Executive Summary
Summary | |
---|---|
Title | VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, Workstation, Player, ESXi, and ESX address several security issues |
Informations | |||
---|---|---|---|
Name | VMSA-2012-0005 | First vendor Publication | 2012-03-15 |
Vendor | VMware | Last vendor Modification | 2012-09-13 |
Severity (Vendor) | N/A | Revision | 3 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
a. VMware Tools Display Driver Privilege Escalation The VMware XPDM and WDDM display drivers contain buffer overflow vulnerabilities and the XPDM display driver does not properly check for NULL pointers. Exploitation of these issues may lead to local privilege escalation on Windows-based Guest Operating Systems. VMware would like to thank Tarjei Mandt for reporting theses issues to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2012-1509 (XPDM buffer overrun), CVE-2012-1510 (WDDM buffer overrun) and CVE-2012-1508 (XPDM null pointer dereference) to these issues. Note: CVE-2012-1509 doesn't affect ESXi and ESX. b. vSphere Client internal browser input validation vulnerability The vSphere Client has an internal browser that renders html pages from log file entries. This browser doesn't properly sanitize input and may run script that is introduced into the log files. In order for the script to run, the user would need to open an individual, malicious log file entry. The script would run with the permissions of the user that runs the vSphere Client. VMware would like to thank Edward Torkington for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-1512 to this issue. In order to remediate the issue, the vSphere Client of the vSphere 5.0 Update 1 release or the vSphere 4.1 Update 2 release needs to be installed. The vSphere Clients that come with vSphere 4.0 and vCenter Server 2.5 are not affected. c. vCenter Orchestrator Password Disclosure The vCenter Orchestrator (vCO) Web Configuration tool reflects back the vCenter Server password as part of the webpage. This might allow the logged-in vCO administrator to retrieve the vCenter Server password. VMware would like to thank Alexey Sintsov from Digital Security Research Group for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-1513 to this issue. c. vCenter Orchestrator Password Disclosure The vCenter Orchestrator (vCO) Web Configuration tool reflects back the vCenter Server password as part of the webpage. This might allow the logged-in vCO administrator to retrieve the vCenter Server password. VMware would like to thank Alexey Sintsov from Digital Security Research Group for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-1513 to this issue. d. vShield Manager Cross-Site Request Forgery vulnerability The vShield Manager (vSM) interface has a Cross-Site Request Forgery vulnerability. If an attacker can convince an authenticated user to visit a malicious link, the attacker may force the victim to forward an authenticated request to the server. VMware would like to thank Frans Pehrson of Xxor AB (www.xxor.se) and Claudio Criscione for independently reporting this issue to us The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-1514 to this issue. e. vCenter Update Manager, Oracle (Sun) JRE update 1.6.0_30 Oracle (Sun) JRE is updated to version 1.6.0_30, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. Oracle has documented the CVE identifiers that are addressed in JRE 1.6.0_29 and JRE 1.6.0_30 in the Oracle Java SE Critical Patch Update Advisory of October 2011. The References section provides a link to this advisory. f. vCenter Server Apache Tomcat update 6.0.35 Apache Tomcat has been updated to version 6.0.35 to address multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-3190, CVE-2011-3375, CVE-2011-4858, and CVE-2012-0022 to these issues. g. ESXi update to third party component bzip2 The bzip2 library is updated to version 1.0.6, which resolves a security issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-0405 to this issue. |
Original Source
Url : http://www.vmware.com/security/advisories/VMSA-2012-0005.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
18 % | CWE-264 | Permissions, Privileges, and Access Controls |
18 % | CWE-200 | Information Exposure |
18 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
18 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
9 % | CWE-399 | Resource Management Errors |
9 % | CWE-352 | Cross-Site Request Forgery (CSRF) (CWE/SANS Top 25) |
9 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:12643 | |||
Oval ID: | oval:org.mitre.oval:def:12643 | ||
Title: | DSA-2112-1 bzip2 -- integer overflow | ||
Description: | Mikolaj Izdebski has discovered an integer overflow flaw in the BZ2_decompress function in bzip2/libbz2. An attacker could use a crafted bz2 file to cause a denial of service or potentially to execute arbitrary code. After the upgrade, all running services that use libbz2 need to be restarted. This update also provides rebuilt dpkg packages, which are statically linked to the fixed version of libbz2. Updated packages for clamav, which is also affected by this issue, will be provided on debian-volatile. For the stable distribution, these problems have been fixed in version 1.0.4-1+lenny1. For the testing distribution and the unstable distribution, this problem in bzip2 will be fixed soon. Updated dpkg packages are not necessary for testing/unstable. We recommend that you upgrade your bzip2 / dpkg packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2112-1 CVE-2010-0405 | Version: | 7 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | bzip2 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12990 | |||
Oval ID: | oval:org.mitre.oval:def:12990 | ||
Title: | USN-986-3 -- dpkg vulnerability | ||
Description: | USN-986-1 fixed vulnerabilities in bzip2. dpkg statically links against libbz2 and needed to be rebuilt to use the updated libbz2. Original advisory details: An integer overflow was discovered in bzip2. If a user or automated system were tricked into decompressing a crafted bz2 file, an attacker could cause bzip2 or any application linked against libbz2 to crash or possibly execute code as the user running the program. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-986-3 CVE-2010-0405 | Version: | 7 |
Platform(s): | Ubuntu 8.04 Ubuntu 10.04 Ubuntu 9.10 Ubuntu 6.06 Ubuntu 9.04 | Product(s): | dpkg |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13153 | |||
Oval ID: | oval:org.mitre.oval:def:13153 | ||
Title: | USN-986-1 -- bzip2 vulnerability | ||
Description: | An integer overflow was discovered in bzip2. If a user or automated system were tricked into decompressing a crafted bz2 file, an attacker could cause bzip2 or any application linked against libbz2 to crash or possibly execute code as the user running the program. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-986-1 CVE-2010-0405 | Version: | 5 |
Platform(s): | Ubuntu 8.04 Ubuntu 10.04 Ubuntu 9.10 Ubuntu 6.06 Ubuntu 9.04 | Product(s): | bzip2 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14933 | |||
Oval ID: | oval:org.mitre.oval:def:14933 | ||
Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Authentication Bypass, Cross-Site Scripting (XSS), Unauthorized Access, Denial of Service (DoS) | ||
Description: | Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-3190 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:15018 | |||
Oval ID: | oval:org.mitre.oval:def:15018 | ||
Title: | USN-1359-1 -- Tomcat vulnerabilities | ||
Description: | tomcat6: Servlet and JSP engine Tomcat could be made to crash or expose sensitive information if it received specially crafted network traffic. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1359-1 CVE-2011-3375 CVE-2011-4858 CVE-2012-0022 | Version: | 5 |
Platform(s): | Ubuntu 11.04 Ubuntu 11.10 Ubuntu 10.04 Ubuntu 10.10 | Product(s): | Tomcat |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15309 | |||
Oval ID: | oval:org.mitre.oval:def:15309 | ||
Title: | DSA-2401-1 tomcat6 -- several | ||
Description: | Several vulnerabilities have been found in Tomcat, a servlet and JSP engine: CVE-2011-1184 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064 The HTTP Digest Access Authentication implementation performed insufficient countermeasures against replay attacks. CVE-2011-2204 In rare setups passwords were written into a logfile. CVE-2011-2526 Missing input sanisiting in the HTTP APR or HTTP NIO connectors could lead to denial of service. CVE-2011-3190 AJP requests could be spoofed in some setups. CVE-2011-3375 Incorrect request caching could lead to information disclosure. CVE-2011-4858 CVE-2012-0022 This update adds countermeasures against a collision denial of service vulnerability in the Java hashtable implementation and addresses denial of service potentials when processing large amounts of requests | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2401-1 CVE-2011-1184 CVE-2011-2204 CVE-2011-2526 CVE-2011-3190 CVE-2011-3375 CVE-2011-4858 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064 CVE-2012-0022 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | tomcat6 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:15435 | |||
Oval ID: | oval:org.mitre.oval:def:15435 | ||
Title: | USN-1252-1 -- Tomcat vulnerabilities | ||
Description: | tomcat6: Servlet and JSP engine Tomcat could be made to crash or expose sensitive information over the network. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1252-1 CVE-2011-1184 CVE-2011-2204 CVE-2011-2526 CVE-2011-3190 | Version: | 5 |
Platform(s): | Ubuntu 11.04 Ubuntu 11.10 Ubuntu 10.04 Ubuntu 10.10 | Product(s): | Tomcat |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16925 | |||
Oval ID: | oval:org.mitre.oval:def:16925 | ||
Title: | Vulnerability in the Management Pack for Oracle GoldenGate Server. Supported versions that are affected are 11.1.1.1.0. Vulnerability in the Oracle GoldenGate Veridata component of Oracle Fusion Middleware (subcomponent: Server). The supported version that is affected is 3.0.0.11.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GoldenGate Veridata | ||
Description: | Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-0022 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Oracle GoldenGate Director Oracle GoldenGate Veridata |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:17151 | |||
Oval ID: | oval:org.mitre.oval:def:17151 | ||
Title: | VMware Tools Display Driver Privilege Escalation | ||
Description: | Buffer overflow in the XPDM display driver in VMware View before 4.6.1 allows guest OS users to gain guest OS privileges via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-1509 | Version: | 4 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | VMware View VMware Workstation VMware Player |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17183 | |||
Oval ID: | oval:org.mitre.oval:def:17183 | ||
Title: | VMware Tools Display Driver Privilege Escalation | ||
Description: | The XPDM display driver in VMware ESXi 4.0, 4.1, and 5.0; VMware ESX 4.0 and 4.1; and VMware View before 4.6.1 allows guest OS users to gain guest OS privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-1508 | Version: | 4 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | VMware View VMware Workstation VMware Player |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17258 | |||
Oval ID: | oval:org.mitre.oval:def:17258 | ||
Title: | VMware Tools Display Driver Privilege Escalation | ||
Description: | Buffer overflow in the WDDM display driver in VMware ESXi 4.0, 4.1, and 5.0; VMware ESX 4.0 and 4.1; and VMware View before 4.6.1 allows guest OS users to gain guest OS privileges via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-1510 | Version: | 4 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | VMware View VMware Workstation VMware Player |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18886 | |||
Oval ID: | oval:org.mitre.oval:def:18886 | ||
Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities | ||
Description: | Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-4858 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:18934 | |||
Oval ID: | oval:org.mitre.oval:def:18934 | ||
Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities | ||
Description: | Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2012-0022 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:19465 | |||
Oval ID: | oval:org.mitre.oval:def:19465 | ||
Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities | ||
Description: | Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-3190 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:20252 | |||
Oval ID: | oval:org.mitre.oval:def:20252 | ||
Title: | VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, Workstation, Player, ESXi and ESX address several security issues | ||
Description: | Buffer overflow in the WDDM display driver in VMware ESXi 4.0, 4.1, and 5.0; VMware ESX 4.0 and 4.1; and VMware View before 4.6.1 allows guest OS users to gain guest OS privileges via unspecified vectors. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2012-1510 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20278 | |||
Oval ID: | oval:org.mitre.oval:def:20278 | ||
Title: | VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, Workstation, Player, ESXi and ESX address several security issues | ||
Description: | Buffer overflow in the XPDM display driver in VMware View before 4.6.1 allows guest OS users to gain guest OS privileges via unspecified vectors. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2012-1509 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20494 | |||
Oval ID: | oval:org.mitre.oval:def:20494 | ||
Title: | VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, Workstation, Player, ESXi and ESX address several security issues | ||
Description: | Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2012-0022 | Version: | 5 |
Platform(s): | VMWare ESX Server 4.0 VMWare ESX Server 4.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20594 | |||
Oval ID: | oval:org.mitre.oval:def:20594 | ||
Title: | VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, Workstation, Player, ESXi and ESX address several security issues | ||
Description: | The XPDM display driver in VMware ESXi 4.0, 4.1, and 5.0; VMware ESX 4.0 and 4.1; and VMware View before 4.6.1 allows guest OS users to gain guest OS privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2012-1508 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20657 | |||
Oval ID: | oval:org.mitre.oval:def:20657 | ||
Title: | VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, Workstation, Player, ESXi and ESX address several security issues | ||
Description: | Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-3190 | Version: | 5 |
Platform(s): | VMWare ESX Server 4.0 VMWare ESX Server 4.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20659 | |||
Oval ID: | oval:org.mitre.oval:def:20659 | ||
Title: | VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, Workstation, Player, ESXi and ESX address several security issues | ||
Description: | Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-3375 | Version: | 5 |
Platform(s): | VMWare ESX Server 4.0 VMWare ESX Server 4.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21312 | |||
Oval ID: | oval:org.mitre.oval:def:21312 | ||
Title: | RHSA-2012:0475: tomcat6 security update (Moderate) | ||
Description: | Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2012:0475-03 CESA-2012:0475 CVE-2011-4858 CVE-2012-0022 | Version: | 29 |
Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | tomcat6 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22042 | |||
Oval ID: | oval:org.mitre.oval:def:22042 | ||
Title: | RHSA-2010:0703: bzip2 security update (Important) | ||
Description: | Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0703-01 CESA-2010:0703 CVE-2010-0405 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | bzip2 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22360 | |||
Oval ID: | oval:org.mitre.oval:def:22360 | ||
Title: | RHSA-2010:0858: bzip2 security update (Important) | ||
Description: | Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0858-03 CVE-2010-0405 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | bzip2 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23011 | |||
Oval ID: | oval:org.mitre.oval:def:23011 | ||
Title: | ELSA-2010:0858: bzip2 security update (Important) | ||
Description: | Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0858-03 CVE-2010-0405 | Version: | 6 |
Platform(s): | Oracle Linux 6 | Product(s): | bzip2 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23138 | |||
Oval ID: | oval:org.mitre.oval:def:23138 | ||
Title: | ELSA-2010:0703: bzip2 security update (Important) | ||
Description: | Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0703-01 CVE-2010-0405 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | bzip2 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23745 | |||
Oval ID: | oval:org.mitre.oval:def:23745 | ||
Title: | ELSA-2012:0475: tomcat6 security update (Moderate) | ||
Description: | Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012:0475-03 CVE-2011-4858 CVE-2012-0022 | Version: | 13 |
Platform(s): | Oracle Linux 6 | Product(s): | tomcat6 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25819 | |||
Oval ID: | oval:org.mitre.oval:def:25819 | ||
Title: | SUSE-SU-2013:1374-1 -- Security update for tomcat6 | ||
Description: | This update of tomcat6 fixes: * apache-tomcat-CVE-2012-3544.patch (bnc#831119) * use chown --no-dereference to prevent symlink attacks on log (bnc#822177#c7/prevents CVE-2013-1976) * Fix tomcat init scripts generating malformed classpath ( http://youtrack.jetbrains.com/issue/JT-18545 <http://youtrack.jetbrains.com/issue/JT-18545> ) bnc#804992 (patch from m407) * fix a typo in initscript (bnc#768772 ) * copy all shell scripts (bnc#818948) | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2013:1374-1 CVE-2012-3544 CVE-2013-1976 CVE-2012-0022 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Server 11 | Product(s): | tomcat6 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27374 | |||
Oval ID: | oval:org.mitre.oval:def:27374 | ||
Title: | DEPRECATED: ELSA-2012-0475 -- tomcat6 security update (moderate) | ||
Description: | [0:6.0.24-36] - Resolves: CVE-2012-0022 regression. Changes made to patch file. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012-0475 CVE-2011-4858 CVE-2012-0022 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | tomcat6 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28095 | |||
Oval ID: | oval:org.mitre.oval:def:28095 | ||
Title: | DEPRECATED: ELSA-2010-0858 -- bzip2 security update (important) | ||
Description: | [1.0.5-7] - Resolves: #632268 integer overflow flaw in BZ2_decompress - CVE-2010-0405 (upstream patch) | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010-0858 CVE-2010-0405 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | bzip2 |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2012-01-03 | PHP Hash Table Collision Proof Of Concept |
OpenVAS Exploits
Date | Description |
---|---|
2012-08-10 | Name : Gentoo Security Advisory GLSA 201206-24 (apache tomcat) File : nvt/glsa_201206_24.nasl |
2012-08-03 | Name : Mandriva Update for tomcat5 MDVSA-2012:085 (tomcat5) File : nvt/gb_mandriva_MDVSA_2012_085.nasl |
2012-07-30 | Name : CentOS Update for tomcat6 CESA-2011:1780 centos6 File : nvt/gb_CESA-2011_1780_tomcat6_centos6.nasl |
2012-07-30 | Name : CentOS Update for tomcat5 CESA-2012:0474 centos5 File : nvt/gb_CESA-2012_0474_tomcat5_centos5.nasl |
2012-07-30 | Name : CentOS Update for tomcat6 CESA-2012:0475 centos6 File : nvt/gb_CESA-2012_0475_tomcat6_centos6.nasl |
2012-07-09 | Name : RedHat Update for tomcat6 RHSA-2012:0475-01 File : nvt/gb_RHSA-2012_0475-01_tomcat6.nasl |
2012-07-09 | Name : RedHat Update for tomcat6 RHSA-2011:1780-01 File : nvt/gb_RHSA-2011_1780-01_tomcat6.nasl |
2012-04-13 | Name : RedHat Update for tomcat5 RHSA-2012:0474-01 File : nvt/gb_RHSA-2012_0474-01_tomcat5.nasl |
2012-04-02 | Name : Fedora Update for tomcat6 FEDORA-2011-13426 File : nvt/gb_fedora_2011_13426_tomcat6_fc16.nasl |
2012-03-16 | Name : VMSA-2012-0005 VMware vCenter Server, Orchestrator, Update Manager, vShield, ... File : nvt/gb_VMSA-2012-0005.nasl |
2012-02-21 | Name : Ubuntu Update for tomcat6 USN-1359-1 File : nvt/gb_ubuntu_USN_1359_1.nasl |
2012-02-12 | Name : Debian Security Advisory DSA 2401-1 (tomcat6) File : nvt/deb_2401_1.nasl |
2012-02-12 | Name : Gentoo Security Advisory GLSA 201110-20 (Clam AntiVirus) File : nvt/glsa_201110_20.nasl |
2012-02-12 | Name : FreeBSD Ports: tomcat File : nvt/freebsd_tomcat0.nasl |
2012-01-20 | Name : Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win) File : nvt/gb_apache_tomcat_parameter_handling_dos_vuln_win.nasl |
2012-01-20 | Name : Apache Tomcat Request Object Security Bypass Vulnerability (Win) File : nvt/gb_apache_tomcat_req_object_sec_bypass_vuln_win.nasl |
2012-01-12 | Name : Apache Tomcat Hash Collision Denial Of Service Vulnerability File : nvt/gb_apache_tomcat_hash_collision_dos_vuln_win.nasl |
2011-11-11 | Name : Fedora Update for tomcat6 FEDORA-2011-15005 File : nvt/gb_fedora_2011_15005_tomcat6_fc15.nasl |
2011-11-11 | Name : Ubuntu Update for tomcat6 USN-1252-1 File : nvt/gb_ubuntu_USN_1252_1.nasl |
2011-10-21 | Name : Fedora Update for tomcat6 FEDORA-2011-13456 File : nvt/gb_fedora_2011_13456_tomcat6_fc15.nasl |
2011-10-21 | Name : Fedora Update for tomcat6 FEDORA-2011-13457 File : nvt/gb_fedora_2011_13457_tomcat6_fc14.nasl |
2011-10-21 | Name : Mandriva Update for tomcat5 MDVSA-2011:156 (tomcat5) File : nvt/gb_mandriva_MDVSA_2011_156.nasl |
2011-09-08 | Name : Apache Tomcat AJP Protocol Security Bypass Vulnerability File : nvt/gb_tomcat_49353.nasl |
2011-08-26 | Name : Mac OS X v10.6.6 Multiple Vulnerabilities (2011-001) File : nvt/secpod_macosx_su11-001.nasl |
2011-08-09 | Name : CentOS Update for bzip2 CESA-2010:0703 centos5 i386 File : nvt/gb_CESA-2010_0703_bzip2_centos5_i386.nasl |
2011-03-15 | Name : Fedora Update for clamav FEDORA-2011-2741 File : nvt/gb_fedora_2011_2741_clamav_fc13.nasl |
2010-12-28 | Name : Fedora Update for clamav FEDORA-2010-18564 File : nvt/gb_fedora_2010_18564_clamav_fc13.nasl |
2010-12-02 | Name : Fedora Update for bzip2 FEDORA-2010-15125 File : nvt/gb_fedora_2010_15125_bzip2_fc12.nasl |
2010-12-02 | Name : Fedora Update for clamav FEDORA-2010-15443 File : nvt/gb_fedora_2010_15443_clamav_fc14.nasl |
2010-12-02 | Name : Fedora Update for bzip2 FEDORA-2010-15106 File : nvt/gb_fedora_2010_15106_bzip2_fc14.nasl |
2010-11-23 | Name : Fedora Update for clamav FEDORA-2010-17439 File : nvt/gb_fedora_2010_17439_clamav_fc13.nasl |
2010-11-17 | Name : FreeBSD Ports: bzip2 File : nvt/freebsd_bzip21.nasl |
2010-10-10 | Name : FreeBSD Security Advisory (FreeBSD-SA-10:08.bzip2.asc) File : nvt/freebsdsa_bzip21.nasl |
2010-10-01 | Name : Fedora Update for bzip2 FEDORA-2010-15120 File : nvt/gb_fedora_2010_15120_bzip2_fc13.nasl |
2010-09-27 | Name : CentOS Update for bzip2 CESA-2010:0703 centos4 i386 File : nvt/gb_CESA-2010_0703_bzip2_centos4_i386.nasl |
2010-09-27 | Name : CentOS Update for bzip2 CESA-2010:0703 centos3 i386 File : nvt/gb_CESA-2010_0703_bzip2_centos3_i386.nasl |
2010-09-22 | Name : Mandriva Update for bzip2 MDVSA-2010:185 (bzip2) File : nvt/gb_mandriva_MDVSA_2010_185.nasl |
2010-09-22 | Name : RedHat Update for bzip2 RHSA-2010:0703-01 File : nvt/gb_RHSA-2010_0703-01_bzip2.nasl |
2010-09-22 | Name : Ubuntu Update for bzip2 vulnerability USN-986-1 File : nvt/gb_ubuntu_USN_986_1.nasl |
2010-09-22 | Name : Ubuntu Update for clamav vulnerability USN-986-2 File : nvt/gb_ubuntu_USN_986_2.nasl |
2010-09-22 | Name : Ubuntu Update for dpkg vulnerability USN-986-3 File : nvt/gb_ubuntu_USN_986_3.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2010-263-01 bzip2 File : nvt/esoft_slk_ssa_2010_263_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
78573 | Apache Tomcat CPU Consumption Parameter Saturation Remote DoS |
78483 | Hitachi Cosminexus Multiple Product Hash Collission Form Parameter Parsing Re... Multiple Hitachi Cosminexus products contain a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends multiple crafted parameters which trigger hash collisions, and will result in loss of availability for the program via CPU consumption. |
78331 | Apache Tomcat Request Object Recycling Information Disclosure |
78113 | Apache Tomcat Hash Collission Form Parameter Parsing Remote DoS Apache Tomcat contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends multiple crafted parameters which trigger hash collisions, and will result in loss of availability for the program via CPU consumption. |
74818 | Apache Tomcat AJP Message Injection Authentication Bypass Apache Tomcat contains a flaw related to the processing of certain requests. The issue is triggered when a remote attacker injects arbitrary AJP messages. This may disclose sensitive information to an attacker or allow them to bypass authentication. |
68167 | bzip2 decompress.c BZ_decompress Function Overflow |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2013-11-21 | IAVM : 2013-A-0219 - Multiple Vulnerabilities in Juniper Networks and Security Manager Severity : Category I - VMSKEY : V0042384 |
2012-03-29 | IAVM : 2012-A-0045 - VMWare ESX 4.0 and ESXi 4.0 Display Driver Buffer Overflow Vulnerability Severity : Category I - VMSKEY : V0031898 |
2012-03-29 | IAVM : 2012-A-0046 - VMWare ESX 4.1 and ESXi 4.1 Display Driver Buffer Overflow Vulnerabilities Severity : Category I - VMSKEY : V0031899 |
2012-03-29 | IAVM : 2012-A-0048 - Multiple Vulnerabilities in VMware vCenter Update Manager 5.0 Severity : Category I - VMSKEY : V0031901 |
2012-03-29 | IAVM : 2012-A-0049 - Multiple Vulnerabilities in VMware View Severity : Category I - VMSKEY : V0031902 |
2012-03-29 | IAVM : 2012-B-0034 - VMware vCenter Orchestrator Password Disclosure Vulnerability Severity : Category I - VMSKEY : V0031904 |
2012-03-29 | IAVM : 2012-B-0036 - VMware vShield Manager Cross-site Request Forgery Vulnerability Severity : Category II - VMSKEY : V0031906 |
2010-09-23 | IAVM : 2010-B-0083 - Bzip2 Remote Integer Overflow Vulnerability Severity : Category II - VMSKEY : V0025411 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-08 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0019_remote.nasl - Type : ACT_GATHER_INFO |
2016-03-03 | Name : The remote VMware ESXi / ESX host is missing a security-related patch. File : vmware_VMSA-2012-0005_remote.nasl - Type : ACT_GATHER_INFO |
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_tomcat_20120405.nasl - Type : ACT_GATHER_INFO |
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_tomcat_20120404.nasl - Type : ACT_GATHER_INFO |
2014-11-27 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15878.nasl - Type : ACT_GATHER_INFO |
2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0682.nasl - Type : ACT_GATHER_INFO |
2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0680.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_tomcat6-120109.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_tomcat6-110916.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_tomcat6-120109.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_tomcat6-110916.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_bzip2-100921.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-129.nasl - Type : ACT_GATHER_INFO |
2013-11-21 | Name : The remote host is affected by multiple vulnerabilities. File : juniper_nsm_2012_2_r5.nasl - Type : ACT_GATHER_INFO |
2013-11-13 | Name : The remote VMware ESXi 5.0 host is affected by multiple vulnerabilities. File : vmware_esxi_5_0_build_608089_remote.nasl - Type : ACT_GATHER_INFO |
2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2011-25.nasl - Type : ACT_GATHER_INFO |
2013-08-23 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_tomcat6-130802.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0475.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0474.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-1780.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0703.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0858.nasl - Type : ACT_GATHER_INFO |
2013-06-05 | Name : The remote host has a virtualization management application installed that is... File : vmware_vcenter_vmsa-2012-0005.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0074.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote host has a virtual desktop solution that is potentially affected b... File : vmware_view_multiple_vmsa_2012_0004.nasl - Type : ACT_GATHER_INFO |
2013-01-09 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201301-05.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120411_tomcat6_on_SL6.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120411_tomcat5_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20111205_tomcat6_on_SL6.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101110_bzip2_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100920_bzip2_on_SL3_x__SL4_x__SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-06-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201206-24.nasl - Type : ACT_GATHER_INFO |
2012-05-31 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-085.nasl - Type : ACT_GATHER_INFO |
2012-04-16 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0475.nasl - Type : ACT_GATHER_INFO |
2012-04-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0474.nasl - Type : ACT_GATHER_INFO |
2012-04-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0475.nasl - Type : ACT_GATHER_INFO |
2012-04-12 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0474.nasl - Type : ACT_GATHER_INFO |
2012-03-16 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2012-0005.nasl - Type : ACT_GATHER_INFO |
2012-02-14 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1359-1.nasl - Type : ACT_GATHER_INFO |
2012-02-06 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_tomcat5-7933.nasl - Type : ACT_GATHER_INFO |
2012-02-03 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2401.nasl - Type : ACT_GATHER_INFO |
2012-01-23 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_7f5ccb1d439b11e1bc160023ae8e59f0.nasl - Type : ACT_GATHER_INFO |
2012-01-13 | Name : The remote web server is affected by a denial of service vulnerability File : tomcat_5_5_35.nasl - Type : ACT_GATHER_INFO |
2012-01-13 | Name : The remote web server is affected by a denial of service vulnerability. File : tomcat_7_0_23.nasl - Type : ACT_GATHER_INFO |
2011-12-23 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-1780.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_tomcat5-7756.nasl - Type : ACT_GATHER_INFO |
2011-12-12 | Name : The remote web server is affected by multiple vulnerabilities. File : tomcat_7_0_22.nasl - Type : ACT_GATHER_INFO |
2011-12-12 | Name : The remote web server is affected by multiple vulnerabilities. File : tomcat_6_0_35.nasl - Type : ACT_GATHER_INFO |
2011-12-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1780.nasl - Type : ACT_GATHER_INFO |
2011-11-09 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1252-1.nasl - Type : ACT_GATHER_INFO |
2011-10-24 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201110-20.nasl - Type : ACT_GATHER_INFO |
2011-10-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_tomcat5-7755.nasl - Type : ACT_GATHER_INFO |
2011-10-21 | Name : The remote Fedora host is missing a security update. File : fedora_2011-13457.nasl - Type : ACT_GATHER_INFO |
2011-10-21 | Name : The remote Fedora host is missing a security update. File : fedora_2011-13456.nasl - Type : ACT_GATHER_INFO |
2011-10-19 | Name : The remote Fedora host is missing a security update. File : fedora_2011-13426.nasl - Type : ACT_GATHER_INFO |
2011-10-19 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-156.nasl - Type : ACT_GATHER_INFO |
2011-09-26 | Name : The remote web server is affected by multiple vulnerabilities. File : tomcat_5_5_34.nasl - Type : ACT_GATHER_INFO |
2011-09-02 | Name : The remote web server is affected by an authentication bypass vulnerability t... File : tomcat_7_0_21.nasl - Type : ACT_GATHER_INFO |
2011-03-22 | Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_10_6_7.nasl - Type : ACT_GATHER_INFO |
2011-03-22 | Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_SecUpd2011-001.nasl - Type : ACT_GATHER_INFO |
2010-12-20 | Name : The remote Fedora host is missing a security update. File : fedora_2010-18564.nasl - Type : ACT_GATHER_INFO |
2010-12-08 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2010-0019.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_bzip2-100916.nasl - Type : ACT_GATHER_INFO |
2010-11-24 | Name : The remote Fedora host is missing a security update. File : fedora_2010-15125.nasl - Type : ACT_GATHER_INFO |
2010-11-23 | Name : The remote Fedora host is missing a security update. File : fedora_2010-17439.nasl - Type : ACT_GATHER_INFO |
2010-11-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0858.nasl - Type : ACT_GATHER_INFO |
2010-10-26 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_0ddb57a9da204e99b0484366092f3d31.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_bzip2-7169.nasl - Type : ACT_GATHER_INFO |
2010-10-06 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12645.nasl - Type : ACT_GATHER_INFO |
2010-10-06 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_bzip2-100921.nasl - Type : ACT_GATHER_INFO |
2010-10-06 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_bzip2-100921.nasl - Type : ACT_GATHER_INFO |
2010-10-06 | Name : The remote Fedora host is missing a security update. File : fedora_2010-15443.nasl - Type : ACT_GATHER_INFO |
2010-10-05 | Name : The remote antivirus service is affected by multiple vulnerabilities. File : clamav_0_96_3.nasl - Type : ACT_GATHER_INFO |
2010-09-27 | Name : The remote Fedora host is missing a security update. File : fedora_2010-15120.nasl - Type : ACT_GATHER_INFO |
2010-09-27 | Name : The remote Fedora host is missing a security update. File : fedora_2010-15106.nasl - Type : ACT_GATHER_INFO |
2010-09-22 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0703.nasl - Type : ACT_GATHER_INFO |
2010-09-21 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2010-263-01.nasl - Type : ACT_GATHER_INFO |
2010-09-21 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2112.nasl - Type : ACT_GATHER_INFO |
2010-09-21 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-185.nasl - Type : ACT_GATHER_INFO |
2010-09-21 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-986-3.nasl - Type : ACT_GATHER_INFO |
2010-09-21 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-986-2.nasl - Type : ACT_GATHER_INFO |
2010-09-21 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-986-1.nasl - Type : ACT_GATHER_INFO |
2010-09-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0703.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2016-03-04 13:26:25 |
|
2014-02-17 12:07:22 |
|
2013-11-15 13:24:18 |
|
2013-11-11 12:41:40 |
|
2013-05-11 00:56:46 |
|