var-200703-0007
Vulnerability from variot

Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache. A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system. Apache HTTP servers running with the Tomcat servlet container are prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting this issue allows attackers to access arbitrary files in the Tomcat webroot. This can expose sensitive information that could help the attacker launch further attacks. Versions in the 5.0 series prior to 5.5.22 and in the 6.0 series prior to 6.0.10 are vulnerable. Note that this vulnerability can only be exploited when using apache proxy modules like mod_proxy, mod_rewrite or mod_jk.

Workaround

There is no known workaround at this time.

Resolution

All Tomcat users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-servers/tomcat-5.5.22"

References

[ 1 ] CVE-2007-0450 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200705-03.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5 . Title: CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities

CA Advisory Reference: CA20090123-01

CA Advisory Date: 2009-01-23

Reported By: n/a

Impact: Refer to the CVE identifiers for details.

Summary: Multiple security risks exist in Apache Tomcat as included with CA Cohesion Application Configuration Manager. CA has issued an update to address the vulnerabilities. Refer to the References section for the full list of resolved issues by CVE identifier.

Mitigating Factors: None

Severity: CA has given these vulnerabilities a Medium risk rating.

Affected Products: CA Cohesion Application Configuration Manager 4.5

Non-Affected Products CA Cohesion Application Configuration Manager 4.5 SP1

Affected Platforms: Windows

Status and Recommendation: CA has issued the following update to address the vulnerabilities.

CA Cohesion Application Configuration Manager 4.5:

RO04648 https://support.ca.com/irj/portal/anonymous/redirArticles?reqPage=search &searchID=RO04648

How to determine if you are affected:

  1. Using Windows Explorer, locate the file "RELEASE-NOTES".
  2. By default, the file is located in the "C:\Program Files\CA\Cohesion\Server\server\" directory.
  3. Open the file with a text editor.
  4. If the version is less than 5.5.25, the installation is vulnerable.

Workaround: None

References (URLs may wrap): CA Support: http://support.ca.com/ CA20090123-01: Security Notice for Cohesion Tomcat https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=1975 40 Solution Document Reference APARs: RO04648 CA Security Response Blog posting: CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx Reported By: n/a CVE References: CVE-2005-2090 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2090 CVE-2005-3510 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3510 CVE-2006-3835 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3835 CVE-2006-7195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7195 CVE-2006-7196 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7196 CVE-2007-0450 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450 CVE-2007-1355 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1355 CVE-2007-1358 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1358 CVE-2007-1858 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1858 CVE-2007-2449 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2449 CVE-2007-2450 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2450 CVE-2007-3382 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3382 CVE-2007-3385 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385 CVE-2007-3386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3386 CVE-2008-0128 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0128 *Note: the issue was not completely fixed by Tomcat maintainers. OSVDB References: Pending http://osvdb.org/

Changelog for this advisory: v1.0 - Initial Release v1.1 - Updated Impact, Summary, Affected Products

Customers who require additional information should contact CA Technical Support at http://support.ca.com.

For technical questions or comments related to this advisory, please send email to vuln AT ca DOT com.

If you discover a vulnerability in CA products, please report your findings to the CA Product Vulnerability Response Team. https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=1777 82

Regards, Ken Williams, Director ; 0xE2941985 CA Product Vulnerability Response Team

CA, 1 CA Plaza, Islandia, NY 11749

Contact http://www.ca.com/us/contact/ Legal Notice http://www.ca.com/us/legal/ Privacy Policy http://www.ca.com/us/privacy/ Copyright (c) 2009 CA. All rights reserved. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c01178795 Version: 1

HPSBUX02262 SSRT071447 rev. 1 - HP-UX running Apache, Remote Arbitrary Code Execution, Cross Site Scripting (XSS)

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2007-10-02 Last Updated: 2007-10-02

Potential Security Impact: Remote arbitrary code execution, cross site scripting (XSS)

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Apache running on HP-UX. The vulnerabilities could be exploited remotely via Cross Site Scripting (XSS) to execute arbitrary code.

References: CVE-2005-2090, CVE-2006-5752, CVE-2007-0450, CVE-2007-0774, CVE-2007-1355, CVE-2007-1358, CVE-2007-1860, CVE-2007-1863, CVE-2007-1887, CVE-2007-1900, CVE-2007-2449, CVE-2007-2450, CVE-2007-2756, CVE-2007-2872, CVE-2007-3382, CVE-2007-3385, CVE-2007-3386.

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running Apache

BACKGROUND To determine if a system has an affected version, search the output of "swlist -a revision -l fileset" for an affected fileset. Then determine if the recommended patch or update is installed.

AFFECTED VERSIONS

For IPv4: HP-UX B.11.11 ============= hpuxwsAPACHE action: install revision A.2.0.59.00 or subsequent restart Apache URL: https://www.hp.com/go/softwaredepot/

For IPv6: HP-UX B.11.11 HP-UX B.11.23 HP-UX B.11.31 ============= hpuxwsAPACHE,revision=B.1.0.00.01 hpuxwsAPACHE,revision=B.1.0.07.01 hpuxwsAPACHE,revision=B.1.0.08.01 hpuxwsAPACHE,revision=B.1.0.09.01 hpuxwsAPACHE,revision=B.1.0.10.01 hpuxwsAPACHE,revision=B.2.0.48.00 hpuxwsAPACHE,revision=B.2.0.49.00 hpuxwsAPACHE,revision=B.2.0.50.00 hpuxwsAPACHE,revision=B.2.0.51.00 hpuxwsAPACHE,revision=B.2.0.52.00 hpuxwsAPACHE,revision=B.2.0.53.00 hpuxwsAPACHE,revision=B.2.0.54.00 hpuxwsAPACHE,revision=B.2.0.55.00 hpuxwsAPACHE,revision=B.2.0.56.00 hpuxwsAPACHE,revision=B.2.0.58.00 hpuxwsAPACHE,revision=B.2.0.58.01

action: install revision B.2.0.59.00 or subsequent restart Apache URL: https://www.hp.com/go/softwaredepot/

END AFFECTED VERSIONS

RESOLUTION HP has made the following available to resolve the vulnerability. HP-UX Apache-based Web Server v.2.18 powered by Apache Tomcat Webmin or subsequent. The update is available on https://www.hp.com/go/softwaredepot/ Note: HP-UX Apache-based Web Server v.2.18 powered by Apache Tomcat Webmin contains HP-UX Apache-based Web Server v.2.0.59.00.

MANUAL ACTIONS: Yes - Update Install HP-UX Apache-based Web Server v.2.18 powered by Apache Tomcat Webmin or subsequent.

PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all HP-issued Security Bulletins and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa

HISTORY Revision: 1 (rev.1) - 02 October 2007 Initial release

Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For further information, contact normal HP Services support channel.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key

Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.

To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

  • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

\xa9Copyright 2007 Hewlett-Packard Development Company, L.P.

Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: PGP 8.1

iQA/AwUBRwVCruAfOvwtKn1ZEQK1YgCfavU7x1Hs59uLdP26lpZFwMxKofIAn3gJ HHoe3AY1sc6hrW3Xk+B1hcbr =+E1W -----END PGP SIGNATURE----- .

Multiple cross-site scripting vulnerabilities in the Manager and Host Manager web applications allow remote authenticated users to inject arbitrary web script or HTML (CVE-2007-2450).

Tomcat treated single quotes as delimiters in cookies, which could cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks (CVE-2007-3382).

Tomcat did not properly handle the " character sequence in a cookie value, which could cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks (CVE-2007-3385).

A cross-site scripting vulnerability in the Host Manager servlet allowed remote attackers to inject arbitrary HTML and web script via crafted attacks (CVE-2007-3386).

The updated packages have been patched to correct these issues.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2449 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2450 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3382 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461


Updated Packages:

Mandriva Linux 2007.1: 2eaba952d2699868ef76ca11dc7743e2 2007.1/i586/tomcat5-5.5.17-6.2.4.1mdv2007.1.i586.rpm 037b18dda99d06be0b77f35964257902 2007.1/i586/tomcat5-admin-webapps-5.5.17-6.2.4.1mdv2007.1.i586.rpm d9e6c355370c0e3f9aebc7ba0edd99d5 2007.1/i586/tomcat5-common-lib-5.5.17-6.2.4.1mdv2007.1.i586.rpm fcb4fa36ea0926a0fbd92d1f9c9d9671 2007.1/i586/tomcat5-jasper-5.5.17-6.2.4.1mdv2007.1.i586.rpm fedd1a27a4f46d0d793c3ceb21a57246 2007.1/i586/tomcat5-jasper-javadoc-5.5.17-6.2.4.1mdv2007.1.i586.rpm ab5985c840c14c812b3e72dae54407f0 2007.1/i586/tomcat5-jsp-2.0-api-5.5.17-6.2.4.1mdv2007.1.i586.rpm 6266395d78af5f64ce7a150b9175fab7 2007.1/i586/tomcat5-jsp-2.0-api-javadoc-5.5.17-6.2.4.1mdv2007.1.i586.rpm 08335caaa65e97003aa67d465ce60ae1 2007.1/i586/tomcat5-server-lib-5.5.17-6.2.4.1mdv2007.1.i586.rpm 3a4f5995900419c7354804ae0dc548b6 2007.1/i586/tomcat5-servlet-2.4-api-5.5.17-6.2.4.1mdv2007.1.i586.rpm 0c27ba521cee0d06627f121df3a138c9 2007.1/i586/tomcat5-servlet-2.4-api-javadoc-5.5.17-6.2.4.1mdv2007.1.i586.rpm 07537a59d8549f412dc4c9a783f41177 2007.1/i586/tomcat5-webapps-5.5.17-6.2.4.1mdv2007.1.i586.rpm b55342a597ab506be934b6a73ed24005 2007.1/SRPMS/tomcat5-5.5.17-6.2.4.1mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64: aea539336fa58a995ae1411fe61934c2 2007.1/x86_64/tomcat5-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm 0225750a0d4ef032915783d0b29c1504 2007.1/x86_64/tomcat5-admin-webapps-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm 8223d038509a71f537f537909e9ef863 2007.1/x86_64/tomcat5-common-lib-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm dedd59d873c5bb4e608b1328595f2d98 2007.1/x86_64/tomcat5-jasper-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm c0ef0eda05488b8b571e6700a9365ea3 2007.1/x86_64/tomcat5-jasper-javadoc-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm 95dae961b82630d633fc3419383dbe4b 2007.1/x86_64/tomcat5-jsp-2.0-api-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm 41378a0106da001d545681c185b2f5c3 2007.1/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm 5448b57b7667414c12aabb1da5e528fa 2007.1/x86_64/tomcat5-server-lib-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm 9a277ae64587b81f61e8c118ba4d4571 2007.1/x86_64/tomcat5-servlet-2.4-api-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm 1be4b0eea59741ef7efb0f51f97e19c7 2007.1/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm d3965a643dbdc8e685ff4b5861877254 2007.1/x86_64/tomcat5-webapps-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm b55342a597ab506be934b6a73ed24005 2007.1/SRPMS/tomcat5-5.5.17-6.2.4.1mdv2007.1.src.rpm

Mandriva Linux 2008.0: 828e35db12f9dab3a5e63c475c289f88 2008.0/i586/tomcat5-5.5.23-9.2.10.1mdv2008.0.i586.rpm 5e98b01f16f8213db5e842dcb47e4e8b 2008.0/i586/tomcat5-admin-webapps-5.5.23-9.2.10.1mdv2008.0.i586.rpm fd483503d3f313775be4c098858a4e0d 2008.0/i586/tomcat5-common-lib-5.5.23-9.2.10.1mdv2008.0.i586.rpm 23dffdf05e1c50d5cfea045552c8f3bb 2008.0/i586/tomcat5-jasper-5.5.23-9.2.10.1mdv2008.0.i586.rpm 3da9fcc0e4c0c8366b676e0770b8fe7c 2008.0/i586/tomcat5-jasper-javadoc-5.5.23-9.2.10.1mdv2008.0.i586.rpm 03222fbcf7fad63aa6920d5d4ee55ee2 2008.0/i586/tomcat5-jsp-2.0-api-5.5.23-9.2.10.1mdv2008.0.i586.rpm 566362e78e6dd5f853b616204453aa0d 2008.0/i586/tomcat5-jsp-2.0-api-javadoc-5.5.23-9.2.10.1mdv2008.0.i586.rpm fd00fd2a4faa567523ba9ce959ad1efa 2008.0/i586/tomcat5-server-lib-5.5.23-9.2.10.1mdv2008.0.i586.rpm 8a8c1b69636876ac31b0968edce82d3f 2008.0/i586/tomcat5-servlet-2.4-api-5.5.23-9.2.10.1mdv2008.0.i586.rpm 85d0641840725e728f18cc86925d1923 2008.0/i586/tomcat5-servlet-2.4-api-javadoc-5.5.23-9.2.10.1mdv2008.0.i586.rpm 3e62b31a3fce47b8d7e2de2ecc7eb29d 2008.0/i586/tomcat5-webapps-5.5.23-9.2.10.1mdv2008.0.i586.rpm 9522ebba28176adf03d9a7b33fb526f8 2008.0/SRPMS/tomcat5-5.5.23-9.2.10.1mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64: a44ed55a6a2943e5ba39ea6473a2af27 2008.0/x86_64/tomcat5-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm 292e2c0a822a736fe85c498c17bb09c6 2008.0/x86_64/tomcat5-admin-webapps-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm c8ee3862233f323278d0b97a3f07a74d 2008.0/x86_64/tomcat5-common-lib-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm 0c944fe5d8725da8fd4e57e89539fa21 2008.0/x86_64/tomcat5-jasper-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm bcbb50b5978295bd40ec24212ca77a8a 2008.0/x86_64/tomcat5-jasper-javadoc-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm 472c0a30c7ad74c0cb63da51142de438 2008.0/x86_64/tomcat5-jsp-2.0-api-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm 10c6da9615553dc07e2f59d226f30a1d 2008.0/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm 53eba8a64c428e6e2a14e59095f958b4 2008.0/x86_64/tomcat5-server-lib-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm 8c6849bcca11457dffd03aa9c9e9a35f 2008.0/x86_64/tomcat5-servlet-2.4-api-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm b5b42989963c31f79a997c9c18ed4cb4 2008.0/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm 667a7b6fe2d3bc22ef64d87c2a6b9fe7 2008.0/x86_64/tomcat5-webapps-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm 9522ebba28176adf03d9a7b33fb526f8 2008.0/SRPMS/tomcat5-5.5.23-9.2.10.1mdv2008.0.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFHXZ68mqjQ0CJFipgRAhO2AKC+AwaCU8LmMtlbmj5Q9HgrOr3PTwCeMZo1 QKCxPSeNSXZPdPEE6c2TDyk= =z6UT -----END PGP SIGNATURE-----


Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ .


Bist Du interessiert an einem neuen Job in IT-Sicherheit?

Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/


TITLE: phpPgAds XML-RPC PHP Code Execution Vulnerability

SECUNIA ADVISORY ID: SA15884

VERIFY ADVISORY: http://secunia.com/advisories/15884/

CRITICAL: Highly critical

IMPACT: System access

WHERE:

From remote

SOFTWARE: phpPgAds 2.x http://secunia.com/product/4577/

DESCRIPTION: A vulnerability has been reported in phpPgAds, which can be exploited by malicious people to compromise a vulnerable system.

For more information: SA15852

SOLUTION: Update to version 2.0.5. http://sourceforge.net/project/showfiles.php?group_id=36679

OTHER REFERENCES: SA15852: http://secunia.com/advisories/15852/


About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


. Summary:

Updated Tomcat and Java JRE packages for VirtualCenter 2.0.2, ESX Server 3.0.2, and ESX 3.0.1. Relevant releases:

VirtualCenter Management Server 2 ESX Server 3.0.2 without patch ESX-1002434 ESX Server 3.0.1 without patch ESX-1003176

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2005-2090, CVE-2006-7195, and CVE-2007-0450 to these issues.

JRE Security Update This release of VirtualCenter Server updates the JRE package from 1.5.0_7 to 1.5.0_12, which addresses a security issue that existed in the earlier release of JRE.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-3004 to this issue.

     Security best practices provided by VMware recommend that the
     service console be isolated from the VM network. Please see
     http://www.vmware.com/resources/techresources/726 for more
     information on VMware security best practices. Solution:

Please review the Patch notes for your product and version and verify the md5sum of your downloaded file.

VMware VirtualCenter 2.0.2 Update 2 Release Notes http://www.vmware.com/support/vi3/doc/releasenotes_vc202u2.html

VirtualCenter CD image md5sum d7d98a5d7f8afff32cee848f860d3ba7

VirtualCenter as Zip md5sum 3b42ec350121659e10352ca2d76e212b

ESX Server 3.0.2 http://kb.vmware.com/kb/1002434 md5sum: 2f52251f6ace3d50934344ef313539d5

ESX Server 3.0.1 http://kb.vmware.com/kb/1003176 md5sum: 5674ca0dcfac90726014cc316444996e

  1. Contact:

E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

  • security-announce@lists.vmware.com
  • bugtraq@securityfocus.com
  • full-disclosure@lists.grok.org.uk

E-mail: security@vmware.com

Security web site http://www.vmware.com/security

VMware security response policy http://www.vmware.com/support/policies/security_response.html

General support life cycle policy http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html

Copyright 2008 VMware Inc

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200703-0007",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "tomcat",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apache",
        "version": "5.5.22"
      },
      {
        "model": "tomcat",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apache",
        "version": "5.0.0"
      },
      {
        "model": "tomcat",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apache",
        "version": "6.0.10"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": null
      },
      {
        "model": "tomcat",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apache",
        "version": "6.0.0"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "drupal",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gentoo linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mandriva",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "pear xml rpc",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "phpxmlrpc",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "postnuke",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "serendipity",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "trustix secure linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ubuntu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "wordpress",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "xoops",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "phpmyfaq",
        "version": null
      },
      {
        "model": "tomcat",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "apache",
        "version": "4.0.6"
      },
      {
        "model": "tomcat",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "apache",
        "version": "4.1.34"
      },
      {
        "model": "tomcat",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "apache",
        "version": "5.0.30"
      },
      {
        "model": "tomcat",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "apache",
        "version": "5.5.21"
      },
      {
        "model": "tomcat",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "apache",
        "version": "6.0.9"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "2.0"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "2.1"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "10 (sparc)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "10 (x86)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "9 (sparc)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "9 (x86)"
      },
      {
        "model": "interscan messaging security suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "trend micro",
        "version": "- 7.x"
      },
      {
        "model": "trendmicro interscan messaging security appliance",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "trend micro",
        "version": "- 7.x"
      },
      {
        "model": "trendmicro interscan web security appliance",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "trend micro",
        "version": "- 3.x"
      },
      {
        "model": "trendmicro interscan web security suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "trend micro",
        "version": "- 2.x"
      },
      {
        "model": "trendmicro interscan web security suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "trend micro",
        "version": "- 3.x"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.11"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.23"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.31"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "5 (server)"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "5.0 (client)"
      },
      {
        "model": "rhel desktop workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "5 (client)"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "enterprise edition v4.x/v5.x"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "standard edition v4.x/v5.x"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "standard-j edition v4.x/v5.x"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "uddi registry v1.1 ~ v2.1"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "web edition v4.x/v5.x"
      },
      {
        "model": "interstage application framework suite",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage application server",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage apworks",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage business application server",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage job workload server",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage studio",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage web server",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apache",
        "version": "5.5.7"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apache",
        "version": "5.5.5"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apache",
        "version": "win32"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apache",
        "version": "5.5.4"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apache",
        "version": "5.5.2"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apache",
        "version": "5.0.28"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apache",
        "version": "5.5.6"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apache",
        "version": "5.0.19"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apache",
        "version": "5.5.3"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apache",
        "version": "5.5.0"
      },
      {
        "model": "virtualcenter management server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0.2"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0.1"
      },
      {
        "model": "linux enterprise server sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "9"
      },
      {
        "model": "linux enterprise server sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "9"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "9"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "8"
      },
      {
        "model": "linux enterprise server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "linux enterprise sdk 10.sp1",
        "scope": null,
        "trust": 0.3,
        "vendor": "suse",
        "version": null
      },
      {
        "model": "linux enterprise sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "linux enterprise desktop sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "linux enterprise desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10.2"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10.2"
      },
      {
        "model": "solaris 9 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "solaris 9 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "solaris 10 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "solaris 10 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "unitedlinux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "suse linux standard server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "suse linux school server for i386",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "suse linux retail solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "suse linux openexchange server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "4.0"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.2"
      },
      {
        "model": "open-enterprise-server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "open-enterprise-server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "0"
      },
      {
        "model": "novell linux pos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9"
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "linux professional oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.2"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "linux personal oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.2"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1x86-64"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1x86"
      },
      {
        "model": "linux ppc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0x86-64"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0x86"
      },
      {
        "model": "linux ppc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)4.2"
      },
      {
        "model": "enterprise linux virtualization server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "enterprise linux optional productivity application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "enterprise linux hardware certification",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "enterprise linux desktop workstation client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "enterprise linux desktop multi os client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "enterprise linux clustering server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "enterprise linux cluster-storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "certificate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7.3"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "5.0"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4.2"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4.1"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4.0"
      },
      {
        "model": "hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3)4.2"
      },
      {
        "model": "hat enterprise linux supplementary server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "5"
      },
      {
        "model": "hat enterprise linux desktop supplementary client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "5"
      },
      {
        "model": "hat enterprise linux desktop client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "5"
      },
      {
        "model": "hat enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "5"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2008.0"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2008.0"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.1"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.1"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "interstage studio standard-j edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.0"
      },
      {
        "model": "interstage studio standard-j edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "8.0.1"
      },
      {
        "model": "interstage studio enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.0"
      },
      {
        "model": "interstage studio enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "8.0.1"
      },
      {
        "model": "interstage job workload server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "8.1"
      },
      {
        "model": "interstage business application server enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "8.0.0"
      },
      {
        "model": "interstage apworks modelers-j edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "7.0"
      },
      {
        "model": "interstage apworks modelers-j edition 6.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage apworks modelers-j edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "6.0"
      },
      {
        "model": "interstage application server standard-j edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.0"
      },
      {
        "model": "interstage application server standard-j edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "8.0.3"
      },
      {
        "model": "interstage application server standard-j edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "8.0.2"
      },
      {
        "model": "interstage application server standard-j edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "8.0"
      },
      {
        "model": "interstage application server plus developer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "6.0"
      },
      {
        "model": "interstage application server plus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "7.0"
      },
      {
        "model": "interstage application server enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.0"
      },
      {
        "model": "interstage application server enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "8.0.3"
      },
      {
        "model": "interstage application server enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "8.0.2"
      },
      {
        "model": "interstage application server enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "8.0"
      },
      {
        "model": "interstage application server enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "7.0.1"
      },
      {
        "model": "interstage application server enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "7.0"
      },
      {
        "model": "interstage application server enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "6.0"
      },
      {
        "model": "associates cohesion application configuration manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "4.5"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.0"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.10"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.10"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "software foundation tomcat",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "6.0.9"
      },
      {
        "model": "software foundation tomcat",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "6.0.8"
      },
      {
        "model": "software foundation tomcat",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "6.0.7"
      },
      {
        "model": "software foundation tomcat",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "6.0.6"
      },
      {
        "model": "software foundation tomcat",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "6.0.5"
      },
      {
        "model": "software foundation tomcat",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "6.0.4"
      },
      {
        "model": "software foundation tomcat",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "6.0.3"
      },
      {
        "model": "software foundation tomcat",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "6.0.2"
      },
      {
        "model": "software foundation tomcat",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "6.0.1"
      },
      {
        "model": "software foundation tomcat",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "5.5.22"
      },
      {
        "model": "software foundation tomcat",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "5.5.21"
      },
      {
        "model": "software foundation tomcat",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "5.5.20"
      },
      {
        "model": "software foundation tomcat",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "5.5.19"
      },
      {
        "model": "software foundation tomcat",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "5.5.18"
      },
      {
        "model": "software foundation tomcat",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "5.5.17"
      },
      {
        "model": "software foundation tomcat",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "5.5.16"
      },
      {
        "model": "software foundation tomcat",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "5.5.15"
      },
      {
        "model": "software foundation tomcat",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "5.5.14"
      },
      {
        "model": "software foundation tomcat",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "5.5.13"
      },
      {
        "model": "software foundation tomcat",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "5.5.12"
      },
      {
        "model": "software foundation tomcat",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "5.5.11"
      },
      {
        "model": "software foundation tomcat",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "5.5.10"
      },
      {
        "model": "software foundation tomcat",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "5.5.9"
      },
      {
        "model": "software foundation tomcat",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "5.5.8"
      },
      {
        "model": "software foundation tomcat",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "5.5.7"
      },
      {
        "model": "software foundation tomcat",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "5.5.6"
      },
      {
        "model": "software foundation tomcat",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "5.5.5"
      },
      {
        "model": "software foundation tomcat",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "5.5.4"
      },
      {
        "model": "software foundation tomcat",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "5.5.3"
      },
      {
        "model": "software foundation tomcat",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "5.5.2"
      },
      {
        "model": "software foundation tomcat",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "5.5.1"
      },
      {
        "model": "software foundation tomcat",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "5.5"
      },
      {
        "model": "software foundation tomcat",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "5.4"
      },
      {
        "model": "software foundation tomcat",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "5.3"
      },
      {
        "model": "software foundation tomcat",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "5.2"
      },
      {
        "model": "software foundation tomcat",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "5.1"
      },
      {
        "model": "software foundation tomcat",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "5.0"
      },
      {
        "model": "associates cohesion application configuration manager sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "computer",
        "version": "4.5"
      },
      {
        "model": "software foundation tomcat",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apache",
        "version": "6.0.10"
      },
      {
        "model": "software foundation tomcat",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apache",
        "version": "5.5.23"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#442845"
      },
      {
        "db": "BID",
        "id": "22960"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000217"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200703-400"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0450"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:apache:tomcat",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:sun:solaris",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:trendmicro:interscan_messaging_security_suite",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:trendmicro:interscan_messaging_security_appliance",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:trendmicro:interscan_web_security_appliance",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:trendmicro:interscan_web_security_suite",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:hp:hp-ux",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:redhat:enterprise_linux",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:redhat:rhel_desktop_workstation",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:nec:webotx_application_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage_application_framework_suite",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage_application_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage_apworks",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage_job_workload_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage_studio",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage_web_server",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000217"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "David Matscheko",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200703-400"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2007-0450",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2007-0450",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2007-0450",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#442845",
            "trust": 0.8,
            "value": "20.75"
          },
          {
            "author": "NVD",
            "id": "CVE-2007-0450",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200703-400",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2007-0450",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#442845"
      },
      {
        "db": "VULMON",
        "id": "CVE-2007-0450"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000217"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200703-400"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0450"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) \"/\" (slash), (2) \"\\\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache. A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system. Apache HTTP servers running with the Tomcat servlet container are prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. \nExploiting this issue allows attackers to access arbitrary files in the Tomcat webroot. This can expose sensitive information that could help the attacker launch further attacks. \nVersions in the 5.0 series prior to 5.5.22 and in the 6.0 series prior to 6.0.10 are vulnerable. Note that this vulnerability can only be exploited when using\napache proxy modules like mod_proxy, mod_rewrite or mod_jk. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Tomcat users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=www-servers/tomcat-5.5.22\"\n\nReferences\n==========\n\n  [ 1 ] CVE-2007-0450\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n  http://security.gentoo.org/glsa/glsa-200705-03.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2007 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. Title: CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities\n\n\nCA Advisory Reference: CA20090123-01\n\n\nCA Advisory Date: 2009-01-23\n\n\nReported By: n/a\n\n\nImpact: Refer to the CVE identifiers for details. \n\n\nSummary: Multiple security risks exist in Apache Tomcat as \nincluded with CA Cohesion Application Configuration Manager. CA \nhas issued an update to address the vulnerabilities. Refer to the \nReferences section for the full list of resolved issues by CVE \nidentifier. \n\n\nMitigating Factors: None\n\n\nSeverity: CA has given these vulnerabilities a Medium risk rating. \n\n\nAffected Products:\nCA Cohesion Application Configuration Manager 4.5\n\n\nNon-Affected Products\nCA Cohesion Application Configuration Manager 4.5 SP1\n\n\nAffected Platforms:\nWindows\n\n\nStatus and Recommendation:\nCA has issued the following update to address the vulnerabilities. \n\nCA Cohesion Application Configuration Manager 4.5:\n\nRO04648\nhttps://support.ca.com/irj/portal/anonymous/redirArticles?reqPage=search\n\u0026searchID=RO04648\n\n\nHow to determine if you are affected:\n\n1. Using Windows Explorer, locate the file \"RELEASE-NOTES\". \n2. By default, the file is located in the \n   \"C:\\Program Files\\CA\\Cohesion\\Server\\server\\\" directory. \n3. Open the file with a text editor. \n4. If the version is less than 5.5.25, the installation is \n   vulnerable. \n\n\nWorkaround: None\n\n\nReferences (URLs may wrap):\nCA Support:\nhttp://support.ca.com/\nCA20090123-01: Security Notice for Cohesion Tomcat\nhttps://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=1975\n40\nSolution Document Reference APARs:\nRO04648\nCA Security Response Blog posting:\nCA20090123-01: Cohesion Tomcat Multiple Vulnerabilities\ncommunity.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx\nReported By: \nn/a\nCVE References:\nCVE-2005-2090\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2090\nCVE-2005-3510\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3510\nCVE-2006-3835\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3835\nCVE-2006-7195\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7195\nCVE-2006-7196\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7196\nCVE-2007-0450\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450\nCVE-2007-1355\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1355\nCVE-2007-1358\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1358\nCVE-2007-1858\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1858\nCVE-2007-2449\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2449\nCVE-2007-2450\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2450\nCVE-2007-3382\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3382\nCVE-2007-3385 *\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385\nCVE-2007-3386\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3386\nCVE-2008-0128\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0128\n*Note: the issue was not completely fixed by Tomcat maintainers. \nOSVDB References: Pending\nhttp://osvdb.org/\n\n\nChangelog for this advisory:\nv1.0 - Initial Release\nv1.1 - Updated Impact, Summary, Affected Products\n\n\nCustomers who require additional information should contact CA\nTechnical Support at http://support.ca.com. \n\nFor technical questions or comments related to this advisory, \nplease send email to vuln AT ca DOT com. \n\nIf you discover a vulnerability in CA products, please report your \nfindings to the CA Product Vulnerability Response Team. \nhttps://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=1777\n82\n\n\nRegards,\nKen Williams, Director ; 0xE2941985\nCA Product Vulnerability Response Team\n\n\nCA, 1 CA Plaza, Islandia, NY 11749\n\t\nContact http://www.ca.com/us/contact/\nLegal Notice http://www.ca.com/us/legal/\nPrivacy Policy http://www.ca.com/us/privacy/\nCopyright (c) 2009 CA. All rights reserved. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c01178795\nVersion: 1\n\nHPSBUX02262 SSRT071447 rev. 1 - HP-UX running Apache, Remote Arbitrary Code Execution, Cross Site Scripting (XSS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2007-10-02\nLast Updated: 2007-10-02\n\nPotential Security Impact: Remote arbitrary code execution, cross site scripting (XSS)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with Apache running on HP-UX. The vulnerabilities could be exploited remotely via Cross Site Scripting (XSS) to execute arbitrary code. \n\nReferences: CVE-2005-2090, CVE-2006-5752, CVE-2007-0450, CVE-2007-0774, CVE-2007-1355, CVE-2007-1358, CVE-2007-1860, CVE-2007-1863, CVE-2007-1887, CVE-2007-1900, CVE-2007-2449, CVE-2007-2450, CVE-2007-2756, CVE-2007-2872, CVE-2007-3382, CVE-2007-3385, CVE-2007-3386. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, B.11.31 running Apache\n\nBACKGROUND\nTo determine if a system has an affected version, search the output of \"swlist -a revision -l fileset\" for an affected fileset. Then determine if the recommended patch or update is installed. \n\nAFFECTED VERSIONS \n\nFor IPv4: \nHP-UX B.11.11 \n============= \nhpuxwsAPACHE \naction: install revision A.2.0.59.00 or subsequent \nrestart Apache \nURL: https://www.hp.com/go/softwaredepot/ \n\nFor IPv6: \nHP-UX B.11.11 \nHP-UX B.11.23 \nHP-UX B.11.31 \n============= \nhpuxwsAPACHE,revision=B.1.0.00.01 \nhpuxwsAPACHE,revision=B.1.0.07.01 \nhpuxwsAPACHE,revision=B.1.0.08.01 \nhpuxwsAPACHE,revision=B.1.0.09.01 \nhpuxwsAPACHE,revision=B.1.0.10.01 \nhpuxwsAPACHE,revision=B.2.0.48.00 \nhpuxwsAPACHE,revision=B.2.0.49.00 \nhpuxwsAPACHE,revision=B.2.0.50.00 \nhpuxwsAPACHE,revision=B.2.0.51.00 \nhpuxwsAPACHE,revision=B.2.0.52.00 \nhpuxwsAPACHE,revision=B.2.0.53.00 \nhpuxwsAPACHE,revision=B.2.0.54.00 \nhpuxwsAPACHE,revision=B.2.0.55.00 \nhpuxwsAPACHE,revision=B.2.0.56.00 \nhpuxwsAPACHE,revision=B.2.0.58.00 \nhpuxwsAPACHE,revision=B.2.0.58.01 \n\naction: install revision B.2.0.59.00 or subsequent \nrestart Apache \nURL: https://www.hp.com/go/softwaredepot/ \n\nEND AFFECTED VERSIONS \n\n\nRESOLUTION\nHP has made the following available to resolve the vulnerability. \nHP-UX Apache-based Web Server v.2.18 powered by Apache Tomcat Webmin or subsequent. \nThe update is available on https://www.hp.com/go/softwaredepot/ \nNote: HP-UX Apache-based Web Server v.2.18 powered by Apache Tomcat Webmin contains HP-UX Apache-based Web Server v.2.0.59.00. \n\nMANUAL ACTIONS: Yes - Update \nInstall HP-UX Apache-based Web Server v.2.18 powered by Apache Tomcat Webmin or subsequent. \n\nPRODUCT SPECIFIC INFORMATION \nHP-UX Software Assistant: \nHP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all HP-issued Security Bulletins and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. \nFor more information see: https://www.hp.com/go/swa \n\nHISTORY \nRevision: 1 (rev.1) - 02 October 2007 Initial release \n\nThird Party Security Patches: \nThird party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com \nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com \n  Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email: \nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC \nOn the web page: ITRC security bulletins and patch sign-up \nUnder Step1: your ITRC security bulletins and patches \n  - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems \n  - verify your operating system selections are checked and save. \n\n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php \nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do \n\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: \n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 8.1\n\niQA/AwUBRwVCruAfOvwtKn1ZEQK1YgCfavU7x1Hs59uLdP26lpZFwMxKofIAn3gJ\nHHoe3AY1sc6hrW3Xk+B1hcbr\n=+E1W\n-----END PGP SIGNATURE-----\n. \n \n Multiple cross-site scripting vulnerabilities in the Manager and Host\n Manager web applications allow remote authenticated users to inject\n arbitrary web script or HTML (CVE-2007-2450). \n \n Tomcat treated single quotes as delimiters in cookies, which could\n cause sensitive information such as session IDs to be leaked and allow\n remote attackers to conduct session hijacking attacks (CVE-2007-3382). \n \n Tomcat did not properly handle the \" character sequence in a cookie\n value, which could cause sensitive information such as session IDs\n to be leaked and allow remote attackers to conduct session hijacking\n attacks (CVE-2007-3385). \n \n A cross-site scripting vulnerability in the Host Manager servlet\n allowed remote attackers to inject arbitrary HTML and web script via\n crafted attacks (CVE-2007-3386). \n \n The updated packages have been patched to correct these issues. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2449\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2450\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3382\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3386\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2007.1:\n 2eaba952d2699868ef76ca11dc7743e2  2007.1/i586/tomcat5-5.5.17-6.2.4.1mdv2007.1.i586.rpm\n 037b18dda99d06be0b77f35964257902  2007.1/i586/tomcat5-admin-webapps-5.5.17-6.2.4.1mdv2007.1.i586.rpm\n d9e6c355370c0e3f9aebc7ba0edd99d5  2007.1/i586/tomcat5-common-lib-5.5.17-6.2.4.1mdv2007.1.i586.rpm\n fcb4fa36ea0926a0fbd92d1f9c9d9671  2007.1/i586/tomcat5-jasper-5.5.17-6.2.4.1mdv2007.1.i586.rpm\n fedd1a27a4f46d0d793c3ceb21a57246  2007.1/i586/tomcat5-jasper-javadoc-5.5.17-6.2.4.1mdv2007.1.i586.rpm\n ab5985c840c14c812b3e72dae54407f0  2007.1/i586/tomcat5-jsp-2.0-api-5.5.17-6.2.4.1mdv2007.1.i586.rpm\n 6266395d78af5f64ce7a150b9175fab7  2007.1/i586/tomcat5-jsp-2.0-api-javadoc-5.5.17-6.2.4.1mdv2007.1.i586.rpm\n 08335caaa65e97003aa67d465ce60ae1  2007.1/i586/tomcat5-server-lib-5.5.17-6.2.4.1mdv2007.1.i586.rpm\n 3a4f5995900419c7354804ae0dc548b6  2007.1/i586/tomcat5-servlet-2.4-api-5.5.17-6.2.4.1mdv2007.1.i586.rpm\n 0c27ba521cee0d06627f121df3a138c9  2007.1/i586/tomcat5-servlet-2.4-api-javadoc-5.5.17-6.2.4.1mdv2007.1.i586.rpm\n 07537a59d8549f412dc4c9a783f41177  2007.1/i586/tomcat5-webapps-5.5.17-6.2.4.1mdv2007.1.i586.rpm \n b55342a597ab506be934b6a73ed24005  2007.1/SRPMS/tomcat5-5.5.17-6.2.4.1mdv2007.1.src.rpm\n\n Mandriva Linux 2007.1/X86_64:\n aea539336fa58a995ae1411fe61934c2  2007.1/x86_64/tomcat5-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm\n 0225750a0d4ef032915783d0b29c1504  2007.1/x86_64/tomcat5-admin-webapps-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm\n 8223d038509a71f537f537909e9ef863  2007.1/x86_64/tomcat5-common-lib-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm\n dedd59d873c5bb4e608b1328595f2d98  2007.1/x86_64/tomcat5-jasper-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm\n c0ef0eda05488b8b571e6700a9365ea3  2007.1/x86_64/tomcat5-jasper-javadoc-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm\n 95dae961b82630d633fc3419383dbe4b  2007.1/x86_64/tomcat5-jsp-2.0-api-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm\n 41378a0106da001d545681c185b2f5c3  2007.1/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm\n 5448b57b7667414c12aabb1da5e528fa  2007.1/x86_64/tomcat5-server-lib-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm\n 9a277ae64587b81f61e8c118ba4d4571  2007.1/x86_64/tomcat5-servlet-2.4-api-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm\n 1be4b0eea59741ef7efb0f51f97e19c7  2007.1/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm\n d3965a643dbdc8e685ff4b5861877254  2007.1/x86_64/tomcat5-webapps-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm \n b55342a597ab506be934b6a73ed24005  2007.1/SRPMS/tomcat5-5.5.17-6.2.4.1mdv2007.1.src.rpm\n\n Mandriva Linux 2008.0:\n 828e35db12f9dab3a5e63c475c289f88  2008.0/i586/tomcat5-5.5.23-9.2.10.1mdv2008.0.i586.rpm\n 5e98b01f16f8213db5e842dcb47e4e8b  2008.0/i586/tomcat5-admin-webapps-5.5.23-9.2.10.1mdv2008.0.i586.rpm\n fd483503d3f313775be4c098858a4e0d  2008.0/i586/tomcat5-common-lib-5.5.23-9.2.10.1mdv2008.0.i586.rpm\n 23dffdf05e1c50d5cfea045552c8f3bb  2008.0/i586/tomcat5-jasper-5.5.23-9.2.10.1mdv2008.0.i586.rpm\n 3da9fcc0e4c0c8366b676e0770b8fe7c  2008.0/i586/tomcat5-jasper-javadoc-5.5.23-9.2.10.1mdv2008.0.i586.rpm\n 03222fbcf7fad63aa6920d5d4ee55ee2  2008.0/i586/tomcat5-jsp-2.0-api-5.5.23-9.2.10.1mdv2008.0.i586.rpm\n 566362e78e6dd5f853b616204453aa0d  2008.0/i586/tomcat5-jsp-2.0-api-javadoc-5.5.23-9.2.10.1mdv2008.0.i586.rpm\n fd00fd2a4faa567523ba9ce959ad1efa  2008.0/i586/tomcat5-server-lib-5.5.23-9.2.10.1mdv2008.0.i586.rpm\n 8a8c1b69636876ac31b0968edce82d3f  2008.0/i586/tomcat5-servlet-2.4-api-5.5.23-9.2.10.1mdv2008.0.i586.rpm\n 85d0641840725e728f18cc86925d1923  2008.0/i586/tomcat5-servlet-2.4-api-javadoc-5.5.23-9.2.10.1mdv2008.0.i586.rpm\n 3e62b31a3fce47b8d7e2de2ecc7eb29d  2008.0/i586/tomcat5-webapps-5.5.23-9.2.10.1mdv2008.0.i586.rpm \n 9522ebba28176adf03d9a7b33fb526f8  2008.0/SRPMS/tomcat5-5.5.23-9.2.10.1mdv2008.0.src.rpm\n\n Mandriva Linux 2008.0/X86_64:\n a44ed55a6a2943e5ba39ea6473a2af27  2008.0/x86_64/tomcat5-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm\n 292e2c0a822a736fe85c498c17bb09c6  2008.0/x86_64/tomcat5-admin-webapps-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm\n c8ee3862233f323278d0b97a3f07a74d  2008.0/x86_64/tomcat5-common-lib-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm\n 0c944fe5d8725da8fd4e57e89539fa21  2008.0/x86_64/tomcat5-jasper-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm\n bcbb50b5978295bd40ec24212ca77a8a  2008.0/x86_64/tomcat5-jasper-javadoc-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm\n 472c0a30c7ad74c0cb63da51142de438  2008.0/x86_64/tomcat5-jsp-2.0-api-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm\n 10c6da9615553dc07e2f59d226f30a1d  2008.0/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm\n 53eba8a64c428e6e2a14e59095f958b4  2008.0/x86_64/tomcat5-server-lib-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm\n 8c6849bcca11457dffd03aa9c9e9a35f  2008.0/x86_64/tomcat5-servlet-2.4-api-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm\n b5b42989963c31f79a997c9c18ed4cb4  2008.0/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm\n 667a7b6fe2d3bc22ef64d87c2a6b9fe7  2008.0/x86_64/tomcat5-webapps-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm \n 9522ebba28176adf03d9a7b33fb526f8  2008.0/SRPMS/tomcat5-5.5.23-9.2.10.1mdv2008.0.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (GNU/Linux)\n\niD8DBQFHXZ68mqjQ0CJFipgRAhO2AKC+AwaCU8LmMtlbmj5Q9HgrOr3PTwCeMZo1\nQKCxPSeNSXZPdPEE6c2TDyk=\n=z6UT\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \n\n----------------------------------------------------------------------\n\nBist Du interessiert an einem neuen Job in IT-Sicherheit?\n\n\nSecunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-\nSicherheit:\nhttp://secunia.com/secunia_vacancies/\n\n----------------------------------------------------------------------\n\nTITLE:\nphpPgAds XML-RPC PHP Code Execution Vulnerability\n\nSECUNIA ADVISORY ID:\nSA15884\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/15884/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nphpPgAds 2.x\nhttp://secunia.com/product/4577/\n\nDESCRIPTION:\nA vulnerability has been reported in phpPgAds, which can be exploited\nby malicious people to compromise a vulnerable system. \n\nFor more information:\nSA15852\n\nSOLUTION:\nUpdate to version 2.0.5. \nhttp://sourceforge.net/project/showfiles.php?group_id=36679\n\nOTHER REFERENCES:\nSA15852:\nhttp://secunia.com/advisories/15852/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. Summary:\n\n   Updated Tomcat and Java JRE packages for VirtualCenter 2.0.2, ESX\n   Server 3.0.2, and ESX 3.0.1. Relevant releases:\n\n   VirtualCenter Management Server 2\n   ESX Server 3.0.2 without patch ESX-1002434\n   ESX Server 3.0.1 without patch ESX-1003176\n\n3. \n\n   The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n   assigned the names CVE-2005-2090, CVE-2006-7195, and CVE-2007-0450 to\n   these issues. \n\n   JRE Security Update\n   This release of VirtualCenter Server updates the JRE package from\n   1.5.0_7 to 1.5.0_12, which addresses a security issue that existed in\n   the earlier release of JRE. \n\n   The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n   assigned the name CVE-2007-3004 to this issue. \n\n         Security best practices provided by VMware recommend that the\n         service console be isolated from the VM network. Please see\n         http://www.vmware.com/resources/techresources/726 for more\n         information on VMware security best practices. Solution:\n\nPlease review the Patch notes for your product and version and verify\nthe md5sum of your downloaded file. \n\n   VMware VirtualCenter 2.0.2 Update 2 Release Notes\n   http://www.vmware.com/support/vi3/doc/releasenotes_vc202u2.html\n\n   VirtualCenter CD image\n   md5sum d7d98a5d7f8afff32cee848f860d3ba7\n\n   VirtualCenter as Zip\n   md5sum 3b42ec350121659e10352ca2d76e212b\n\n   ESX Server 3.0.2\n   http://kb.vmware.com/kb/1002434\n   md5sum: 2f52251f6ace3d50934344ef313539d5\n\n   ESX Server 3.0.1\n   http://kb.vmware.com/kb/1003176\n   md5sum: 5674ca0dcfac90726014cc316444996e\n\n5. Contact:\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n  * security-announce@lists.vmware.com\n  * bugtraq@securityfocus.com\n  * full-disclosure@lists.grok.org.uk\n\nE-mail:  security@vmware.com\n\nSecurity web site\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2008 VMware Inc",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-0450"
      },
      {
        "db": "CERT/CC",
        "id": "VU#442845"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000217"
      },
      {
        "db": "BID",
        "id": "22960"
      },
      {
        "db": "VULMON",
        "id": "CVE-2007-0450"
      },
      {
        "db": "PACKETSTORM",
        "id": "56411"
      },
      {
        "db": "PACKETSTORM",
        "id": "74289"
      },
      {
        "db": "PACKETSTORM",
        "id": "59939"
      },
      {
        "db": "PACKETSTORM",
        "id": "61679"
      },
      {
        "db": "PACKETSTORM",
        "id": "38390"
      },
      {
        "db": "PACKETSTORM",
        "id": "62402"
      }
    ],
    "trust": 3.24
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=29739",
        "trust": 0.1,
        "type": "exploit"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2007-0450"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2007-0450",
        "trust": 3.3
      },
      {
        "db": "BID",
        "id": "22960",
        "trust": 2.8
      },
      {
        "db": "SECUNIA",
        "id": "24732",
        "trust": 2.5
      },
      {
        "db": "SECUNIA",
        "id": "28365",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "30899",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "25106",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "26235",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "30908",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "27037",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "26660",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "33668",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "25280",
        "trust": 1.7
      },
      {
        "db": "SREASON",
        "id": "2446",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-1979",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-3386",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2732",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2009-0233",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0975",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-3087",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-0065",
        "trust": 1.7
      },
      {
        "db": "BID",
        "id": "25159",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "15884",
        "trust": 0.9
      },
      {
        "db": "SECUNIA",
        "id": "15810",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "15922",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "15852",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "15855",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "15861",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "15862",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "15872",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "15883",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "15895",
        "trust": 0.8
      },
      {
        "db": "BID",
        "id": "14088",
        "trust": 0.8
      },
      {
        "db": "SECTRACK",
        "id": "1014327",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#442845",
        "trust": 0.8
      },
      {
        "db": "XF",
        "id": "32988",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000217",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200703-400",
        "trust": 0.6
      },
      {
        "db": "EXPLOIT-DB",
        "id": "29739",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2007-0450",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "56411",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "74289",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "59939",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "61679",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "38390",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "62402",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#442845"
      },
      {
        "db": "VULMON",
        "id": "CVE-2007-0450"
      },
      {
        "db": "BID",
        "id": "22960"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000217"
      },
      {
        "db": "PACKETSTORM",
        "id": "56411"
      },
      {
        "db": "PACKETSTORM",
        "id": "74289"
      },
      {
        "db": "PACKETSTORM",
        "id": "59939"
      },
      {
        "db": "PACKETSTORM",
        "id": "61679"
      },
      {
        "db": "PACKETSTORM",
        "id": "38390"
      },
      {
        "db": "PACKETSTORM",
        "id": "62402"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200703-400"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0450"
      }
    ]
  },
  "id": "VAR-200703-0007",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.16519225
  },
  "last_update_date": "2024-11-29T22:13:26.674000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Fixed in Apache Tomcat 6.0.10",
        "trust": 0.8,
        "url": "http://tomcat.apache.org/security-6.html"
      },
      {
        "title": "Fixed in Apache Tomcat 4.1.36",
        "trust": 0.8,
        "url": "http://tomcat.apache.org/security-4.html"
      },
      {
        "title": "Fixed in Apache Tomcat 5.5.22, 5.0.SVN",
        "trust": 0.8,
        "url": "http://tomcat.apache.org/security-5.html"
      },
      {
        "title": "HPSBUX02262",
        "trust": 0.8,
        "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01178795"
      },
      {
        "title": "HPSBUX02262",
        "trust": 0.8,
        "url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/HP-UX/HPSBUX02262.html"
      },
      {
        "title": "tomcat4 (V2.x)",
        "trust": 0.8,
        "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=1168"
      },
      {
        "title": "NV09-001",
        "trust": 0.8,
        "url": "http://www.nec.co.jp/security-info/secinfo/nv09-001.html"
      },
      {
        "title": "RHSA-2007:0327",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/RHSA-2007-0327.html"
      },
      {
        "title": "239312",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-239312-1"
      },
      {
        "title": "imss_70_lx32_en_sp1_patch2_readme",
        "trust": 0.8,
        "url": "http://www.trendmicro.com/ftp/documentation/readme/imss_70_lx32_en_sp1_patch2_readme.txt"
      },
      {
        "title": "readme_imss70_lin_sp1_patch1_b3356",
        "trust": 0.8,
        "url": "http://www.trendmicro.com/ftp/jp/ucmodule/imss/lin/70/readme_imss70_lin_sp1_patch1_b3356.txt"
      },
      {
        "title": "imss_70_win32_en_sp1_patch2_readme",
        "trust": 0.8,
        "url": "http://www.trendmicro.com/ftp/documentation/readme/imss_70_win32_en_sp1_patch2_readme.txt"
      },
      {
        "title": "readme_imss70_sol_sp1_patch1_b81460",
        "trust": 0.8,
        "url": "http://www.trendmicro.com/ftp/jp/ucmodule/imss/sol/70/readme_imss70_sol_sp1_patch1_b81460_r2.txt"
      },
      {
        "title": "iwss_31_lx32_en_patch2_readme",
        "trust": 0.8,
        "url": "http://www.trendmicro.com/ftp/documentation/readme/iwss_31_lx32_en_patch2_readme.txt"
      },
      {
        "title": "interstage_as_200702",
        "trust": 0.8,
        "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_200702.html"
      },
      {
        "title": "2064149",
        "trust": 0.8,
        "url": "http://esupport.trendmicro.co.jp/supportjp/viewxml.do?ContentID=JP-2064149"
      },
      {
        "title": "2064436",
        "trust": 0.8,
        "url": "http://esupport.trendmicro.co.jp/supportjp/viewxml.do?ContentID=JP-2064436"
      },
      {
        "title": "RHSA-2007:0327",
        "trust": 0.8,
        "url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2007-0327J.html"
      },
      {
        "title": "VMware Security Advisories: Updated Tomcat and Java JRE packages for VirtualCenter 2.5, VirtualCenter 2.0.2, ESX 3.5, ESX 3.0.2, and ESX 3.0.1.",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=0fde1d7289a7f706413e4e8620446740"
      },
      {
        "title": "Capstone-Red-vs-Blue-CySec-Report",
        "trust": 0.1,
        "url": "https://github.com/ActualSalt/Capstone-Red-vs-Blue-CySec-Report "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2007-0450"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000217"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-22",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000217"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0450"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.2,
        "url": "http://www.securityfocus.com/bid/22960"
      },
      {
        "trust": 2.5,
        "url": "http://secunia.com/advisories/24732"
      },
      {
        "trust": 2.3,
        "url": "http://www.securityfocus.com/bid/25159"
      },
      {
        "trust": 2.0,
        "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200702e.html"
      },
      {
        "trust": 2.0,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2007-206.htm"
      },
      {
        "trust": 2.0,
        "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid=197540"
      },
      {
        "trust": 1.8,
        "url": "http://security.gentoo.org/glsa/glsa-200705-03.xml"
      },
      {
        "trust": 1.7,
        "url": "http://www.sec-consult.com/287.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.sec-consult.com/fileadmin/advisories/20070314-0-apache_tomcat_directory_traversal.txt"
      },
      {
        "trust": 1.7,
        "url": "http://www.novell.com/linux/security/advisories/2007_5_sr.html"
      },
      {
        "trust": 1.7,
        "url": "http://tomcat.apache.org/security-4.html"
      },
      {
        "trust": 1.7,
        "url": "http://tomcat.apache.org/security-5.html"
      },
      {
        "trust": 1.7,
        "url": "http://tomcat.apache.org/security-6.html"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/25106"
      },
      {
        "trust": 1.7,
        "url": "http://www.redhat.com/support/errata/rhsa-2007-0327.html"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/25280"
      },
      {
        "trust": 1.7,
        "url": "http://docs.info.apple.com/article.html?artnum=306172"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce//2007/jul/msg00004.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.redhat.com/support/errata/rhsa-2007-0360.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/26235"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/26660"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/27037"
      },
      {
        "trust": 1.7,
        "url": "http://securityreason.com/securityalert/2446"
      },
      {
        "trust": 1.7,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2007:241"
      },
      {
        "trust": 1.7,
        "url": "http://lists.vmware.com/pipermail/security-announce/2008/000003.html"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/28365"
      },
      {
        "trust": 1.7,
        "url": "http://www.redhat.com/support/errata/rhsa-2008-0261.html"
      },
      {
        "trust": 1.7,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/30908"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/30899"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/33668"
      },
      {
        "trust": 1.7,
        "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx"
      },
      {
        "trust": 1.7,
        "url": "http://www.vupen.com/english/advisories/2009/0233"
      },
      {
        "trust": 1.7,
        "url": "http://www.vupen.com/english/advisories/2007/0975"
      },
      {
        "trust": 1.7,
        "url": "http://www.vupen.com/english/advisories/2007/3087"
      },
      {
        "trust": 1.7,
        "url": "http://www.vupen.com/english/advisories/2007/2732"
      },
      {
        "trust": 1.7,
        "url": "http://www.vupen.com/english/advisories/2007/3386"
      },
      {
        "trust": 1.7,
        "url": "http://www.vupen.com/english/advisories/2008/1979/references"
      },
      {
        "trust": 1.7,
        "url": "http://www.vupen.com/english/advisories/2008/0065"
      },
      {
        "trust": 1.7,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01178795"
      },
      {
        "trust": 1.7,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32988"
      },
      {
        "trust": 1.7,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10643"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/archive/1/485938/100/0/threaded"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/archive/1/462791/100/0/threaded"
      },
      {
        "trust": 1.6,
        "url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 1.6,
        "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 1.6,
        "url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 1.6,
        "url": "https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 1.6,
        "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 1.6,
        "url": "https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 1.6,
        "url": "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 1.6,
        "url": "https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 1.6,
        "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 1.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0450"
      },
      {
        "trust": 0.9,
        "url": "http://secunia.com/advisories/15884/"
      },
      {
        "trust": 0.9,
        "url": "http://secunia.com/advisories/15852/"
      },
      {
        "trust": 0.8,
        "url": "http://www.hardened-php.net/advisory-022005.php"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/15861/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/15862/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/15895/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/15883/"
      },
      {
        "trust": 0.8,
        "url": "http://news.postnuke.com/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=2699"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/15855/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/15810/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/15872/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/15922/"
      },
      {
        "trust": 0.8,
        "url": "http://securitytracker.com/alerts/2005/jun/1014327.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.gulftech.org/?node=research\u0026article_id=00088-07022005"
      },
      {
        "trust": 0.8,
        "url": "http://www.gulftech.org/?node=research\u0026article_id=00087-07012005"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/14088"
      },
      {
        "trust": 0.8,
        "url": "http://www.frsirt.com/english/advisories/2007/0975"
      },
      {
        "trust": 0.8,
        "url": "http://xforce.iss.net/xforce/xfdb/32988"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-0450"
      },
      {
        "trust": 0.7,
        "url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 0.7,
        "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 0.7,
        "url": "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935@%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 0.7,
        "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 0.7,
        "url": "https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925@%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 0.7,
        "url": "https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4@%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0450"
      },
      {
        "trust": 0.3,
        "url": "http://tomcat.apache.org/"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/500412"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/481830"
      },
      {
        "trust": 0.3,
        "url": "msg://bugtraq/45f7f67f.8050403@sec-consult.com"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2007-0327.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2007-1069.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0261.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0524.html"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-239312-1"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-2449"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-3386"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-2450"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-3382"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-3385"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2090"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-1358"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2450"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-2090"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-7195"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3385"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3386"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3382"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-1355"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-7195"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2449"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/22.html"
      },
      {
        "trust": 0.1,
        "url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 0.1,
        "url": "https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c@%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 0.1,
        "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/actualsalt/capstone-red-vs-blue-cysec-report"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.exploit-db.com/exploits/29739/"
      },
      {
        "trust": 0.1,
        "url": "https://www.vmware.com/security/advisories/vmsa-2008-0002.html"
      },
      {
        "trust": 0.1,
        "url": "http://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://www.ca.com/us/contact/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-7196"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0128"
      },
      {
        "trust": 0.1,
        "url": "http://support.ca.com/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3510"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1858"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3510"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0128"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1358"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3835"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1355"
      },
      {
        "trust": 0.1,
        "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid=1777"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3835"
      },
      {
        "trust": 0.1,
        "url": "http://support.ca.com."
      },
      {
        "trust": 0.1,
        "url": "http://www.ca.com/us/privacy/"
      },
      {
        "trust": 0.1,
        "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid=1975"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-1858"
      },
      {
        "trust": 0.1,
        "url": "http://osvdb.org/"
      },
      {
        "trust": 0.1,
        "url": "https://support.ca.com/irj/portal/anonymous/redirarticles?reqpage=search"
      },
      {
        "trust": 0.1,
        "url": "http://www.ca.com/us/legal/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-7196"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-1860"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-1863"
      },
      {
        "trust": 0.1,
        "url": "https://www.hp.com/go/softwaredepot/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-1900"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0774"
      },
      {
        "trust": 0.1,
        "url": "http://h30046.www3.hp.com/subsignin.php"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-2872"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-2756"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
      },
      {
        "trust": 0.1,
        "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
      },
      {
        "trust": 0.1,
        "url": "https://www.hp.com/go/swa"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-1887"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-5752"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5461"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5461"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/advisories"
      },
      {
        "trust": 0.1,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/4577/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_vacancies/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://sourceforge.net/project/showfiles.php?group_id=36679"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3004"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/security"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/1003176"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/1002434"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-3004"
      },
      {
        "trust": 0.1,
        "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/resources/techresources/726"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/vi3/doc/releasenotes_vc202u2.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos_vi.html"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#442845"
      },
      {
        "db": "VULMON",
        "id": "CVE-2007-0450"
      },
      {
        "db": "BID",
        "id": "22960"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000217"
      },
      {
        "db": "PACKETSTORM",
        "id": "56411"
      },
      {
        "db": "PACKETSTORM",
        "id": "74289"
      },
      {
        "db": "PACKETSTORM",
        "id": "59939"
      },
      {
        "db": "PACKETSTORM",
        "id": "61679"
      },
      {
        "db": "PACKETSTORM",
        "id": "38390"
      },
      {
        "db": "PACKETSTORM",
        "id": "62402"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200703-400"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0450"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#442845"
      },
      {
        "db": "VULMON",
        "id": "CVE-2007-0450"
      },
      {
        "db": "BID",
        "id": "22960"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000217"
      },
      {
        "db": "PACKETSTORM",
        "id": "56411"
      },
      {
        "db": "PACKETSTORM",
        "id": "74289"
      },
      {
        "db": "PACKETSTORM",
        "id": "59939"
      },
      {
        "db": "PACKETSTORM",
        "id": "61679"
      },
      {
        "db": "PACKETSTORM",
        "id": "38390"
      },
      {
        "db": "PACKETSTORM",
        "id": "62402"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200703-400"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0450"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2005-07-06T00:00:00",
        "db": "CERT/CC",
        "id": "VU#442845"
      },
      {
        "date": "2007-03-16T00:00:00",
        "db": "VULMON",
        "id": "CVE-2007-0450"
      },
      {
        "date": "2007-03-14T00:00:00",
        "db": "BID",
        "id": "22960"
      },
      {
        "date": "2007-04-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-000217"
      },
      {
        "date": "2007-05-03T07:01:34",
        "db": "PACKETSTORM",
        "id": "56411"
      },
      {
        "date": "2009-01-27T23:27:39",
        "db": "PACKETSTORM",
        "id": "74289"
      },
      {
        "date": "2007-10-10T05:27:27",
        "db": "PACKETSTORM",
        "id": "59939"
      },
      {
        "date": "2007-12-11T01:29:29",
        "db": "PACKETSTORM",
        "id": "61679"
      },
      {
        "date": "2005-07-01T23:31:00",
        "db": "PACKETSTORM",
        "id": "38390"
      },
      {
        "date": "2008-01-08T16:58:51",
        "db": "PACKETSTORM",
        "id": "62402"
      },
      {
        "date": "2006-06-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200703-400"
      },
      {
        "date": "2007-03-16T22:19:00",
        "db": "NVD",
        "id": "CVE-2007-0450"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-03-09T00:00:00",
        "db": "CERT/CC",
        "id": "VU#442845"
      },
      {
        "date": "2019-04-15T00:00:00",
        "db": "VULMON",
        "id": "CVE-2007-0450"
      },
      {
        "date": "2010-08-05T20:45:00",
        "db": "BID",
        "id": "22960"
      },
      {
        "date": "2010-01-06T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-000217"
      },
      {
        "date": "2023-02-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200703-400"
      },
      {
        "date": "2024-11-21T00:25:53.633000",
        "db": "NVD",
        "id": "CVE-2007-0450"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200703-400"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple PHP XML-RPC implementations vulnerable to code injection",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#442845"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "path traversal",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200703-400"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.