Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Bugzilla: Multiple vulnerabilities
Informations
Name GLSA-201110-03 First vendor Publication 2011-10-09
Vendor Gentoo Last vendor Modification 2011-10-10
Severity (Vendor) Normal Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

Multiple vulnerabilities were found in Bugzilla, the worst of which leading to privilege escalation.

Background

Bugzilla is the bug-tracking system from the Mozilla project.

Description

Multiple vulnerabilities have been discovered in Bugzilla. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could conduct cross-site scripting attacks, conduct script insertion and spoofing attacks, hijack the authentication of arbitrary users, inject arbitrary HTTP headers, obtain access to arbitrary accounts, disclose the existence of confidential groups and its names, or inject arbitrary e-mail headers.

A local attacker could disclose the contents of temporarfy files for uploaded attachments.

Workaround

There is no known workaround at this time.

Resolution

All Bugzilla users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/bugzilla-3.6.6"

NOTE: This is a legacy GLSA. Updates for all affected architectures are available since August 27, 2011. It is likely that your system is already no longer affected by this issue.

References

[ 1 ] CVE-2010-2761 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2761
[ 2 ] CVE-2010-3172 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3172
[ 3 ] CVE-2010-3764 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3764
[ 4 ] CVE-2010-4411 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4411
[ 5 ] CVE-2010-4567 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4567
[ 6 ] CVE-2010-4568 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4568
[ 7 ] CVE-2010-4569 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4569
[ 8 ] CVE-2010-4570 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4570
[ 9 ] CVE-2010-4572 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4572
[ 10 ] CVE-2011-0046 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0046
[ 11 ] CVE-2011-0048 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0048
[ 12 ] CVE-2011-2379 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2379
[ 13 ] CVE-2011-2380 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2380
[ 14 ] CVE-2011-2381 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2381
[ 15 ] CVE-2011-2976 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2976
[ 16 ] CVE-2011-2977 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2977
[ 17 ] CVE-2011-2978 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2978
[ 18 ] CVE-2011-2979 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2979

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201110-03.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-201110-03.xml

CWE : Common Weakness Enumeration

% Id Name
40 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)
27 % CWE-94 Failure to Control Generation of Code ('Code Injection')
13 % CWE-200 Information Exposure
7 % CWE-352 Cross-Site Request Forgery (CSRF) (CWE/SANS Top 25)
7 % CWE-264 Permissions, Privileges, and Access Controls
7 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:14859
 
Oval ID: oval:org.mitre.oval:def:14859
Title: DSA-2322-1 bugzilla -- several
Description: Several vulnerabilities were discovered in Bugzilla, a web-based bug tracking system. CVE-2010-4572 By inserting particular strings into certain URLs, it was possible to inject both headers and content to any browser. CVE-2010-4567, CVE-2011-0048 Bugzilla has a "URL" field that can contain several types of URL, including "javascript:" and "data:" URLs. However, it does not make "javascript:" and "data:" URLs into clickable links, to protect against cross-site scripting attacks or other attacks. It was possible to bypass this protection by adding spaces into the URL in places that Bugzilla did not expect them. Also, "javascript:" and "data:" links were *always* shown as clickable to logged-out users. CVE-2010-4568 It was possible for a user to gain unauthorised access to any Bugzilla account in a very short amount of time. CVE-2011-0046 Various pages were vulnerable to Cross-Site Request Forgery attacks. Most of these issues are not as serious as previous CSRF vulnerabilities. CVE-2011-2978 When a user changes his email address, Bugzilla trusts a user-modifiable field for obtaining the current e-mail address to send a confirmation message to. If an attacker has access to the session of another user , the attacker could alter this field to cause the email-change notification to go to their own address. This means that the user would not be notified that his account had its email address changed by the attacker. CVE-2011-2381 For flagmails only, attachment descriptions with a newline in them could lead to the injection of crafted headers in email notifications when an attachment flag is edited. CVE-2011-2379 Bugzilla uses an alternate host for attachments when viewing them in raw format to prevent cross-site scripting attacks. This alternate host is now also used when viewing patches in "Raw Unified" mode because Internet Explorer 8 and older, and Safari before 5.0.6 do content sniffing, which could lead to the execution of malicious code. CVE-2011-2380 CVE-201-2979 Normally, a group name is confidential and is only visible to members of the group, and to non-members if the group is used in bugs. By crafting the URL when creating or editing a bug, it was possible to guess if a group existed or not, even for groups which weren't used in bugs and so which were supposed to remain confidential.
Family: unix Class: patch
Reference(s): DSA-2322-1
CVE-2010-4567
CVE-2010-4568
CVE-2010-4572
CVE-2011-0046
CVE-2011-0048
CVE-2011-2379
CVE-2011-2380
CVE-2011-2381
CVE-2011-2978
CVE-2011-2979
 Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
 Product(s): bugzilla
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20547
 
Oval ID: oval:org.mitre.oval:def:20547
Title: VMware vSphere and vCOps updates to third party libraries
Description: The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172.
Family: unix Class: vulnerability
Reference(s): CVE-2010-2761
 Version: 4
Platform(s): VMWare ESX Server 4.1
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 20
Application 154
Application 198
Application 133
Application 159
Os 1

OpenVAS Exploits

Date Description
2012-08-31 Name : VMSA-2012-0013 VMware vSphere and vCOps updates to third party libraries.
File : nvt/gb_VMSA-2012-0013.nasl
2012-07-30 Name : CentOS Update for perl CESA-2011:1797 centos4 x86_64
File : nvt/gb_CESA-2011_1797_perl_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for perl CESA-2011:1797 centos5 x86_64
File : nvt/gb_CESA-2011_1797_perl_centos5_x86_64.nasl
2012-07-09 Name : RedHat Update for perl RHSA-2011:0558-01
File : nvt/gb_RHSA-2011_0558-01_perl.nasl
2012-04-02 Name : Fedora Update for bugzilla FEDORA-2011-10399
File : nvt/gb_fedora_2011_10399_bugzilla_fc16.nasl
2012-02-12 Name : Gentoo Security Advisory GLSA 201110-03 (bugzilla)
File : nvt/glsa_201110_03.nasl
2011-12-12 Name : CentOS Update for perl CESA-2011:1797 centos4 i386
File : nvt/gb_CESA-2011_1797_perl_centos4_i386.nasl
2011-12-12 Name : CentOS Update for perl CESA-2011:1797 centos5 i386
File : nvt/gb_CESA-2011_1797_perl_centos5_i386.nasl
2011-12-09 Name : RedHat Update for perl RHSA-2011:1797-01
File : nvt/gb_RHSA-2011_1797-01_perl.nasl
2011-10-16 Name : Debian Security Advisory DSA 2322-1 (bugzilla)
File : nvt/deb_2322_1.nasl
2011-09-21 Name : FreeBSD Ports: bugzilla
File : nvt/freebsd_bugzilla13.nasl
2011-08-24 Name : Fedora Update for bugzilla FEDORA-2011-10426
File : nvt/gb_fedora_2011_10426_bugzilla_fc15.nasl
2011-08-24 Name : Fedora Update for bugzilla FEDORA-2011-10413
File : nvt/gb_fedora_2011_10413_bugzilla_fc14.nasl
2011-08-22 Name : Bugzilla Multiple Security Vulnerabilities
File : nvt/gb_bugzilla_49042.nasl
2011-05-10 Name : Ubuntu Update for perl USN-1129-1
File : nvt/gb_ubuntu_USN_1129_1.nasl
2011-03-05 Name : FreeBSD Ports: bugzilla
File : nvt/freebsd_bugzilla12.nasl
2011-02-04 Name : Fedora Update for perl-CGI FEDORA-2011-0640
File : nvt/gb_fedora_2011_0640_perl-CGI_fc14.nasl
2011-02-04 Name : Fedora Update for perl-CGI FEDORA-2011-0654
File : nvt/gb_fedora_2011_0654_perl-CGI_fc13.nasl
2011-02-04 Name : Fedora Update for bugzilla FEDORA-2011-0741
File : nvt/gb_fedora_2011_0741_bugzilla_fc14.nasl
2011-01-31 Name : Fedora Update for perl-CGI-Simple FEDORA-2011-0631
File : nvt/gb_fedora_2011_0631_perl-CGI-Simple_fc13.nasl
2011-01-31 Name : Fedora Update for perl-CGI-Simple FEDORA-2011-0653
File : nvt/gb_fedora_2011_0653_perl-CGI-Simple_fc14.nasl
2011-01-26 Name : Bugzilla Multiple Vulnerabilities
File : nvt/gb_bugzilla_45982.nasl
2011-01-21 Name : Mandriva Update for perl-CGI MDVSA-2011:008 (perl-CGI)
File : nvt/gb_mandriva_MDVSA_2011_008.nasl
2010-12-28 Name : Mandriva Update for perl-CGI-Simple MDVSA-2010:252 (perl-CGI-Simple)
File : nvt/gb_mandriva_MDVSA_2010_252.nasl
2010-12-23 Name : Mandriva Update for perl-CGI-Simple MDVSA-2010:250 (perl-CGI-Simple)
File : nvt/gb_mandriva_MDVSA_2010_250.nasl
2010-12-02 Name : Fedora Update for bugzilla FEDORA-2010-17274
File : nvt/gb_fedora_2010_17274_bugzilla_fc14.nasl
2010-12-02 Name : Perl CGI.pm Header Values Newline Handling Unspecified Security Vulnerability
File : nvt/gb_perl_CGI_45145.nasl
2010-11-23 Name : Mandriva Update for perl-CGI MDVSA-2010:237 (perl-CGI)
File : nvt/gb_mandriva_MDVSA_2010_237.nasl
2010-11-16 Name : Fedora Update for bugzilla FEDORA-2010-17280
File : nvt/gb_fedora_2010_17280_bugzilla_fc13.nasl
2010-11-16 Name : Fedora Update for bugzilla FEDORA-2010-17235
File : nvt/gb_fedora_2010_17235_bugzilla_fc12.nasl
2010-11-05 Name : Bugzilla Response Splitting and Security Bypass Vulnerabilities
File : nvt/gb_bugzilla_44618.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
74303 Bugzilla BUGLIST Cookie XSS
74302 Bugzilla Temporary Attachment File Local Disclosure
74301 Bugzilla Account Email Change Notification Weakness
74300 Bugzilla Flagmail Attachment Description Header CRLF Injection
74299 Bugzilla Custom Search URL Parsing Group Name Disclosure
74298 Bugzilla Bug Creation / Editing URL Parsing Group Name Disclosure
74297 Bugzilla Patch Attachment Raw Unified Viewing Mode XSS

Bugzilla contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate input passed via patch attachments when viewing them in Raw Unified mode. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
70710 Bugzilla quips.cgi Quip Moderation CSRF

Bugzilla contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the 'quips.cgi' script does not require multiple steps or explicit confirmation for sensitive transactions for the manipulation of quips. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.
70709 Bugzilla colchange.cgi Column Manipulation CSRF

Bugzilla contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the 'colchange.cgi' script does not require multiple steps or explicit confirmation for sensitive transactions for the manipulation of columns. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.
70708 Bugzilla chart.cgi Chart Manipulation CSRF

Bugzilla contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the 'chart.cgi' script does not require multiple steps or explicit confirmation for sensitive transactions for the manipulation of charts. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.
70707 Bugzilla sanitycheck.cgi Authentication Hijack CSRF

Bugzilla contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the 'sanitycheck.cgi' script does not require multiple steps or explicit confirmation for certain sensitive transactions, allowing for the hijacking of arbitrary user's authentication. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.
70706 Bugzilla votes.cgi Authentication Hijack CSRF

Bugzilla contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the 'votes.cgi' script does not require multiple steps or explicit confirmation for certain sensitive transactions, allowing for the hijacking of arbitrary user's authentication. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.
70705 Bugzilla buglist.cgi Saved Search Addition CSRF

Bugzilla contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the 'buglist.cgi' script does not require multiple steps or explicit confirmation for sensitive transactions for the addition of saved searches to a user's profile. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.
70704 Bugzilla Multiple URI Clickable Link bug_file_loc Field XSS

Bugzilla contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application creates a clickable link for javascript: or data: URI in the 'bug_file_loc' URL field, which is not santised before being returned to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
70703 Bugzilla chart.cgi Query String HTTP Response Splitting CRLF Injection

Bugzilla contains a flaw related to 'chart.cgi'. This may allow a remote attacker to conduct HTTP response splitting attacks via the query string and inject arbitrary HTTP headers.
70702 Bugzilla YUI DataTable Widget Duplicate Detection Summary Field XSS

Bugzilla contains a flaw in the duplicate-detection functionality that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'summary' field before returning it to the user, due to the YUI DataTable widget's rendering of strings as text. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
70701 Bugzilla YUI AutoComplete Widget User Account Real Name Field XSS

Bugzilla contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'real name' field of a user account before returning it to the user when using the YUI AutoComplete widget, which renders textual data as HTML markup. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
70700 Bugzilla srand Function Cookie / Token Random Value Weakness Arbitrary Accoun...

Bugzilla contains a flaw related to the generating of random values for cookies and tokens. This may allow a remote attacker to obtain access to arbitrary accounts via a vector related to insufficiently random calls to the srand function.
70699 Bugzilla Multiple URI Preceding Whitespace bug_file_loc Field XSS

Bugzilla contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not properly handle whitespace preceding javascript: or data: URI, allowing a remote attacker to conduct an XSS attack via the URL (bug_file_loc) field. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
69588 CGI.pm multipart_init() Function multipart/x-mixed-replace MIME Type HTTP Hea...

CGI.pm contains a flaw related to the 'multipart_init()' function when handing a message with 'multipart/x-mixed-replace' MIME type. This may allow a remote attacker to inject arbitrary HTTP headers in a response to the user.
69222 Bugzilla Old Charts Predictable Graph Filenames Remote Information Disclosure

Bugzilla contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when the Old Charts implementation uses predictable names for files in 'graphs/', which will disclose graphs and product names to a remote attacker via a crafted URL.
69221 Bugzilla Server Push Crafted URL Response Splitting CRLF Injection

Bugzilla contains a flaw when Server Push is enabled. The issue is triggered when a remote attakcer injects arbitrary HTTP headers and content with a crafted URL. This may allow an attacker to conduct HTTP response splitting attacks. This may lead to XSS or other vulnerabilities.

Information Assurance Vulnerability Management (IAVM)

Date Description
2012-09-27 IAVM : 2012-A-0153 - Multiple Vulnerabilities in VMware ESX 4.0 and ESXi 4.0
Severity : Category I - VMSKEY : V0033884
2012-09-13 IAVM : 2012-A-0148 - Multiple Vulnerabilities in VMware ESXi 4.1 and ESX 4.1
Severity : Category I - VMSKEY : V0033794

Nessus® Vulnerability Scanner

Date Description
2016-02-29 Name : The remote VMware ESX / ESXi host is missing a security-related patch.
File : vmware_VMSA-2012-0013_remote.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_perl-CGI-Simple-110127.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_perl-CGI-Simple-110107.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_perl-110112.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-1797.nasl - Type : ACT_GATHER_INFO
2012-08-31 Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2012-0013.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20111208_perl_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110519_perl_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2011-12-12 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-1797.nasl - Type : ACT_GATHER_INFO
2011-12-09 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1797.nasl - Type : ACT_GATHER_INFO
2011-10-11 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2322.nasl - Type : ACT_GATHER_INFO
2011-10-11 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201110-03.nasl - Type : ACT_GATHER_INFO
2011-08-23 Name : The remote Fedora host is missing a security update.
File : fedora_2011-10399.nasl - Type : ACT_GATHER_INFO
2011-08-20 Name : The remote Fedora host is missing a security update.
File : fedora_2011-10413.nasl - Type : ACT_GATHER_INFO
2011-08-20 Name : The remote Fedora host is missing a security update.
File : fedora_2011-10426.nasl - Type : ACT_GATHER_INFO
2011-08-15 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_dc8741b9c5d511e08a8e00151735203a.nasl - Type : ACT_GATHER_INFO
2011-06-13 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1129-1.nasl - Type : ACT_GATHER_INFO
2011-05-20 Name : The remote host is missing the patch for the advisory RHSA-2011-0558
File : redhat-RHSA-2011-0558.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_perl-CGI-Simple-110127.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_perl-CGI-Simple-110107.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_perl-110112.nasl - Type : ACT_GATHER_INFO
2011-02-03 Name : The remote Fedora host is missing a security update.
File : fedora_2011-0741.nasl - Type : ACT_GATHER_INFO
2011-02-03 Name : The remote Fedora host is missing a security update.
File : fedora_2011-0755.nasl - Type : ACT_GATHER_INFO
2011-02-01 Name : The remote Fedora host is missing a security update.
File : fedora_2011-0640.nasl - Type : ACT_GATHER_INFO
2011-02-01 Name : The remote Fedora host is missing a security update.
File : fedora_2011-0654.nasl - Type : ACT_GATHER_INFO
2011-01-31 Name : The remote Fedora host is missing a security update.
File : fedora_2011-0653.nasl - Type : ACT_GATHER_INFO
2011-01-31 Name : The remote Fedora host is missing a security update.
File : fedora_2011-0631.nasl - Type : ACT_GATHER_INFO
2011-01-28 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-008.nasl - Type : ACT_GATHER_INFO
2011-01-26 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_c8c927e5289111e08f2600151735203a.nasl - Type : ACT_GATHER_INFO
2011-01-21 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_perl-110112.nasl - Type : ACT_GATHER_INFO
2011-01-21 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_perl-7316.nasl - Type : ACT_GATHER_INFO
2010-11-16 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-237.nasl - Type : ACT_GATHER_INFO
2010-11-15 Name : The remote Fedora host is missing a security update.
File : fedora_2010-17280.nasl - Type : ACT_GATHER_INFO
2010-11-15 Name : The remote Fedora host is missing a security update.
File : fedora_2010-17274.nasl - Type : ACT_GATHER_INFO
2010-11-15 Name : The remote Fedora host is missing a security update.
File : fedora_2010-17235.nasl - Type : ACT_GATHER_INFO
2010-11-15 Name : A web application is affected by a response splitting vulnerability.
File : bugzilla_response_splitting.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:36:59
  • Multiple Updates