VARIoT IoT vulnerabilities database
| VAR-201406-0328 | CVE-2014-3048 | IBM System Storage Virtualization Engine TS7700 Vulnerability gained in |
CVSS V2: 6.0 CVSS V3: - Severity: MEDIUM |
Unspecified vulnerability on the IBM System Storage Virtualization Engine TS7700 allows local users to gain privileges by leveraging the TSSC service-user role to enter a crafted SSH command. The IBM Virtualization Engine integrates IBM servers, disks and tape into an integrated product that simplifies the backup/recovery process to protect critical customer data and provide business continuity through fast recovery. Unprivileged users can invoke privileged commands via SSH, allowing an attacker to exploit the vulnerability to send all administrative commands.
Local attackers may exploit this issue to gain elevated privileges. The product supports creation of multiple virtual tape volumes, data backup and recovery, cache encryption, and more
| VAR-201406-0102 | CVE-2014-1997 | CN8000 vulnerable to denial-of-service (DoS) |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
The ATEN CN8000 remote-access unit with firmware 1.6.154 and earlier allows remote attackers to cause a denial of service via unspecified vectors. CN8000 provided by ATEN contains a denial-of-service (DoS) vulnerability. CN8000 provided by ATEN is a remote access unit used to connect a keyboard, mouse and monitor to two or more computers in a remote location. CN8000 contains a denial-of-service (DoS) vulnerability. Testuya Nagata of Fourteenforty Research Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.A remote attacker may be able to cause a denial-of-service (DoS). ATEN IP KVM Switch is an IP-based multi-telephone switcher.
Little is known about this issue or its effects at this time. We will update this BID as more information emerges. ATEN CN8000 is a remote computer management device of ATEN Company that provides Over-IP remote management function for KVM multi-computer switcher
| VAR-201406-0382 | CVE-2014-3878 | Ipswitch IMail Server of Web Cross-site scripting vulnerability in client interface |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in the web client interface in Ipswitch IMail Server 12.3 and 12.4, possibly before 12.4.1.15, allow remote attackers to inject arbitrary web script or HTML via (1) the Name field in an add new contact action in the Contacts section or unspecified vectors in (2) an Add Group task in the Contacts section, (3) an add new event action in the Calendar section, or (4) the Task section. Ipswitch IMail Server of Web The client interface contains a cross-site scripting vulnerability.By any third party, any Web Script or HTML May be inserted. IPSwitch IMail Server WEB client is prone to multiple HTML-injection vulnerabilities because it fails to sanitize user-supplied input.
Attacker supplied HTML and script code could be executed in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user; other attacks are also possible. Ipswitch IMail Server is an American Ipswitch company's mail server running on the Microsoft Windows operating system. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML
| VAR-201406-0356 | CVE-2014-3912 | Samsung iPOLiS Device Manager 'FindConfigChildeKeyList()' method stack buffer overflow vulnerability |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Stack-based buffer overflow in the FindConfigChildeKeyList method in the XNSSDKDEVICE.XnsSdkDeviceCtrlForIpInstaller.1 ActiveX control in Samsung iPOLiS Device Manager before 1.8.7 allows remote attackers to execute arbitrary code via a long value. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the XNSSDKDEVICE.XnsSdkDeviceCtrlForIpInstaller.1 ActiveX control. Samsung iPOLiS Device Manager is a webcam device management program
| VAR-201406-0145 | CVE-2014-2345 | COPA-DATA zenon DNP3 NG driver and zenon DNP3 Process Gateway Service disruption in (DoS) Vulnerabilities |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
COPA-DATA zenon DNP3 NG driver (DNP3 master) 7.10 and 7.11 through 7.11 SP0 build 10238 and zenon DNP3 Process Gateway (DNP3 outstation) 7.11 SP0 build 10238 and earlier allow remote attackers to cause a denial of service (infinite loop and process crash) by sending a crafted DNP3 packet over TCP. The COPA-DATA zenon DNP3 NG driver (DNP3 master) and the zenon DNP3 Process Gateway (DNP3 outstation) are products of the zenon industrial automation software belonging to the HMI/SCADA class. A denial of service vulnerability exists in multiple CCOPA-DATA Zenon products.
Attackers can exploit this issue to crash the affected application, denying service to legitimate users
| VAR-201406-0146 | CVE-2014-2346 | COPA-DATA zenon DNP3 NG Drivers and zenon DNP3 Process Gateway Service disruption in (DoS) Vulnerabilities |
CVSS V2: 4.0 CVSS V3: - Severity: MEDIUM |
COPA-DATA zenon DNP3 NG driver (DNP3 master) 7.10 and 7.11 through 7.11 SP0 build 10238 and zenon DNP3 Process Gateway (DNP3 outstation) 7.11 SP0 build 10238 and earlier allow physically proximate attackers to cause a denial of service (infinite loop and process crash) via crafted input over a serial line. The COPA-DATA zenon DNP3 NG driver (DNP3 master) and the zenon DNP3 Process Gateway (DNP3 outstation) are products of the zenon industrial automation software belonging to the HMI/SCADA class. Multiple COPA-DATA Zenon product local denial of service vulnerabilities.
Local attackers can exploit this issue to crash the affected application, denying service to legitimate users
| VAR-201405-0542 | CVE-2014-0096 | Apache Tomcat Vulnerability that could bypass the security manager limitation in the default servlet |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. Description:
Red Hat JBoss Fuse Service Works is the next-generation ESB and business
process automation infrastructure. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Important: Red Hat JBoss Data Virtualization 6.0.0 security update
Advisory ID: RHSA-2015:0765-01
Product: Red Hat JBoss Data Virtualization
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0765.html
Issue date: 2015-03-31
CVE Names: CVE-2012-6153 CVE-2013-4002 CVE-2013-5855
CVE-2014-0075 CVE-2014-0096 CVE-2014-0099
CVE-2014-0119 CVE-2014-0193 CVE-2014-0227
CVE-2014-3481 CVE-2014-3490 CVE-2014-3530
CVE-2014-3577
=====================================================================
1. Summary:
Red Hat JBoss Data Virtualization 6.0.0 2015 roll up patch 1, which fixes
multiple security issues and various bugs, is now available from the Red
Hat Customer Portal.
Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
2. Description:
Red Hat JBoss Data Virtualization is a lean data integration solution that
provides easy, real-time, and unified data access across disparate sources
to multiple applications and users. JBoss Data Virtualization makes data
spread across physically distinct systems-such as multiple databases, XML
files, and even Hadoop systems-appear as a set of tables in a local
database.
This roll up patch serves as a cumulative upgrade for Red Hat JBoss Data
Virtualization 6.0.0. It includes various bug fixes, which are listed in
the README file included with the patch files.
The following security issues are also fixed with this release,
descriptions of which can be found on the respective CVE pages linked in
the References section.
CVE-2012-6153 Apache HttpComponents client: SSL hostname verification
bypass, incomplete CVE-2012-5783 fix
CVE-2014-3577 Apache HttpComponents client: SSL hostname verification
bypass, incomplete CVE-2012-6153 fix
CVE-2014-3530 PicketLink: XXE via insecure DocumentBuilderFactory usage
CVE-2013-4002 Xerces-J2 OpenJDK: XML parsing Denial of Service (JAXP,
8017298)
CVE-2013-5855 Mojarra JSF: XSS due to insufficient escaping of
user-supplied content in outputText tags and EL expressions
CVE-2014-0075 Tomcat/JBossWeb: Limited DoS in chunked transfer encoding
input filter
CVE-2014-0099 Tomcat/JBossWeb: Request smuggling via malicious content
length header
CVE-2014-3481 JBoss AS JAX-RS: Information disclosure via XML eXternal
Entity (XXE)
CVE-2014-3490 RESTEasy: XXE via parameter entities
CVE-2014-0096 Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs
CVE-2014-0119 Tomcat/JBossWeb: XML parser hijack by malicious web
application
CVE-2014-0193 netty: DoS via memory exhaustion during data aggregation
CVE-2014-0227 Tomcat/JBossWeb: Limited DoS in chunked transfer encoding
input filter
Red Hat would like to thank James Roper of Typesafe for reporting
CVE-2014-0193, and Alexander Papadakis for reporting CVE-2014-3530.
The CVE-2012-6153 issue was discovered by Florian Weimer of Red Hat Product
Security, the CVE-2014-0075 and CVE-2014-3490 issues were discovered by
David Jorm of Red Hat Product Security, and the CVE-2014-3481 issue was
discovered by the Red Hat JBoss Enterprise Application Platform QE team.
All users of Red Hat JBoss Data Virtualization 6.0.0 as provided from the
Red Hat Customer Portal are advised to apply this roll up patch.
3. Solution:
The References section of this erratum contains a download link (you must
log in to download the update). Before applying the update, back up your
existing Red Hat JBoss Data Virtualization installation (including its
databases, applications, configuration files, and so on).
Note that it is recommended to halt the Red Hat JBoss Data Virtualization
server by stopping the JBoss Application Server process before installing
this update, and then after installing the update, restart the Red Hat
JBoss Data Virtualization server by starting the JBoss Application Server
process.
4. Bugs fixed (https://bugzilla.redhat.com/):
1019176 - CVE-2013-4002 Xerces-J2 OpenJDK: XML parsing Denial of Service (JAXP, 8017298)
1065139 - CVE-2013-5855 Mojarra JSF: XSS due to insufficient escaping of user-supplied content in outputText tags and EL expressions
1072776 - CVE-2014-0075 Tomcat/JBossWeb: Limited DoS in chunked transfer encoding input filter
1088342 - CVE-2014-0096 Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs
1092783 - CVE-2014-0193 netty: DoS via memory exhaustion during data aggregation
1102030 - CVE-2014-0099 Tomcat/JBossWeb: Request smuggling via malicious content length header
1102038 - CVE-2014-0119 Tomcat/JBossWeb: XML parser hijack by malicious web application
1105242 - CVE-2014-3481 JBoss AS JAX-RS: Information disclosure via XML eXternal Entity (XXE)
1107901 - CVE-2014-3490 RESTEasy: XXE via parameter entities
1109196 - CVE-2014-0227 Tomcat/JBossWeb: request smuggling andl imited DoS in ChunkedInputFilter
1112987 - CVE-2014-3530 PicketLink: XXE via insecure DocumentBuilderFactory usage
1129074 - CVE-2014-3577 Apache HttpComponents client / Apache CXF: SSL hostname verification bypass, incomplete CVE-2012-6153 fix
1129916 - CVE-2012-6153 Apache HttpComponents client / Apache CXF: SSL hostname verification bypass, incomplete CVE-2012-5783 fix
5. References:
https://access.redhat.com/security/cve/CVE-2012-6153
https://access.redhat.com/security/cve/CVE-2013-4002
https://access.redhat.com/security/cve/CVE-2013-5855
https://access.redhat.com/security/cve/CVE-2014-0075
https://access.redhat.com/security/cve/CVE-2014-0096
https://access.redhat.com/security/cve/CVE-2014-0099
https://access.redhat.com/security/cve/CVE-2014-0119
https://access.redhat.com/security/cve/CVE-2014-0193
https://access.redhat.com/security/cve/CVE-2014-0227
https://access.redhat.com/security/cve/CVE-2014-3481
https://access.redhat.com/security/cve/CVE-2014-3490
https://access.redhat.com/security/cve/CVE-2014-3530
https://access.redhat.com/security/cve/CVE-2014-3577
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=data.services.platform&downloadType=securityPatches&version=6.0.0
6. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFVGyL3XlSAg2UNWIIRAobIAJ96IALY/KS9XK1R+EzrVPBBReEyBQCePu5b
dW9laXrZt+mBQaerX4bbyXs=
=9vwd
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. ============================================================================
Ubuntu Security Notice USN-2302-1
July 30, 2014
tomcat6, tomcat7 vulnerabilities
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in Tomcat.
Software Description:
- tomcat7: Servlet and JSP engine
- tomcat6: Servlet and JSP engine
Details:
David Jorm discovered that Tomcat incorrectly handled certain requests
submitted using chunked transfer encoding. (CVE-2014-0075)
It was discovered that Tomcat did not properly restrict XSLT stylesheets.
An attacker could use this issue with a crafted web application to bypass
security-manager restrictions and read arbitrary files. (CVE-2014-0096)
It was discovered that Tomcat incorrectly handled certain Content-Length
headers.
(CVE-2014-0099)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
libtomcat7-java 7.0.52-1ubuntu0.1
Ubuntu 12.04 LTS:
libtomcat6-java 6.0.35-1ubuntu3.5
Ubuntu 10.04 LTS:
libtomcat6-java 6.0.24-2ubuntu1.16
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2015:052
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : tomcat
Date : March 3, 2015
Affected: Business Server 1.0
_______________________________________________________________________
Problem Description:
Updated tomcat packages fix security vulnerabilities:
Apache Tomcat 7.x before 7.0.47, when an HTTP connector or AJP
connector is used, does not properly handle certain inconsistent HTTP
request headers, which allows remote attackers to trigger incorrect
identification of a request's length and conduct request-smuggling
attacks via (1) multiple Content-Length headers or (2) a Content-Length
header and a Transfer-Encoding: chunked header (CVE-2013-4286).
Apache Tomcat 7.x before 7.0.50 processes chunked transfer coding
without properly handling (1) a large total amount of chunked data or
(2) whitespace characters in an HTTP header value within a trailer
field, which allows remote attackers to cause a denial of service by
streaming data (CVE-2013-4322).
Integer overflow in the parseChunkHeader function in
java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in
Apache Tomcat before 6.0.40 and 7.x before 7.0.53 allows remote
attackers to cause a denial of service (resource consumption) via a
malformed chunk size in chunked transfer coding of a request during
the streaming of data (CVE-2014-0075).
Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in
Apache Tomcat before 6.0.40 and 7.x before 7.0.53, when operated
behind a reverse proxy, allows remote attackers to conduct HTTP
request smuggling attacks via a crafted Content-Length HTTP header
(CVE-2014-0099).
In Apache Tomcat 7.x before 7.0.55, it was possible to craft a
malformed chunk as part of a chunked request that caused Tomcat to
read part of the request body as a new request (CVE-2014-0227).
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4286
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4322
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4590
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0096
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0099
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0119
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0227
http://advisories.mageia.org/MGASA-2014-0148.html
http://advisories.mageia.org/MGASA-2014-0268.html
http://advisories.mageia.org/MGASA-2015-0081.html
_______________________________________________________________________
Updated Packages:
Mandriva Business Server 1/X86_64:
dce2bd5077a8e201da2a52717f3ef3a4 mbs1/x86_64/tomcat-7.0.59-1.mbs1.noarch.rpm
7908cc5facecb5c65c976cdff41b1d7c mbs1/x86_64/tomcat-admin-webapps-7.0.59-1.mbs1.noarch.rpm
21d8b843398fa256f05b1ad8464b6787 mbs1/x86_64/tomcat-docs-webapp-7.0.59-1.mbs1.noarch.rpm
27218eccc1ba454ef1cafea51976475a mbs1/x86_64/tomcat-el-2.2-api-7.0.59-1.mbs1.noarch.rpm
cc0f94bb899c3a82ecb1daa0cccd40b9 mbs1/x86_64/tomcat-javadoc-7.0.59-1.mbs1.noarch.rpm
60c451802ce55df14445d2a560f544f8 mbs1/x86_64/tomcat-jsp-2.2-api-7.0.59-1.mbs1.noarch.rpm
d7598284719161790f2617b715dbe444 mbs1/x86_64/tomcat-jsvc-7.0.59-1.mbs1.noarch.rpm
90279c92333646b38010bcf54f488e4a mbs1/x86_64/tomcat-lib-7.0.59-1.mbs1.noarch.rpm
e8b29b53c91bee0b3ffdd224c6b00038 mbs1/x86_64/tomcat-log4j-7.0.59-1.mbs1.noarch.rpm
a648279678ad5c804e8f7f9145ec794c mbs1/x86_64/tomcat-servlet-3.0-api-7.0.59-1.mbs1.noarch.rpm
f0cb2c5e57edc0c4f7cda66d393165fb mbs1/x86_64/tomcat-webapps-7.0.59-1.mbs1.noarch.rpm
cdaa6216b605cc23635cdeb4f77d32f9 mbs1/SRPMS/tomcat-7.0.59-1.mbs1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFU9XSSmqjQ0CJFipgRAorsAKDX0BTWLEiMn3+FR9/Xn58Pw7GIMwCfRAbS
NzlDtJatpPDeZdZ4nlO1fgg=
=NWBY
-----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04223376
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04223376
Version: 1
HPSBUX03102 SSRT101681 rev.1 - HP-UX Apache Server Suite running Apache
Tomcat or PHP, Remote Execution of Arbitrary Code and Denial of Service (DoS)
and Other Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.
Release Date: 2014-09-04
Last Updated: 2014-09-04
Potential Security Impact: Remote execution of arbitrary code, Denial of
Service (DoS), and other vulnerabilities.
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with the HP-UX Apache
Web Server Suite, Tomcat Servlet Engine, and PHP. These vulnerabilities could
be exploited remotely to execute arbitrary code, create a Denial of Service
(DoS), or other vulnerabilities.
References:
CVE-2013-6438 - Tomcat: remote Denial of Service (DoS)
CVE-2014-0075 - Tomcat: remote Denial of Service (DoS)
CVE-2014-0096 - Tomcat: remote bypass of access restrictions
CVE-2014-0098 - Tomcat: remote Denial of Service (DoS)
CVE-2014-0099 - Tomcat: remote HTTP request smuggling
CVE-2014-0119 - Tomcat: remote file access
CVE-2014-0207 - PHP: remote Denial of Service (DoS)
CVE-2014-3478 - PHP: remote Denial of Service (DoS)
CVE-2014-3479 - PHP: remote Denial of Service (DoS)
CVE-2014-3480 - PHP: remote Denial of Service (DoS)
CVE-2014-3487 - PHP: remote Denial of Service (DoS)
CVE-2014-3515 - PHP: remote execution of arbitrary code
CVE-2014-3981 - PHP: local file access
CVE-2014-4049 - PHP: remote Denial of Service (DoS)
SSRT101681
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.31 running HP-UX Apache Web Server Suite v4.01 or earlier
HP-UX B.11.31 running Tomcat v6.0.39.01 or earlier
HP-UX B.11.31 running PHP v5.4.11.03 or earlier
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2013-6438 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2014-0075 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2014-0096 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3
CVE-2014-0098 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2014-0099 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3
CVE-2014-0119 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3
CVE-2014-0207 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3
CVE-2014-3478 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2014-3479 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3
CVE-2014-3480 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3
CVE-2014-3487 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3
CVE-2014-3515 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2014-3981 (AV:L/AC:M/Au:N/C:N/I:P/A:P) 3.3
CVE-2014-4049 (AV:N/AC:H/Au:N/C:P/I:P/A:P) 5.1
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following software updates to resolve the
vulnerabilities.
The updates are available for download from http://software.hp.com
NOTE: HP-UX Web Server Suite v4.02 HPUXWSATW402 contains Apache v2.2.15.20,
Tomcat Servlet Engine 6.0.39.02, and PHP 5.4.11.04
HP-UX 11i Release
Apache Depot name
B.11.31 (32-bit)
HP_UX_11.31_HPUXWS22ATW-B402-11-31-32-bit.depot
B.11.31 (64-bit)
HP_UX_11.31_HPUXWS22ATW-B402-11-31-64-bit.depot
MANUAL ACTIONS: Yes - Update
Install HP-UX Web Server Suite v4.02 or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application
that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins
issued by HP and lists recommended actions that may apply to a specific HP-UX
system. It can also download patches and create a depot automatically. For
more information see https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.31
==================
hpuxws22APCH32.APACHE
hpuxws22APCH32.APACHE2
hpuxws22APCH32.AUTH_LDAP
hpuxws22APCH32.AUTH_LDAP2
hpuxws22APCH32.MOD_JK
hpuxws22APCH32.MOD_JK2
hpuxws22APCH32.MOD_PERL
hpuxws22APCH32.MOD_PERL2
hpuxws22APCH32.PHP
hpuxws22APCH32.PHP2
hpuxws22APCH32.WEBPROXY
hpuxws22APCH32.WEBPROXY2
hpuxws22APACHE.APACHE
hpuxws22APACHE.APACHE2
hpuxws22APACHE.AUTH_LDAP
hpuxws22APACHE.AUTH_LDAP2
hpuxws22APACHE.MOD_JK
hpuxws22APACHE.MOD_JK2
hpuxws22APACHE.MOD_PERL
hpuxws22APACHE.MOD_PERL2
hpuxws22APACHE.PHP
hpuxws22APACHE.PHP2
hpuxws22APACHE.WEBPROXY
hpuxws22APACHE.WEBPROXY2
hpuxws22TOMCAT.TOMCAT
action: install revision B.2.2.15.20 or subsequent
END AFFECTED VERSIONS
HISTORY
Version:1 (rev.1) - 4 September 2014 Initial release
Third Party Security Patches: Third party security patches that are to be
installed on systems running HP software products should be applied in
accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HP Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported
product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin
alerts via Email:
http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is
available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2014 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors
or omissions contained herein. The information provided is provided "as is"
without warranty of any kind. To the extent permitted by law, neither HP or
its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits; damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice.
Hewlett-Packard Company and the names of Hewlett-Packard products referenced
herein are trademarks of Hewlett-Packard Company in the United States and
other countries. Other product and company names mentioned herein may be
trademarks of their respective owners. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201412-29
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Apache Tomcat: Multiple vulnerabilities
Date: December 15, 2014
Bugs: #442014, #469434, #500600, #511762, #517630, #519590
ID: 201412-29
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Apache Tomcat, the worst of
which may result in Denial of Service.
Background
==========
Apache Tomcat is a Servlet-3.0/JSP-2.2 Container.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/tomcat < 7.0.56 *>= 6.0.41
>= 7.0.56
Description
===========
Multiple vulnerabilities have been discovered in Tomcat. Please review
the CVE identifiers referenced below for details.
Impact
======
A remote attacker may be able to cause a Denial of Service condition as
well as obtain sensitive information, bypass protection mechanisms and
authentication restrictions.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Tomcat 6.0.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-servers/tomcat-6.0.41"
All Tomcat 7.0.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-servers/tomcat-7.0.56"
References
==========
[ 1 ] CVE-2012-2733
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2733
[ 2 ] CVE-2012-3544
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3544
[ 3 ] CVE-2012-3546
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3546
[ 4 ] CVE-2012-4431
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4431
[ 5 ] CVE-2012-4534
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4534
[ 6 ] CVE-2012-5885
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5885
[ 7 ] CVE-2012-5886
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5886
[ 8 ] CVE-2012-5887
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5887
[ 9 ] CVE-2013-2067
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2067
[ 10 ] CVE-2013-2071
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2071
[ 11 ] CVE-2013-4286
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4286
[ 12 ] CVE-2013-4322
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4322
[ 13 ] CVE-2013-4590
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4590
[ 14 ] CVE-2014-0033
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0033
[ 15 ] CVE-2014-0050
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0050
[ 16 ] CVE-2014-0075
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0075
[ 17 ] CVE-2014-0096
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0096
[ 18 ] CVE-2014-0099
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0099
[ 19 ] CVE-2014-0119
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0119
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201412-29.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2014 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201406-0321 | CVE-2014-2946 | Huawei E303 contains a cross-site request forgery vulnerability |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Cross-site request forgery (CSRF) vulnerability in api/sms/send-sms in the Web UI 11.010.06.01.858 on Huawei E303 modems with software 22.157.18.00.858 allows remote attackers to hijack the authentication of administrators for requests that perform API operations and send SMS messages via a request element in an XML document. Huawei Provided by E303 The cross-site request forgery (CWE-352) Vulnerabilities exist. CWE-352: Cross-Site Request Forgery (CSRF) http://cwe.mitre.org/data/definitions/352.htmlUnintentional user access by accessing a specially crafted page SMS A message may be sent. Huawei E303 is a 3G Internet access device. Huawei E303 Router is prone to a cross-site request-forgery vulnerability.
Exploiting this issue may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks.
Huawei E303 Router running firmware versions CH2E303SM is vulnerable; other versions may also be affected. Huawei E303 modems is a wireless broadband modem product of China Huawei (Huawei)
| VAR-201406-0323 | CVE-2014-2959 | Dell ML6000 and Quantum Scalar i500 tape backup system command injection vulnerability |
CVSS V2: 9.0 CVSS V3: - Severity: HIGH |
logViewer.htm on the Dell ML6000 tape backup system with firmware before i8.2.0.2 (641G.GS103) and the Quantum Scalar i500 tape backup system with firmware before i8.2.2.1 (646G.GS002) allows remote attackers to execute arbitrary commands via shell metacharacters in a pathname parameter. Dell Provided by PowerVault ML6000 series and Quantum Provided by Scalar i500 In OS Command injection vulnerability (CWE-78) Exists. CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') http://cwe.mitre.org/data/definitions/78.htmlAny information on the server by a remote third party OS The command may be executed.
Successfully exploiting this issue may allow an attacker to execute arbitrary commands in the context of the affected device.
The following products are vulnerable:
Quantum Scalar i500 firmware versions i8.2.2 (645G.GS004) and prior
Dell PowerVault ML6000 firmware version i8.2.0.1 (641G.GS003) and prior. The Dell PowerVault ML6000 and Quantum Scalar i500 are tape library products designed for high-capacity data storage and providing faster and more reliable data protection for storage environments
| VAR-201405-0285 | CVE-2014-2354 | Cogent DataHub Vulnerabilities in obtaining plaintext passwords |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Cogent DataHub before 7.3.5 does not use a salt during password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack. Cogent DataHub is a real-time data solution for SCADA and automation software.
Successful exploits will allow the local attackers to perform cryptanalysis to recover the encrypted usernames and passwords to access the system.
Versions prior to Cogent DataHub 7.3.5 are vulnerable
| VAR-201405-0430 | CVE-2014-3922 | Trend Micro InterScan Messaging Security Virtual Appliance Cross-Site Scripting Vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in Trend Micro InterScan Messaging Security Virtual Appliance 8.5.1.1516 allows remote authenticated users to inject arbitrary web script or HTML via the addWhiteListDomainStr parameter to addWhiteListDomain.imss. Trend Micro InterScan Messaging Security Suite provides a high-performance, policy-based gateway security filtering solution for enterprise IT network resources, built on the enterprise's SMTP outbound gateway.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
InterScan Messaging Security Virtual Appliance 8.5.1.1516 is vulnerable; other versions may also affected
| VAR-201405-0538 | CVE-2014-3793 | plural VMware Product VMware Tools Guest in OS Vulnerabilities that have been granted permission |
CVSS V2: 5.8 CVSS V3: - Severity: Medium |
VMware Tools in VMware Workstation 10.x before 10.0.2, VMware Player 6.x before 6.0.2, VMware Fusion 6.x before 6.0.3, and VMware ESXi 5.0 through 5.5, when a Windows 8.1 guest OS is used, allows guest OS users to gain guest OS privileges or cause a denial of service (kernel NULL pointer dereference and guest OS crash) via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. Multiple VMware products are prone to a local privilege-escalation vulnerability.
Local attackers can exploit this issue to gain elevated privileges on the guest operating system.
The following products are affected:
VMware Workstation 10.x prior to version 10.0.2
VMware Player 6.x prior to version 6.0.2
VMware Fusion 6.x prior to version 6.0.3
ESXi 5.5 without patch ESXi550-201403102-SG
ESXi 5.1 without patch ESXi510-201404102-SG
ESXi 5.0 without patch ESXi500-201405102-SG.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2014-0005
Synopsis: VMware Workstation, Player, Fusion, and ESXi patches address
a guest privilege escalation
Issue date: 2014-05-29
Updated on: 2014-05-29 (initial advisory)
CVE numbers: CVE-2014-3793
- -------------------------------------------------------------------------
1.
2. Problem Description
a.
VMware would like to thank Tavis Ormandy from the Google Security
Team for reporting this issue to us. This means that host
memory can not be manipulated from the Guest Operating System.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2014-3793 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
** Workstation 9.x, Player 5.x and Fusion 5.x do not support
Windows 8.1 Guest Operating Systems
4. Solution
Please review the patch/release notes for your product and version
and verify the checksum of your downloaded file. References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3793
- -------------------------------------------------------------------------
6. Change Log
2014-05-29 VMSA-2014-0005
Initial security advisory in conjunction with the release of
ESXi 5.0 patches on 2014-05-29
- -------------------------------------------------------------------------
7. Contact
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
* security-announce at lists.vmware.com
* bugtraq at securityfocus.com
* fulldisclosure at seclists.org
E-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055
VMware Security Advisories
http://www.vmware.com/security/advisories
VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html
VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html
Twitter
https://twitter.com/VMwareSRC
Copyright 2014 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: Encryption Desktop 10.3.2 (Build 15337)
Charset: utf-8
wj8DBQFTiAIMDEcm8Vbi9kMRAgJiAKCI3namsqifeWwPKML6Gk2u+206PgCg2BFN
Ik+PbexzXJiOjs0MAzONaw4=
=nKGT
-----END PGP SIGNATURE-----
| VAR-201406-0249 | CVE-2014-3959 | plural F5 BIG-IP Product Configuration Utility cross-site scripting vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in list.jsp in the Configuration utility in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, GTM, and Link Controller 11.2.1 through 11.5.1, AAM 11.4.0 through 11.5.1 PEM 11.3.0 through 11.5.1, PSM 11.2.1 through 11.4.1, WebAccelerator and WOM 11.2.1 through 11.3.0, and Enterprise Manager 3.0.0 through 3.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. Multiple F5 BIG-IP and Enterprise Manager products are prone to a multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. F5 BIG-IP LTM, etc. are all products of F5 Company in the United States. LTM is a local traffic manager; APM is a solution that provides secure unified access to business-critical applications and networks. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML
| VAR-201405-0286 | CVE-2014-2342 | Triangle MicroWorks SCADA Data Gateway Service disruption in (DoS) Vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows remote attackers to cause a denial of service (excessive data processing) via a crafted DNP3 packet. Triangle MicroWorks is a US-based company that uses single or third-party component products to communicate with peripherals/slave devices using various transport protocols (OPC Client, IEC 60870-6 (TASE.2/ICCP) Client, IEC 60870-5, DNP3, Modbus). SCADA Data Gateway is prone to a remote denial-of-service vulnerability because the application fails to properly validate the user-supplied input.
An attacker can leverage this issue to consume resources resulting in denial-of-service condition; denying service to legitimate users.
Note: This issue affects the IP connected devices.
Versions prior to SCADA Data Gateway 3.00.0635 are vulnerable. Triangle MicroWorks SCADA Data Gateway (SDG) is a set of data acquisition and supervisory control system (SCADA) gateway products integrated in the server of Triangle MicroWorks in the United States
| VAR-201405-0278 | CVE-2014-2343 | SCADA Data Gateway Serial Link Device Local Denial of Service Vulnerability |
CVSS V2: 2.1 CVSS V3: - Severity: LOW |
Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows physically proximate attackers to cause a denial of service (excessive data processing) via a crafted DNP request over a serial line. Triangle MicroWorks is a US-based company that uses single or third-party component products to communicate with peripherals/slave devices using various transport protocols (OPC Client, IEC 60870-6 (TASE.2/ICCP) Client, IEC 60870-5, DNP3, Modbus).
An attacker can leverage this issue to consume resources resulting in denial-of-service condition; denying service to legitimate users.
Note: To exploit this issue local access to the serial-based outstation is required.
Versions prior to SCADA Data Gateway 3.00.0635 are vulnerable. Triangle MicroWorks SCADA Data Gateway (SDG) is a set of data acquisition and supervisory control system (SCADA) gateway products integrated in the server of Triangle MicroWorks in the United States
| VAR-201405-0283 | CVE-2014-2352 | Cogent Real-Time Systems DataHub Directory Traversal Vulnerability |
CVSS V2: 6.4 CVSS V3: - Severity: HIGH |
The directory specifier can include designators that can be used to
traverse the directory path. Exploiting this vulnerability may enable an
attacker to access a limited number of hardcoded file types. Further
exploitation of this vulnerability may allow an attacker to cause the
web server component to enter a denial-of-service condition. Cogent DataHub Contains a directory traversal vulnerability.A third party can read any file of any unspecified type via a crafted pathname, or Web Server service disruption (DoS) There is a possibility of being put into a state. Cogent DataHub is software for SCADA and automation. Cogent DataHub is prone to an unspecified directory-traversal vulnerability.
Remote attackers can use specially crafted requests with directory-traversal sequences ('../') to retrieve arbitrary files in the context of the application.
Cogent DataHub 7.3.5 is vulnerable; other versions may also be affected
| VAR-201405-0284 | CVE-2014-2353 | Cogent Real-Time Systems DataHub Reflective Cross-Site Scripting Vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: HIGH |
Cross-site scripting (XSS) vulnerability in Cogent DataHub before 7.3.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Cogent DataHub is software for SCADA and automation. Cogent DataHub has a reflective cross-site scripting vulnerability that allows an attacker to exploit a vulnerability to build a malicious URI, entice a user to resolve, obtain sensitive cookies, hijack a session, or perform malicious operations on the client.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
Cogent DataHub 7.3.5 is vulnerable; other versions may also be affected
| VAR-201405-0355 | CVE-2014-3285 | Cisco Wide Area Application Services Service disruption in (DoS) Vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Cisco Wide Area Application Services (WAAS) 5.3(.5a) and earlier, when SharePoint acceleration is enabled, does not properly parse SharePoint responses, which allows remote attackers to cause a denial of service (application-optimization handler reload) via a crafted SharePoint application, aka Bug ID CSCue47674. Cisco Wide Area Application Services is prone to a remote denial-of-service vulnerability.
An attacker can exploit this issue to cause the affected device to reload, denying service to legitimate users.
This issue is being tracked by Cisco Bug ID CSCue47674. This software is mainly used in the link environment with small bandwidth and large delay. There is a security vulnerability in Cisco WAAS 5.3(.5a) and earlier versions. The vulnerability is caused by the program not correctly parsing the SharePoint response when using the SharePoint acceleration function
| VAR-201406-0154 | CVE-2014-4160 | SAP NetWeaver Business Client of testcanvas Node cross-site scripting vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in the testcanvas node in SAP NetWeaver Business Client (NWBC) allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) sap-accessibility parameter.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks
| VAR-201406-0155 | CVE-2014-4161 | SAP Supplier Relationship Management Cross-Site Scripting Vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in la/umTestSSO.jsp in SAP Supplier Relationship Management (SRM) allows remote attackers to inject arbitrary web script or HTML via the url parameter. SAP Supplier Relationship Management (SRM) is a suite of supplier relationship management solutions from SAP SAP. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks