Executive Summary
| Summary | |
|---|---|
| Title | HP Onboard Administrator (OA), Remote Unauthorized Access to Data, Unauthorized Disclosure of Information Denial of Service (DoS) |
| Informations | |||
|---|---|---|---|
| Name | HPSBMU02776 SSRT100852 | First vendor Publication | 2012-06-07 |
| Vendor | HP | Last vendor Modification | 2012-06-07 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 7.8 | Attack Range | Network |
| Cvss Impact Score | 6.9 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Potential security vulnerabilities have been identified with HP Onboard Administrator (OA). The vulnerabilities could be exploited remotely resulting in unauthorized access to data, unauthorized disclosure of information, and Denial of Service (DoS). |
Original Source
| Url : http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03315912 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 30 % | CWE-399 | Resource Management Errors |
| 30 % | CWE-310 | Cryptographic Issues |
| 10 % | CWE-476 | NULL Pointer Dereference |
| 10 % | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
| 10 % | CWE-264 | Permissions, Privileges, and Access Controls |
| 10 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:15135 | |||
| Oval ID: | oval:org.mitre.oval:def:15135 | ||
| Title: | DSA-2298-2 apache2 -- denial of service | ||
| Description: | The apache2 Upgrade from DSA-2298-1 has caused a regression that prevented some video players from seeking in video files served by Apache HTTPD. This update fixes this bug. The text of the original advisory is reproduced for reference: Two issues have been found in the Apache HTTPD web server: CVE-2011-3192 A vulnerability has been found in the way the multiple overlapping ranges are handled by the Apache HTTPD server. This vulnerability allows an attacker to cause Apache HTTPD to use an excessive amount of memory, causing a denial of service. CVE-2010-1452 A vulnerability has been found in mod_dav that allows an attacker to cause a daemon crash, causing a denial of service. This issue only affects the Debian 5.0 oldstable/lenny distribution. The regression has been fixed in the following packages: For the oldstable distribution, this problem has been fixed in version 2.2.9-10+lenny11. For the stable distribution, this problem has been fixed in version 2.2.16-6+squeeze3. For the testing distribution, this problem will be fixed in version 2.2.20-1. For the unstable distribution, this problem has been fixed in version 2.2.20-1. We recommend that you upgrade your apache2 packages. This update also contains updated apache2-mpm-itk packages which have been recompiled against the updated apache2 packages. The new version number | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2298-2 CVE-2010-1452 CVE-2011-3192 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | apache2 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:15145 | |||
| Oval ID: | oval:org.mitre.oval:def:15145 | ||
| Title: | DSA-2298-1 apache2 -- denial of service | ||
| Description: | Two issues have been found in the Apache HTTPD web server: CVE-2011-3192 A vulnerability has been found in the way the multiple overlapping ranges are handled by the Apache HTTPD server. This vulnerability allows an attacker to cause Apache HTTPD to use an excessive amount of memory, causing a denial of service. CVE-2010-1452 A vulnerability has been found in mod_dav that allows an attacker to cause a daemon crash, causing a denial of service. This issue only affects the Debian 5.0 oldstable/lenny distribution. For the oldstable distribution, these problems have been fixed in version 2.2.9-10+lenny10. For the stable distribution, this problem has been fixed in version 2.2.16-6+squeeze2. For the testing distribution, this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 2.2.19-2. We recommend that you upgrade your apache2 packages. This update also contains updated apache2-mpm-itk packages which have been recompiled against the updated apache2 packages. The new version number | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2298-1 CVE-2010-1452 CVE-2011-3192 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | apache2 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:15257 | |||
| Oval ID: | oval:org.mitre.oval:def:15257 | ||
| Title: | DSA-2392-1 openssl -- out-of-bounds read | ||
| Description: | Antonio Martin discovered a denial-of-service vulnerability in OpenSSL, an implementation of TLS and related protocols. A malicious client can cause the DTLS server implementation to crash. Regular, TCP-based TLS is not affected by this issue. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2392-1 CVE-2012-0050 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | openssl |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:15282 | |||
| Oval ID: | oval:org.mitre.oval:def:15282 | ||
| Title: | USN-1368-1 -- Apache HTTP Server vulnerabilities | ||
| Description: | apache2: Apache HTTP server Several security issues were fixed in the Apache HTTP Server. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1368-1 CVE-2011-3607 CVE-2011-4317 CVE-2012-0021 CVE-2012-0031 CVE-2012-0053 | Version: | 5 |
| Platform(s): | Ubuntu 11.04 Ubuntu 11.10 Ubuntu 8.04 Ubuntu 10.04 Ubuntu 10.10 | Product(s): | Apache |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:15286 | |||
| Oval ID: | oval:org.mitre.oval:def:15286 | ||
| Title: | DSA-2390-1 openssl -- several | ||
| Description: | Several vulnerabilities were discovered in OpenSSL, an implementation of TLS and related protocols. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CVE-2011-4108 The DTLS implementation performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack. CVE-2011-4109 A double free vulnerability when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to cause applications crashes and potentially allow execution of arbitrary code by triggering failure of a policy check. CVE-2011-4354 On 32-bit systems, the operations on NIST elliptic curves P-256 and P-384 are not correctly implemented, potentially leaking the private ECC key of a TLS server. CVE-2011-4576 The SSL 3.0 implementation does not properly initialise data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer. CVE-2011-4619 The Server Gated Cryptography implementation in OpenSSL does not properly handle handshake restarts, unnecessarily simplifying CPU exhaustion attacks. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2390-1 CVE-2011-4108 CVE-2011-4109 CVE-2011-4354 CVE-2011-4576 CVE-2011-4619 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | openssl |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:15347 | |||
| Oval ID: | oval:org.mitre.oval:def:15347 | ||
| Title: | USN-1199-1 -- Apache vulnerability | ||
| Description: | apache2: Apache HTTP server A remote attacker could send crafted input to Apache and cause it to crash. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1199-1 CVE-2011-3192 | Version: | 5 |
| Platform(s): | Ubuntu 11.04 Ubuntu 8.04 Ubuntu 10.04 Ubuntu 10.10 | Product(s): | Apache |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:15373 | |||
| Oval ID: | oval:org.mitre.oval:def:15373 | ||
| Title: | DSA-2405-1 apache2 -- multiple issues | ||
| Description: | Several vulnerabilities have been found in the Apache HTTPD Server: CVE-2011-3607: An integer overflow in ap_pregsub could allow local attackers to execute arbitrary code at elevated privileges via crafted .htaccess files. CVE-2011-3368 CVE-2011-3639 CVE-2011-4317: The Apache HTTP Server did not properly validate the request URI for proxied requests. In certain reverse proxy configurations using the ProxyPassMatch directive or using the RewriteRule directive with the [P] flag, a remote attacker could make the proxy connect to an arbitrary server. The could allow the attacker to access internal servers that are not otherwise accessible from the outside. The three CVE ids denote slightly different variants of the same issue. Note that, even with this issue fixed, it is the responsibility of the administrator to ensure that the regular expression replacement pattern for the target URI does not allow a client to append arbitrary strings to the host or port parts of the target URI. This is a violation of the privilege separation between the apache2 processes and could potentially be used to worsen the impact of other vulnerabilities. CVE-2012-0053: The response message for error code 400 could be used to expose "httpOnly" cookies. This could allow a remote attacker using cross site scripting to steal authentication cookies. For the oldstable distribution, these problems have been fixed in version apache2 2.2.9-10+lenny12. For the stable distribution, these problems have been fixed in version apache2 2.2.16-6+squeeze6 For the testing distribution, these problems will be fixed in version 2.2.22-1. For the unstable distribution, these problems have been fixed in version 2.2.22-1. We recommend that you upgrade your apache2 packages. This update also contains updated apache2-mpm-itk packages which have been recompiled against the updated apache2 packages. The new version number | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2405-1 CVE-2011-3607 CVE-2011-3368 CVE-2011-3639 CVE-2011-4317 CVE-2012-0031 CVE-2012-0053 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | apache2 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17928 | |||
| Oval ID: | oval:org.mitre.oval:def:17928 | ||
| Title: | USN-1424-1 -- openssl vulnerabilities | ||
| Description: | An application using OpenSSL could be made to crash or run programs if it opened a specially crafted file. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1424-1 CVE-2006-7250 CVE-2012-1165 CVE-2012-2110 | Version: | 7 |
| Platform(s): | Ubuntu 11.10 Ubuntu 11.04 Ubuntu 10.04 Ubuntu 8.04 | Product(s): | openssl |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18001 | |||
| Oval ID: | oval:org.mitre.oval:def:18001 | ||
| Title: | DSA-2454-1 openssl - multiple | ||
| Description: | Multiple vulnerabilities have been found in OpenSSL. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2454-1 CVE-2012-0884 CVE-2012-1165 CVE-2012-2110 CVE-2012-2131 CVE-2011-4619 | Version: | 7 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | openssl |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18827 | |||
| Oval ID: | oval:org.mitre.oval:def:18827 | ||
| Title: | Apache HTTP vulnerability 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 in VisualSVN Server (CVE-2011-3192) | ||
| Description: | The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3192 | Version: | 5 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | VisualSVN Server |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19831 | |||
| Oval ID: | oval:org.mitre.oval:def:19831 | ||
| Title: | VMware vCenter Server, ESXi and ESX address an NFC Protocol memory corruption and third party library security issues. | ||
| Description: | The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2012-2110 | Version: | 4 |
| Platform(s): | VMWare ESX Server 3.5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19936 | |||
| Oval ID: | oval:org.mitre.oval:def:19936 | ||
| Title: | DSA-2454-2 openssl - incomplete fix | ||
| Description: | Multiple vulnerabilities have been found in OpenSSL. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2454-2 CVE-2012-0884 CVE-2012-1165 CVE-2012-2110 CVE-2012-2131 CVE-2011-4619 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | openssl |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20227 | |||
| Oval ID: | oval:org.mitre.oval:def:20227 | ||
| Title: | Multiple OpenSSL vulnerabilities | ||
| Description: | The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2011-4619 | Version: | 4 |
| Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:20347 | |||
| Oval ID: | oval:org.mitre.oval:def:20347 | ||
| Title: | VMware vSphere and vCOps updates to third party libraries | ||
| Description: | OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an out-of-bounds read. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2012-0050 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20390 | |||
| Oval ID: | oval:org.mitre.oval:def:20390 | ||
| Title: | VMware vSphere and vCOps updates to third party libraries | ||
| Description: | The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2011-4576 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20409 | |||
| Oval ID: | oval:org.mitre.oval:def:20409 | ||
| Title: | VMware vSphere and vCOps updates to third party libraries | ||
| Description: | The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2011-4108 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20495 | |||
| Oval ID: | oval:org.mitre.oval:def:20495 | ||
| Title: | Multiple OpenSSL vulnerabilities | ||
| Description: | The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2011-4108 | Version: | 4 |
| Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:20668 | |||
| Oval ID: | oval:org.mitre.oval:def:20668 | ||
| Title: | VMware vSphere and vCOps updates to third party libraries | ||
| Description: | Double free vulnerability in the xfrm6_tunnel_rcv function in net/ipv6/xfrm6_tunnel.c in the Linux kernel before 2.6.22, when the xfrm6_tunnel module is enabled, allows remote attackers to cause a denial of service (panic) via crafted IPv6 packets. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2012-1583 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20716 | |||
| Oval ID: | oval:org.mitre.oval:def:20716 | ||
| Title: | VMware vSphere and vCOps updates to third party libraries | ||
| Description: | The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2012-2110 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20753 | |||
| Oval ID: | oval:org.mitre.oval:def:20753 | ||
| Title: | Multiple OpenSSL vulnerabilities | ||
| Description: | The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2012-0884 | Version: | 4 |
| Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:20756 | |||
| Oval ID: | oval:org.mitre.oval:def:20756 | ||
| Title: | VMware vSphere and vCOps updates to third party libraries | ||
| Description: | The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2011-4619 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20843 | |||
| Oval ID: | oval:org.mitre.oval:def:20843 | ||
| Title: | RHSA-2012:0128: httpd security update (Moderate) | ||
| Description: | protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2012:0128-01 CESA-2012:0128 CVE-2011-3607 CVE-2011-3639 CVE-2011-4317 CVE-2012-0031 CVE-2012-0053 | Version: | 68 |
| Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | httpd |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20877 | |||
| Oval ID: | oval:org.mitre.oval:def:20877 | ||
| Title: | Multiple OpenSSL vulnerabilities | ||
| Description: | OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an out-of-bounds read. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2012-0050 | Version: | 4 |
| Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:20887 | |||
| Oval ID: | oval:org.mitre.oval:def:20887 | ||
| Title: | Multiple OpenSSL vulnerabilities | ||
| Description: | The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2011-4576 | Version: | 4 |
| Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:21032 | |||
| Oval ID: | oval:org.mitre.oval:def:21032 | ||
| Title: | Multiple OpenSSL vulnerabilities | ||
| Description: | The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2012-2110 | Version: | 4 |
| Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:21189 | |||
| Oval ID: | oval:org.mitre.oval:def:21189 | ||
| Title: | RHSA-2012:0323: httpd security update (Moderate) | ||
| Description: | protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2012:0323-01 CVE-2011-3607 CVE-2011-3639 CVE-2012-0031 CVE-2012-0053 | Version: | 55 |
| Platform(s): | Red Hat Enterprise Linux 5 | Product(s): | httpd |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:21192 | |||
| Oval ID: | oval:org.mitre.oval:def:21192 | ||
| Title: | RHSA-2012:0059: openssl security update (Moderate) | ||
| Description: | The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2012:0059-01 CESA-2012:0059 CVE-2011-4108 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 | Version: | 55 |
| Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | openssl |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21363 | |||
| Oval ID: | oval:org.mitre.oval:def:21363 | ||
| Title: | RHSA-2012:0060: openssl security update (Moderate) | ||
| Description: | The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2012:0060-01 CESA-2012:0060 CVE-2011-4108 CVE-2011-4109 CVE-2011-4576 CVE-2011-4619 | Version: | 55 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | openssl |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21366 | |||
| Oval ID: | oval:org.mitre.oval:def:21366 | ||
| Title: | RHSA-2012:0518: openssl security update (Important) | ||
| Description: | The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2012:0518-02 CESA-2012:0518 CVE-2012-2110 | Version: | 4 |
| Platform(s): | Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 CentOS Linux 5 CentOS Linux 6 | Product(s): | openssl openssl097a openssl098e |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22002 | |||
| Oval ID: | oval:org.mitre.oval:def:22002 | ||
| Title: | RHSA-2011:1245: httpd security update (Important) | ||
| Description: | The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2011:1245-01 CVE-2011-3192 | Version: | 4 |
| Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 | Product(s): | httpd |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22855 | |||
| Oval ID: | oval:org.mitre.oval:def:22855 | ||
| Title: | DEPRECATED: ELSA-2011:1245: httpd security update (Important) | ||
| Description: | The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011:1245-01 CVE-2011-3192 | Version: | 7 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | httpd |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22998 | |||
| Oval ID: | oval:org.mitre.oval:def:22998 | ||
| Title: | ELSA-2012:0323: httpd security update (Moderate) | ||
| Description: | protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:0323-01 CVE-2011-3607 CVE-2011-3639 CVE-2012-0031 CVE-2012-0053 | Version: | 21 |
| Platform(s): | Oracle Linux 5 | Product(s): | httpd |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23304 | |||
| Oval ID: | oval:org.mitre.oval:def:23304 | ||
| Title: | DEPRECATED: ELSA-2012:0518: openssl security update (Important) | ||
| Description: | The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:0518-02 CVE-2012-2110 | Version: | 7 |
| Platform(s): | Oracle Linux 6 Oracle Linux 5 | Product(s): | openssl openssl097a openssl098e |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23401 | |||
| Oval ID: | oval:org.mitre.oval:def:23401 | ||
| Title: | ELSA-2012:0060: openssl security update (Moderate) | ||
| Description: | The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:0060-01 CVE-2011-4108 CVE-2011-4109 CVE-2011-4576 CVE-2011-4619 | Version: | 21 |
| Platform(s): | Oracle Linux 5 | Product(s): | openssl |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23476 | |||
| Oval ID: | oval:org.mitre.oval:def:23476 | ||
| Title: | ELSA-2011:1245: httpd security update (Important) | ||
| Description: | The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011:1245-01 CVE-2011-3192 | Version: | 6 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | httpd |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23704 | |||
| Oval ID: | oval:org.mitre.oval:def:23704 | ||
| Title: | ELSA-2012:0518: openssl security update (Important) | ||
| Description: | The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:0518-02 CVE-2012-2110 | Version: | 6 |
| Platform(s): | Oracle Linux 6 Oracle Linux 5 | Product(s): | openssl openssl097a openssl098e |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23836 | |||
| Oval ID: | oval:org.mitre.oval:def:23836 | ||
| Title: | ELSA-2012:0128: httpd security update (Moderate) | ||
| Description: | protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:0128-01 CVE-2011-3607 CVE-2011-3639 CVE-2011-4317 CVE-2012-0031 CVE-2012-0053 | Version: | 25 |
| Platform(s): | Oracle Linux 6 | Product(s): | httpd |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23859 | |||
| Oval ID: | oval:org.mitre.oval:def:23859 | ||
| Title: | ELSA-2012:0059: openssl security update (Moderate) | ||
| Description: | The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:0059-01 CVE-2011-4108 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 | Version: | 21 |
| Platform(s): | Oracle Linux 6 | Product(s): | openssl |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:24640 | |||
| Oval ID: | oval:org.mitre.oval:def:24640 | ||
| Title: | Vulnerability in OpenSSL before 0.9.8s and 1.x before 1.0.0f, might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer | ||
| Description: | The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-4576 | Version: | 3 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | OpenSSL |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24750 | |||
| Oval ID: | oval:org.mitre.oval:def:24750 | ||
| Title: | OpenSSL vulnerability in 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a, allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact | ||
| Description: | The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-2110 | Version: | 3 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | OpenSSL |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24765 | |||
| Oval ID: | oval:org.mitre.oval:def:24765 | ||
| Title: | Vulnerability in OpenSSL before 0.9.8s and 1.x before 1.0.0f, allows remote attackers to cause a denial of service (CPU consumption) | ||
| Description: | The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-4619 | Version: | 3 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | OpenSSL |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24936 | |||
| Oval ID: | oval:org.mitre.oval:def:24936 | ||
| Title: | Vulnerability in OpenSSL before 0.9.8s and 1.x before 1.0.0f, performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext | ||
| Description: | The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-4108 | Version: | 3 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | OpenSSL |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24989 | |||
| Oval ID: | oval:org.mitre.oval:def:24989 | ||
| Title: | OpenSSL vulnerability in 0.9.8s and 1.0.0f, allows remote attackers to cause a denial of service (crash) | ||
| Description: | OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an out-of-bounds read. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-0050 | Version: | 4 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | OpenSSL |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25037 | |||
| Oval ID: | oval:org.mitre.oval:def:25037 | ||
| Title: | Vulnerability in OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols | ||
| Description: | ** DISPUTED ** OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-5094. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-1473 | Version: | 4 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | OpenSSL |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25052 | |||
| Oval ID: | oval:org.mitre.oval:def:25052 | ||
| Title: | OpenSSL vulnerability in before 0.9.8u and 1.x before 1.0.0h makes it easier for context-dependent attackers to decrypt data | ||
| Description: | The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-0884 | Version: | 3 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | OpenSSL |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25330 | |||
| Oval ID: | oval:org.mitre.oval:def:25330 | ||
| Title: | SUSE-SU-2014:0320-1 -- Security update for gnutls | ||
| Description: | The GnuTLS library received a critical security fix and other updates. | ||
| Family: | unix | Class: | patch |
| Reference(s): | SUSE-SU-2014:0320-1 CVE-2014-0092 CVE-2009-5138 CVE-2013-2116 CVE-2013-1619 CVE-2013-0169 CVE-2012-1569 CVE-2012-1573 CVE-2012-0390 CVE-2011-4108 | Version: | 3 |
| Platform(s): | SUSE Linux Enterprise Server 10 | Product(s): | gnutls |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:27073 | |||
| Oval ID: | oval:org.mitre.oval:def:27073 | ||
| Title: | DEPRECATED: ELSA-2012-0059 -- openssl security update (moderate) | ||
| Description: | [1.0.0-20.1] - fix for CVE-2011-4108 & CVE-2012-0050 - DTLS plaintext recovery vulnerability and additional DTLS fixes (#771770) - fix for CVE-2011-4576 - uninitialized SSL 3.0 padding (#771775) - fix for CVE-2011-4577 - possible DoS through malformed RFC 3779 data (#771778) - fix for CVE-2011-4619 - SGC restart DoS attack (#771780) | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012-0059 CVE-2011-4577 CVE-2011-4108 CVE-2011-4576 CVE-2011-4619 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | openssl |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:27320 | |||
| Oval ID: | oval:org.mitre.oval:def:27320 | ||
| Title: | DEPRECATED: ELSA-2012-0323 -- httpd security update (moderate) | ||
| Description: | [2.2.3-63.0.1.el5_8.1] - Fix mod_ssl always performing full renegotiation (orabug 12423387) - replace index.html with Oracle's index page oracle_index.html - update vstring and distro in specfile [2.2.3-63.1] - add security fixes for CVE-2012-0053, CVE-2012-0031, CVE-2011-3607 (#787596) - remove patch for CVE-2011-3638, obviated by fix for CVE-2011-3639 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012-0323 CVE-2011-3607 CVE-2011-3639 CVE-2012-0031 CVE-2012-0053 | Version: | 4 |
| Platform(s): | Oracle Linux 5 | Product(s): | httpd |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:27726 | |||
| Oval ID: | oval:org.mitre.oval:def:27726 | ||
| Title: | DEPRECATED: ELSA-2012-0060 -- openssl security update (moderate) | ||
| Description: | [0.9.8e-20.1] - fix for CVE-2011-4108 & CVE-2012-0050 - DTLS plaintext recovery vulnerability and additional DTLS fixes (#771770) - fix for CVE-2011-4109 - double free in policy checks (#771771) - fix for CVE-2011-4576 - uninitialized SSL 3.0 padding (#771775) - fix for CVE-2011-4619 - SGC restart DoS attack (#771780) | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012-0060 CVE-2011-4108 CVE-2011-4109 CVE-2011-4576 CVE-2011-4619 | Version: | 4 |
| Platform(s): | Oracle Linux 5 | Product(s): | openssl |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:27811 | |||
| Oval ID: | oval:org.mitre.oval:def:27811 | ||
| Title: | DEPRECATED: ELSA-2012-0518 -- openssl security update (important) | ||
| Description: | openssl: [1.0.0-20.4] - fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio() (#814185) openssl098e: [0.9.8e-17.el6_2.2] - Updated the description [0.9.8e-17.2] - fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio() (#814185) | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012-0518 CVE-2012-2110 | Version: | 4 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | openssl openssl097a openssl098e |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27823 | |||
| Oval ID: | oval:org.mitre.oval:def:27823 | ||
| Title: | ELSA-2012-0480-1 -- kernel security, bug fix, and enhancement update (important) | ||
| Description: | [2.6.18-308.4.1.0.1.el5] - [net] bonding: fix carrier detect when bond is down [orabug 12377284] - [mm] fix hugetlb page leak (Dave McCracken) [orabug 12375075] - fix ia64 build error due to add-support-above-32-vcpus.patch(Zhenzhong Duan) - [x86] use dynamic vcpu_info remap to support more than 32 vcpus (Zhenzhong Duan) - [x86] Fix lvt0 reset when hvm boot up with noapic param - [scsi] remove printk's when doing I/O to a dead device (John Sobecki, Chris Mason) [orabug 12342275] - [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346] - [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566] - [net] net: Redo the broken redhat netconsole over bonding (Tina Yang) [orabug 12740042] - [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin) [orabug 12687646] - [scsi] fix scsi hotplug and rescan race [orabug 10260172] - fix filp_close() race (Joe Jin) [orabug 10335998] - make xenkbd.abs_pointer=1 by default [orabug 67188919] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki) [orabug 10315433] - [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258] - [mm] shrink_zone patch (John Sobecki,Chris Mason) [orabug 6086839] - fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042] - [rds] Patch rds to 1.4.2-20 (Andy Grover) [orabug 9471572, 9344105] RDS: Fix BUG_ONs to not fire when in a tasklet ipoib: Fix lockup of the tx queue RDS: Do not call set_page_dirty() with irqs off (Sherman Pun) RDS: Properly unmap when getting a remote access error (Tina Yang) RDS: Fix locking in rds_send_drop_to() - [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson) [orabug 9107465] - [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson) [orabug 9764220] - Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615] - fix overcommit memory to use percpu_counter for el5 (KOSAKI Motohiro, Guru Anbalagane) [orabug 6124033] - [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208] - [ib] fix memory corruption (Andy Grover) [orabug 9972346] | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012-0480-1 CVE-2012-1583 | Version: | 5 |
| Platform(s): | Oracle Linux 5 | Product(s): | kernel ocfs2 oracleasm kernel-PAE kernel-PAE-devel kernel-debug kernel-debug-devel kernel-devel kernel-doc kernel-headers kernel-xen kernel-xen-devel |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27894 | |||
| Oval ID: | oval:org.mitre.oval:def:27894 | ||
| Title: | DEPRECATED: ELSA-2012-0128 -- httpd security update (moderate) | ||
| Description: | [2.2.15-15.0.1.el6_2.1] - replace index.html with Oracle's index page oracle_index.html update vstring in specfile [2.2.15-15.1] - add security fixes for CVE-2011-4317, CVE-2012-0053, CVE-2012-0031, CVE-2011-3607 (#787598) - obviates fix for CVE-2011-3638, patch removed | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012-0128 CVE-2011-3607 CVE-2011-3639 CVE-2011-4317 CVE-2012-0031 CVE-2012-0053 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | httpd |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27912 | |||
| Oval ID: | oval:org.mitre.oval:def:27912 | ||
| Title: | DEPRECATED: ELSA-2012-0480 -- kernel security, bug fix, and enhancement update (important) | ||
| Description: | [2.6.18-308.4.1.el5] - [net] ipv6: fix skb double free in xfrm6_tunnel (Jiri Benc) [752305 743375] {CVE-2012-1583} [2.6.18-308.3.1.el5] - [net] be2net: cancel be_worker during EEH recovery (Ivan Vecera) [805462 773735] - [net] be2net: add vlan/rx-mode/flow-control config to be_setup (Ivan Vecera) [805462 773735] - [x86] disable TSC synchronization when using kvmclock (Marcelo Tosatti) [805460 799170] - [fs] vfs: fix LOOKUP_DIRECTORY not propagated to managed_dentry (Ian Kent) [801726 798809] - [fs] vfs: fix d_instantiate_unique (Ian Kent) [801726 798809] - [fs] nfs: allow high priority COMMITs to bypass inode commit lock (Jeff Layton) [799941 773777] - [fs] nfs: don't skip COMMITs if system under is mem pressure (Jeff Layton) [799941 773777] - [scsi] qla2xxx: Read the HCCR register to flush any PCIe writes (Chad Dupuis) [798748 772192] - [scsi] qla2xxx: Complete mbox cmd timeout before next reset cycle (Chad Dupuis) [798748 772192] - [s390] qdio: wrong buffers-used counter for ERROR buffers (Hendrik Brueckner) [801724 790840] - [net] bridge: Reset IPCB when entering IP stack (Herbert Xu) [804721 749813] - [fs] procfs: add hidepid= and gid= mount options (Jerome Marchand) [770649 770650] - [fs] procfs: parse mount options (Jerome Marchand) [770649 770650] [2.6.18-308.2.1.el5] - [fs] nfs: nfs_fhget should wait on I_NEW instead of I_LOCK (Sachin Prabhu) [795664 785062] | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012-0480 CVE-2012-1583 | Version: | 4 |
| Platform(s): | Oracle Linux 5 | Product(s): | kernel |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
ExploitDB Exploits
| id | Description |
|---|---|
| 2012-04-19 | OpenSSL ASN1 BIO Memory Corruption Vulnerability |
| 2011-12-09 | Apache HTTP Server Denial of Service |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2012-09-25 | Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2012-004) File : nvt/gb_macosx_su12-004.nasl |
| 2012-09-10 | Name : Slackware Advisory SSA:2011-252-01 httpd File : nvt/esoft_slk_ssa_2011_252_01.nasl |
| 2012-09-10 | Name : Slackware Advisory SSA:2011-284-01 httpd File : nvt/esoft_slk_ssa_2011_284_01.nasl |
| 2012-09-10 | Name : Slackware Advisory SSA:2012-041-01 httpd File : nvt/esoft_slk_ssa_2012_041_01.nasl |
| 2012-08-31 | Name : VMSA-2012-0013 VMware vSphere and vCOps updates to third party libraries. File : nvt/gb_VMSA-2012-0013.nasl |
| 2012-08-30 | Name : Fedora Update for openssl FEDORA-2012-4630 File : nvt/gb_fedora_2012_4630_openssl_fc17.nasl |
| 2012-08-30 | Name : Fedora Update for openssl FEDORA-2012-6343 File : nvt/gb_fedora_2012_6343_openssl_fc17.nasl |
| 2012-08-10 | Name : FreeBSD Ports: FreeBSD File : nvt/freebsd_FreeBSD19.nasl |
| 2012-08-10 | Name : Gentoo Security Advisory GLSA 201206-15 (libpng) File : nvt/glsa_201206_15.nasl |
| 2012-08-10 | Name : Gentoo Security Advisory GLSA 201206-25 (apache) File : nvt/glsa_201206_25.nasl |
| 2012-08-03 | Name : Mandriva Update for openssl MDVSA-2012:007 (openssl) File : nvt/gb_mandriva_MDVSA_2012_007.nasl |
| 2012-08-03 | Name : Mandriva Update for openssl MDVSA-2012:038 (openssl) File : nvt/gb_mandriva_MDVSA_2012_038.nasl |
| 2012-08-03 | Name : Mandriva Update for openssl MDVSA-2012:060 (openssl) File : nvt/gb_mandriva_MDVSA_2012_060.nasl |
| 2012-08-03 | Name : Mandriva Update for openssl0.9.8 MDVSA-2012:064 (openssl0.9.8) File : nvt/gb_mandriva_MDVSA_2012_064.nasl |
| 2012-08-02 | Name : SuSE Update for openssl openSUSE-SU-2012:0083-1 (openssl) File : nvt/gb_suse_2012_0083_1.nasl |
| 2012-08-02 | Name : SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2) File : nvt/gb_suse_2012_0314_1.nasl |
| 2012-07-30 | Name : CentOS Update for httpd CESA-2011:1245 centos4 x86_64 File : nvt/gb_CESA-2011_1245_httpd_centos4_x86_64.nasl |
| 2012-07-30 | Name : CentOS Update for httpd CESA-2011:1392 centos4 x86_64 File : nvt/gb_CESA-2011_1392_httpd_centos4_x86_64.nasl |
| 2012-07-30 | Name : CentOS Update for httpd CESA-2011:1392 centos5 x86_64 File : nvt/gb_CESA-2011_1392_httpd_centos5_x86_64.nasl |
| 2012-07-30 | Name : CentOS Update for openssl CESA-2012:0059 centos6 File : nvt/gb_CESA-2012_0059_openssl_centos6.nasl |
| 2012-07-30 | Name : CentOS Update for openssl CESA-2012:0060 centos5 File : nvt/gb_CESA-2012_0060_openssl_centos5.nasl |
| 2012-07-30 | Name : CentOS Update for openssl CESA-2012:0086 centos4 File : nvt/gb_CESA-2012_0086_openssl_centos4.nasl |
| 2012-07-30 | Name : CentOS Update for httpd CESA-2012:0128 centos6 File : nvt/gb_CESA-2012_0128_httpd_centos6.nasl |
| 2012-07-30 | Name : CentOS Update for openssl CESA-2012:0426 centos5 File : nvt/gb_CESA-2012_0426_openssl_centos5.nasl |
| 2012-07-30 | Name : CentOS Update for openssl CESA-2012:0426 centos6 File : nvt/gb_CESA-2012_0426_openssl_centos6.nasl |
| 2012-07-30 | Name : CentOS Update for kernel CESA-2012:0480 centos5 File : nvt/gb_CESA-2012_0480_kernel_centos5.nasl |
| 2012-07-30 | Name : CentOS Update for openssl097a CESA-2012:0518 centos5 File : nvt/gb_CESA-2012_0518_openssl097a_centos5.nasl |
| 2012-07-30 | Name : CentOS Update for openssl098e CESA-2012:0518 centos6 File : nvt/gb_CESA-2012_0518_openssl098e_centos6.nasl |
| 2012-07-30 | Name : CentOS Update for openssl CESA-2012:0699 centos5 File : nvt/gb_CESA-2012_0699_openssl_centos5.nasl |
| 2012-07-30 | Name : CentOS Update for openssl CESA-2012:0699 centos6 File : nvt/gb_CESA-2012_0699_openssl_centos6.nasl |
| 2012-07-09 | Name : RedHat Update for httpd RHSA-2011:1391-01 File : nvt/gb_RHSA-2011_1391-01_httpd.nasl |
| 2012-07-09 | Name : RedHat Update for openssl RHSA-2012:0059-01 File : nvt/gb_RHSA-2012_0059-01_openssl.nasl |
| 2012-07-09 | Name : RedHat Update for httpd RHSA-2012:0128-01 File : nvt/gb_RHSA-2012_0128-01_httpd.nasl |
| 2012-06-15 | Name : RedHat Update for kernel RHSA-2012:0480-01 File : nvt/gb_RHSA-2012_0480-01_kernel.nasl |
| 2012-06-04 | Name : Fedora Update for openssl FEDORA-2012-8014 File : nvt/gb_fedora_2012_8014_openssl_fc16.nasl |
| 2012-06-04 | Name : Fedora Update for openssl FEDORA-2012-8024 File : nvt/gb_fedora_2012_8024_openssl_fc15.nasl |
| 2012-06-01 | Name : RedHat Update for openssl RHSA-2012:0699-01 File : nvt/gb_RHSA-2012_0699-01_openssl.nasl |
| 2012-05-25 | Name : Ubuntu Update for openssl USN-1451-1 File : nvt/gb_ubuntu_USN_1451_1.nasl |
| 2012-05-11 | Name : Fedora Update for openssl FEDORA-2012-6395 File : nvt/gb_fedora_2012_6395_openssl_fc15.nasl |
| 2012-04-30 | Name : Debian Security Advisory DSA 2454-1 (openssl) File : nvt/deb_2454_1.nasl |
| 2012-04-30 | Name : Debian Security Advisory DSA 2454-2 (openssl) File : nvt/deb_2454_2.nasl |
| 2012-04-30 | Name : FreeBSD Ports: openssl File : nvt/freebsd_openssl7.nasl |
| 2012-04-30 | Name : FreeBSD Ports: openssl File : nvt/freebsd_openssl8.nasl |
| 2012-04-30 | Name : Fedora Update for openssl FEDORA-2012-6403 File : nvt/gb_fedora_2012_6403_openssl_fc16.nasl |
| 2012-04-26 | Name : RedHat Update for openssl RHSA-2012:0518-01 File : nvt/gb_RHSA-2012_0518-01_openssl.nasl |
| 2012-04-26 | Name : Fedora Update for libpng FEDORA-2012-5515 File : nvt/gb_fedora_2012_5515_libpng_fc15.nasl |
| 2012-04-26 | Name : Ubuntu Update for openssl USN-1428-1 File : nvt/gb_ubuntu_USN_1428_1.nasl |
| 2012-04-26 | Name : Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability File : nvt/secpod_apache_http_srv_cookie_info_disc_vuln.nasl |
| 2012-04-20 | Name : Ubuntu Update for openssl USN-1424-1 File : nvt/gb_ubuntu_USN_1424_1.nasl |
| 2012-04-13 | Name : Fedora Update for openssl FEDORA-2012-4659 File : nvt/gb_fedora_2012_4659_openssl_fc15.nasl |
| 2012-04-11 | Name : Fedora Update for openssl FEDORA-2012-4665 File : nvt/gb_fedora_2012_4665_openssl_fc16.nasl |
| 2012-04-11 | Name : Fedora Update for libpng10 FEDORA-2012-5079 File : nvt/gb_fedora_2012_5079_libpng10_fc15.nasl |
| 2012-04-02 | Name : Fedora Update for httpd FEDORA-2011-12667 File : nvt/gb_fedora_2011_12667_httpd_fc16.nasl |
| 2012-04-02 | Name : Fedora Update for openssl FEDORA-2012-0232 File : nvt/gb_fedora_2012_0232_openssl_fc16.nasl |
| 2012-04-02 | Name : Fedora Update for openssl FEDORA-2012-0708 File : nvt/gb_fedora_2012_0708_openssl_fc16.nasl |
| 2012-04-02 | Name : Fedora Update for httpd FEDORA-2012-1598 File : nvt/gb_fedora_2012_1598_httpd_fc16.nasl |
| 2012-04-02 | Name : Fedora Update for libpng10 FEDORA-2012-3536 File : nvt/gb_fedora_2012_3536_libpng10_fc15.nasl |
| 2012-04-02 | Name : Fedora Update for libpng FEDORA-2012-3705 File : nvt/gb_fedora_2012_3705_libpng_fc15.nasl |
| 2012-03-29 | Name : RedHat Update for openssl RHSA-2012:0426-01 File : nvt/gb_RHSA-2012_0426-01_openssl.nasl |
| 2012-03-12 | Name : Gentoo Security Advisory GLSA 201203-12 (openssl) File : nvt/glsa_201203_12.nasl |
| 2012-03-07 | Name : Fedora Update for httpd FEDORA-2012-1642 File : nvt/gb_fedora_2012_1642_httpd_fc15.nasl |
| 2012-03-07 | Name : Fedora Update for libpng FEDORA-2012-1930 File : nvt/gb_fedora_2012_1930_libpng_fc15.nasl |
| 2012-03-07 | Name : Fedora Update for libpng10 FEDORA-2012-2008 File : nvt/gb_fedora_2012_2008_libpng10_fc15.nasl |
| 2012-02-27 | Name : RedHat Update for httpd RHSA-2012:0323-01 File : nvt/gb_RHSA-2012_0323-01_httpd.nasl |
| 2012-02-21 | Name : Ubuntu Update for apache2 USN-1368-1 File : nvt/gb_ubuntu_USN_1368_1.nasl |
| 2012-02-13 | Name : Debian Security Advisory DSA 2405-1 (apache2) File : nvt/deb_2405_1.nasl |
| 2012-02-13 | Name : Ubuntu Update for openssl USN-1357-1 File : nvt/gb_ubuntu_USN_1357_1.nasl |
| 2012-02-12 | Name : FreeBSD Ports: apache File : nvt/freebsd_apache20.nasl |
| 2012-02-12 | Name : FreeBSD Ports: openssl File : nvt/freebsd_openssl5.nasl |
| 2012-02-12 | Name : FreeBSD Ports: openssl File : nvt/freebsd_openssl6.nasl |
| 2012-02-11 | Name : Debian Security Advisory DSA 2390-1 (openssl) File : nvt/deb_2390_1.nasl |
| 2012-02-11 | Name : Debian Security Advisory DSA 2392-1 (openssl) File : nvt/deb_2392_1.nasl |
| 2012-02-03 | Name : RedHat Update for openssl RHSA-2012:0086-01 File : nvt/gb_RHSA-2012_0086-01_openssl.nasl |
| 2012-02-03 | Name : Mandriva Update for apache MDVSA-2012:012 (apache) File : nvt/gb_mandriva_MDVSA_2012_012.nasl |
| 2012-02-01 | Name : Mandriva Update for openssl MDVSA-2012:011 (openssl) File : nvt/gb_mandriva_MDVSA_2012_011.nasl |
| 2012-01-25 | Name : RedHat Update for openssl RHSA-2012:0060-01 File : nvt/gb_RHSA-2012_0060-01_openssl.nasl |
| 2012-01-25 | Name : Fedora Update for openssl FEDORA-2012-0702 File : nvt/gb_fedora_2012_0702_openssl_fc15.nasl |
| 2012-01-20 | Name : Mandriva Update for openssl MDVSA-2012:006 (openssl) File : nvt/gb_mandriva_MDVSA_2012_006.nasl |
| 2012-01-20 | Name : OpenSSL Multiple Vulnerabilities File : nvt/gb_openssl_51281.nasl |
| 2012-01-16 | Name : Fedora Update for openssl FEDORA-2012-0250 File : nvt/gb_fedora_2012_0250_openssl_fc15.nasl |
| 2011-11-11 | Name : CentOS Update for httpd CESA-2011:1392 centos4 i386 File : nvt/gb_CESA-2011_1392_httpd_centos4_i386.nasl |
| 2011-11-11 | Name : Mandriva Update for apache MDVSA-2011:168 (apache) File : nvt/gb_mandriva_MDVSA_2011_168.nasl |
| 2011-10-21 | Name : CentOS Update for httpd CESA-2011:1392 centos5 i386 File : nvt/gb_CESA-2011_1392_httpd_centos5_i386.nasl |
| 2011-10-21 | Name : RedHat Update for httpd RHSA-2011:1392-01 File : nvt/gb_RHSA-2011_1392-01_httpd.nasl |
| 2011-10-21 | Name : Mandriva Update for libpng MDVSA-2011:151 (libpng) File : nvt/gb_mandriva_MDVSA_2011_151.nasl |
| 2011-10-20 | Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2011-006) File : nvt/gb_macosx_su11-006.nasl |
| 2011-09-21 | Name : Debian Security Advisory DSA 2298-1 (apache2) File : nvt/deb_2298_1.nasl |
| 2011-09-21 | Name : Debian Security Advisory DSA 2298-2 (apache2) File : nvt/deb_2298_2.nasl |
| 2011-09-21 | Name : FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker File : nvt/freebsd_apache18.nasl |
| 2011-09-16 | Name : RedHat Update for httpd RHSA-2011:1294-01 File : nvt/gb_RHSA-2011_1294-01_httpd.nasl |
| 2011-09-16 | Name : Fedora Update for httpd FEDORA-2011-12715 File : nvt/gb_fedora_2011_12715_httpd_fc15.nasl |
| 2011-09-07 | Name : CentOS Update for httpd CESA-2011:1245 centos4 i386 File : nvt/gb_CESA-2011_1245_httpd_centos4_i386.nasl |
| 2011-09-07 | Name : RedHat Update for httpd RHSA-2011:1245-01 File : nvt/gb_RHSA-2011_1245-01_httpd.nasl |
| 2011-09-07 | Name : Mandriva Update for apache MDVSA-2011:130 (apache) File : nvt/gb_mandriva_MDVSA_2011_130.nasl |
| 2011-09-07 | Name : Ubuntu Update for apache2 USN-1199-1 File : nvt/gb_ubuntu_USN_1199_1.nasl |
| 2011-08-26 | Name : Apache httpd Web Server Range Header Denial of Service Vulnerability File : nvt/secpod_apache_http_srv_range_header_dos_vuln.nasl |
| 2011-08-07 | Name : Debian Security Advisory DSA 2287-1 (libpng) File : nvt/deb_2287_1.nasl |
| 2011-08-02 | Name : Fedora Update for libpng FEDORA-2011-9336 File : nvt/gb_fedora_2011_9336_libpng_fc14.nasl |
| 2011-07-27 | Name : Fedora Update for libpng10 FEDORA-2011-8844 File : nvt/gb_fedora_2011_8844_libpng10_fc15.nasl |
| 2011-07-27 | Name : Fedora Update for libpng10 FEDORA-2011-8867 File : nvt/gb_fedora_2011_8867_libpng10_fc14.nasl |
| 2011-07-22 | Name : Fedora Update for libpng FEDORA-2011-9343 File : nvt/gb_fedora_2011_9343_libpng_fc15.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 78556 | Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Dis... |
| 78320 | OpenSSL DTLS Remote DoS |
| 78190 | OpenSSL Server Gated Cryptograpy (SGC) Handshake Restart Handling Remote DoS |
| 78188 | OpenSSL SSL 3.0 Record Cipher Padding Uninitialized Memory Information Disclo... |
| 78186 | OpenSSL Datagram Transport Layer Security (DTLS) CBC Encryption Weakness Plai... |
| 74721 | Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS A denial of service vulnerability has been found in the way the multiple overlapping ranges are handled by the Apache HTTPD server prior to version 2.2.20: http://seclists.org/fulldisclosure/2011/Aug/175 An attack tool is circulating in the wild. Active use of this tool has been observed. The attack can be done remotely and with a modest number of requests can cause very significant memory and CPU usage on the server. The default Apache httpd installations version 2.0 prior to 2.0.65 and version 2.2 prior to 2.2.20 are vulnerable. Apache 2.2.20 does fix this issue; however with a number of side effects (see release notes). Version 2.2.21 corrects a protocol defect in 2.2.20, and also introduces the MaxRanges directive. Version 2.0.65 includes fix for this vulnerability. Apache 1.3 is NOT vulnerable. However as explained in the background section in more detail - this attack does cause a significant and possibly unexpected load. You are advised to review your configuration in that light. |
| 73983 | libpng pngerror.c png_err Function NULL Argument PNG File Handling DoS |
| 73894 | Multiple Vendor SSL/TLS Implementation Renegotiation DoS Multiple products contain a flaw that may allow a remote denial of service. The issue is triggered when a malicious client requests multiple SSL/TLS renegotations, and will result in loss of availability for the service. |
Information Assurance Vulnerability Management (IAVM)
| Date | Description |
|---|---|
| 2013-02-28 | IAVM : 2013-A-0056 - VMware ESXi 3.5 and ESX 3.5 Memory Corruption Vulnerability Severity : Category I - VMSKEY : V0037066 |
| 2013-01-31 | IAVM : 2013-A-0027 - Multiple Vulnerabilities in Juniper Networks Steel Belted Radius Severity : Category I - VMSKEY : V0036639 |
| 2012-09-27 | IAVM : 2012-A-0153 - Multiple Vulnerabilities in VMware ESX 4.0 and ESXi 4.0 Severity : Category I - VMSKEY : V0033884 |
| 2012-09-13 | IAVM : 2012-A-0148 - Multiple Vulnerabilities in VMware ESXi 4.1 and ESX 4.1 Severity : Category I - VMSKEY : V0033794 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2016-04-05 | Apache HTTP server potential cookie disclosure attempt RuleID : 37968 - Revision : 1 - Type : SERVER-WEBAPP |
| 2014-01-10 | THC SSL renegotiation DOS attempt RuleID : 20439 - Revision : 6 - Type : MALWARE-TOOLS |
| 2014-01-10 | THC SSL renegotiation DOS attempt RuleID : 20438 - Revision : 6 - Type : MALWARE-TOOLS |
| 2014-01-10 | THC SSL renegotiation DOS attempt RuleID : 20437 - Revision : 6 - Type : MALWARE-TOOLS |
| 2014-01-10 | THC SSL renegotiation DOS attempt RuleID : 20436 - Revision : 6 - Type : MALWARE-TOOLS |
| 2014-01-10 | Apache Killer denial of service tool exploit attempt RuleID : 19825 - Revision : 13 - Type : SERVER-APACHE |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2016-03-04 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_esx_VMSA-2013-0003_remote.nasl - Type : ACT_GATHER_INFO |
| 2016-02-29 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2012-0013_remote.nasl - Type : ACT_GATHER_INFO |
| 2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2013-0469-1.nasl - Type : ACT_GATHER_INFO |
| 2015-04-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL16285.nasl - Type : ACT_GATHER_INFO |
| 2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_apache_20120420.nasl - Type : ACT_GATHER_INFO |
| 2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_openssl_20120404.nasl - Type : ACT_GATHER_INFO |
| 2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_openssl_20120523.nasl - Type : ACT_GATHER_INFO |
| 2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_openssl_20120626.nasl - Type : ACT_GATHER_INFO |
| 2014-12-22 | Name : The remote device is affected by multiple vulnerabilities. File : juniper_space_jsa10585.nasl - Type : ACT_GATHER_INFO |
| 2014-12-22 | Name : The remote device is affected by multiple vulnerabilities. File : juniper_space_jsa10659.nasl - Type : ACT_GATHER_INFO |
| 2014-12-05 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15889.nasl - Type : ACT_GATHER_INFO |
| 2014-11-26 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2013-0039.nasl - Type : ACT_GATHER_INFO |
| 2014-11-26 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0007.nasl - Type : ACT_GATHER_INFO |
| 2014-11-26 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0008.nasl - Type : ACT_GATHER_INFO |
| 2014-11-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0109.nasl - Type : ACT_GATHER_INFO |
| 2014-11-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0168.nasl - Type : ACT_GATHER_INFO |
| 2014-11-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0488.nasl - Type : ACT_GATHER_INFO |
| 2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0531.nasl - Type : ACT_GATHER_INFO |
| 2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0542.nasl - Type : ACT_GATHER_INFO |
| 2014-10-12 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2011-1.nasl - Type : ACT_GATHER_INFO |
| 2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL13114.nasl - Type : ACT_GATHER_INFO |
| 2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15273.nasl - Type : ACT_GATHER_INFO |
| 2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15388.nasl - Type : ACT_GATHER_INFO |
| 2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15461.nasl - Type : ACT_GATHER_INFO |
| 2014-08-22 | Name : The remote host is affected by multiple vulnerabilities. File : juniper_nsm_jsa10642.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-132.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-242.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-308.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-52.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-99.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-153.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_apache2-110831.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_apache2-111026.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_libopenssl-devel-120111.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_libpng12-110802.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_libpng14-110802.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_apache2-110831.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_apache2-111026.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_apache2-201202-120216.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_libopenssl-devel-120111.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_libopenssl-devel-120206.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_libpng12-110802.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_libpng14-110802.nasl - Type : ACT_GATHER_INFO |
| 2014-04-16 | Name : The remote AIX host is running a vulnerable version of OpenSSL. File : aix_openssl_advisory3.nasl - Type : ACT_GATHER_INFO |
| 2014-04-16 | Name : The remote AIX host is running a vulnerable version of OpenSSL. File : aix_openssl_advisory4.nasl - Type : ACT_GATHER_INFO |
| 2013-12-03 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201312-03.nasl - Type : ACT_GATHER_INFO |
| 2013-11-13 | Name : The remote VMware ESXi 5.0 host is affected by multiple vulnerabilities. File : vmware_esxi_5_0_build_912577_remote.nasl - Type : ACT_GATHER_INFO |
| 2013-09-27 | Name : The remote host has an application installed that is affected by multiple Ope... File : juniper_sbr_multiple.nasl - Type : ACT_GATHER_INFO |
| 2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2011-01.nasl - Type : ACT_GATHER_INFO |
| 2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-38.nasl - Type : ACT_GATHER_INFO |
| 2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-46.nasl - Type : ACT_GATHER_INFO |
| 2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-62.nasl - Type : ACT_GATHER_INFO |
| 2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-72.nasl - Type : ACT_GATHER_INFO |
| 2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-73.nasl - Type : ACT_GATHER_INFO |
| 2013-07-23 | Name : The remote web server is affected by multiple vulnerabilities. File : hpsmh_7_2_1_0.nasl - Type : ACT_GATHER_INFO |
| 2013-07-16 | Name : The remote web server is affected by several vulnerabilities. File : apache_2_0_65.nasl - Type : ACT_GATHER_INFO |
| 2013-07-16 | Name : The remote device is missing a vendor-supplied security patch. File : juniper_jsa10580.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-1245.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-1391.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-1392.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0059.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0060.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0086.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0128.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0323.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0426.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0480-1.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0480.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0518.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0699.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-2011.nasl - Type : ACT_GATHER_INFO |
| 2013-06-05 | Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_10_8_4.nasl - Type : ACT_GATHER_INFO |
| 2013-06-05 | Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_SecUpd2013-002.nasl - Type : ACT_GATHER_INFO |
| 2013-02-22 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2013-0003.nasl - Type : ACT_GATHER_INFO |
| 2013-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_compat-openssl097g-120830.nasl - Type : ACT_GATHER_INFO |
| 2013-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libopenssl-devel-120503.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1294.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0522.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0720.nasl - Type : ACT_GATHER_INFO |
| 2012-11-26 | Name : The remote Fedora host is missing a security update. File : fedora_2012-18035.nasl - Type : ACT_GATHER_INFO |
| 2012-09-20 | Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_10_7_5.nasl - Type : ACT_GATHER_INFO |
| 2012-09-20 | Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_SecUpd2012-004.nasl - Type : ACT_GATHER_INFO |
| 2012-09-12 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_compat-openssl097g-8262.nasl - Type : ACT_GATHER_INFO |
| 2012-09-06 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-007.nasl - Type : ACT_GATHER_INFO |
| 2012-08-31 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2012-0013.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110831_httpd_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20111020_httpd_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20111020_httpd_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120124_openssl_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120124_openssl_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120201_openssl_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120213_httpd_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120221_httpd_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120327_openssl_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120417_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120424_openssl_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120529_openssl_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-07-17 | Name : The remote router has a memory corruption vulnerability. File : juniper_psn-2012-07-645.nasl - Type : ACT_GATHER_INFO |
| 2012-07-05 | Name : The remote web server is affected by multiple vulnerabilities. File : hpsmh_7_1_1_1.nasl - Type : ACT_GATHER_INFO |
| 2012-06-28 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_2ae114dec06411e1b5e0000c299b62e1.nasl - Type : ACT_GATHER_INFO |
| 2012-06-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201206-15.nasl - Type : ACT_GATHER_INFO |
| 2012-06-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201206-25.nasl - Type : ACT_GATHER_INFO |
| 2012-05-30 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0699.nasl - Type : ACT_GATHER_INFO |
| 2012-05-30 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0699.nasl - Type : ACT_GATHER_INFO |
| 2012-05-29 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1451-1.nasl - Type : ACT_GATHER_INFO |
| 2012-05-23 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openssl-8112.nasl - Type : ACT_GATHER_INFO |
| 2012-05-11 | Name : The remote Fedora host is missing a security update. File : fedora_2012-6395.nasl - Type : ACT_GATHER_INFO |
| 2012-04-30 | Name : The remote Fedora host is missing a security update. File : fedora_2012-6403.nasl - Type : ACT_GATHER_INFO |
| 2012-04-27 | Name : The remote Fedora host is missing a security update. File : fedora_2012-6343.nasl - Type : ACT_GATHER_INFO |
| 2012-04-25 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0518.nasl - Type : ACT_GATHER_INFO |
| 2012-04-25 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-064.nasl - Type : ACT_GATHER_INFO |
| 2012-04-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0518.nasl - Type : ACT_GATHER_INFO |
| 2012-04-25 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1428-1.nasl - Type : ACT_GATHER_INFO |
| 2012-04-24 | Name : The remote host may be affected by a memory corruption vulnerability. File : openssl_0_9_8v.nasl - Type : ACT_GATHER_INFO |
| 2012-04-23 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_7184f92e8bb811e18d7b003067b2972c.nasl - Type : ACT_GATHER_INFO |
| 2012-04-20 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2454.nasl - Type : ACT_GATHER_INFO |
| 2012-04-20 | Name : The remote web server is affected by multiple vulnerabilities. File : hpsmh_7_0_0_24.nasl - Type : ACT_GATHER_INFO |
| 2012-04-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-060.nasl - Type : ACT_GATHER_INFO |
| 2012-04-20 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1424-1.nasl - Type : ACT_GATHER_INFO |
| 2012-04-19 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0480.nasl - Type : ACT_GATHER_INFO |
| 2012-04-19 | Name : The remote host may be affected by a memory corruption vulnerability. File : openssl_1_0_0i.nasl - Type : ACT_GATHER_INFO |
| 2012-04-19 | Name : The remote host may be affected by a memory corruption vulnerability. File : openssl_1_0_1a.nasl - Type : ACT_GATHER_INFO |
| 2012-04-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0480.nasl - Type : ACT_GATHER_INFO |
| 2012-04-12 | Name : The remote Fedora host is missing a security update. File : fedora_2012-4630.nasl - Type : ACT_GATHER_INFO |
| 2012-04-12 | Name : The remote Fedora host is missing a security update. File : fedora_2012-4659.nasl - Type : ACT_GATHER_INFO |
| 2012-04-11 | Name : The remote Fedora host is missing a security update. File : fedora_2012-4665.nasl - Type : ACT_GATHER_INFO |
| 2012-04-11 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libopenssl-devel-120327.nasl - Type : ACT_GATHER_INFO |
| 2012-04-11 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libopenssl-devel-120328.nasl - Type : ACT_GATHER_INFO |
| 2012-04-02 | Name : The remote host may be affected by multiple vulnerabilities. File : openssl_0_9_8u.nasl - Type : ACT_GATHER_INFO |
| 2012-04-02 | Name : The remote host may be affected by multiple vulnerabilities. File : openssl_1_0_0h.nasl - Type : ACT_GATHER_INFO |
| 2012-03-28 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0426.nasl - Type : ACT_GATHER_INFO |
| 2012-03-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0426.nasl - Type : ACT_GATHER_INFO |
| 2012-03-27 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-038.nasl - Type : ACT_GATHER_INFO |
| 2012-03-16 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_60eb344e6eb111e18ad700e0815b8da8.nasl - Type : ACT_GATHER_INFO |
| 2012-03-07 | Name : The remote Fedora host is missing a security update. File : fedora_2012-1642.nasl - Type : ACT_GATHER_INFO |
| 2012-03-06 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201203-12.nasl - Type : ACT_GATHER_INFO |
| 2012-02-29 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-201202-7972.nasl - Type : ACT_GATHER_INFO |
| 2012-02-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0323.nasl - Type : ACT_GATHER_INFO |
| 2012-02-21 | Name : The remote Fedora host is missing a security update. File : fedora_2012-1598.nasl - Type : ACT_GATHER_INFO |
| 2012-02-20 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_apache2-201202-120203.nasl - Type : ACT_GATHER_INFO |
| 2012-02-20 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libopenssl-devel-120209.nasl - Type : ACT_GATHER_INFO |
| 2012-02-20 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openssl-7961.nasl - Type : ACT_GATHER_INFO |
| 2012-02-17 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1368-1.nasl - Type : ACT_GATHER_INFO |
| 2012-02-16 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0128.nasl - Type : ACT_GATHER_INFO |
| 2012-02-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0128.nasl - Type : ACT_GATHER_INFO |
| 2012-02-13 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2012-041-01.nasl - Type : ACT_GATHER_INFO |
| 2012-02-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1357-1.nasl - Type : ACT_GATHER_INFO |
| 2012-02-07 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2405.nasl - Type : ACT_GATHER_INFO |
| 2012-02-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0086.nasl - Type : ACT_GATHER_INFO |
| 2012-02-03 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-012.nasl - Type : ACT_GATHER_INFO |
| 2012-02-02 | Name : The remote web server is affected by multiple vulnerabilities. File : apache_2_2_22.nasl - Type : ACT_GATHER_INFO |
| 2012-02-02 | Name : The web server running on the remote host is affected by an information discl... File : apache_httponly_info_leak.nasl - Type : ACT_ATTACK |
| 2012-02-02 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_4b7dbfab4c6b11e1bc160023ae8e59f0.nasl - Type : ACT_GATHER_INFO |
| 2012-02-02 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0086.nasl - Type : ACT_GATHER_INFO |
| 2012-01-31 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0059.nasl - Type : ACT_GATHER_INFO |
| 2012-01-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-011.nasl - Type : ACT_GATHER_INFO |
| 2012-01-27 | Name : The remote host may be affected by a denial of service vulnerability. File : openssl_0_9_8t.nasl - Type : ACT_GATHER_INFO |
| 2012-01-27 | Name : The remote host may be affected by a denial of service vulnerability. File : openssl_1_0_0g.nasl - Type : ACT_GATHER_INFO |
| 2012-01-26 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0060.nasl - Type : ACT_GATHER_INFO |
| 2012-01-25 | Name : The remote Fedora host is missing a security update. File : fedora_2012-0702.nasl - Type : ACT_GATHER_INFO |
| 2012-01-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0059.nasl - Type : ACT_GATHER_INFO |
| 2012-01-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0060.nasl - Type : ACT_GATHER_INFO |
| 2012-01-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2392.nasl - Type : ACT_GATHER_INFO |
| 2012-01-23 | Name : The remote Fedora host is missing a security update. File : fedora_2012-0708.nasl - Type : ACT_GATHER_INFO |
| 2012-01-23 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_5c5f19ce43af11e189b4001ec9578670.nasl - Type : ACT_GATHER_INFO |
| 2012-01-19 | Name : The remote application server is affected by multiple vulnerabilities. File : websphere_6_1_0_41.nasl - Type : ACT_GATHER_INFO |
| 2012-01-17 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-006.nasl - Type : ACT_GATHER_INFO |
| 2012-01-17 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libopenssl-devel-120111.nasl - Type : ACT_GATHER_INFO |
| 2012-01-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openssl-7923.nasl - Type : ACT_GATHER_INFO |
| 2012-01-16 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2390.nasl - Type : ACT_GATHER_INFO |
| 2012-01-16 | Name : The remote Fedora host is missing a security update. File : fedora_2012-0250.nasl - Type : ACT_GATHER_INFO |
| 2012-01-16 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_78cc8a463e5611e189b4001ec9578670.nasl - Type : ACT_GATHER_INFO |
| 2012-01-11 | Name : The remote Fedora host is missing a security update. File : fedora_2012-0232.nasl - Type : ACT_GATHER_INFO |
| 2012-01-09 | Name : The remote web server has multiple SSL-related vulnerabilities. File : openssl_0_9_8s.nasl - Type : ACT_GATHER_INFO |
| 2012-01-09 | Name : The remote web server is affected by multiple SSL-related vulnerabilities. File : openssl_1_0_0f.nasl - Type : ACT_GATHER_INFO |
| 2011-12-14 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-7882.nasl - Type : ACT_GATHER_INFO |
| 2011-12-13 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_apache2-110831.nasl - Type : ACT_GATHER_INFO |
| 2011-12-13 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_apache2-111026.nasl - Type : ACT_GATHER_INFO |
| 2011-12-13 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_apache2-111130.nasl - Type : ACT_GATHER_INFO |
| 2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-7722.nasl - Type : ACT_GATHER_INFO |
| 2011-11-10 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-168.nasl - Type : ACT_GATHER_INFO |
| 2011-10-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-7721.nasl - Type : ACT_GATHER_INFO |
| 2011-10-21 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-1392.nasl - Type : ACT_GATHER_INFO |
| 2011-10-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1391.nasl - Type : ACT_GATHER_INFO |
| 2011-10-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1392.nasl - Type : ACT_GATHER_INFO |
| 2011-10-18 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-151.nasl - Type : ACT_GATHER_INFO |
| 2011-10-13 | Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_10_7_2.nasl - Type : ACT_GATHER_INFO |
| 2011-10-13 | Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_SecUpd2011-006.nasl - Type : ACT_GATHER_INFO |
| 2011-10-03 | Name : The remote Fedora host is missing a security update. File : fedora_2011-12667.nasl - Type : ACT_GATHER_INFO |
| 2011-09-30 | Name : The remote application server may be affected by multiple vulnerabilities. File : websphere_8_0_0_1.nasl - Type : ACT_GATHER_INFO |
| 2011-09-16 | Name : The remote Fedora host is missing a security update. File : fedora_2011-12715.nasl - Type : ACT_GATHER_INFO |
| 2011-09-12 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2011-252-01.nasl - Type : ACT_GATHER_INFO |
| 2011-09-06 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-130.nasl - Type : ACT_GATHER_INFO |
| 2011-09-02 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-1245.nasl - Type : ACT_GATHER_INFO |
| 2011-09-02 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1199-1.nasl - Type : ACT_GATHER_INFO |
| 2011-09-01 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1245.nasl - Type : ACT_GATHER_INFO |
| 2011-08-31 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_7f6108d2cea811e09d580800279895ea.nasl - Type : ACT_GATHER_INFO |
| 2011-08-30 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2298.nasl - Type : ACT_GATHER_INFO |
| 2011-08-25 | Name : The web server running on the remote host is affected by a denial of service ... File : apache_range_dos.nasl - Type : ACT_ATTACK |
| 2011-08-18 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12815.nasl - Type : ACT_GATHER_INFO |
| 2011-08-18 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libpng-devel-110802.nasl - Type : ACT_GATHER_INFO |
| 2011-08-01 | Name : The remote Fedora host is missing a security update. File : fedora_2011-9336.nasl - Type : ACT_GATHER_INFO |
| 2011-07-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2287.nasl - Type : ACT_GATHER_INFO |
| 2011-07-25 | Name : The remote Fedora host is missing a security update. File : fedora_2011-8844.nasl - Type : ACT_GATHER_INFO |
| 2011-07-25 | Name : The remote Fedora host is missing a security update. File : fedora_2011-8867.nasl - Type : ACT_GATHER_INFO |
| 2011-07-19 | Name : The remote Fedora host is missing a security update. File : fedora_2011-9343.nasl - Type : ACT_GATHER_INFO |
