Details of VAR-201102-0280

ID

VAR-201102-0280

CVE

CVE-2010-4476

TITLE

IBM Lotus vulnerable to denial-of-service (DoS)

Trust: 0.8

sources: JVNDB: JVNDB-2011-000018

DESCRIPTION

The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. IBM WebSphere Application Server (WAS) contains a denial-of-service (DoS) vulnerability. IBM WebSphere Application Server contains a denial-of-service (DoS) vulnerability due to an issue in Java Runtime Environment (JRE). According to the developer: " For other IBM software products that contain an affected version of WAS, require an update. Specifically, WebSphere Process Server (WPS), WebSphere Enterprise Service Bus (WESB), WebSphere Virtual Enterprise (WVE), WebSphere Commerce and others are applicable. Also, IBM HTTP Server is not affected by this vulnerability."A remote attacker may cause a denial-of-service (DoS). plural Oracle Product Java Runtime Environment Components include Java language and APIs There are vulnerabilities that affect availability due to flaws in the handling of.Service disruption by a third party (DoS) An attack may be carried out. References: CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783, CVE-2009-2693, CVE-2009-2902, CVE-2009-3548, CVE-2010-1157, CVE-2010-2227, CVE-2010-3718, CVE-2010-4476, CVE-2011-0013, CVE-2011-1184, CVE-2011-2204, CVE-2011-2526, CVE-2011-2729, CVE-2011-3190, CVE-2011-4858, CVE-2012-0022, CVE-2012-5885. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. This tool can be used to update all versions of HP-UX Java. To download the FPUpdater tool, go to https://www.hp.com/go/java then click on the link for the FPUpdater tool Note: Before running the FPUpdater tool set the shell environment variable JRE_HOME as follows: For HP-UX, Linux, Solaris - /opt/OV/jre/jreActive For Windows - {install_dir} \jre\jreActive MANUAL ACTIONS: Yes - Update Update using FPUpdater PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201406-32 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: IcedTea JDK: Multiple vulnerabilities Date: June 29, 2014 Bugs: #312297, #330205, #340819, #346799, #352035, #353418, #354231, #355127, #370787, #387637, #404095, #421031, #429522, #433389, #438750, #442478, #457206, #458410, #461714, #466822, #477210, #489570, #508270 ID: 201406-32 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in the IcedTea JDK, the worst of which could lead to arbitrary code execution. Background ========== IcedTea is a distribution of the Java OpenJDK source code built with free build tools. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-java/icedtea-bin < 6.1.13.3 >= 6.1.13.3 Description =========== Multiple vulnerabilities have been discovered in the IcedTea JDK. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All IcedTea JDK users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/icedtea-bin-6.1.13.3" References ========== [ 1 ] CVE-2009-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555 [ 2 ] CVE-2010-2548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2548 [ 3 ] CVE-2010-2783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2783 [ 4 ] CVE-2010-3541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541 [ 5 ] CVE-2010-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548 [ 6 ] CVE-2010-3549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549 [ 7 ] CVE-2010-3551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551 [ 8 ] CVE-2010-3553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553 [ 9 ] CVE-2010-3554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554 [ 10 ] CVE-2010-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557 [ 11 ] CVE-2010-3561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561 [ 12 ] CVE-2010-3562 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562 [ 13 ] CVE-2010-3564 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3564 [ 14 ] CVE-2010-3565 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565 [ 15 ] CVE-2010-3566 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566 [ 16 ] CVE-2010-3567 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567 [ 17 ] CVE-2010-3568 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568 [ 18 ] CVE-2010-3569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569 [ 19 ] CVE-2010-3573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573 [ 20 ] CVE-2010-3574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574 [ 21 ] CVE-2010-3860 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3860 [ 22 ] CVE-2010-4351 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4351 [ 23 ] CVE-2010-4448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4448 [ 24 ] CVE-2010-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4450 [ 25 ] CVE-2010-4465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4465 [ 26 ] CVE-2010-4467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4467 [ 27 ] CVE-2010-4469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4469 [ 28 ] CVE-2010-4470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4470 [ 29 ] CVE-2010-4471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4471 [ 30 ] CVE-2010-4472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4472 [ 31 ] CVE-2010-4476 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4476 [ 32 ] CVE-2011-0025 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0025 [ 33 ] CVE-2011-0706 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0706 [ 34 ] CVE-2011-0815 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0815 [ 35 ] CVE-2011-0822 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0822 [ 36 ] CVE-2011-0862 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0862 [ 37 ] CVE-2011-0864 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0864 [ 38 ] CVE-2011-0865 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0865 [ 39 ] CVE-2011-0868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0868 [ 40 ] CVE-2011-0869 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0869 [ 41 ] CVE-2011-0870 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0870 [ 42 ] CVE-2011-0871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0871 [ 43 ] CVE-2011-0872 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0872 [ 44 ] CVE-2011-3389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389 [ 45 ] CVE-2011-3521 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521 [ 46 ] CVE-2011-3544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544 [ 47 ] CVE-2011-3547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547 [ 48 ] CVE-2011-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548 [ 49 ] CVE-2011-3551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551 [ 50 ] CVE-2011-3552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552 [ 51 ] CVE-2011-3553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553 [ 52 ] CVE-2011-3554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554 [ 53 ] CVE-2011-3556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556 [ 54 ] CVE-2011-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557 [ 55 ] CVE-2011-3558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558 [ 56 ] CVE-2011-3560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560 [ 57 ] CVE-2011-3563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3563 [ 58 ] CVE-2011-3571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3571 [ 59 ] CVE-2011-5035 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5035 [ 60 ] CVE-2012-0497 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0497 [ 61 ] CVE-2012-0501 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0501 [ 62 ] CVE-2012-0502 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0502 [ 63 ] CVE-2012-0503 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0503 [ 64 ] CVE-2012-0505 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0505 [ 65 ] CVE-2012-0506 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0506 [ 66 ] CVE-2012-0547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0547 [ 67 ] CVE-2012-1711 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1711 [ 68 ] CVE-2012-1713 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1713 [ 69 ] CVE-2012-1716 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1716 [ 70 ] CVE-2012-1717 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1717 [ 71 ] CVE-2012-1718 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1718 [ 72 ] CVE-2012-1719 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1719 [ 73 ] CVE-2012-1723 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1723 [ 74 ] CVE-2012-1724 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1724 [ 75 ] CVE-2012-1725 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1725 [ 76 ] CVE-2012-1726 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1726 [ 77 ] CVE-2012-3216 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3216 [ 78 ] CVE-2012-3422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3422 [ 79 ] CVE-2012-3423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3423 [ 80 ] CVE-2012-4416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4416 [ 81 ] CVE-2012-4540 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4540 [ 82 ] CVE-2012-5068 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5068 [ 83 ] CVE-2012-5069 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5069 [ 84 ] CVE-2012-5070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5070 [ 85 ] CVE-2012-5071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5071 [ 86 ] CVE-2012-5072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5072 [ 87 ] CVE-2012-5073 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5073 [ 88 ] CVE-2012-5074 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5074 [ 89 ] CVE-2012-5075 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5075 [ 90 ] CVE-2012-5076 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5076 [ 91 ] CVE-2012-5077 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5077 [ 92 ] CVE-2012-5081 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5081 [ 93 ] CVE-2012-5084 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5084 [ 94 ] CVE-2012-5085 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5085 [ 95 ] CVE-2012-5086 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5086 [ 96 ] CVE-2012-5087 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5087 [ 97 ] CVE-2012-5089 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5089 [ 98 ] CVE-2012-5979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5979 [ 99 ] CVE-2013-0169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0169 [ 100 ] CVE-2013-0401 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0401 [ 101 ] CVE-2013-0424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0424 [ 102 ] CVE-2013-0425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0425 [ 103 ] CVE-2013-0426 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0426 [ 104 ] CVE-2013-0427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0427 [ 105 ] CVE-2013-0428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0428 [ 106 ] CVE-2013-0429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0429 [ 107 ] CVE-2013-0431 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0431 [ 108 ] CVE-2013-0432 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0432 [ 109 ] CVE-2013-0433 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0433 [ 110 ] CVE-2013-0434 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0434 [ 111 ] CVE-2013-0435 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0435 [ 112 ] CVE-2013-0440 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0440 [ 113 ] CVE-2013-0441 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0441 [ 114 ] CVE-2013-0442 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0442 [ 115 ] CVE-2013-0443 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0443 [ 116 ] CVE-2013-0444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0444 [ 117 ] CVE-2013-0450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0450 [ 118 ] CVE-2013-0809 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0809 [ 119 ] CVE-2013-1475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1475 [ 120 ] CVE-2013-1476 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1476 [ 121 ] CVE-2013-1478 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1478 [ 122 ] CVE-2013-1480 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1480 [ 123 ] CVE-2013-1484 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1484 [ 124 ] CVE-2013-1485 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1485 [ 125 ] CVE-2013-1486 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1486 [ 126 ] CVE-2013-1488 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1488 [ 127 ] CVE-2013-1493 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1493 [ 128 ] CVE-2013-1500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1500 [ 129 ] CVE-2013-1518 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1518 [ 130 ] CVE-2013-1537 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1537 [ 131 ] CVE-2013-1557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1557 [ 132 ] CVE-2013-1569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1569 [ 133 ] CVE-2013-1571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1571 [ 134 ] CVE-2013-2383 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2383 [ 135 ] CVE-2013-2384 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2384 [ 136 ] CVE-2013-2407 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2407 [ 137 ] CVE-2013-2412 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2412 [ 138 ] CVE-2013-2415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2415 [ 139 ] CVE-2013-2417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2417 [ 140 ] CVE-2013-2419 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2419 [ 141 ] CVE-2013-2420 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2420 [ 142 ] CVE-2013-2421 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2421 [ 143 ] CVE-2013-2422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2422 [ 144 ] CVE-2013-2423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2423 [ 145 ] CVE-2013-2424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2424 [ 146 ] CVE-2013-2426 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2426 [ 147 ] CVE-2013-2429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2429 [ 148 ] CVE-2013-2430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2430 [ 149 ] CVE-2013-2431 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2431 [ 150 ] CVE-2013-2436 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2436 [ 151 ] CVE-2013-2443 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2443 [ 152 ] CVE-2013-2444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2444 [ 153 ] CVE-2013-2445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2445 [ 154 ] CVE-2013-2446 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2446 [ 155 ] CVE-2013-2447 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2447 [ 156 ] CVE-2013-2448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2448 [ 157 ] CVE-2013-2449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2449 [ 158 ] CVE-2013-2450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2450 [ 159 ] CVE-2013-2451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2451 [ 160 ] CVE-2013-2452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2452 [ 161 ] CVE-2013-2453 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2453 [ 162 ] CVE-2013-2454 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2454 [ 163 ] CVE-2013-2455 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2455 [ 164 ] CVE-2013-2456 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2456 [ 165 ] CVE-2013-2457 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2457 [ 166 ] CVE-2013-2458 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2458 [ 167 ] CVE-2013-2459 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2459 [ 168 ] CVE-2013-2460 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2460 [ 169 ] CVE-2013-2461 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2461 [ 170 ] CVE-2013-2463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2463 [ 171 ] CVE-2013-2465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2465 [ 172 ] CVE-2013-2469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2469 [ 173 ] CVE-2013-2470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2470 [ 174 ] CVE-2013-2471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2471 [ 175 ] CVE-2013-2472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2472 [ 176 ] CVE-2013-2473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2473 [ 177 ] CVE-2013-3829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3829 [ 178 ] CVE-2013-4002 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4002 [ 179 ] CVE-2013-5772 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5772 [ 180 ] CVE-2013-5774 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5774 [ 181 ] CVE-2013-5778 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5778 [ 182 ] CVE-2013-5780 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5780 [ 183 ] CVE-2013-5782 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5782 [ 184 ] CVE-2013-5783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5783 [ 185 ] CVE-2013-5784 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5784 [ 186 ] CVE-2013-5790 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5790 [ 187 ] CVE-2013-5797 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5797 [ 188 ] CVE-2013-5800 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5800 [ 189 ] CVE-2013-5802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5802 [ 190 ] CVE-2013-5803 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5803 [ 191 ] CVE-2013-5804 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5804 [ 192 ] CVE-2013-5805 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5805 [ 193 ] CVE-2013-5806 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5806 [ 194 ] CVE-2013-5809 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5809 [ 195 ] CVE-2013-5814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5814 [ 196 ] CVE-2013-5817 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5817 [ 197 ] CVE-2013-5820 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5820 [ 198 ] CVE-2013-5823 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5823 [ 199 ] CVE-2013-5825 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5825 [ 200 ] CVE-2013-5829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5829 [ 201 ] CVE-2013-5830 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5830 [ 202 ] CVE-2013-5840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5840 [ 203 ] CVE-2013-5842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5842 [ 204 ] CVE-2013-5849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5849 [ 205 ] CVE-2013-5850 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5850 [ 206 ] CVE-2013-5851 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5851 [ 207 ] CVE-2013-6629 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6629 [ 208 ] CVE-2013-6954 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6954 [ 209 ] CVE-2014-0429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0429 [ 210 ] CVE-2014-0446 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0446 [ 211 ] CVE-2014-0451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0451 [ 212 ] CVE-2014-0452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0452 [ 213 ] CVE-2014-0453 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0453 [ 214 ] CVE-2014-0456 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0456 [ 215 ] CVE-2014-0457 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0457 [ 216 ] CVE-2014-0458 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0458 [ 217 ] CVE-2014-0459 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0459 [ 218 ] CVE-2014-0460 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0460 [ 219 ] CVE-2014-0461 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0461 [ 220 ] CVE-2014-1876 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1876 [ 221 ] CVE-2014-2397 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2397 [ 222 ] CVE-2014-2398 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2398 [ 223 ] CVE-2014-2403 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2403 [ 224 ] CVE-2014-2412 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2412 [ 225 ] CVE-2014-2414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2414 [ 226 ] CVE-2014-2421 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2421 [ 227 ] CVE-2014-2423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2423 [ 228 ] CVE-2014-2427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2427 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201406-32.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . =========================================================== Ubuntu Security Notice USN-1079-2 March 15, 2011 openjdk-6b18 vulnerabilities CVE-2010-4448, CVE-2010-4450, CVE-2010-4465, CVE-2010-4469, CVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2010-4476, CVE-2011-0706 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 9.10 Ubuntu 10.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 9.10: icedtea6-plugin 6b18-1.8.7-0ubuntu1~9.10.1 openjdk-6-jre 6b18-1.8.7-0ubuntu1~9.10.1 openjdk-6-jre-headless 6b18-1.8.7-0ubuntu1~9.10.1 Ubuntu 10.04 LTS: icedtea6-plugin 6b18-1.8.7-0ubuntu1~10.04.2 openjdk-6-jre 6b18-1.8.7-0ubuntu1~10.04.2 openjdk-6-jre-headless 6b18-1.8.7-0ubuntu1~10.04.2 After a standard system update you need to restart any Java services, applications or applets to make all the necessary changes. Details follow: USN-1079-1 fixed vulnerabilities in OpenJDK 6 for non-armel (ARM) architectures. This update provides the corresponding updates for OpenJDK 6 for use with the armel (ARM) architectures. In order to build the armel (ARM) OpenJDK 6 update for Ubuntu 10.04 LTS, it was necessary to rebuild binutils and gcj-4.4 from Ubuntu 10.04 LTS updates. Original advisory details: It was discovered that untrusted Java applets could create domain name resolution cache entries, allowing an attacker to manipulate name resolution within the JVM. (CVE-2010-4448) It was discovered that the Java launcher did not did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program. (CVE-2010-4450) It was discovered that within the Swing library, forged timer events could allow bypass of SecurityManager checks. This could allow an attacker to access restricted resources. (CVE-2010-4465) It was discovered that certain bytecode combinations confused memory management within the HotSpot JVM. This could allow an attacker to cause a denial of service through an application crash or possibly inject code. (CVE-2010-4469) It was discovered that the way JAXP components were handled allowed them to be manipulated by untrusted applets. An attacker could use this to bypass XML processing restrictions and elevate privileges. (CVE-2010-4470) It was discovered that the Java2D subcomponent, when processing broken CFF fonts could leak system properties. (CVE-2010-4471) It was discovered that a flaw in the XML Digital Signature component could allow an attacker to cause untrusted code to replace the XML Digital Signature Transform or C14N algorithm implementations. (CVE-2010-4472) Konstantin Prei\xdfer and others discovered that specific double literals were improperly handled, allowing a remote attacker to cause a denial of service. (CVE-2010-4476) It was discovered that the JNLPClassLoader class when handling multiple signatures allowed remote attackers to gain privileges due to the assignment of an inappropriate security descriptor. (CVE-2011-0706) Updated packages for Ubuntu 9.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.7-0ubuntu1~9.10.1.diff.gz Size/MD5: 146232 31c9fd1c87f901507dec909a87d40589 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.7-0ubuntu1~9.10.1.dsc Size/MD5: 3009 13ad66a10ac1cb3698ec20d1d214a626 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.7.orig.tar.gz Size/MD5: 71430490 b2811b2e53cd9abaad6959d33fe10d19 armel architecture (ARM Architecture): http://ports.ubuntu.com/pool/main/o/openjdk-6b18/icedtea-6-jre-cacao_6b18-1.8.7-0ubuntu1~9.10.1_armel.deb Size/MD5: 369758 6c4489efb438728ec430f7fe9c560a24 http://ports.ubuntu.com/pool/main/o/openjdk-6b18/icedtea6-plugin_6b18-1.8.7-0ubuntu1~9.10.1_armel.deb Size/MD5: 75714 7d6bcfe18707892e7aebe836cff565db http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-dbg_6b18-1.8.7-0ubuntu1~9.10.1_armel.deb Size/MD5: 84965722 3bd57de4c9b80d33e545cd1e9c9492e9 http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-demo_6b18-1.8.7-0ubuntu1~9.10.1_armel.deb Size/MD5: 1544602 d3689556c3354209f1ac402f2ebde500 http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-jdk_6b18-1.8.7-0ubuntu1~9.10.1_armel.deb Size/MD5: 9107834 c31913d1c41bc826021784ea9c99cfb5 http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-jre-headless_6b18-1.8.7-0ubuntu1~9.10.1_armel.deb Size/MD5: 29720800 eff015c81953c6d7384706d14d97a896 http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-jre_6b18-1.8.7-0ubuntu1~9.10.1_armel.deb Size/MD5: 255212 d01547c3c8ea7991c8417718e0d9031b http://ports.ubuntu.com/pool/universe/o/openjdk-6b18/openjdk-6-jre-zero_6b18-1.8.7-0ubuntu1~9.10.1_armel.deb Size/MD5: 4853678 3da0193b13769aff3f13c3946ac145a5 Updated packages for Ubuntu 10.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.7-0ubuntu1~10.04.2.diff.gz Size/MD5: 146294 ed4b09749d16004b52b0488c8191eb3f http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.7-0ubuntu1~10.04.2.dsc Size/MD5: 3062 5edaf7e9dbd70b79868927f2debafc6c http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.7.orig.tar.gz Size/MD5: 71430490 b2811b2e53cd9abaad6959d33fe10d19 armel architecture (ARM Architecture): http://ports.ubuntu.com/pool/main/o/openjdk-6b18/icedtea-6-jre-cacao_6b18-1.8.7-0ubuntu1~10.04.2_armel.deb Size/MD5: 346450 a68c38540eabb97715893feecb295fb0 http://ports.ubuntu.com/pool/main/o/openjdk-6b18/icedtea6-plugin_6b18-1.8.7-0ubuntu1~10.04.2_armel.deb Size/MD5: 73856 8afdfac50e3431dbc7330f8b84ecf37b http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-dbg_6b18-1.8.7-0ubuntu1~10.04.2_armel.deb Size/MD5: 41237528 13b2864e53bea1395ec4ee19a724fc98 http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-demo_6b18-1.8.7-0ubuntu1~10.04.2_armel.deb Size/MD5: 1525192 cf0e7f1013fa1f88134d288246dfa078 http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-jdk_6b18-1.8.7-0ubuntu1~10.04.2_armel.deb Size/MD5: 9101442 a22e6ec0af97c5b2a2dc2dc71650a863 http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-jre-headless_6b18-1.8.7-0ubuntu1~10.04.2_armel.deb Size/MD5: 29512754 7e8283f159bbbad2ea5939c78db8bd6a http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-jre_6b18-1.8.7-0ubuntu1~10.04.2_armel.deb Size/MD5: 245384 1ea80079241fe9ce65c39f6768ab842b . ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. The vulnerability is caused due to an error in the "doubleValue()" method in FloatingDecimal.java when converting "2.2250738585072012e-308" from a string type to a double precision binary floating point and can be exploited to cause an infinite loop. The vulnerability is reported in the following products: * Sun JDK and JRE 6 Update 23 and prior. * Sun JDK 5.0 Update 27 and prior. * Sun SDK 1.4.2_29 and prior. SOLUTION: Apply patch via the FPUpdater tool. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02822093 Version: 1 HPSBOV02634 SSRT100390 rev.1 - HP OpenVMS running Java, Remote Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2011-05-05 Last Updated: 2011-05-05 Potential Security Impact: Remote Denial of Service (DoS) Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential vulnerability has been identified with HP OpenVMS running Java. The vulnerability could be remotely exploited to create a Denial of Service (DoS). References: CVE-2010-4476 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP OpenVMS running J2SE 1.42 on Alpha platforms: v 1.42-9 and earlier. HP OpenVMS running J2SE 1.42 on I64 platforms: v 1.42-6 and earlier. HP OpenVMS running J2SE 5.0 on Alpha platforms: v 1.50-7 and earlier. HP OpenVMS running J2SE 5.0 on I64 platforms: v 1.50-6 and earlier. HP OpenVMS running Java SE 6 on Alpha and I64 platforms: v 6.0-2 and earlier. BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2010-4476 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has made the following software tool available to resolve the vulnerability. The FPUpdater tool (Floating Point Updater) must be run to update the Java Development Kit (JDK) and/or the Java Runtime Environment (JRE) for Java v 1.4-x, v 5.0-x, and v 6.0-x. To download the FPUpdater tool, go to http://h18012.www1.hp.com/java/alpha/fpupdater_index.html HISTORY Version:1 (rev.1) - 5 May 2011 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." Copyright 2011 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk3C8qwACgkQ4B86/C0qfVkgSwCdErQezT2ZMSfx61jDn8lgarYF hCgAoMpFi1D/6TkGP5C1KwKiMsbNUM0A =KFeW -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Apache Tomcat Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43198 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43198/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43198 RELEASE DATE: 2011-02-07 DISCUSS ADVISORY: http://secunia.com/advisories/43198/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43198/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43198 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Apache Tomcat, which can be exploited by malicious, local users to bypass certain security restrictions and by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service). 1) An error due to the "ServletContect" attribute improperly being restricted to read-only when running under a SecurityManager can be exploited by a malicious web application to use an arbitrary working directory with read-write privileges. 2) Certain input (e.g. display names) is not properly sanitised in the HTML Manager interface before being returned to the user. 3) An error within the JVM when accessing a page that calls "javax.servlet.ServletRequest.getLocale()" or "javax.servlet.ServletRequest.getLocales()" functions can be exploited to cause the process to hang via a web request containing specially crafted headers (e.g. "Accept-Language"). This vulnerability is reported in versions prior to 5.5.33. PROVIDED AND/OR DISCOVERED BY: 1, 2) Reported by the vendor. 3) Konstantin Preiber ORIGINAL ADVISORY: Apache Tomcat: http://tomcat.apache.org/security-5.html http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0075.html Konstantin Preiber: http://www.exploringbinary.com/why-volatile-fixes-the-2-2250738585072011e-308-bug/comment-page-1/#comment-4645 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 4.5

sources: NVD: CVE-2010-4476 // JVNDB: JVNDB-2011-000018 // JVNDB: JVNDB-2011-000017 // JVNDB: JVNDB-2011-000016 // JVNDB: JVNDB-2011-001185 // VULMON: CVE-2010-4476 // PACKETSTORM: 121037 // PACKETSTORM: 99083 // PACKETSTORM: 127267 // PACKETSTORM: 99338 // PACKETSTORM: 98322 // PACKETSTORM: 101245 // PACKETSTORM: 98186

AFFECTED PRODUCTS

vendor:	hewlett packard l p	model:	hp systems insight manager	scope:	eq	version:	prior to v7.0	Trust: 2.4
vendor:	sun	model:	jre	scope:	eq	version:	1.5.0	Trust: 1.6
vendor:	sun	model:	jre	scope:	eq	version:	1.4.2_25	Trust: 1.0
vendor:	sun	model:	sdk	scope:	lte	version:	1.4.2_29	Trust: 1.0
vendor:	sun	model:	sdk	scope:	eq	version:	1.4.2	Trust: 1.0
vendor:	sun	model:	jre	scope:	eq	version:	1.4.2_2	Trust: 1.0
vendor:	sun	model:	jre	scope:	eq	version:	1.4.2_3	Trust: 1.0
vendor:	sun	model:	jre	scope:	eq	version:	1.4.2_22	Trust: 1.0
vendor:	sun	model:	jre	scope:	eq	version:	1.4.2_23	Trust: 1.0
vendor:	sun	model:	jdk	scope:	eq	version:	1.5.0	Trust: 1.0
vendor:	sun	model:	jdk	scope:	lte	version:	1.6.0	Trust: 1.0
vendor:	sun	model:	sdk	scope:	eq	version:	1.4.2_5	Trust: 1.0
vendor:	sun	model:	sdk	scope:	eq	version:	1.4.2_24	Trust: 1.0
vendor:	sun	model:	jre	scope:	lte	version:	1.5.0	Trust: 1.0
vendor:	sun	model:	jre	scope:	eq	version:	1.4.2_13	Trust: 1.0
vendor:	sun	model:	jre	scope:	eq	version:	1.4.2_15	Trust: 1.0
vendor:	sun	model:	sdk	scope:	eq	version:	1.4.2_18	Trust: 1.0
vendor:	sun	model:	jre	scope:	eq	version:	1.4.2_10	Trust: 1.0
vendor:	sun	model:	sdk	scope:	eq	version:	1.4.2_1	Trust: 1.0
vendor:	sun	model:	sdk	scope:	eq	version:	1.4.2_8	Trust: 1.0
vendor:	sun	model:	jre	scope:	eq	version:	1.4.2_19	Trust: 1.0
vendor:	sun	model:	sdk	scope:	eq	version:	1.4.2_16	Trust: 1.0
vendor:	sun	model:	sdk	scope:	eq	version:	1.4.2_4	Trust: 1.0
vendor:	sun	model:	jre	scope:	eq	version:	1.4.2_6	Trust: 1.0
vendor:	sun	model:	jre	scope:	eq	version:	1.4.2_26	Trust: 1.0
vendor:	sun	model:	jre	scope:	eq	version:	1.4.2_21	Trust: 1.0
vendor:	sun	model:	sdk	scope:	eq	version:	1.4.2_7	Trust: 1.0
vendor:	sun	model:	sdk	scope:	eq	version:	1.4.2_17	Trust: 1.0
vendor:	sun	model:	sdk	scope:	eq	version:	1.4.2_25	Trust: 1.0
vendor:	sun	model:	sdk	scope:	eq	version:	1.4.2_3	Trust: 1.0
vendor:	sun	model:	sdk	scope:	eq	version:	1.4.2_11	Trust: 1.0
vendor:	sun	model:	sdk	scope:	eq	version:	1.4.2_12	Trust: 1.0
vendor:	sun	model:	sdk	scope:	eq	version:	1.4.2_22	Trust: 1.0
vendor:	sun	model:	jre	scope:	eq	version:	1.4.2_9	Trust: 1.0
vendor:	sun	model:	jre	scope:	eq	version:	1.4.2_27	Trust: 1.0
vendor:	sun	model:	jre	scope:	eq	version:	1.4.2_28	Trust: 1.0
vendor:	sun	model:	jdk	scope:	lte	version:	1.5.0	Trust: 1.0
vendor:	sun	model:	jre	scope:	eq	version:	1.6.0	Trust: 1.0
vendor:	sun	model:	sdk	scope:	eq	version:	1.4.2_23	Trust: 1.0
vendor:	sun	model:	jre	scope:	lte	version:	1.4.2_29	Trust: 1.0
vendor:	sun	model:	jre	scope:	eq	version:	1.4.2_14	Trust: 1.0
vendor:	sun	model:	sdk	scope:	eq	version:	1.4.2_13	Trust: 1.0
vendor:	sun	model:	sdk	scope:	eq	version:	1.4.2_10	Trust: 1.0
vendor:	sun	model:	sdk	scope:	eq	version:	1.4.2_15	Trust: 1.0
vendor:	sun	model:	jre	scope:	eq	version:	1.4.2	Trust: 1.0
vendor:	sun	model:	jre	scope:	eq	version:	1.4.2_8	Trust: 1.0
vendor:	sun	model:	jre	scope:	eq	version:	1.4.2_20	Trust: 1.0
vendor:	sun	model:	sdk	scope:	eq	version:	1.4.2_6	Trust: 1.0
vendor:	sun	model:	sdk	scope:	eq	version:	1.4.2_26	Trust: 1.0
vendor:	sun	model:	sdk	scope:	eq	version:	1.4.2_19	Trust: 1.0
vendor:	sun	model:	jdk	scope:	eq	version:	1.6.0	Trust: 1.0
vendor:	sun	model:	sdk	scope:	eq	version:	1.4.2_21	Trust: 1.0
vendor:	sun	model:	jre	scope:	eq	version:	1.4.2_5	Trust: 1.0
vendor:	sun	model:	jre	scope:	eq	version:	1.4.2_24	Trust: 1.0
vendor:	sun	model:	jre	scope:	lte	version:	1.6.0	Trust: 1.0
vendor:	sun	model:	sdk	scope:	eq	version:	1.4.2_9	Trust: 1.0
vendor:	sun	model:	sdk	scope:	eq	version:	1.4.2_02	Trust: 1.0
vendor:	sun	model:	sdk	scope:	eq	version:	1.4.2_27	Trust: 1.0
vendor:	sun	model:	jre	scope:	eq	version:	1.4.2_1	Trust: 1.0
vendor:	sun	model:	jre	scope:	eq	version:	1.4.2_16	Trust: 1.0
vendor:	sun	model:	jre	scope:	eq	version:	1.4.2_4	Trust: 1.0
vendor:	sun	model:	jre	scope:	eq	version:	1.4.2_18	Trust: 1.0
vendor:	sun	model:	sdk	scope:	eq	version:	1.4.2_28	Trust: 1.0
vendor:	sun	model:	sdk	scope:	eq	version:	1.4.2_14	Trust: 1.0
vendor:	sun	model:	jre	scope:	eq	version:	1.4.2_7	Trust: 1.0
vendor:	sun	model:	jre	scope:	eq	version:	1.4.2_12	Trust: 1.0
vendor:	sun	model:	jre	scope:	eq	version:	1.4.2_11	Trust: 1.0
vendor:	sun	model:	sdk	scope:	eq	version:	1.4.2_20	Trust: 1.0
vendor:	sun	model:	jre	scope:	eq	version:	1.4.2_17	Trust: 1.0
vendor:	ibm	model:	forms	scope:	eq	version:	4.0, 3.5	Trust: 0.8
vendor:	ibm	model:	lotus expeditor	scope:	eq	version:	6.2	Trust: 0.8
vendor:	ibm	model:	lotus quickr	scope:	eq	version:	for websphere portal 8.5, 8.1, 8.0	Trust: 0.8
vendor:	ibm	model:	mashup center	scope:	eq	version:	3.0, 2.0, 1.1, 1.0	Trust: 0.8
vendor:	ibm	model:	websphere dashboard framework	scope:	eq	version:	6.1, 6.0	Trust: 0.8
vendor:	ibm	model:	lotus activeinsight	scope:	eq	version:	6.1, 6.0	Trust: 0.8
vendor:	ibm	model:	lotus connections	scope:	eq	version:	3.0, 2.5, 2.0, 1.0	Trust: 0.8
vendor:	ibm	model:	lotus mashups	scope:	eq	version:	3.0, 2.0, 1.1, 1.0	Trust: 0.8
vendor:	ibm	model:	lotus sametime advanced	scope:	eq	version:	8.0	Trust: 0.8
vendor:	ibm	model:	lotus sametime standard	scope:	eq	version:	8.5	Trust: 0.8
vendor:	ibm	model:	lotus sametime unified telephony	scope:	eq	version:	8.5.1, 8.0	Trust: 0.8
vendor:	ibm	model:	lotus web content management	scope:	eq	version:	7.0, 6.1	Trust: 0.8
vendor:	ibm	model:	lotus workforce management	scope:	eq	version:	6.1	Trust: 0.8
vendor:	ibm	model:	websphere portlet factory	scope:	eq	version:	7.0, 6.1	Trust: 0.8
vendor:	ibm	model:	workplace web content management	scope:	eq	version:	6.0	Trust: 0.8
vendor:	ibm	model:	websphere application server	scope:	eq	version:	to v6.0 to v6.0.2.43	Trust: 0.8
vendor:	ibm	model:	websphere application server	scope:	eq	version:	to v6.1 to v6.1.0.35	Trust: 0.8
vendor:	ibm	model:	websphere application server	scope:	eq	version:	to v7.0 to v7.0.0.13	Trust: 0.8
vendor:	ibm	model:	db2	scope:	eq	version:	for linux, unix, and windows version 9.1 fp0 to fp10	Trust: 0.8
vendor:	ibm	model:	db2	scope:	eq	version:	for linux, unix, and windows version 9.5 fp0 to fp7	Trust: 0.8
vendor:	ibm	model:	db2	scope:	eq	version:	for linux, unix, and windows version 9.7 fp0 to fp3a	Trust: 0.8
vendor:	ibm	model:	websphere application server	scope:	eq	version:	v6.0 to v6.0.2.43	Trust: 0.8
vendor:	ibm	model:	websphere application server	scope:	eq	version:	v6.1 to v6.1.0.35	Trust: 0.8
vendor:	ibm	model:	websphere application server	scope:	eq	version:	v7.0 to v7.0.0.13	Trust: 0.8
vendor:	vmware	model:	esx	scope:	eq	version:	3.0.3	Trust: 0.8
vendor:	vmware	model:	esx	scope:	eq	version:	3.5	Trust: 0.8
vendor:	vmware	model:	esx	scope:	eq	version:	4.0	Trust: 0.8
vendor:	vmware	model:	esx	scope:	eq	version:	4.1	Trust: 0.8
vendor:	vmware	model:	esxi	scope:	-	version:	-	Trust: 0.8
vendor:	vmware	model:	vcenter	scope:	eq	version:	4.0 (windows)	Trust: 0.8
vendor:	vmware	model:	vcenter	scope:	eq	version:	4.1 (windows)	Trust: 0.8
vendor:	vmware	model:	vcenter	scope:	eq	version:	5.0 (windows)	Trust: 0.8
vendor:	vmware	model:	virtualcenter	scope:	eq	version:	2.5 (windows)	Trust: 0.8
vendor:	vmware	model:	vsphere update manager	scope:	eq	version:	4.0 (windows)	Trust: 0.8
vendor:	vmware	model:	vsphere update manager	scope:	eq	version:	4.1 (windows)	Trust: 0.8
vendor:	vmware	model:	vsphere update manager	scope:	eq	version:	5.0 (windows)	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	v10.5.8	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	v10.6.6	Trust: 0.8
vendor:	apple	model:	mac os x server	scope:	eq	version:	v10.5.8	Trust: 0.8
vendor:	apple	model:	mac os x server	scope:	eq	version:	v10.6.6	Trust: 0.8
vendor:	oracle	model:	iplanet web server	scope:	eq	version:	6.1	Trust: 0.8
vendor:	oracle	model:	iplanet web server	scope:	eq	version:	7.0	Trust: 0.8
vendor:	cybertrust	model:	asianux server	scope:	eq	version:	3 (x86)	Trust: 0.8
vendor:	cybertrust	model:	asianux server	scope:	eq	version:	3 (x86-64)	Trust: 0.8
vendor:	sun microsystems	model:	jdk	scope:	lte	version:	5.0 update 27	Trust: 0.8
vendor:	sun microsystems	model:	jdk	scope:	lte	version:	6 update 23	Trust: 0.8
vendor:	sun microsystems	model:	jre	scope:	lte	version:	1.4.2_29	Trust: 0.8
vendor:	sun microsystems	model:	jre	scope:	lte	version:	5.0 update 27	Trust: 0.8
vendor:	sun microsystems	model:	jre	scope:	lte	version:	6 update 23	Trust: 0.8
vendor:	sun microsystems	model:	sdk	scope:	lte	version:	1.4.2_29	Trust: 0.8
vendor:	hewlett packard	model:	hp systems insight manager	scope:	lt	version:	7.0	Trust: 0.8
vendor:	hewlett packard	model:	hp tru64 unix	scope:	lte	version:	running j2se v 1.42-9	Trust: 0.8
vendor:	hewlett packard	model:	hp-ux	scope:	eq	version:	11.11	Trust: 0.8
vendor:	hewlett packard	model:	hp-ux	scope:	eq	version:	11.23	Trust: 0.8
vendor:	hewlett packard	model:	hp-ux	scope:	eq	version:	11.23 (ia)	Trust: 0.8
vendor:	hewlett packard	model:	hp-ux	scope:	eq	version:	11.23 (pa)	Trust: 0.8
vendor:	hewlett packard	model:	hp-ux	scope:	eq	version:	11.31	Trust: 0.8
vendor:	hewlett packard	model:	hp-ux tomcat-based servlet engine	scope:	eq	version:	5.5.30.04	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	5 (server)	Trust: 0.8
vendor:	red hat	model:	enterprise linux desktop	scope:	eq	version:	5.0 (client)	Trust: 0.8
vendor:	red hat	model:	enterprise linux desktop	scope:	eq	version:	6	Trust: 0.8
vendor:	red hat	model:	enterprise linux extras	scope:	eq	version:	4 extras	Trust: 0.8
vendor:	red hat	model:	enterprise linux extras	scope:	eq	version:	4.8.z extras	Trust: 0.8
vendor:	red hat	model:	enterprise linux hpc node	scope:	eq	version:	6	Trust: 0.8
vendor:	red hat	model:	enterprise linux hpc node supplementary	scope:	eq	version:	6	Trust: 0.8
vendor:	red hat	model:	enterprise linux server	scope:	eq	version:	6	Trust: 0.8
vendor:	red hat	model:	enterprise linux server supplementary	scope:	eq	version:	6	Trust: 0.8
vendor:	red hat	model:	enterprise linux workstation	scope:	eq	version:	6	Trust: 0.8
vendor:	red hat	model:	enterprise linux workstation supplementary	scope:	eq	version:	6	Trust: 0.8
vendor:	red hat	model:	rhel desktop supplementary	scope:	eq	version:	5 (client)	Trust: 0.8
vendor:	red hat	model:	rhel desktop supplementary	scope:	eq	version:	6	Trust: 0.8
vendor:	red hat	model:	rhel desktop workstation	scope:	eq	version:	5 (client)	Trust: 0.8
vendor:	red hat	model:	rhel supplementary	scope:	eq	version:	5 (server)	Trust: 0.8
vendor:	nec	model:	systemdirector enterprise	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	cosminexus application server	scope:	eq	version:	enterprise version 6	Trust: 0.8
vendor:	hitachi	model:	cosminexus application server	scope:	eq	version:	standard version 6	Trust: 0.8
vendor:	hitachi	model:	cosminexus application server	scope:	eq	version:	version 5	Trust: 0.8
vendor:	hitachi	model:	cosminexus client	scope:	eq	version:	version 6	Trust: 0.8
vendor:	hitachi	model:	cosminexus collaboration	scope:	eq	version:	- server	Trust: 0.8
vendor:	hitachi	model:	cosminexus developer	scope:	eq	version:	light version 6	Trust: 0.8
vendor:	hitachi	model:	cosminexus developer	scope:	eq	version:	professional version 6	Trust: 0.8
vendor:	hitachi	model:	cosminexus developer	scope:	eq	version:	standard version 6	Trust: 0.8
vendor:	hitachi	model:	cosminexus developer	scope:	eq	version:	version 5	Trust: 0.8
vendor:	hitachi	model:	cosminexus server	scope:	eq	version:	- standard edition version 4	Trust: 0.8
vendor:	hitachi	model:	cosminexus server	scope:	eq	version:	- web edition version 4	Trust: 0.8
vendor:	hitachi	model:	cosminexus studio	scope:	eq	version:	- standard edition version 4	Trust: 0.8
vendor:	hitachi	model:	cosminexus studio	scope:	eq	version:	- web edition version 4	Trust: 0.8
vendor:	hitachi	model:	cosminexus studio	scope:	eq	version:	version 5	Trust: 0.8
vendor:	hitachi	model:	groupmax collaboration	scope:	eq	version:	- server	Trust: 0.8
vendor:	hitachi	model:	hirdb realtime monitor	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	developer's kit for java	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	device manager	scope:	eq	version:	software	Trust: 0.8
vendor:	hitachi	model:	global link manager	scope:	eq	version:	software	Trust: 0.8
vendor:	hitachi	model:	it operations analyzer	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	it operations director	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	provisioning manager	scope:	eq	version:	software	Trust: 0.8
vendor:	hitachi	model:	replication manager	scope:	eq	version:	software	Trust: 0.8
vendor:	hitachi	model:	tiered storage manager	scope:	eq	version:	software	Trust: 0.8
vendor:	hitachi	model:	tuning manager	scope:	eq	version:	software	Trust: 0.8
vendor:	hitachi	model:	job management partner 1/automatic job management system 2	scope:	eq	version:	- web operation assistant( english edition )	Trust: 0.8
vendor:	hitachi	model:	job management partner 1/automatic job management system 2	scope:	eq	version:	- web operation assistant/ex( english edition )	Trust: 0.8
vendor:	hitachi	model:	job management partner 1/automatic job management system 3	scope:	eq	version:	- web operation assistant( english edition )	Trust: 0.8
vendor:	hitachi	model:	job management partner 1/performance management - web console	scope:	eq	version:	( overseas edition )	Trust: 0.8
vendor:	hitachi	model:	jp1/automatic job management system 2	scope:	eq	version:	- web operation assistant	Trust: 0.8
vendor:	hitachi	model:	jp1/automatic job management system 3	scope:	eq	version:	- web operation assistant	Trust: 0.8
vendor:	hitachi	model:	jp1/cm2/network node manager	scope:	eq	version:	none	Trust: 0.8
vendor:	hitachi	model:	jp1/cm2/network node manager	scope:	eq	version:	i	Trust: 0.8
vendor:	hitachi	model:	jp1/cm2/network node manager	scope:	eq	version:	i advanced	Trust: 0.8
vendor:	hitachi	model:	jp1/cm2/network node manager	scope:	eq	version:	starter edition 250	Trust: 0.8
vendor:	hitachi	model:	jp1/cm2/network node manager	scope:	eq	version:	starter edition enterprise	Trust: 0.8
vendor:	hitachi	model:	jp1/cm2/snmp system observer	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	jp1/hicommand device manager	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	jp1/hicommand global link availability manager	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	jp1/hicommand provisioning manager	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	jp1/hicommand replication monitor	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	jp1/hicommand tiered storage manager	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	jp1/hicommand tuning manager	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	jp1/integrated management	scope:	eq	version:	- service support	Trust: 0.8
vendor:	hitachi	model:	jp1/it resource management	scope:	eq	version:	- manager	Trust: 0.8
vendor:	hitachi	model:	jp1/performance management	scope:	eq	version:	- web console	Trust: 0.8
vendor:	hitachi	model:	jp1/performance management	scope:	eq	version:	- web console( overseas edition )	Trust: 0.8
vendor:	hitachi	model:	jp1/serverconductor/control manager	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	processing kit for xml	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	ucosminexus application server	scope:	eq	version:	enterprise	Trust: 0.8
vendor:	hitachi	model:	ucosminexus application server	scope:	eq	version:	standard	Trust: 0.8
vendor:	hitachi	model:	ucosminexus application server	scope:	eq	version:	standard-r	Trust: 0.8
vendor:	hitachi	model:	ucosminexus client	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	ucosminexus collaboration	scope:	eq	version:	- server	Trust: 0.8
vendor:	hitachi	model:	ucosminexus developer	scope:	eq	version:	light	Trust: 0.8
vendor:	hitachi	model:	ucosminexus developer	scope:	eq	version:	professional	Trust: 0.8
vendor:	hitachi	model:	ucosminexus developer	scope:	eq	version:	standard	Trust: 0.8
vendor:	hitachi	model:	ucosminexus navigation	scope:	eq	version:	developer	Trust: 0.8
vendor:	hitachi	model:	ucosminexus navigation	scope:	eq	version:	platform	Trust: 0.8
vendor:	hitachi	model:	ucosminexus navigation	scope:	eq	version:	platform - authoring license	Trust: 0.8
vendor:	hitachi	model:	ucosminexus navigation	scope:	eq	version:	platform - user license	Trust: 0.8
vendor:	hitachi	model:	ucosminexus operator	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	ucosminexus portal framework	scope:	eq	version:	entry set	Trust: 0.8
vendor:	hitachi	model:	ucosminexus reporting base	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	ucosminexus service	scope:	eq	version:	architect	Trust: 0.8
vendor:	hitachi	model:	ucosminexus service	scope:	eq	version:	platform	Trust: 0.8
vendor:	hitachi	model:	ucosminexus stream data platform	scope:	eq	version:	none	Trust: 0.8
vendor:	hitachi	model:	ucosminexus stream data platform	scope:	eq	version:	- application framework	Trust: 0.8
vendor:	hitachi	model:	electronic form workflow	scope:	eq	version:	standard set	Trust: 0.8
vendor:	hitachi	model:	electronic form workflow	scope:	eq	version:	set	Trust: 0.8
vendor:	hitachi	model:	electronic form workflow	scope:	eq	version:	developer client set	Trust: 0.8
vendor:	hitachi	model:	electronic form workflow	scope:	eq	version:	developer set	Trust: 0.8
vendor:	hitachi	model:	electronic form workflow	scope:	eq	version:	professional library set	Trust: 0.8
vendor:	fujitsu	model:	internet navigware server	scope:	-	version:	-	Trust: 0.8
vendor:	fujitsu	model:	interstage application development cycle manager	scope:	-	version:	-	Trust: 0.8
vendor:	fujitsu	model:	interstage application framework suite	scope:	-	version:	-	Trust: 0.8
vendor:	fujitsu	model:	interstage application server	scope:	-	version:	-	Trust: 0.8
vendor:	fujitsu	model:	interstage apworks	scope:	eq	version:	server operation package	Trust: 0.8
vendor:	fujitsu	model:	interstage business application server	scope:	-	version:	-	Trust: 0.8
vendor:	fujitsu	model:	interstage job workload server	scope:	-	version:	-	Trust: 0.8
vendor:	fujitsu	model:	interstage list works	scope:	-	version:	-	Trust: 0.8
vendor:	fujitsu	model:	interstage service integrator	scope:	-	version:	-	Trust: 0.8
vendor:	fujitsu	model:	interstage web server	scope:	-	version:	-	Trust: 0.8
vendor:	fujitsu	model:	interstage xml business activity recorder	scope:	-	version:	-	Trust: 0.8
vendor:	fujitsu	model:	systemwalker availability view	scope:	-	version:	-	Trust: 0.8
vendor:	fujitsu	model:	systemwalker centric manager	scope:	-	version:	-	Trust: 0.8
vendor:	fujitsu	model:	systemwalker it change manager	scope:	-	version:	-	Trust: 0.8
vendor:	fujitsu	model:	systemwalker it process master	scope:	-	version:	-	Trust: 0.8
vendor:	fujitsu	model:	systemwalker resource coordinator	scope:	-	version:	-	Trust: 0.8
vendor:	fujitsu	model:	systemwalker service quality coordinator	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2011-000018 // JVNDB: JVNDB-2011-000017 // JVNDB: JVNDB-2011-000016 // JVNDB: JVNDB-2011-001185 // CNNVD: CNNVD-201102-241 // NVD: CVE-2010-4476

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2010-4476
value:	MEDIUM
Trust: 1.0
IPA:	JVNDB-2011-000018
value:	MEDIUM
Trust: 0.8
IPA:	JVNDB-2011-000017
value:	MEDIUM
Trust: 0.8
IPA:	JVNDB-2011-000016
value:	MEDIUM
Trust: 0.8
NVD:	CVE-2010-4476
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201102-241
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2010-4476
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2010-4476
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
IPA:	JVNDB-2011-000018
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
IPA:	JVNDB-2011-000017
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
IPA:	JVNDB-2011-000016
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8

sources: VULMON: CVE-2010-4476 // JVNDB: JVNDB-2011-000018 // JVNDB: JVNDB-2011-000017 // JVNDB: JVNDB-2011-000016 // JVNDB: JVNDB-2011-001185 // CNNVD: CNNVD-201102-241 // NVD: CVE-2010-4476

PROBLEMTYPE DATA

problemtype:	CWE-189	Trust: 2.4
problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-DesignError	Trust: 0.8

sources: JVNDB: JVNDB-2011-000018 // JVNDB: JVNDB-2011-000017 // JVNDB: JVNDB-2011-000016 // JVNDB: JVNDB-2011-001185 // NVD: CVE-2010-4476

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201102-241

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201102-241

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-000018

EXPLOIT AVAILABILITY

sources: VULMON: CVE-2010-4476

PATCH

title:	HPSBMU02769 SSRT100846	url:	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03298151	Trust: 3.2
title:	NV18-002	url:	http://jpn.nec.com/security-info/secinfo/nv18-002.html	Trust: 3.2
title:	1462019	url:	http://www-01.ibm.com/support/docview.wss?uid=swg21462019	Trust: 1.6
title:	1462146	url:	http://www-01.ibm.com/support/docview.wss?uid=swg21462146	Trust: 0.8
title:	1462136	url:	http://www.ibm.com/support/docview.wss?uid=swg21462136	Trust: 0.8
title:	PM31983	url:	http://www-01.ibm.com/support/docview.wss?uid=swg1PM31983	Trust: 0.8
title:	IZ94423	url:	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ94423	Trust: 0.8
title:	cve-2010-4476	url:	http://www.ibm.com/developerworks/java/jdk/alerts/cve-2010-4476.html	Trust: 0.8
title:	1469029	url:	https://www-304.ibm.com/support/docview.wss?uid=swg21469029	Trust: 0.8
title:	security-5.html#Not_a_vulnerability_in_Tomcat	url:	http://tomcat.apache.org/security-5.html#Not_a_vulnerability_in_Tomcat	Trust: 0.8
title:	security-6.html#Not_a_vulnerability_in_Tomcat	url:	http://tomcat.apache.org/security-6.html#Not_a_vulnerability_in_Tomcat	Trust: 0.8
title:	security-7.html#Not_a_vulnerability_in_Tomcat	url:	http://tomcat.apache.org/security-7.html#Not_a_vulnerability_in_Tomcat	Trust: 0.8
title:	1066244	url:	http://svn.apache.org/viewvc?view=revision&revision=1066244	Trust: 0.8
title:	1066315	url:	http://svn.apache.org/viewvc?view=revision&revision=1066315	Trust: 0.8
title:	1066318	url:	http://svn.apache.org/viewvc?view=revision&revision=1066318	Trust: 0.8
title:	HT4562	url:	http://support.apple.com/kb/HT4562	Trust: 0.8
title:	HT4563	url:	http://support.apple.com/kb/HT4563	Trust: 0.8
title:	HT4562	url:	http://support.apple.com/kb/HT4562?viewlocale=ja_JP	Trust: 0.8
title:	HT4563	url:	http://support.apple.com/kb/HT4563?viewlocale=ja_JP	Trust: 0.8
title:	tomcat5-5.5.23-0jpp.17.0.1.AXS3	url:	https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=1382	Trust: 0.8
title:	HPUXWSATW233	url:	https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPUXWSATW233	Trust: 0.8
title:	HPUXWSATW315	url:	https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPUXWSATW315	Trust: 0.8
title:	HS11-008	url:	http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-008/index.html	Trust: 0.8
title:	HS11-009	url:	http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-009/index.html	Trust: 0.8
title:	HS11-010	url:	http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-010/index.html	Trust: 0.8
title:	HS11-003	url:	http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-003/index.html	Trust: 0.8
title:	HPSBUX02685	url:	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02775276	Trust: 0.8
title:	HPSBUX02642	url:	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02746026	Trust: 0.8
title:	HPSBUX02633	url:	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02729756	Trust: 0.8
title:	HPSBUX02641	url:	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02738573	Trust: 0.8
title:	HPSBUX02645	url:	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02752210	Trust: 0.8
title:	HPSBTU02684	url:	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02826781	Trust: 0.8
title:	1469482	url:	http://www-01.ibm.com/support/docview.wss?uid=swg21469482	Trust: 0.8
title:	1468197	url:	http://www-01.ibm.com/support/docview.wss?uid=swg21468197	Trust: 0.8
title:	javacpufeb2011-304611	url:	http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html	Trust: 0.8
title:	cpuapr2011-301950	url:	http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html	Trust: 0.8
title:	alert-cve-2010-4476-305811	url:	http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html	Trust: 0.8
title:	RHSA-2011:0336	url:	https://rhn.redhat.com/errata/RHSA-2011-0336.html	Trust: 0.8
title:	RHSA-2011:0214	url:	https://rhn.redhat.com/errata/RHSA-2011-0214.html	Trust: 0.8
title:	RHSA-2011:0282	url:	https://rhn.redhat.com/errata/RHSA-2011-0282.html	Trust: 0.8
title:	RHSA-2011:0335	url:	https://rhn.redhat.com/errata/RHSA-2011-0335.html	Trust: 0.8
title:	security_alert_for_cve-2010-44	url:	http://blogs.oracle.com/security/2011/02/security_alert_for_cve-2010-44.html	Trust: 0.8
title:	april_2011_critical_patch_upda	url:	http://blogs.oracle.com/security/2011/04/april_2011_critical_patch_upda.html	Trust: 0.8
title:	VMSA-2011-0013	url:	http://www.vmware.com/jp/support/support-resources/advisories/VMSA-2011-0013.html	Trust: 0.8
title:	HS11-008	url:	http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-008/index.html	Trust: 0.8
title:	HS11-009	url:	http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-009/index.html	Trust: 0.8
title:	HS11-010	url:	http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-010/index.html	Trust: 0.8
title:	HS11-003	url:	http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-003/index.html	Trust: 0.8
title:	interstage_as_201101	url:	http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_201101.html	Trust: 0.8
title:	Debian Security Advisories: DSA-2161-1 openjdk-6 -- denial of service	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=8a0fbd8ef02c50b965cd7461fe7f588d	Trust: 0.1
title:	Ubuntu Security Notice: openjdk-6b18 vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-1079-3	Trust: 0.1
title:	Ubuntu Security Notice: openjdk-6 vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-1079-1	Trust: 0.1
title:	Ubuntu Security Notice: openjdk-6b18 vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-1079-2	Trust: 0.1
title:	VMware Security Advisories: VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX	url:	https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories&qid=31eb28d4d81f5dda33b13bdc58dfe8fb	Trust: 0.1

sources: VULMON: CVE-2010-4476 // JVNDB: JVNDB-2011-000018 // JVNDB: JVNDB-2011-000017 // JVNDB: JVNDB-2011-000016 // JVNDB: JVNDB-2011-001185

EXTERNAL IDS

db:	NVD	id:	CVE-2010-4476	Trust: 5.5
db:	SECUNIA	id:	43295	Trust: 3.5
db:	SECTRACK	id:	1025062	Trust: 3.5
db:	SECUNIA	id:	43304	Trust: 1.9
db:	SECUNIA	id:	43280	Trust: 1.9
db:	JVN	id:	JVN97334690	Trust: 1.6
db:	JVN	id:	JVN26301278	Trust: 1.6
db:	JVN	id:	JVN16308183	Trust: 1.6
db:	SECUNIA	id:	43400	Trust: 1.1
db:	SECUNIA	id:	45022	Trust: 1.1
db:	SECUNIA	id:	43333	Trust: 1.1
db:	SECUNIA	id:	43048	Trust: 1.1
db:	SECUNIA	id:	44954	Trust: 1.1
db:	SECUNIA	id:	45555	Trust: 1.1
db:	SECUNIA	id:	43659	Trust: 1.1
db:	SECUNIA	id:	43378	Trust: 1.1
db:	SECUNIA	id:	49198	Trust: 1.1
db:	VUPEN	id:	ADV-2011-0605	Trust: 1.1
db:	VUPEN	id:	ADV-2011-0422	Trust: 1.1
db:	VUPEN	id:	ADV-2011-0434	Trust: 1.1
db:	VUPEN	id:	ADV-2011-0365	Trust: 1.1
db:	VUPEN	id:	ADV-2011-0377	Trust: 1.1
db:	VUPEN	id:	ADV-2011-0379	Trust: 1.1
db:	HITACHI	id:	HS11-003	Trust: 1.1
db:	SECUNIA	id:	43262	Trust: 1.0
db:	BID	id:	46091	Trust: 0.9
db:	SECUNIA	id:	43198	Trust: 0.9
db:	JVNDB	id:	JVNDB-2011-000018	Trust: 0.8
db:	JVNDB	id:	JVNDB-2011-000017	Trust: 0.8
db:	JVNDB	id:	JVNDB-2011-000016	Trust: 0.8
db:	SECUNIA	id:	44303	Trust: 0.8
db:	SECUNIA	id:	43194	Trust: 0.8
db:	VUPEN	id:	ADV-2011-0405	Trust: 0.8
db:	VUPEN	id:	ADV-2011-0339	Trust: 0.8
db:	VUPEN	id:	ADV-2011-1051	Trust: 0.8
db:	VUPEN	id:	ADV-2011-0294	Trust: 0.8
db:	JVNDB	id:	JVNDB-2011-001185	Trust: 0.8
db:	CNNVD	id:	CNNVD-201102-241	Trust: 0.6
db:	EXPLOIT-DB	id:	35304	Trust: 0.1
db:	VULMON	id:	CVE-2010-4476	Trust: 0.1
db:	PACKETSTORM	id:	121037	Trust: 0.1
db:	PACKETSTORM	id:	99083	Trust: 0.1
db:	PACKETSTORM	id:	127267	Trust: 0.1
db:	PACKETSTORM	id:	99338	Trust: 0.1
db:	PACKETSTORM	id:	98322	Trust: 0.1
db:	PACKETSTORM	id:	101245	Trust: 0.1
db:	PACKETSTORM	id:	98186	Trust: 0.1

sources: VULMON: CVE-2010-4476 // PACKETSTORM: 121037 // PACKETSTORM: 99083 // PACKETSTORM: 127267 // PACKETSTORM: 99338 // PACKETSTORM: 98322 // PACKETSTORM: 101245 // PACKETSTORM: 98186 // JVNDB: JVNDB-2011-000018 // JVNDB: JVNDB-2011-000017 // JVNDB: JVNDB-2011-000016 // JVNDB: JVNDB-2011-001185 // CNNVD: CNNVD-201102-241 // NVD: CVE-2010-4476

REFERENCES

url:	http://secunia.com/advisories/43295	Trust: 3.5
url:	http://www.securitytracker.com/id?1025062	Trust: 3.5
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4476	Trust: 3.2
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-4476	Trust: 3.2
url:	http://secunia.com/advisories/43280	Trust: 1.9
url:	http://secunia.com/advisories/43304	Trust: 1.9
url:	http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html	Trust: 1.2
url:	http://security.gentoo.org/glsa/glsa-201406-32.xml	Trust: 1.2
url:	http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html	Trust: 1.1
url:	http://www.redhat.com/support/errata/rhsa-2011-0214.html	Trust: 1.1
url:	http://www-01.ibm.com/support/docview.wss?uid=swg1pm31983	Trust: 1.1
url:	http://lists.fedoraproject.org/pipermail/package-announce/2011-february/053926.html	Trust: 1.1
url:	http://www.debian.org/security/2011/dsa-2161	Trust: 1.1
url:	http://www.redhat.com/support/errata/rhsa-2011-0282.html	Trust: 1.1
url:	http://secunia.com/advisories/43400	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2011/0422	Trust: 1.1
url:	http://www.redhat.com/support/errata/rhsa-2011-0211.html	Trust: 1.1
url:	http://www-01.ibm.com/support/docview.wss?uid=swg1iz94423	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2011/0434	Trust: 1.1
url:	http://www.redhat.com/support/errata/rhsa-2011-0213.html	Trust: 1.1
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21468358	Trust: 1.1
url:	http://lists.fedoraproject.org/pipermail/package-announce/2011-february/053934.html	Trust: 1.1
url:	http://www13.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02720715&admit=109447627+1298159618320+28353475	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2011/0365	Trust: 1.1
url:	http://secunia.com/advisories/43378	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2011/0379	Trust: 1.1
url:	http://www.redhat.com/support/errata/rhsa-2011-0212.html	Trust: 1.1
url:	http://blogs.oracle.com/security/2011/02/security_alert_for_cve-2010-44.html	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2011/0377	Trust: 1.1
url:	http://www.redhat.com/support/errata/rhsa-2011-0210.html	Trust: 1.1
url:	http://blog.fortify.com/blog/2011/02/08/double-trouble	Trust: 1.1
url:	http://secunia.com/advisories/43048	Trust: 1.1
url:	http://secunia.com/advisories/43333	Trust: 1.1
url:	http://www.exploringbinary.com/java-hangs-when-converting-2-2250738585072012e-308/	Trust: 1.1
url:	http://www.redhat.com/support/errata/rhsa-2011-0334.html	Trust: 1.1
url:	http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html	Trust: 1.1
url:	http://www.redhat.com/support/errata/rhsa-2011-0333.html	Trust: 1.1
url:	http://secunia.com/advisories/45555	Trust: 1.1
url:	http://www.ibm.com/support/docview.wss?uid=swg24029498	Trust: 1.1
url:	http://www.ibm.com/support/docview.wss?uid=swg24029497	Trust: 1.1
url:	http://www.redhat.com/support/errata/rhsa-2011-0880.html	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=130514352726432&w=2	Trust: 1.1
url:	http://www.mandriva.com/security/advisories?name=mdvsa-2011:054	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=131041767210772&w=2	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2011/0605	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=129960314701922&w=2	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00004.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00010.html	Trust: 1.1
url:	http://secunia.com/advisories/43659	Trust: 1.1
url:	http://secunia.com/advisories/44954	Trust: 1.1
url:	http://secunia.com/advisories/45022	Trust: 1.1
url:	http://support.novell.com/docs/readmes/infodocument/patchbuilder/readme_5098550.html	Trust: 1.1
url:	http://secunia.com/advisories/49198	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=132215163318824&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=136485229118404&w=2	Trust: 1.1
url:	http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs11-003/index.html	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=134254957702612&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=130270785502599&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=130497185606818&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=133469267822771&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=130497132406206&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=129899347607632&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=133728004526190&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=130168502603566&w=2	Trust: 1.1
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a19493	Trust: 1.1
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a14589	Trust: 1.1
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a14328	Trust: 1.1
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a12745	Trust: 1.1
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a12662	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=134254866602253&w=2	Trust: 1.1
url:	http://www.securityfocus.com/bid/46091	Trust: 0.9
url:	http://jvn.jp/en/jp/jvn97334690/index.html	Trust: 0.8
url:	http://jvn.jp/en/jp/jvn26301278/index.html	Trust: 0.8
url:	http://jvn.jp/en/jp/jvn16308183/index.html	Trust: 0.8
url:	http://jvn.jp/jp/jvn97334690/index.html	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu584356/index.html	Trust: 0.8
url:	http://jvn.jp/jp/jvn16308183/index.html	Trust: 0.8
url:	http://jvn.jp/jp/jvn26301278/index.html	Trust: 0.8
url:	http://jvn.jp/tr/jvntr-2011-02	Trust: 0.8
url:	http://secunia.com/advisories/43198	Trust: 0.8
url:	http://secunia.com/advisories/43262	Trust: 0.8
url:	http://secunia.com/advisories/44303	Trust: 0.8
url:	http://secunia.com/advisories/43194	Trust: 0.8
url:	http://www.vupen.com/english/advisories/2011/0294	Trust: 0.8
url:	http://www.vupen.com/english/advisories/2011/0339	Trust: 0.8
url:	http://www.vupen.com/english/advisories/2011/1051	Trust: 0.8
url:	http://www.vupen.com/english/advisories/2011/0405	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2010-4476	Trust: 0.4
url:	https://www.hp.com/go/swa	Trust: 0.2
url:	http://www.itrc.hp.com/service/cki/secbullarchive.do	Trust: 0.2
url:	http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na&langcode=useng&jumpid=in_sc-gen__driveritrc&topiccode=itrc	Trust: 0.2
url:	http://h30046.www3.hp.com/subsignin.php	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2010-4470	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2010-4465	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2010-4469	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2010-4450	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2010-4448	Trust: 0.2
url:	http://secunia.com/products/corporate/evm/	Trust: 0.2
url:	http://www.exploringbinary.com/why-volatile-fixes-the-2-2250738585072011e-308-bug/comment-page-1/#comment-4645	Trust: 0.2
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.2
url:	http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/	Trust: 0.2
url:	http://secunia.com/vulnerability_scanning/personal/	Trust: 0.2
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.2
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://www.debian.org/security/./dsa-2161	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.exploit-db.com/exploits/35304/	Trust: 0.1
url:	https://usn.ubuntu.com/1079-3/	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=22468	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-2204	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-0033	Trust: 0.1
url:	https://h20392.www2.hp.com/portal	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-3548	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-2526	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-2902	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3718	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-4858	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-3190	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-0580	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-2693	Trust: 0.1
url:	http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/	Trust: 0.1
url:	http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-0781	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-2227	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-0022	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2008-5515	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-1184	Trust: 0.1
url:	https://h20566.www2.hp.com/portal/site/hpsc/public/kb/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-0783	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-5885	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-0013	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-1157	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-2729	Trust: 0.1
url:	https://www.hp.com/go/java	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3574	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3423	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3548	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3565	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2469	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0864	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3553	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2443	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1717	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2412	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1716	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0505	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1518	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2419	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3557	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2414	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4450	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3829	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5829	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5804	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1485	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5806	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5087	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2422	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0865	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4471	Trust: 0.1
url:	http://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5075	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3557	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3562	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2426	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3567	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4002	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5084	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1711	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1478	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2461	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5820	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5979	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6954	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2470	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4476	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0547	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4540	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0429	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0441	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2451	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2459	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5823	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2421	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0870	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3554	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0862	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2460	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1713	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0706	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0434	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5784	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3568	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5830	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3561	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5800	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4467	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3567	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2456	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5803	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4465	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4472	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5086	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3556	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0425	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2383	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2423	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2447	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2452	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2445	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2450	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5778	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5780	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5073	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3568	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3548	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1493	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2446	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5069	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-5035	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3541	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3566	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3549	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1500	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3562	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3571	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3555	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0426	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0457	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5850	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-2783	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3573	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3552	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0451	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0459	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2423	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1876	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2384	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4469	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0431	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1557	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0458	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2548	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2453	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4448	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3521	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0401	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5085	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2407	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2421	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3564	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2429	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3569	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2403	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5068	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-2548	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0871	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5071	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2398	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0432	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0815	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0444	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1475	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0497	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5774	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5782	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3554	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1725	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5790	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5805	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3564	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5802	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5849	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1719	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3569	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3573	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0461	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0442	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2448	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2458	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0427	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3548	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2427	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5825	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0506	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1484	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2430	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3541	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2415	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3549	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3565	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0872	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3216	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0429	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1718	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5772	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3860	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3422	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0433	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5074	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3554	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3574	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2454	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2444	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5072	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4470	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2436	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4416	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0822	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1537	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3553	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-3555	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3551	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2449	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0503	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0025	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2457	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1476	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0169	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0424	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3563	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0809	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5077	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0435	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3544	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0456	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1723	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1726	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0450	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1571	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-4467	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0460	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5081	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3547	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5840	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5851	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2465	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2431	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2473	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6629	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5783	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2783	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2463	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3560	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2412	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5809	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1480	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4351	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2420	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0501	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0428	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0869	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2417	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2471	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3566	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3551	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2424	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5076	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5842	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2397	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0452	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3553	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1569	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1724	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3558	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5797	Trust: 0.1
url:	http://security.gentoo.org/	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5070	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1486	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2472	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0446	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0453	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3860	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1488	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0502	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3561	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0868	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0440	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0443	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3389	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5814	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5817	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-4351	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3551	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2455	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3557	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5089	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6b18/icedtea-6-jre-cacao_6b18-1.8.7-0ubuntu1~9.10.1_armel.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-jre_6b18-1.8.7-0ubuntu1~9.10.1_armel.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-jdk_6b18-1.8.7-0ubuntu1~9.10.1_armel.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6b18/icedtea6-plugin_6b18-1.8.7-0ubuntu1~10.04.2_armel.deb	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-4471	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.7-0ubuntu1~10.04.2.dsc	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-dbg_6b18-1.8.7-0ubuntu1~9.10.1_armel.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6b18/icedtea-6-jre-cacao_6b18-1.8.7-0ubuntu1~10.04.2_armel.deb	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-4472	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6b18/icedtea6-plugin_6b18-1.8.7-0ubuntu1~9.10.1_armel.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.7.orig.tar.gz	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-demo_6b18-1.8.7-0ubuntu1~10.04.2_armel.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/o/openjdk-6b18/openjdk-6-jre-zero_6b18-1.8.7-0ubuntu1~9.10.1_armel.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-jre_6b18-1.8.7-0ubuntu1~10.04.2_armel.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.7-0ubuntu1~9.10.1.dsc	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-jdk_6b18-1.8.7-0ubuntu1~10.04.2_armel.deb	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-0706	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-jre-headless_6b18-1.8.7-0ubuntu1~9.10.1_armel.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-dbg_6b18-1.8.7-0ubuntu1~10.04.2_armel.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.7-0ubuntu1~9.10.1.diff.gz	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.7-0ubuntu1~10.04.2.diff.gz	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-demo_6b18-1.8.7-0ubuntu1~9.10.1_armel.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-jre-headless_6b18-1.8.7-0ubuntu1~10.04.2_armel.deb	Trust: 0.1
url:	http://secunia.com/products/corporate/vim/section_179/	Trust: 0.1
url:	http://secunia.com/advisories/43262/	Trust: 0.1
url:	http://secunia.com/advisories/43262/#comments	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=43262	Trust: 0.1
url:	http://h18012.www1.hp.com/java/alpha/fpupdater_index.html	Trust: 0.1
url:	http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0075.html	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=43198	Trust: 0.1
url:	http://secunia.com/advisories/43198/#comments	Trust: 0.1
url:	http://secunia.com/products/corporate/vim/	Trust: 0.1
url:	http://tomcat.apache.org/security-5.html	Trust: 0.1
url:	http://secunia.com/advisories/43198/	Trust: 0.1

CREDITS

Trust: 0.3

sources: PACKETSTORM: 121037 // PACKETSTORM: 99083 // PACKETSTORM: 101245

SOURCES

db:	VULMON	id:	CVE-2010-4476
db:	PACKETSTORM	id:	121037
db:	PACKETSTORM	id:	99083
db:	PACKETSTORM	id:	127267
db:	PACKETSTORM	id:	99338
db:	PACKETSTORM	id:	98322
db:	PACKETSTORM	id:	101245
db:	PACKETSTORM	id:	98186
db:	JVNDB	id:	JVNDB-2011-000018
db:	JVNDB	id:	JVNDB-2011-000017
db:	JVNDB	id:	JVNDB-2011-000016
db:	JVNDB	id:	JVNDB-2011-001185
db:	CNNVD	id:	CNNVD-201102-241
db:	NVD	id:	CVE-2010-4476

LAST UPDATE DATE

2025-08-11T21:26:16.767000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2010-4476	date:	2018-10-30T00:00:00
db:	JVNDB	id:	JVNDB-2011-000018	date:	2018-02-07T00:00:00
db:	JVNDB	id:	JVNDB-2011-000017	date:	2018-02-07T00:00:00
db:	JVNDB	id:	JVNDB-2011-000016	date:	2018-02-07T00:00:00
db:	JVNDB	id:	JVNDB-2011-001185	date:	2018-02-07T00:00:00
db:	CNNVD	id:	CNNVD-201102-241	date:	2011-02-24T00:00:00
db:	NVD	id:	CVE-2010-4476	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2010-4476	date:	2011-02-17T00:00:00
db:	PACKETSTORM	id:	121037	date:	2013-04-01T15:55:00
db:	PACKETSTORM	id:	99083	date:	2011-03-08T22:30:34
db:	PACKETSTORM	id:	127267	date:	2014-06-30T23:39:28
db:	PACKETSTORM	id:	99338	date:	2011-03-15T20:52:58
db:	PACKETSTORM	id:	98322	date:	2011-02-09T03:30:06
db:	PACKETSTORM	id:	101245	date:	2011-05-09T22:46:47
db:	PACKETSTORM	id:	98186	date:	2011-02-07T01:36:02
db:	JVNDB	id:	JVNDB-2011-000018	date:	2011-03-04T00:00:00
db:	JVNDB	id:	JVNDB-2011-000017	date:	2011-03-04T00:00:00
db:	JVNDB	id:	JVNDB-2011-000016	date:	2011-03-04T00:00:00
db:	JVNDB	id:	JVNDB-2011-001185	date:	2011-03-08T00:00:00
db:	CNNVD	id:	CNNVD-201102-241	date:	2011-02-15T00:00:00
db:	NVD	id:	CVE-2010-4476	date:	2011-02-17T19:00:01.900