VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-201404-0585 CVE-2014-0050 Apache Commons FileUpload Permission Licensing and Access Control Issue Vulnerability CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions. Apache Commons FileUpload is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause the application to enter an infinite loop which may cause denial-of-service conditions. The following products are vulnerable: Apache Commons FileUpload 1.0 through versions 1.3 Apache Tomcat 8.0.0-RC1 through versions 8.0.1 Apache Tomcat 7.0.0 through versions 7.0.50. Description: Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards-compliant messaging system that is tailored for use in mission critical applications. Refer to the Release Notes document, available from the link in the References section, for a list of changes. The following security issues are resolved with this update: A flaw was found in the Apache Hadoop RPC protocol. A man-in-the-middle attacker could possibly use this flaw to unilaterally disable bidirectional authentication between a client and a server, forcing a downgrade to simple (unidirectional) authentication. This flaw only affected users who have enabled Hadoop's Kerberos security features. (CVE-2013-2192) It was discovered that the Spring OXM wrapper did not expose any property for disabling entity resolution when using the JAXB unmarshaller. The patch for this flaw disables external entity processing by default, and provides a configuration directive to re-enable it. (CVE-2013-4152) It was found that the Spring MVC SourceHttpMessageConverter enabled entity resolution by default. The patch for this flaw disables external entity processing by default, and introduces a property to re-enable it. (CVE-2013-6429) The Spring JavaScript escape method insufficiently escaped some characters. Applications using this method to escape user-supplied content, which would be rendered in HTML5 documents, could be exposed to cross-site scripting (XSS) flaws. (CVE-2014-0050) It was found that fixes for the CVE-2013-4152 and CVE-2013-6429 XXE issues in Spring were incomplete. Spring MVC processed user-provided XML and neither disabled XML external entities nor provided an option to disable them, possibly allowing a remote attacker to conduct XXE attacks. (CVE-2014-0054) A cross-site scripting (XSS) flaw was found in the Spring Framework when using Spring MVC. When the action was not specified in a Spring form, the action field would be populated with the requested URI, allowing an attacker to inject malicious content into the form. (CVE-2014-1904) The HawtJNI Library class wrote native libraries to a predictable file name in /tmp when the native libraries were bundled in a JAR file, and no custom library path was specified. A local attacker could overwrite these native libraries with malicious versions during the window between when HawtJNI writes them and when they are executed. (CVE-2013-2035) An information disclosure flaw was found in the way Apache Zookeeper stored the password of an administrative user in the log files. A local user with access to these log files could use the exposed sensitive information to gain administrative access to an application using Apache Zookeeper. Solution: The References section of this erratum contains a download link (you must log in to download the update). Bugs fixed (https://bugzilla.redhat.com/): 958618 - CVE-2013-2035 HawtJNI: predictable temporary file name leading to local arbitrary code execution 1000186 - CVE-2013-4152 Spring Framework: XML External Entity (XXE) injection flaw 1001326 - CVE-2013-2192 hadoop: man-in-the-middle vulnerability 1039783 - CVE-2013-6430 Spring Framework: org.spring.web.util.JavaScriptUtils.javaScriptEscape insufficient escaping of characters 1053290 - CVE-2013-6429 Spring Framework: XML External Entity (XXE) injection flaw 1062337 - CVE-2014-0050 apache-commons-fileupload: denial of service due to too-small buffer size used by MultipartStream 1067265 - CVE-2014-0085 Apache Zookeeper: admin user cleartext password appears in logging 1075296 - CVE-2014-1904 Spring Framework: cross-site scripting flaw when using Spring MVC 1075328 - CVE-2014-0054 Spring Framework: incomplete fix for CVE-2013-4152/CVE-2013-6429 5. Summary VMware has updated vSphere third party libraries 2. Relevant releases VMware vCenter Server 5.5 prior to Update 2 VMware vCenter Update Manager 5.5 prior to Update 2 VMware ESXi 5.5 without patch ESXi550-201409101-SG 3. Problem Description a. This issue may lead to remote code execution after authentication. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2014-0114 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======= ======= ================= vCenter Server 5.5 any 5.5 Update 2 vCenter Server 5.1 any Patch Pending vCenter Server 5.0 any Patch Pending b. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2013-4590, CVE-2013-4322, and CVE-2014-0050 to these issues. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======= ======= ================= vCenter Server 5.5 any 5.5 Update 2 vCenter Server 5.1 any Patch Pending vCenter Server 5.0 any Patch Pending c. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2013-0242 and CVE-2013-1914 to these issues. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======= ======= ================= ESXi 5.5 any ESXi550-201409101-SG ESXi 5.1 any Patch Pending ESXi 5.0 any Patch Pending d. vCenter and Update Manager, Oracle JRE 1.7 Update 55 Oracle has documented the CVE identifiers that are addressed in JRE 1.7.0 update 55 in the Oracle Java SE Critical Patch Update Advisory of April 2014. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======= ======= ================= vCenter Server 5.5 any 5.5 Update 2 vCenter Server 5.1 any not applicable * vCenter Server 5.0 any not applicable * vCenter Update Manager 5.5 any 5.5 Update 2 vCenter Update Manager 5.1 any not applicable * vCenter Update Manager 5.0 any not applicable * * this product uses the Oracle JRE 1.6.0 family * 4. Solution Please review the patch/release notes for your product and version and verify the checksum of your downloaded file. vCenter Server and Update Manager 5.5u2 --------------------------------------- Downloads and Documentation: https://www.vmware.com/go/download-vsphere ESXi 5.5 -------- Download: https://www.vmware.com/patchmgr/findPatch.portal 5. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0114 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4590 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4322 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0242 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1914 JRE --- Oracle Java SE Critical Patch Update Advisory of April 2014 http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html - ------------------------------------------------------------------------ 6. Change log 2014-09-09 VMSA-2014-0008 Initial security advisory in conjunction with the release of vSphere 5.5 Update 2 on 2014-09-09. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: security-announce at lists.vmware.com bugtraq at securityfocus.com fulldisclosure at seclists.org E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Advisories http://www.vmware.com/security/advisories VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html Twitter https://twitter.com/VMwareSRC Copyright 2014 VMware Inc. All rights reserved. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: tomcat6 security update Advisory ID: RHSA-2014:0429-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0429.html Issue date: 2014-04-23 CVE Names: CVE-2013-4286 CVE-2013-4322 CVE-2014-0050 ===================================================================== 1. Summary: Updated tomcat6 packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Optional (v. 6) - noarch Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch Red Hat Enterprise Linux Server (v. 6) - noarch Red Hat Enterprise Linux Server Optional (v. 6) - noarch Red Hat Enterprise Linux Workstation (v. 6) - noarch Red Hat Enterprise Linux Workstation Optional (v. 6) - noarch 3. Description: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was found that when Tomcat processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat would incorrectly handle the request. A remote attacker could use this flaw to poison a web cache, perform cross-site scripting (XSS) attacks, or obtain sensitive information from other requests. (CVE-2013-4286) It was discovered that the fix for CVE-2012-3544 did not properly resolve a denial of service flaw in the way Tomcat processed chunk extensions and trailing headers in chunked requests. A remote attacker could use this flaw to send an excessively long request that, when processed by Tomcat, could consume network bandwidth, CPU, and memory on the Tomcat server. Note that chunked transfer encoding is enabled by default. (CVE-2013-4322) A denial of service flaw was found in the way Apache Commons FileUpload handled small-sized buffers used by MultipartStream. A remote attacker could use this flaw to create a malformed Content-Type header for a multipart request, causing JBoss Web to enter an infinite loop when processing such an incoming request. (CVE-2014-0050) All Tomcat users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1062337 - CVE-2014-0050 apache-commons-fileupload: denial of service due to too-small buffer size used by MultipartStream 1069905 - CVE-2013-4322 tomcat: incomplete fix for CVE-2012-3544 1069921 - CVE-2013-4286 tomcat: multiple content-length header poisoning flaws 6. Package List: Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/tomcat6-6.0.24-64.el6_5.src.rpm noarch: tomcat6-6.0.24-64.el6_5.noarch.rpm tomcat6-admin-webapps-6.0.24-64.el6_5.noarch.rpm tomcat6-docs-webapp-6.0.24-64.el6_5.noarch.rpm tomcat6-el-2.1-api-6.0.24-64.el6_5.noarch.rpm tomcat6-javadoc-6.0.24-64.el6_5.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-64.el6_5.noarch.rpm tomcat6-lib-6.0.24-64.el6_5.noarch.rpm tomcat6-servlet-2.5-api-6.0.24-64.el6_5.noarch.rpm tomcat6-webapps-6.0.24-64.el6_5.noarch.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/tomcat6-6.0.24-64.el6_5.src.rpm noarch: tomcat6-6.0.24-64.el6_5.noarch.rpm tomcat6-admin-webapps-6.0.24-64.el6_5.noarch.rpm tomcat6-docs-webapp-6.0.24-64.el6_5.noarch.rpm tomcat6-el-2.1-api-6.0.24-64.el6_5.noarch.rpm tomcat6-javadoc-6.0.24-64.el6_5.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-64.el6_5.noarch.rpm tomcat6-lib-6.0.24-64.el6_5.noarch.rpm tomcat6-servlet-2.5-api-6.0.24-64.el6_5.noarch.rpm tomcat6-webapps-6.0.24-64.el6_5.noarch.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/tomcat6-6.0.24-64.el6_5.src.rpm noarch: tomcat6-6.0.24-64.el6_5.noarch.rpm tomcat6-el-2.1-api-6.0.24-64.el6_5.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-64.el6_5.noarch.rpm tomcat6-lib-6.0.24-64.el6_5.noarch.rpm tomcat6-servlet-2.5-api-6.0.24-64.el6_5.noarch.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/tomcat6-6.0.24-64.el6_5.src.rpm noarch: tomcat6-admin-webapps-6.0.24-64.el6_5.noarch.rpm tomcat6-docs-webapp-6.0.24-64.el6_5.noarch.rpm tomcat6-javadoc-6.0.24-64.el6_5.noarch.rpm tomcat6-webapps-6.0.24-64.el6_5.noarch.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/tomcat6-6.0.24-64.el6_5.src.rpm noarch: tomcat6-6.0.24-64.el6_5.noarch.rpm tomcat6-el-2.1-api-6.0.24-64.el6_5.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-64.el6_5.noarch.rpm tomcat6-lib-6.0.24-64.el6_5.noarch.rpm tomcat6-servlet-2.5-api-6.0.24-64.el6_5.noarch.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/tomcat6-6.0.24-64.el6_5.src.rpm noarch: tomcat6-admin-webapps-6.0.24-64.el6_5.noarch.rpm tomcat6-docs-webapp-6.0.24-64.el6_5.noarch.rpm tomcat6-javadoc-6.0.24-64.el6_5.noarch.rpm tomcat6-webapps-6.0.24-64.el6_5.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-4286.html https://www.redhat.com/security/data/cve/CVE-2013-4322.html https://www.redhat.com/security/data/cve/CVE-2014-0050.html https://access.redhat.com/security/updates/classification/#moderate https://tomcat.apache.org/security-6.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTWAehXlSAg2UNWIIRAk4FAJ0QHChPnJ7YGMKqQrpTiHHuI9qcTwCeNVwA RcJJsIakE7V9WaBDGRiqYO4= =cC51 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . By repeatedly sending a request for an authenticated resource while the victim is completing the login form, an attacker could inject a request that would be executed using the victim's credentials. CVE-2013-2071 A runtime exception in AsyncListener.onComplete() prevents the request from being recycled. This may expose elements of a previous request to a current request. CVE-2013-4322 When processing a request submitted using the chunked transfer encoding, Tomcat ignored but did not limit any extensions that were included. by streaming an unlimited amount of data to the server. For the stable distribution (wheezy), these problems have been fixed in version 7.0.28-4+deb7u1. For the testing distribution (jessie), these problems have been fixed in version 7.0.52-1. For the unstable distribution (sid), these problems have been fixed in version 7.0.52-1. We recommend that you upgrade your tomcat7 packages. Description: Red Hat JBoss Fuse Service Works is the next-generation ESB and business process automation infrastructure. Red Hat JBoss Fuse Service Works allows IT to leverage existing (MoM and EAI), modern (SOA and BPM-Rules), and future (EDA and CEP) integration methodologies to dramatically improve business process execution speed and quality. This roll up patch serves as a cumulative upgrade for Red Hat JBoss Fuse Service Works 6.0.0. It includes various bug fixes, which are listed in the README file included with the patch files. The following security issues are also fixed with this release: It was found that the Apache Camel XSLT component allowed XSL stylesheets to call external Java methods. (CVE-2013-4286) It was found that the Apache Camel XSLT component would resolve entities in XML messages when transforming them using an XSLT route. While Tomcat 6 uses Commons FileUpload as part of the Manager application, access to that functionality is limited to authenticated administrators. This issue was reported responsibly to the Apache Software Foundation via JPCERT but an error in addressing an e-mail led to the unintended early disclosure of this issue[1]. Mitigation: Users of affected versions should apply one of the following mitigations - - Upgrade to Apache Commons FileUpload 1.3.1 or later once released - - Upgrade to Apache Tomcat 8.0.2 or later once released - - Upgrade to Apache Tomcat 7.0.51 or later once released - - Apply the appropriate patch - Commons FileUpload: http://svn.apache.org/r1565143 - Tomcat 8: http://svn.apache.org/r1565163 - Tomcat 7: http://svn.apache.org/r1565169 - - Limit the size of the Content-Type header to less than 4091 bytes Credit: This issue was reported to the Apache Software Foundation via JPCERT. Additionally a build problem with maven was discovered, fixed maven packages is also being provided with this advisory. The verification of md5 checksums and GPG signatures is performed automatically for you. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04657823 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04657823 Version: 1 HPSBGN03329 rev.1 - HP SDN VAN Controller, Remote Denial of Service (DoS), Distributed Denial of Service (DDoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2015-05-11 Last Updated: 2015-05-11 Potential Security Impact: Remote Denial of Service (DoS), Distributed Denial of Service (DDoS) Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP SDN VAN Controller. The vulnerabilities could be remotely exploited resulting in Denial of Service (DoS) or a Distributed Denial of Service (DDoS). References: CVE-2014-0050 Remote Denial of Service (DoS) CVE-2015-2122 Remote Distributed Denial of Service (DDoS) SSRT102049 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP SDN VAN Controller version 2.5 and earlier. BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2014-0050 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-2122 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP recommends either of the two following workarounds for the vulnerabilities in the HP SDN VAN Controller. - The network for the server running the HP SDN VAN Controller management VLAN should be on a separate and isolated "management" VLAN. - Configure the firewall on the server running HP SDN VAN Controller so that the only network traffic allowed to the REST port is from trusted servers on the network that need to use the REST layer. For example: the Microsoft Lync Server for Optimizer. For more detailed information, please refer to the "Securing REST layer Access on HP VAN SDN Controllers" article at the following location: http://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=em r_na-c04676756 HISTORY Version:1 (rev.1) - 11 May 2015 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. (CVE-2013-4322) It was found that previous fixes in Tomcat 6 to path parameter handling introduced a regression that caused Tomcat to not properly disable URL rewriting to track session IDs when the disableURLRewriting option was enabled. A man-in-the-middle attacker could potentially use this flaw to hijack a user's session. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202107-39 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: Apache Commons FileUpload: Multiple vulnerabilities Date: July 17, 2021 Bugs: #739350 ID: 202107-39 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Apache Commons FileUpload, the worst of which could result in a Denial of Service condition. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-java/commons-fileupload <= 1.3 Vulnerable! ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== Gentoo has discontinued support for Apache Commons FileUpload. We recommend that users unmerge it: # emerge --ask --depclean "dev-java/commons-fileupload" NOTE: The Gentoo developer(s) maintaining Apache Commons FileUpload have discontinued support at this time. It may be possible that a new Gentoo developer will update Apache Commons FileUpload at a later date. We do not have a suggestion for a replacement at this time. References ========== [ 1 ] CVE-2013-0248 https://nvd.nist.gov/vuln/detail/CVE-2013-0248 [ 2 ] CVE-2014-0050 https://nvd.nist.gov/vuln/detail/CVE-2014-0050 [ 3 ] CVE-2016-3092 https://nvd.nist.gov/vuln/detail/CVE-2016-3092 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202107-39 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2021 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . It uses a genuine high performance hybrid technology that incorporates the best of the most recent OS technologies for processing high volume data, while keeping all the reference Java specifications. Apache Commons FileUpload package makes it easy to add robust, high-performance, file upload capability to servlets and web applications
VAR-201402-0303 CVE-2014-1870 Mac OS X Run on Opera Vulnerable to address bar spoofing CVSS V2: 4.3
CVSS V3: -
Severity: MEDIUM
Opera before 19 on Mac OS X allows user-assisted remote attackers to spoof the address bar via vectors involving a drag-and-drop operation. An attacker may leverage this issue by inserting arbitrary content to spoof a URI presented to an unsuspecting user. This may lead to a false sense of trust because the victim may be presented with a URI of a seemingly trusted site while interacting with the attacker's malicious site. Opera Web Browser versions prior to 19.00 are vulnerable. It supports multi-window browsing and a customizable user interface
VAR-201402-0262 CVE-2014-1698 SIEMENS SIMATIC WinCC Open Architecture Information Disclosure Vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Directory traversal vulnerability in Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to read arbitrary files via crafted packets to TCP port 4999. Based on the Windows platform, Siemens SIMATIC WinCC provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to multi-user systems supporting redundant servers and remote web client solutions. SIEMENS SIMATIC WinCC Open Architecture has an information disclosure vulnerability that can be exploited by remote attackers to obtain sensitive information. The system is mainly applicable to industries such as rail transit, building automation and public power supply. There is a directory traversal vulnerability in Siemens SIMATIC WinCC OA 3.12 and earlier versions
VAR-201407-0648 CVE-2014-4549 WordPress for WooCommerce SagePay Direct Payment Gateway Plug-in vulnerable to cross-site scripting CVSS V2: 4.3
CVSS V3: -
Severity: MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in pages/3DComplete.php in the WooCommerce SagePay Direct Payment Gateway plugin before 0.1.6.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) MD or (2) PARes parameter. WordPress is a blogging platform developed by the WordPress Software Foundation using the PHP language. The platform supports the setting up of personal blog websites on PHP and MySQL servers. WooCommerce SagePay Direct Payment Gateway is one of the WooCommerce (e-commerce) payment gateway plugins. When a user browses an affected website, their browser will execute arbitrary script code provided by the attacker, which may cause the attacker to steal cookie-based authentication and launch other attacks. Vulnerabilities in WooCommerce SagePay Direct Payment version 0.1.6.6, other versions may also be affected
VAR-201402-0261 CVE-2014-1697 Siemens SIMATIC WinCC OA Integration Web Vulnerability in arbitrary code execution on server CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
The integrated web server in Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to execute arbitrary code via crafted packets to TCP port 4999. Based on the Windows platform, Siemens SIMATIC WinCC provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to multi-user systems supporting redundant servers and remote web client solutions. SIEMENS SIMATIC WinCC Open Architecture has an unknown arbitrary code execution vulnerability that could allow a remote attacker to execute arbitrary code in the context of an affected application, possibly resulting in a denial of service attack. SIEMENS SIMATIC WinCC Open Architecture is prone to an unspecified arbitrary code-execution vulnerability. Failed exploit attempts may result in a denial-of-service condition. SIEMENS SIMATIC WinCC OA prior to 3.12 P002 are vulnerable. The system is mainly applicable to industries such as rail transit, building automation and public power supply
VAR-201402-0263 CVE-2014-1699 SIEMENS SIMATIC WinCC Denial of service vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to cause a denial of service (monitoring-service outage) via malformed HTTP requests to port 4999. Based on the Windows platform, Siemens SIMATIC WinCC provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to multi-user systems supporting redundant servers and remote web client solutions. A security vulnerability exists in SIEMENS SIMATIC WinCC OA prior to 3.12. A remote attacker can exploit a vulnerability to cause a denial of service attack. SIEMENS SIMATIC WinCC Open Architecture is prone to denial-of-service vulnerability. The system is mainly applicable to industries such as rail transit, building automation and public power supply
VAR-201402-0347 CVE-2014-0755 Rockwell Automation RSLogix 5000 Security Bypass Vulnerability CVSS V2: 6.9
CVSS V3: -
Severity: MEDIUM
Rockwell Automation RSLogix 5000 7 through 20.01, and 21.0, does not properly implement password protection for .ACD files (aka project files), which allows local users to obtain sensitive information or modify data via unspecified vectors. Rockwell Automation is a provider of industrial automation, control and information technology solutions. An attacker can exploit this issue to compromise user defined passwords. This results in unauthorized access and may lead to further attacks. RSLogix 5000 versions 7.0 through 20.01 and V21.0 are vulnerable. The software provides high-performance integrated control systems for manufacturers and machine builders who need medium-sized control systems, and also provides a unified development environment for Rockwell Automation Integrated Architecture systems. A security bypass vulnerability exists in Rockwell Automation RSLogix 5000 versions 7 through 20.01 and 21.0 due to the program not properly password-protecting the '.ACD' file
VAR-201402-0118 CVE-2013-6024 F5 Networks BIG-IP Edge Client information leakage vulnerability CVSS V2: 4.4
CVSS V3: -
Severity: MEDIUM
The Edge Client components in F5 BIG-IP APM 10.x, 11.x, 12.x, 13.x, and 14.x, BIG-IP Edge Gateway 10.x and 11.x, and FirePass 7.0.0 allow attackers to obtain sensitive information from process memory via unspecified vectors. The components may leak information from memory. (CWE-200). Multiple F5 Networks Products are prone to an unspecified local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information. Information obtained may lead to further attacks. The following products are vulnerable: BIG-IP APM 11.0.0 through 11.4.1 and 10.0.0 through 10.2.4 BIG-IP Edge Gateway 11.0.0 through 11.4.1 and 10.1.0 through 10.2.4 FirePass 6.0.0 through 6.1.0 and 7.0.0. The following versions and products are vulnerable: Versions prior to Desktop Client 9.0R3, and 5.3R7 Versions prior to Pulse Connect Secure 9.0R3, 8.3R7, and 8.1R14. F5 BIG-IP APM, etc. are all products of the US F5 (F5) company. F5 BIG-IP APM is an access and security solution. The product provides unified access to business-critical applications and networks. F5 FirePass is a product that provides secure remote access to internal enterprise applications and data. Edge Client is one of the integrated remote access clients used in BIG-IP solutions. This vulnerability stems from configuration errors in network systems or products during operation. The following products and versions are affected: F5 BIG-IP APM Version 10.x, Version 11.x, Version 12.x, Version 13.x, Version 14.x; BIG-IP Edge Gateway Version 10.x, Version 11.x Version; FirePass version 7.0.0
VAR-201402-0248 CVE-2014-0497 Adobe Flash Player Integer underflow vulnerability CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors. Adobe Flash Player is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2014:0137-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0137.html Issue date: 2014-02-05 Updated on: 2014-02-04 CVE Names: CVE-2014-0497 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. This vulnerability is detailed in the Adobe Security bulletin APSB14-04, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.336-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.336-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.336-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.336-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.336-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.336-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.336-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.336-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.336-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.336-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0497.html https://access.redhat.com/security/updates/classification/#critical http://helpx.adobe.com/security/products/flash-player/apsb14-04.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFS8fK3XlSAg2UNWIIRAn3HAJ9Dl9yTq8uwL1jZXpBhxpTOeSlNXACfcWWO 2pb3HgPGlwSq5PcZSe2neeg= =KItO -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201402-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Adobe Flash Player: Multiple vulnerabilities Date: February 06, 2014 Bugs: #491148, #493894, #498170, #500313 ID: 201402-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which could result in execution of arbitrary code. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could entice a user to open a specially crafted SWF file using Adobe Flash Player, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-plugins/adobe-flash-11.2.202.336" References ========== [ 1 ] CVE-2013-5329 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5329 [ 2 ] CVE-2013-5330 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5330 [ 3 ] CVE-2013-5331 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5331 [ 4 ] CVE-2013-5332 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5332 [ 5 ] CVE-2014-0491 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0491 [ 6 ] CVE-2014-0492 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0492 [ 7 ] CVE-2014-0497 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0497 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201402-06.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5
VAR-201402-0187 CVE-2013-7183 Seowon Intech WiMAX SWU-9100 mobile router contains multiple vulnerabilities CVSS V2: 7.8
CVSS V3: -
Severity: HIGH
cgi-bin/reboot.cgi on Seowon Intech SWC-9100 routers allows remote attackers to (1) cause a denial of service (reboot) via a default_reboot action or (2) reset all configuration values via a factory_default action. Seowon Intech WiMAX SWU-9100 mobile routers contain command injection (CWE-77) and direct request (CWE-425) vulnerabilities. Seowon Intech SWC-9100 Routers is a wireless router product from South Korea's Seowon Intech. WiMAX SWC-9100 Mobile Router is prone to a security-bypass vulnerability and a command-injection vulnerability. Exploiting these issues could allow an attacker to bypass certain security restrictions or execute arbitrary commands in the context of the device
VAR-201402-0267 CVE-2014-0329 Philippine Long Distance Telephone SpeedSurf 504AN and Kasda KW58293 contain multiple vulnerabilities CVSS V2: 9.3
CVSS V3: -
Severity: HIGH
The TELNET service on the ZTE ZXV10 W300 router 2.1.0 has a hardcoded password ending with airocon for the admin account, which allows remote attackers to obtain administrative access by leveraging knowledge of the MAC address characters present at the beginning of the password. The SpeedSurf 504AN and Kasda KW58293 modems distributed by PLDT contain multiple vulnerabilities. The BaudTec ADSL2+ Router may also be affected. ZTE ZXV10 W300 router version 2.1.0, and possibly earlier versions, contains hardcoded credentials. (CWE-798). ASUS , DIGICOM , Observa Telecom , Philippine Long Distance Telephone (PLDT) , ZTE Provided by DSL The router has a hard-coded password "XXXXaircon" There is a problem to use. ASUS DSL-N12E , DIGICOM DG-5524T , Observa Telecom RTA01N , Philippine Long Distance Telephone (PLDT) SpeedSurf 504AN , ZTE ZXV10 W300S Etc. DSL The router has telnet There is a problem that authentication information that can be used to access the device is hard-coded. The username is ASUS , DIGICOM , Observa Telecom , ZTE In the equipment of "admin" But, PLDT In the equipment of "adminpldt" Is used and the password is "XXXXairocon" ( XXXX Is the equipment MAC The last four digits of the address are used. MAC Address is SNMP Community string public May be able to get through. Authentication information ( password ) Is hard-coded (CWE-798) CWE-798: Use of Hard-coded Credentials https://cwe.mitre.org/data/definitions/798.html This vulnerability ZTE ZXV10 W300 As a matter of 2014 Year 2 A month JVNVU#99523838 Published on CVE-2014-0329 Has been assigned. This time, products from several other vendors have been found to have the same vulnerability. Observa Telecom RTA01N For vulnerabilities in 2015 Year 5 A month Full Disclosure It is published in JVNVU#99523838 https://jvn.jp/vu/JVNVU99523838/ Full Disclosure http://seclists.org/fulldisclosure/2015/May/129A remote attacker could use the authentication information and gain access to the device as an administrator. ZTE Provided by ZXV10 W300 Has a problem with hard-coded credentials. Multiple DSL Routers are prone to a security-bypass vulnerability. The vulnerability stems from the fact that the program installation uses default hard-coded credentials, and the first four digits of the admin account password 'XXXXairocon' are set to the last four digits of the MAC address
VAR-201402-0260 CVE-2014-1696 Siemens SIMATIC WinCC OA Vulnerabilities that gain access CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Siemens SIMATIC WinCC OA before 3.12 P002 January uses a weak hash algorithm for passwords, which makes it easier for remote attackers to obtain access via a brute-force attack. Based on the Windows platform, Siemens SIMATIC WinCC provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to multi-user systems supporting redundant servers and remote web client solutions. Siemens SIMATIC WinCC Open Architecture is prone to an insecure password-hash weakness. Versions prior to SIMATIC WinCC Open Architecture 3.12 P002 are vulnerable. The system is mainly applicable to industries such as rail transit, building automation and public power supply
VAR-201402-0184 CVE-2013-7179 Seowon Intech WiMAX SWU-9100 mobile router contains multiple vulnerabilities CVSS V2: 8.3
CVSS V3: -
Severity: HIGH
The ping functionality in cgi-bin/diagnostic.cgi on Seowon Intech SWC-9100 routers allows remote attackers to execute arbitrary commands via shell metacharacters in the ping_ipaddr parameter. In addition, JVNVU#95318893 Then CWE-77 It is published as CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') http://cwe.mitre.org/data/definitions/77.htmlBy a third party ping_ipaddr An arbitrary command may be executed via the shell metacharacter in the parameter. Seowon Intech SWC-9100 Routers is a wireless router product from South Korea's Seowon Intech. WiMAX SWC-9100 Mobile Router is prone to a security-bypass vulnerability and a command-injection vulnerability
VAR-201402-0338 CVE-2014-1458 FortiGuard FortiWeb of Web Management interface cross-site scripting vulnerability CVSS V2: 3.5
CVSS V3: -
Severity: LOW
Cross-site scripting (XSS) vulnerability in the web administration interface in FortiGuard FortiWeb 5.0.3 and earlier allows remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors. Fortinet Fortiweb is prone to an HTML-injection vulnerability because they fail to sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible. Fortinet Fortiweb 5.0.3 is vulnerable; other versions may also be affected. Fortinet FortiGuard FortiWeb is a web application layer firewall developed by Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, etc. Sensitive database content
VAR-201402-0186 CVE-2013-7182 Fortinet FortiOS Cross-site scripting vulnerability CVSS V2: 4.3
CVSS V3: -
Severity: MEDIUM
Cross-site scripting (XSS) vulnerability in firewall/schedule/recurrdlg in Fortinet FortiOS 5.0.5 allows remote attackers to inject arbitrary web script or HTML via the mkey parameter. (CWE-79). Fortinet Provided by FortiOS Contains a cross-site scripting vulnerability. Fortinet Provided by FortiOS Is /firewall/schedule/recurrdlg of mkey There is a problem with parameter processing and cross-site scripting (CWE-79) Vulnerabilities exist. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Fortinet FortiOS 5.0.5 is vulnerable; other versions may also be affected. Fortinet FortiOS is a set of security operating systems developed by Fortinet Corporation for the FortiGate network security platform. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSL VPN, Web content filtering and anti-spam. The vulnerability is due to the fact that the value of the parameter 'mkey' is not properly sanitized when passed to firewall/schedule/recurrdlg
VAR-201402-0185 CVE-2013-7181 Mediatrix 4402 digital gateway web interface contains a cross-site scripting (XSS) vulnerability CVSS V2: 4.3
CVSS V3: -
Severity: MEDIUM
Cross-site scripting (XSS) vulnerability in user/ldap_user/add in Fortinet FortiOS 5.0.3 allows remote attackers to inject arbitrary web script or HTML via the filter parameter. Mediatrix's web management interface for the 4402 digital gateway device with firmware version Dgw 1.1.13.186, and possibly earlier versions, contains a cross-site scripting (XSS) vulnerability. (CWE-79). Fortinet Provided by Fortiweb Contains a cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Fortinet Fortiweb 5.0.3 is vulnerable; other versions may also be affected. Fortinet FortiOS is a set of security operating systems developed by Fortinet Corporation for the FortiGate network security platform. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSL VPN, Web content filtering and anti-spam. The vulnerability stems from the fact that the value of the parameter 'filter' is not properly filtered when passed to user/ldap_user/add
VAR-201402-0241 CVE-2014-1965 SAP NetWeaver for SAP Exchange Infrastructure Component cross-site scripting vulnerability CVSS V2: 4.3
CVSS V3: -
Severity: MEDIUM
Cross-site scripting (XSS) vulnerability in ISpeakAdapter in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component 3.0, 7.00 through 7.02, and 7.10 through 7.11 for SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors related to PIP. SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. There are several vulnerabilities in SAP NetWeaver: 1. Portal handles the vulnerability of WebDyn Pro and can leak path information. 2, the message server has an unspecified error, allowing the attacker to exploit the vulnerability to crash the server. 3. The relevant DIR error input lacks filtering before returning to the user, allowing remote attackers to exploit the vulnerability for cross-site scripting attacks to obtain sensitive information or hijack user sessions. 4. Some of the relevant ISpeakAdapter inputs lack filtering before returning to the user, allowing remote attackers to exploit the vulnerability for cross-site scripting attacks to obtain sensitive information or hijack user sessions. A remote attacker can exploit a vulnerability to get sensitive information or crash an application. SAP NetWeaver is prone to multiple security vulnerabilities, including: 1. An information-disclosure vulnerability 2. Multiple cross-site scripting vulnerabilities 3. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks
VAR-201402-0240 CVE-2014-1964 SAP NetWeaver of Exchange Infrastructure Component cross-site scripting vulnerability CVSS V2: 4.3
CVSS V3: -
Severity: MEDIUM
Cross-site scripting (XSS) vulnerability in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors related to the ESR application and a DIR error. SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. There are several vulnerabilities in SAP NetWeaver: 1. Portal handles the vulnerability of WebDyn Pro and can leak path information. 2, the message server has an unspecified error, allowing the attacker to exploit the vulnerability to crash the server. 3. 4. Some of the relevant ISpeakAdapter inputs lack filtering before returning to the user, allowing remote attackers to exploit the vulnerability for cross-site scripting attacks to obtain sensitive information or hijack user sessions. A remote attacker can exploit a vulnerability to get sensitive information or crash an application. SAP NetWeaver is prone to multiple security vulnerabilities, including: 1. An information-disclosure vulnerability 2. Multiple cross-site scripting vulnerabilities 3. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks
VAR-201402-0239 CVE-2014-1963 SAP NetWeaver of Message Server Service disruption in (DoS) Vulnerabilities CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Unspecified vulnerability in Message Server in SAP NetWeaver 7.20 allows remote attackers to cause a denial of service via unknown attack vectors. SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. There are several vulnerabilities in SAP NetWeaver: 1. Portal handles the vulnerability of WebDyn Pro and can leak path information. 3. The relevant DIR error input lacks filtering before returning to the user, allowing remote attackers to exploit the vulnerability for cross-site scripting attacks to obtain sensitive information or hijack user sessions. 4. Some of the relevant ISpeakAdapter inputs lack filtering before returning to the user, allowing remote attackers to exploit the vulnerability for cross-site scripting attacks to obtain sensitive information or hijack user sessions. A remote attacker can exploit a vulnerability to get sensitive information or crash an application. SAP NetWeaver is prone to multiple security vulnerabilities, including: 1. An information-disclosure vulnerability 2. Multiple cross-site scripting vulnerabilities 3. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks
VAR-201402-0237 CVE-2014-1961 SAP NetWeaver of Portal WebDynPro Vulnerabilities in which important path information is obtained CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Unspecified vulnerability in the Portal WebDynPro in SAP NetWeaver allows remote attackers to obtain sensitive path information via unknown attack vectors. SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. There are several vulnerabilities in SAP NetWeaver: 1. 2, the message server has an unspecified error, allowing the attacker to exploit the vulnerability to crash the server. 3. 4. SAP NetWeaver is prone to multiple security vulnerabilities, including: 1. An information-disclosure vulnerability 2. Multiple cross-site scripting vulnerabilities 3. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks