Summary
| Detail | |||
|---|---|---|---|
| Vendor | Avaya | First view | 2004-07-27 |
| Product | s8500 | Last view | 2007-03-16 |
| Version | Type | ||
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 5.2 | 2007-03-16 | CVE-2007-1491 | Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties. |
| 4.3 | 2007-03-09 | CVE-2007-1367 | Cross-site scripting (XSS) vulnerability in the login page in Avaya Communications Manager (CM) S87XX, S8500, and S8300 products before 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the Login field. |
| 2.1 | 2005-04-14 | CVE-2005-0003 | The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit architectures, does not properly check for overlapping VMA (virtual memory address) allocations, which allows local users to cause a denial of service (system crash) or execute arbitrary code via a crafted ELF or a.out file. |
| 6.2 | 2005-04-14 | CVE-2004-1235 | Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor. |
| 2.1 | 2004-08-06 | CVE-2004-0554 | Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of service (system crash), possibly via an infinite loop that triggers a signal handler with a certain sequence of fsave and frstor instructions, as originally demonstrated using a "crash.c" program. |
| 7.2 | 2004-08-06 | CVE-2004-0495 | Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users to gain privileges or access kernel memory, as found by the Sparse source code checking tool. |
| 6.4 | 2004-08-06 | CVE-2004-0493 | The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters. |
| 6.8 | 2004-07-27 | CVE-2004-0595 | The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities. |
CAPEC : Common Attack Pattern Enumeration & Classification
| id | Name |
|---|---|
| CAPEC-3 | Using Leading 'Ghost' Character Sequences to Bypass Input Filters |
| CAPEC-6 | Argument Injection |
| CAPEC-15 | Command Delimiters |
| CAPEC-18 | Embedding Scripts in Nonscript Elements |
| CAPEC-32 | Embedding Scripts in HTTP Query Strings |
| CAPEC-43 | Exploiting Multiple Input Interpretation Layers |
| CAPEC-63 | Simple Script Injection |
| CAPEC-71 | Using Unicode Encoding to Bypass Validation Logic |
| CAPEC-73 | User-Controlled Filename |
| CAPEC-85 | Client Network Footprinting (using AJAX/XSS) |
| CAPEC-86 | Embedding Script (XSS ) in HTTP Headers |
| CAPEC-163 | Spear Phishing |
| CAPEC-247 | Cross-Site Scripting with Masking through Invalid Characters in Identifiers |
Oval Markup Language : Definitions
| OvalID | Name |
|---|---|
| oval:org.mitre.oval:def:10605 | The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote at... |
| oval:org.mitre.oval:def:2961 | Multiple Privilege Escalation Vulnerabilities in Linux Kernel |
| oval:org.mitre.oval:def:10155 | Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local user... |
| oval:org.mitre.oval:def:9426 | Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local user... |
| oval:org.mitre.oval:def:2915 | Linux Kernel Denial of Service Vulnerability via fsave and frstor Instructions |
| oval:org.mitre.oval:def:10619 | The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does ... |
| oval:org.mitre.oval:def:9567 | Race condition in the (1) load_elf_library and (2) binfmt_aout function calls... |
| oval:org.mitre.oval:def:9512 | The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit architect... |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 33346 | Avaya Multiple Products Apache Tomcat Port Weakness |
| 33297 | Avaya Communications Manager Login Page XSS |
| 12917 | Linux Kernel Elf Binary Overlapping VMA Local Privilege Escalation |
| 12791 | Linux Kernel sys_uselib Binary Format Loader Local Privilege Escalation |
| 7871 | PHP strip_tags() Function Filter Bypass |
| 7269 | Multiple HTTP Server Input Header Folding DoS |
| 7218 | Linux Kernel Unspecified Memory Disclosure |
| 7077 | Linux Kernel __clear_fpu Infinite Loop DoS |
OpenVAS Exploits
| id | Description |
|---|---|
| 2009-10-10 | Name : SLES9: Security update for Linux kernel core File : nvt/sles9p5014380.nasl |
| 2009-05-05 | Name : HP-UX Update for Apache HPSBUX01064 File : nvt/gb_hp_ux_HPSBUX01064.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200407-02 (Kernel) File : nvt/glsa_200407_02.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200407-03 (Apache) File : nvt/glsa_200407_03.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200407-13 (PHP) File : nvt/glsa_200407_13.nasl |
| 2008-09-04 | Name : php -- strip_tags cross-site scripting vulnerability File : nvt/freebsd_mod_php4-twig2.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 1067-1 (kernel 2.4.16) File : nvt/deb_1067_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 1070-1 (kernel-source-2.4.19,kernel-image-sparc-... File : nvt/deb_1070_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 1082-1 (kernel-2.4.17) File : nvt/deb_1082_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 531-1 (php4) File : nvt/deb_531_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 669-1 (php3) File : nvt/deb_669_1.nasl |
| 2005-11-03 | Name : Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabili... File : nvt/apache_input_header_folding_dos.nasl |
| 2005-11-03 | Name : php < 4.3.8 File : nvt/php_strip_tags_memory_limit_vuln.nasl |
| 0000-00-00 | Name : Slackware Advisory SSA:2004-167-01 kernel DoS File : nvt/esoft_slk_ssa_2004_167_01.nasl |
| 0000-00-00 | Name : Slackware Advisory SSA:2004-202-01 PHP File : nvt/esoft_slk_ssa_2004_202_01.nasl |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | PHP strip_tags bypass vulnerability exploit attempt RuleID : 15977 - Type : SERVER-WEBAPP - Revision : 10 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1067.nasl - Type: ACT_GATHER_INFO |
| 2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1069.nasl - Type: ACT_GATHER_INFO |
| 2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1070.nasl - Type: ACT_GATHER_INFO |
| 2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1082.nasl - Type: ACT_GATHER_INFO |
| 2006-01-15 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-57-1.nasl - Type: ACT_GATHER_INFO |
| 2005-07-13 | Name: The remote Slackware host is missing a security update. File: Slackware_SSA_2004-202-01.nasl - Type: ACT_GATHER_INFO |
| 2005-07-13 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_edf61c610f0711d98393000103ccf9d6.nasl - Type: ACT_GATHER_INFO |
| 2005-07-13 | Name: The remote Slackware host is missing a security update. File: Slackware_SSA_2004-167-01.nasl - Type: ACT_GATHER_INFO |
| 2005-03-25 | Name: The remote host is missing a vendor-supplied security patch File: suse_SA_2005_018.nasl - Type: ACT_GATHER_INFO |
| 2005-02-22 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2005-092.nasl - Type: ACT_GATHER_INFO |
| 2005-02-10 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-669.nasl - Type: ACT_GATHER_INFO |
| 2005-02-03 | Name: The remote host is missing a vendor-supplied security patch File: suse_SA_2005_003.nasl - Type: ACT_GATHER_INFO |
| 2005-01-26 | Name: The remote Mandrake Linux host is missing one or more security updates. File: mandrake_MDKSA-2005-022.nasl - Type: ACT_GATHER_INFO |
| 2005-01-26 | Name: The remote host is missing a Mac OS X update that fixes a security issue. File: macosx_SecUpd2005-001.nasl - Type: ACT_GATHER_INFO |
| 2005-01-25 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2005-016.nasl - Type: ACT_GATHER_INFO |
| 2005-01-19 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2005-043.nasl - Type: ACT_GATHER_INFO |
| 2005-01-12 | Name: The remote Fedora Core host is missing a security update. File: fedora_2005-013.nasl - Type: ACT_GATHER_INFO |
| 2005-01-12 | Name: The remote Fedora Core host is missing a security update. File: fedora_2005-014.nasl - Type: ACT_GATHER_INFO |
| 2004-09-29 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-531.nasl - Type: ACT_GATHER_INFO |
| 2004-09-08 | Name: The remote host is missing a Mac OS X update that fixes a security issue. File: macosx_SecUpd20040907.nasl - Type: ACT_GATHER_INFO |
| 2004-08-30 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-200407-03.nasl - Type: ACT_GATHER_INFO |
| 2004-08-30 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-200407-02.nasl - Type: ACT_GATHER_INFO |
| 2004-08-30 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-200407-13.nasl - Type: ACT_GATHER_INFO |
| 2004-07-31 | Name: The remote Mandrake Linux host is missing one or more security updates. File: mandrake_MDKSA-2004-062.nasl - Type: ACT_GATHER_INFO |
| 2004-07-31 | Name: The remote Mandrake Linux host is missing one or more security updates. File: mandrake_MDKSA-2004-064.nasl - Type: ACT_GATHER_INFO |
