppet.com/security/cve/cve-2014-0098" }, { "name": "66303", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/66303" }, { "name": "HPSBUX03102", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2" }, { "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" }, { "name": "HPSBUX03150", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=141390017113542\u0026w=2" }, { "name": "59219", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59219" }, { "name": "APPLE-SA-2014-10-16-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html" }, { "name": "59345", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59345" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" }, { "name": "APPLE-SA-2015-04-08-2", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT6535" }, { "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2014/Dec/23" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/loggers/mod_log_config.c?r1=1575394\u0026r2=1575400\u0026diff_format=h" }, { "name": "SSRT101681", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676091" }, { "name": "USN-2152-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2152-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.apache.org/dist/httpd/CHANGES_2.4.9" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21668973" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [9/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1888194 [9/13] - /httpd/site/trunk/content/security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [9/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210603 svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-0098", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://blogs.oracle.com/sunsecurity/entry/multiple_input_validation_vulnerabilities_in1", "refsource": "CONFIRM", "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_input_validation_vulnerabilities_in1" }, { "name": "59315", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59315" }, { "name": "58230", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/58230" }, { "name": "https://support.apple.com/HT204659", "refsource": "CONFIRM", "url": "https://support.apple.com/HT204659" }, { "name": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/loggers/mod_log_config.c", "refsource": "CONFIRM", "url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/loggers/mod_log_config.c" }, { "name": "http://advisories.mageia.org/MGASA-2014-0135.html", "refsource": "CONFIRM", "url": "http://advisories.mageia.org/MGASA-2014-0135.html" }, { "name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" }, { "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10698", "refsource": "CONFIRM", "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10698" }, { "name": "http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES", "refsource": "CONFIRM", "url": "http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES" }, { "name": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15320.html", "refsource": "CONFIRM", "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15320.html" }, { "name": "GLSA-201408-12", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-201408-12.xml" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676092", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676092" }, { "name": "58915", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/58915" }, { "name": "60536", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/60536" }, { "name": "https://puppet.com/security/cve/cve-2014-0098", "refsource": "CONFIRM", "url": "https://puppet.com/security/cve/cve-2014-0098" }, { "name": "66303", "refsource": "BID", "url": "http://www.securityfocus.com/bid/66303" }, { "name": "HPSBUX03102", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2" }, { "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded" }, { "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" }, { "name": "HPSBUX03150", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=141390017113542\u0026w=2" }, { "name": "59219", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59219" }, { "name": "APPLE-SA-2014-10-16-1", "refsource": "APPLE", "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html" }, { "name": "59345", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59345" }, { "name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" }, { "name": "APPLE-SA-2015-04-08-2", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" }, { "name": "https://support.apple.com/kb/HT6535", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT6535" }, { "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2014/Dec/23" }, { "name": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/loggers/mod_log_config.c?r1=1575394\u0026r2=1575400\u0026diff_format=h", "refsource": "CONFIRM", "url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/loggers/mod_log_config.c?r1=1575394\u0026r2=1575400\u0026diff_format=h" }, { "name": "SSRT101681", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2" }, { "name": "https://httpd.apache.org/security/vulnerabilities_24.html", "refsource": "CONFIRM", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676091", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676091" }, { "name": "USN-2152-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2152-1" }, { "name": "http://www.apache.org/dist/httpd/CHANGES_2.4.9", "refsource": "CONFIRM", "url": "http://www.apache.org/dist/httpd/CHANGES_2.4.9" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21668973", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21668973" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [9/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1888194 [9/13] - /httpd/site/trunk/content/security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [9/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210603 svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-0098", "datePublished": "2014-03-18T01:00:00", "dateReserved": "2013-12-03T00:00:00", "dateUpdated": "2024-08-06T09:05:38.970Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…