Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Summary | |
|---|---|
| Title | HP-UX running Apache, Remote Arbitrary Code Execution, Cross Site Scripting (XSS) |
| Informations | |||
|---|---|---|---|
| Name | HPSBUX02262 SSRT071447 | First vendor Publication | 2007-10-02 |
| Vendor | HP | Last vendor Modification | 2007-10-02 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Potential security vulnerabilities have been identified with Apache running on HP-UX. The vulnerabilities could be exploited remotely via Cross Site Scripting (XSS) to execute arbitrary code. |
Original Source
| Url : http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795 |
CAPEC : Common Attack Pattern Enumeration & Classification
| Id | Name |
|---|---|
| CAPEC-33 | HTTP Request Smuggling |
| CAPEC-105 | HTTP Request Splitting |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 33 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
| 22 % | CWE-200 | Information Exposure |
| 22 % | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25) |
| 11 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
| 11 % | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE/SANS Top 25) |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:10077 | |||
| Oval ID: | oval:org.mitre.oval:def:10077 | ||
| Title: | Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action. | ||
| Description: | Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2007-3386 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10154 | |||
| Oval ID: | oval:org.mitre.oval:def:10154 | ||
| Title: | Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified. | ||
| Description: | Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2006-5752 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10499 | |||
| Oval ID: | oval:org.mitre.oval:def:10499 | ||
| Title: | Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." | ||
| Description: | Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2005-2090 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10578 | |||
| Oval ID: | oval:org.mitre.oval:def:10578 | ||
| Title: | Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence. | ||
| Description: | Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2007-2449 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10643 | |||
| Oval ID: | oval:org.mitre.oval:def:10643 | ||
| Title: | Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache. | ||
| Description: | Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2007-0450 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11269 | |||
| Oval ID: | oval:org.mitre.oval:def:11269 | ||
| Title: | Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks. | ||
| Description: | Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2007-3382 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11287 | |||
| Oval ID: | oval:org.mitre.oval:def:11287 | ||
| Title: | Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors. | ||
| Description: | Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2007-2450 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18548 | |||
| Oval ID: | oval:org.mitre.oval:def:18548 | ||
| Title: | DSA-1312-1 libapache-mod-jk | ||
| Description: | It was discovered that the Apache 1.3 connector for the Tomcat Java servlet engine decoded request URLs multiple times, which can lead to information disclosure. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1312-1 CVE-2007-1860 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 4.0 | Product(s): | libapache-mod-jk |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:19944 | |||
| Oval ID: | oval:org.mitre.oval:def:19944 | ||
| Title: | DSA-1283-1 php5 | ||
| Description: | Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1283-1 CVE-2007-1286 CVE-2007-1375 CVE-2007-1376 CVE-2007-1380 CVE-2007-1453 CVE-2007-1454 CVE-2007-1521 CVE-2007-1583 CVE-2007-1700 CVE-2007-1711 CVE-2007-1718 CVE-2007-1777 CVE-2007-1824 CVE-2007-1887 CVE-2007-1889 CVE-2007-1900 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 4.0 | Product(s): | php5 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:20358 | |||
| Oval ID: | oval:org.mitre.oval:def:20358 | ||
| Title: | DSA-1468-1 tomcat5.5 | ||
| Description: | Several remote vulnerabilities have been discovered in the Tomcat servlet and JSP engine. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1468-1 CVE-2008-0128 CVE-2007-2450 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 4.0 | Product(s): | tomcat5.5 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:5348 | |||
| Oval ID: | oval:org.mitre.oval:def:5348 | ||
| Title: | HP-UX running Apache, Remote Arbitrary Code Execution, Cross Site Scripting (XSS) | ||
| Description: | Buffer overflow in the sqlite_decode_binary function in the bundled sqlite library in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter, as demonstrated by calling the sqlite_udf_decode_binary function with a 0x01 character. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2007-1887 | Version: | 9 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:5513 | |||
| Oval ID: | oval:org.mitre.oval:def:5513 | ||
| Title: | HP-UX running Apache, Remote Arbitrary Code Execution, Cross Site Scripting (XSS) | ||
| Description: | Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2007-0774 | Version: | 9 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6002 | |||
| Oval ID: | oval:org.mitre.oval:def:6002 | ||
| Title: | HP-UX running Apache, Remote Arbitrary Code Execution, Cross Site Scripting (XSS) | ||
| Description: | mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2007-1860 | Version: | 9 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6067 | |||
| Oval ID: | oval:org.mitre.oval:def:6067 | ||
| Title: | HP-UX running Apache, Remote Arbitrary Code Execution, Cross Site Scripting (XSS) | ||
| Description: | CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a '\n' character, which causes a regular expression to ignore the subsequent part of the address string. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2007-1900 | Version: | 9 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6111 | |||
| Oval ID: | oval:org.mitre.oval:def:6111 | ||
| Title: | HP-UX running Apache, Remote Arbitrary Code Execution, Cross Site Scripting (XSS) | ||
| Description: | Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2007-1355 | Version: | 9 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7601 | |||
| Oval ID: | oval:org.mitre.oval:def:7601 | ||
| Title: | DSA-1468 tomcat5.5 -- several vulnerabilities | ||
| Description: | Several remote vulnerabilities have been discovered in the Tomcat servlet and JSP engine. The Common Vulnerabilities and Exposures project identifies the following problems: Olaf Kock discovered that HTTPS encryption was insufficiently enforced for single-sign-on cookies, which could result in information disclosure. It was discovered that the Manager and Host Manager web applications performed insufficient input sanitising, which could lead to cross site scripting. This update also adapts the tomcat5.5-webapps package to the tightened JULI permissions introduced in the previous tomcat5.5 DSA. However, it should be noted, that the tomcat5.5-webapps is for demonstration and documentation purposes only and should not be used for production systems. The old stable distribution (sarge) doesn't contain tomcat5.5. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1468 CVE-2008-0128 CVE-2007-2450 | Version: | 3 |
| Platform(s): | Debian GNU/Linux 4.0 | Product(s): | tomcat5.5 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:9549 | |||
| Oval ID: | oval:org.mitre.oval:def:9549 | ||
| Title: | Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. | ||
| Description: | Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2007-3385 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9824 | |||
| Oval ID: | oval:org.mitre.oval:def:9824 | ||
| Title: | cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value. | ||
| Description: | cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2007-1863 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
SAINT Exploits
| Description | Link |
|---|---|
| Apache Tomcat JK Web Server Connector URI worker map buffer overflow | More info here |
ExploitDB Exploits
| id | Description |
|---|---|
| 2008-02-09 | Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosur... |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2012-06-21 | Name : PHP version smaller than 5.2.4 File : nvt/nopsec_php_5_2_4.nasl |
| 2012-06-21 | Name : PHP version smaller than 5.2.3 File : nvt/nopsec_php_5_2_3.nasl |
| 2012-06-21 | Name : PHP version smaller than 5.2.1 File : nvt/nopsec_php_5_2_1.nasl |
| 2012-06-21 | Name : PHP version smaller than 4.4.5 File : nvt/nopsec_php_4_4_5.nasl |
| 2010-09-14 | Name : Mandriva Update for tomcat5 MDVSA-2010:176 (tomcat5) File : nvt/gb_mandriva_MDVSA_2010_176.nasl |
| 2010-05-12 | Name : Mac OS X 10.5.3 Update / Mac OS X Security Update 2008-003 File : nvt/macosx_upd_10_5_3_secupd_2008-003.nasl |
| 2010-05-12 | Name : Mac OS X 10.5.4 Update / Mac OS X Security Update 2008-004 File : nvt/macosx_upd_10_5_4_secupd_2008-004.nasl |
| 2010-04-21 | Name : PHP sqlite_udf_decode_binary() Function Buffer Overflow Vulnerability File : nvt/gb_php_23235.nasl |
| 2010-02-03 | Name : Solaris Update for Apache 1.3 122911-19 File : nvt/gb_solaris_122911_19.nasl |
| 2010-02-03 | Name : Solaris Update for Apache 1.3 122912-19 File : nvt/gb_solaris_122912_19.nasl |
| 2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
| 2009-10-13 | Name : Solaris Update for Apache 1.3 122912-17 File : nvt/gb_solaris_122912_17.nasl |
| 2009-10-13 | Name : Solaris Update for Apache 1.3 122911-17 File : nvt/gb_solaris_122911_17.nasl |
| 2009-10-13 | Name : SLES10: Security update for Websphere Community Edition File : nvt/sles10_websphere-as_ce0.nasl |
| 2009-10-13 | Name : SLES10: Security update for Tomcat 5 File : nvt/sles10_tomcat53.nasl |
| 2009-10-10 | Name : SLES9: Security update for gd File : nvt/sles9p5009393.nasl |
| 2009-10-10 | Name : SLES9: Security update for PHP4 File : nvt/sles9p5012110.nasl |
| 2009-10-10 | Name : SLES9: Security update for jakarta-tomcat File : nvt/sles9p5012618.nasl |
| 2009-10-10 | Name : SLES9: Security update for Tomcat File : nvt/sles9p5023110.nasl |
| 2009-10-10 | Name : SLES9: Security update for Tomcat File : nvt/sles9p5021793.nasl |
| 2009-10-10 | Name : SLES9: Security update for apache2 File : nvt/sles9p5012664.nasl |
| 2009-10-10 | Name : SLES9: Security update for PHP4 File : nvt/sles9p5015662.nasl |
| 2009-09-23 | Name : Solaris Update for Apache 1.3 122912-16 File : nvt/gb_solaris_122912_16.nasl |
| 2009-09-23 | Name : Solaris Update for Apache 1.3 122911-16 File : nvt/gb_solaris_122911_16.nasl |
| 2009-06-03 | Name : Solaris Update for Apache 2 120544-14 File : nvt/gb_solaris_120544_14.nasl |
| 2009-06-03 | Name : Solaris Update for Apache Security 113146-12 File : nvt/gb_solaris_113146_12.nasl |
| 2009-06-03 | Name : Solaris Update for Apache Security 114145-11 File : nvt/gb_solaris_114145_11.nasl |
| 2009-06-03 | Name : Solaris Update for Apache 116973-07 File : nvt/gb_solaris_116973_07.nasl |
| 2009-06-03 | Name : Solaris Update for Apache 116974-07 File : nvt/gb_solaris_116974_07.nasl |
| 2009-06-03 | Name : Solaris Update for Apache 2 120543-14 File : nvt/gb_solaris_120543_14.nasl |
| 2009-06-03 | Name : Solaris Update for Apache 1.3 122911-15 File : nvt/gb_solaris_122911_15.nasl |
| 2009-06-03 | Name : Solaris Update for Apache 1.3 122912-15 File : nvt/gb_solaris_122912_15.nasl |
| 2009-05-05 | Name : HP-UX Update for Apache HPSBUX02262 File : nvt/gb_hp_ux_HPSBUX02262.nasl |
| 2009-05-05 | Name : HP-UX Update for Apache HPSBUX02308 File : nvt/gb_hp_ux_HPSBUX02308.nasl |
| 2009-05-05 | Name : HP-UX Update for Apache With PHP HPSBUX02332 File : nvt/gb_hp_ux_HPSBUX02332.nasl |
| 2009-04-09 | Name : Mandriva Update for libwmf MDKSA-2007:123 (libwmf) File : nvt/gb_mandriva_MDKSA_2007_123.nasl |
| 2009-04-09 | Name : Mandriva Update for tomcat5 MDKSA-2007:241 (tomcat5) File : nvt/gb_mandriva_MDKSA_2007_241.nasl |
| 2009-04-09 | Name : Mandriva Update for apache MDKSA-2007:140 (apache) File : nvt/gb_mandriva_MDKSA_2007_140.nasl |
| 2009-04-09 | Name : Mandriva Update for tetex MDKSA-2007:124 (tetex) File : nvt/gb_mandriva_MDKSA_2007_124.nasl |
| 2009-04-09 | Name : Mandriva Update for gd MDKSA-2007:122 (gd) File : nvt/gb_mandriva_MDKSA_2007_122.nasl |
| 2009-04-09 | Name : Mandriva Update for php MDKSA-2007:089 (php) File : nvt/gb_mandriva_MDKSA_2007_089.nasl |
| 2009-04-09 | Name : Mandriva Update for php MDKSA-2007:187 (php) File : nvt/gb_mandriva_MDKSA_2007_187.nasl |
| 2009-03-23 | Name : Ubuntu Update for php5 regression USN-549-2 File : nvt/gb_ubuntu_USN_549_2.nasl |
| 2009-03-23 | Name : Ubuntu Update for php5 vulnerabilities USN-549-1 File : nvt/gb_ubuntu_USN_549_1.nasl |
| 2009-03-23 | Name : Ubuntu Update for apache2 vulnerabilities USN-499-1 File : nvt/gb_ubuntu_USN_499_1.nasl |
| 2009-03-23 | Name : Ubuntu Update for libgd2 vulnerabilities USN-473-1 File : nvt/gb_ubuntu_USN_473_1.nasl |
| 2009-03-23 | Name : Ubuntu Update for php5 vulnerabilities USN-455-1 File : nvt/gb_ubuntu_USN_455_1.nasl |
| 2009-03-06 | Name : RedHat Update for gd RHSA-2008:0146-01 File : nvt/gb_RHSA-2008_0146-01_gd.nasl |
| 2009-02-27 | Name : Fedora Update for tomcat5 FEDORA-2007-3456 File : nvt/gb_fedora_2007_3456_tomcat5_fc7.nasl |
| 2009-02-27 | Name : CentOS Update for gd CESA-2008:0146 centos4 i386 File : nvt/gb_CESA-2008_0146_gd_centos4_i386.nasl |
| 2009-02-27 | Name : CentOS Update for gd CESA-2008:0146 centos4 x86_64 File : nvt/gb_CESA-2008_0146_gd_centos4_x86_64.nasl |
| 2009-02-27 | Name : Fedora Update for httpd FEDORA-2007-0704 File : nvt/gb_fedora_2007_0704_httpd_fc7.nasl |
| 2009-02-27 | Name : Fedora Update for httpd FEDORA-2007-2214 File : nvt/gb_fedora_2007_2214_httpd_fc7.nasl |
| 2009-02-27 | Name : Fedora Update for php FEDORA-2007-2215 File : nvt/gb_fedora_2007_2215_php_fc7.nasl |
| 2009-02-27 | Name : Fedora Update for tomcat5 FEDORA-2007-3474 File : nvt/gb_fedora_2007_3474_tomcat5_fc8.nasl |
| 2009-02-27 | Name : Fedora Update for httpd FEDORA-2007-615 File : nvt/gb_fedora_2007_615_httpd_fc6.nasl |
| 2009-02-27 | Name : Fedora Update for httpd FEDORA-2007-617 File : nvt/gb_fedora_2007_617_httpd_fc5.nasl |
| 2009-02-27 | Name : Fedora Update for php FEDORA-2007-709 File : nvt/gb_fedora_2007_709_php_fc6.nasl |
| 2009-02-18 | Name : SuSE Security Summary SUSE-SR:2009:004 File : nvt/suse_sr_2009_004.nasl |
| 2009-02-17 | Name : Fedora Update for tomcat5 FEDORA-2008-8130 File : nvt/gb_fedora_2008_8130_tomcat5_fc8.nasl |
| 2009-02-16 | Name : Fedora Update for tomcat5 FEDORA-2008-1467 File : nvt/gb_fedora_2008_1467_tomcat5_fc7.nasl |
| 2009-02-16 | Name : Fedora Update for tomcat5 FEDORA-2008-1603 File : nvt/gb_fedora_2008_1603_tomcat5_fc8.nasl |
| 2009-02-16 | Name : Fedora Update for httpd FEDORA-2008-1711 File : nvt/gb_fedora_2008_1711_httpd_fc7.nasl |
| 2009-02-02 | Name : Ubuntu USN-712-1 (vim) File : nvt/ubuntu_712_1.nasl |
| 2009-02-02 | Name : Ubuntu USN-710-1 (xine-lib) File : nvt/ubuntu_710_1.nasl |
| 2009-02-02 | Name : Ubuntu USN-711-1 (ktorrent) File : nvt/ubuntu_711_1.nasl |
| 2009-01-28 | Name : SuSE Update for apache2 SUSE-SA:2007:061 File : nvt/gb_suse_2007_061.nasl |
| 2009-01-28 | Name : SuSE Update for php4,php5 SUSE-SA:2007:032 File : nvt/gb_suse_2007_032.nasl |
| 2009-01-23 | Name : SuSE Update for php4, php5 SUSE-SA:2008:004 File : nvt/gb_suse_2008_004.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200710-02 (php) File : nvt/glsa_200710_02.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200711-06 (apache) File : nvt/glsa_200711_06.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200711-34 (cstetex) File : nvt/glsa_200711_34.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200805-13 (ptex) File : nvt/glsa_200805_13.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200708-05 (gd) File : nvt/glsa_200708_05.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200705-19 (php) File : nvt/glsa_200705_19.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200705-03 (tomcat) File : nvt/glsa_200705_03.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200703-16 (mod_jk) File : nvt/glsa_200703_16.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200708-15 (mod_jk) File : nvt/glsa_200708_15.nasl |
| 2008-09-04 | Name : FreeBSD Ports: php5 File : nvt/freebsd_php51.nasl |
| 2008-09-04 | Name : FreeBSD Ports: apache-tomcat File : nvt/freebsd_apache-tomcat.nasl |
| 2008-09-04 | Name : FreeBSD Ports: apache-tomcat File : nvt/freebsd_apache-tomcat0.nasl |
| 2008-09-04 | Name : FreeBSD Ports: apache File : nvt/freebsd_apache12.nasl |
| 2008-09-04 | Name : FreeBSD Ports: mod_jk-ap2, mod_jk File : nvt/freebsd_mod_jk-ap2.nasl |
| 2008-09-04 | Name : FreeBSD Ports: mod_jk File : nvt/freebsd_mod_jk.nasl |
| 2008-01-31 | Name : Debian Security Advisory DSA 1468-1 (tomcat5.5) File : nvt/deb_1468_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 1453-1 (tomcat5) File : nvt/deb_1453_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 1447-1 (tomcat5.5) File : nvt/deb_1447_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 1312-1 (libapache-mod-jk) File : nvt/deb_1312_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 1283-1 (php5) File : nvt/deb_1283_1.nasl |
| 0000-00-00 | Name : Slackware Advisory SSA:2008-045-03 php File : nvt/esoft_slk_ssa_2008_045_03.nasl |
| 0000-00-00 | Name : Slackware Advisory SSA:2007-152-01 php5 File : nvt/esoft_slk_ssa_2007_152_01.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 43452 | Apache Tomcat HTTP Request Smuggling |
| 38630 | IBM HTTP Server mod_status mod_status.c Unspecified XSS |
| 37079 | Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS |
| 37071 | Apache Tomcat Cookie Handling Session ID Disclosure |
| 37070 | Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure |
| 37052 | Apache HTTP Server mod_status mod_status.c Unspecified XSS |
| 36643 | GD Graphics Library (libgd) gdPngReadData() Function Truncated PNG Data Handl... |
| 36417 | Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS |
| 36083 | PHP chunk_split Function Multiple Argument Overflows |
| 36080 | Apache Tomcat JSP Examples Crafted URI XSS |
| 36079 | Apache Tomcat Manager Uploaded Filename XSS Apache Tomcat contains a flaw that allows a remote cross site scripting attack. This flaw exists because the Manager and Host Manager applications do not validate the filename of files uploaded via the /manager/html/upload utility. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. |
| 35788 | GD Graphics Library (libgd) gdPngReadData() Function Truncated PNG Handling DoS |
| 34881 | Apache Tomcat Malformed Accept-Language Header XSS Apache Tomcat contains a flaw that allows a remote cross site scripting attack. This flaw exists because the server does not validate user-supplied Accept-Language headers. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. |
| 34877 | Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbit... Apache Tomcat JK Web Server Connector contains a flaw that allows a remote attacker to access files on the AJP back-end outside of the web root. The issue is due to a failure of handling double encoded ".." in a URL, specifically directory traversal style attacks. |
| 34875 | Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS |
| 34769 | Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access Apache Tomcat when configured to use the Proxy module contains a flaw that may allow a remote attacker to gain access to privileged information. The issue is due to the server not properly sanitizing user requested URIs containing crafted sequences with combinations of the "/" (slash), "\" (backslash) and a URL-encoded backslash (%5C) characters. This may allow an attacker to use a URI with a crafted traversal sequence and access arbitrary files. |
| 33962 | PHP ext/filter FILTER_VALIDATE_EMAIL Newline Injection PHP's ext/filter extension contains a flaw that may allow a malicious user to inject specially crafted mail headers. The issue is triggered due to the FILTER_VALIDATE_EMAIL function using an incorrect regular expression which can be trivially bypassed. By using a newline character, an attacker could potentially use this to send unsolicited e-mail from the host. |
| 33958 | PHP sqlite Library sqlite_udf_decode_binary() Function Overflow PHP contains a flaw that may allow a context-dependent attacker to gain elevated privileges. The issue is due to the in parameter of the sqlite_decode_binary function in the bundled sqlite library not properly sanitizing user-supplied input. By supplying crafted input, an attacker can trigger a buffer overflow and potentially execute arbitrary code. |
| 33855 | Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Ov... A buffer overflow exists in Tomcat. The JK Web Server Connector fails to validate long URL requests resulting in a stack overflow. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity. |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Apache Tomcat JK Web Server Connector long URL stack overflow attempt RuleID : 18287 - Revision : 3 - Type : SPECIFIC-THREATS |
| 2014-01-10 | Apache Tomcat UNIX platform directory traversal RuleID : 17502 - Revision : 8 - Type : SERVER-APACHE |
| 2014-01-10 | Apache Tomcat UNIX platform directory traversal RuleID : 17501 - Revision : 8 - Type : SERVER-APACHE |
| 2014-01-10 | Apache Tomcat UNIX platform directory traversal RuleID : 17500 - Revision : 7 - Type : SERVER-APACHE |
| 2014-01-10 | Apache Tomcat UNIX platform directory traversal RuleID : 17499 - Revision : 7 - Type : SERVER-APACHE |
| 2014-01-10 | Apache Tomcat UNIX platform directory traversal RuleID : 17498 - Revision : 8 - Type : SERVER-APACHE |
| 2014-01-10 | Generic HyperLink buffer overflow attempt RuleID : 17410 - Revision : 27 - Type : OS-WINDOWS |
| 2014-01-10 | Multiple products UNIX platform backslash directory traversal attempt RuleID : 17391 - Revision : 16 - Type : SERVER-OTHER |
| 2014-01-10 | Apache Tomcat JK Web Server Connector long URL stack overflow attempt - 2 RuleID : 17108 - Revision : 4 - Type : SPECIFIC-THREATS |
| 2014-01-10 | Apache Tomcat JK Web Server Connector long URL stack overflow attempt - 1 RuleID : 17107 - Revision : 7 - Type : SERVER-APACHE |
| 2019-01-15 | (http_inspect)oversizerequest-uridirectory RuleID : 15 - Revision : 2 - Type : |
| 2014-01-10 | Apache mod_cache denial of service attempt RuleID : 12591 - Revision : 12 - Type : SERVER-APACHE |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2018-05-01 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2018-120-01.nasl - Type : ACT_GATHER_INFO |
| 2015-10-29 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-604.nasl - Type : ACT_GATHER_INFO |
| 2015-07-16 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_ca139c7f2a8c11e5a4a5002590263bf5.nasl - Type : ACT_GATHER_INFO |
| 2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_tomcat_20140522.nasl - Type : ACT_GATHER_INFO |
| 2014-11-12 | Name : The remote Fedora host is missing a security update. File : fedora_2014-13777.nasl - Type : ACT_GATHER_INFO |
| 2014-11-07 | Name : The remote Fedora host is missing a security update. File : fedora_2014-13764.nasl - Type : ACT_GATHER_INFO |
| 2014-04-01 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0343.nasl - Type : ACT_GATHER_INFO |
| 2014-04-01 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0344.nasl - Type : ACT_GATHER_INFO |
| 2014-02-25 | Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_6_0_39.nasl - Type : ACT_GATHER_INFO |
| 2013-08-11 | Name : The remote web server may be affected by multiple vulnerabilities. File : oracle_http_server_cpu_jul_2013.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0327.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0533.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0534.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0556.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0569.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0871.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0889.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0890.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0146.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0263.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0523.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20070626_httpd_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20070627_httpd_on_SL3.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20070717_tomcat_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20070920_php_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20070926_php_on_SL3.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080228_gd_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2011-11-18 | Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_4_1_36.nasl - Type : ACT_GATHER_INFO |
| 2011-11-18 | Name : The remote web server is affected by an HTTP request smuggling vulnerability. File : tomcat_5_5_23.nasl - Type : ACT_GATHER_INFO |
| 2011-11-18 | Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_6_0_13.nasl - Type : ACT_GATHER_INFO |
| 2010-12-07 | Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_5_5_25.nasl - Type : ACT_GATHER_INFO |
| 2010-09-13 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-176.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_5_5_26.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_6_0_16.nasl - Type : ACT_GATHER_INFO |
| 2010-06-16 | Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_4_1_37.nasl - Type : ACT_GATHER_INFO |
| 2010-06-11 | Name : The remote web server is affected by multiple vulnerabilities. File : tomcat_5_5_21.nasl - Type : ACT_GATHER_INFO |
| 2010-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-1069.nasl - Type : ACT_GATHER_INFO |
| 2010-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0261.nasl - Type : ACT_GATHER_INFO |
| 2010-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0524.nasl - Type : ACT_GATHER_INFO |
| 2010-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0630.nasl - Type : ACT_GATHER_INFO |
| 2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0871.nasl - Type : ACT_GATHER_INFO |
| 2010-01-04 | Name : The remote web server is affected by a directory traversal vulnerability. File : tomcat_proxy_directory_traversal.nasl - Type : ACT_ATTACK |
| 2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12049.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12078.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12116.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_websphere-as_ce-5850.nasl - Type : ACT_GATHER_INFO |
| 2009-07-27 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2008-0002.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-241.nasl - Type : ACT_GATHER_INFO |
| 2008-09-17 | Name : The remote Fedora host is missing a security update. File : fedora_2008-8130.nasl - Type : ACT_GATHER_INFO |
| 2008-07-01 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_5_4.nasl - Type : ACT_GATHER_INFO |
| 2008-07-01 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-004.nasl - Type : ACT_GATHER_INFO |
| 2008-05-29 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_5_3.nasl - Type : ACT_GATHER_INFO |
| 2008-05-29 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-003.nasl - Type : ACT_GATHER_INFO |
| 2008-03-28 | Name : The remote openSUSE host is missing a security update. File : suse_tomcat55-5069.nasl - Type : ACT_GATHER_INFO |
| 2008-03-26 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_tomcat5-5070.nasl - Type : ACT_GATHER_INFO |
| 2008-03-26 | Name : The remote openSUSE host is missing a security update. File : suse_tomcat5-5071.nasl - Type : ACT_GATHER_INFO |
| 2008-03-04 | Name : The remote openSUSE host is missing a security update. File : suse_apache2-mod_jk-4997.nasl - Type : ACT_GATHER_INFO |
| 2008-02-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0146.nasl - Type : ACT_GATHER_INFO |
| 2008-02-29 | Name : The remote openSUSE host is missing a security update. File : suse_apache2-mod_jk-4992.nasl - Type : ACT_GATHER_INFO |
| 2008-02-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0146.nasl - Type : ACT_GATHER_INFO |
| 2008-02-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_tomcat5-4990.nasl - Type : ACT_GATHER_INFO |
| 2008-02-18 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-045-03.nasl - Type : ACT_GATHER_INFO |
| 2008-02-14 | Name : The remote Fedora host is missing a security update. File : fedora_2008-1467.nasl - Type : ACT_GATHER_INFO |
| 2008-02-14 | Name : The remote Fedora host is missing a security update. File : fedora_2008-1603.nasl - Type : ACT_GATHER_INFO |
| 2008-01-27 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1468.nasl - Type : ACT_GATHER_INFO |
| 2008-01-27 | Name : The remote openSUSE host is missing a security update. File : suse_apache2-mod_php5-4909.nasl - Type : ACT_GATHER_INFO |
| 2008-01-08 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1453.nasl - Type : ACT_GATHER_INFO |
| 2008-01-07 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1447.nasl - Type : ACT_GATHER_INFO |
| 2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-4669.nasl - Type : ACT_GATHER_INFO |
| 2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_gd-3748.nasl - Type : ACT_GATHER_INFO |
| 2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_php5-3754.nasl - Type : ACT_GATHER_INFO |
| 2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_tomcat5-3951.nasl - Type : ACT_GATHER_INFO |
| 2007-12-04 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-549-2.nasl - Type : ACT_GATHER_INFO |
| 2007-11-30 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-549-1.nasl - Type : ACT_GATHER_INFO |
| 2007-11-20 | Name : The remote Fedora host is missing a security update. File : fedora_2007-3456.nasl - Type : ACT_GATHER_INFO |
| 2007-11-20 | Name : The remote Fedora host is missing a security update. File : fedora_2007-3474.nasl - Type : ACT_GATHER_INFO |
| 2007-11-20 | Name : The remote openSUSE host is missing a security update. File : suse_apache2-4666.nasl - Type : ACT_GATHER_INFO |
| 2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-455-1.nasl - Type : ACT_GATHER_INFO |
| 2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-473-1.nasl - Type : ACT_GATHER_INFO |
| 2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-499-1.nasl - Type : ACT_GATHER_INFO |
| 2007-11-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200711-06.nasl - Type : ACT_GATHER_INFO |
| 2007-11-06 | Name : The remote Fedora host is missing a security update. File : fedora_2007-0704.nasl - Type : ACT_GATHER_INFO |
| 2007-11-06 | Name : The remote Fedora host is missing a security update. File : fedora_2007-2214.nasl - Type : ACT_GATHER_INFO |
| 2007-11-06 | Name : The remote Fedora host is missing a security update. File : fedora_2007-2215.nasl - Type : ACT_GATHER_INFO |
| 2007-10-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0888.nasl - Type : ACT_GATHER_INFO |
| 2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_apache2-mod_php5-3289.nasl - Type : ACT_GATHER_INFO |
| 2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_gd-3700.nasl - Type : ACT_GATHER_INFO |
| 2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_gd-3747.nasl - Type : ACT_GATHER_INFO |
| 2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_php5-3745.nasl - Type : ACT_GATHER_INFO |
| 2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_php5-3753.nasl - Type : ACT_GATHER_INFO |
| 2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_tomcat5-3950.nasl - Type : ACT_GATHER_INFO |
| 2007-10-09 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200710-02.nasl - Type : ACT_GATHER_INFO |
| 2007-10-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0889.nasl - Type : ACT_GATHER_INFO |
| 2007-09-26 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0871.nasl - Type : ACT_GATHER_INFO |
| 2007-09-26 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0889.nasl - Type : ACT_GATHER_INFO |
| 2007-09-25 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-709.nasl - Type : ACT_GATHER_INFO |
| 2007-09-24 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0890.nasl - Type : ACT_GATHER_INFO |
| 2007-09-24 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-187.nasl - Type : ACT_GATHER_INFO |
| 2007-09-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0890.nasl - Type : ACT_GATHER_INFO |
| 2007-09-14 | Name : The remote web server is affected by multiple vulnerabilities. File : apache_2_2_6.nasl - Type : ACT_GATHER_INFO |
| 2007-09-14 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_71d903fc602d11dc898c001921ab2fa4.nasl - Type : ACT_GATHER_INFO |
| 2007-09-14 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_c115271d602b11dc898c001921ab2fa4.nasl - Type : ACT_GATHER_INFO |
| 2007-09-03 | Name : The remote web server uses a version of PHP that is affected by multiple flaws. File : php_5_2_4.nasl - Type : ACT_GATHER_INFO |
| 2007-08-21 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200708-15.nasl - Type : ACT_GATHER_INFO |
| 2007-08-13 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200708-05.nasl - Type : ACT_GATHER_INFO |
| 2007-08-02 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2007-007.nasl - Type : ACT_GATHER_INFO |
| 2007-07-27 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0569.nasl - Type : ACT_GATHER_INFO |
| 2007-07-27 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_872623af39ec11dcb8cc000fea449b8a.nasl - Type : ACT_GATHER_INFO |
| 2007-07-27 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_ab2575d639f011dcb8cc000fea449b8a.nasl - Type : ACT_GATHER_INFO |
| 2007-07-18 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-615.nasl - Type : ACT_GATHER_INFO |
| 2007-07-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0569.nasl - Type : ACT_GATHER_INFO |
| 2007-07-05 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-140.nasl - Type : ACT_GATHER_INFO |
| 2007-07-03 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-617.nasl - Type : ACT_GATHER_INFO |
| 2007-06-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0533.nasl - Type : ACT_GATHER_INFO |
| 2007-06-29 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0533.nasl - Type : ACT_GATHER_INFO |
| 2007-06-27 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0534.nasl - Type : ACT_GATHER_INFO |
| 2007-06-27 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0556.nasl - Type : ACT_GATHER_INFO |
| 2007-06-27 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0532.nasl - Type : ACT_GATHER_INFO |
| 2007-06-27 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0534.nasl - Type : ACT_GATHER_INFO |
| 2007-06-27 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0556.nasl - Type : ACT_GATHER_INFO |
| 2007-06-21 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1312.nasl - Type : ACT_GATHER_INFO |
| 2007-06-18 | Name : The remote Apache Tomcat web server contains a JSP application that is affect... File : tomcat_snoop_uri_xss.nasl - Type : ACT_ATTACK |
| 2007-06-14 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-122.nasl - Type : ACT_GATHER_INFO |
| 2007-06-14 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-123.nasl - Type : ACT_GATHER_INFO |
| 2007-06-14 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-124.nasl - Type : ACT_GATHER_INFO |
| 2007-06-05 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_d9405748134211dca35c001485ab073e.nasl - Type : ACT_GATHER_INFO |
| 2007-06-04 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2007-152-01.nasl - Type : ACT_GATHER_INFO |
| 2007-06-02 | Name : The remote web server uses a version of PHP that is affected by multiple flaws. File : php_5_2_3.nasl - Type : ACT_GATHER_INFO |
| 2007-05-29 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200705-19.nasl - Type : ACT_GATHER_INFO |
| 2007-05-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0327.nasl - Type : ACT_GATHER_INFO |
| 2007-05-21 | Name : The remote web server contains a JSP application that is affected by a cross-... File : tomcat_sample_hello_xss.nasl - Type : ACT_ATTACK |
| 2007-05-16 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0327.nasl - Type : ACT_GATHER_INFO |
| 2007-05-02 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200705-03.nasl - Type : ACT_GATHER_INFO |
| 2007-04-30 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1283.nasl - Type : ACT_GATHER_INFO |
| 2007-04-30 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-089.nasl - Type : ACT_GATHER_INFO |
| 2007-04-02 | Name : The remote web server uses a version of PHP that is affected by multiple flaws. File : php_4_4_5.nasl - Type : ACT_GATHER_INFO |
| 2007-04-02 | Name : The remote web server uses a version of PHP that is affected by multiple flaws. File : php_5_2_1.nasl - Type : ACT_GATHER_INFO |
| 2007-03-18 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200703-16.nasl - Type : ACT_GATHER_INFO |
| 2007-03-15 | Name : The remote web server includes a module that is affected by an overflow vulne... File : mod_jk_long_url_overflow.nasl - Type : ACT_ATTACK |
| 2007-03-06 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_cf86c644cb6c11db8e9d000c6ec775d9.nasl - Type : ACT_GATHER_INFO |
