Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title HP Secure Web Server (SWS) for OpenVMS running CSWS_JAVA, Remote Denial of Service (DoS), Unauthorized Access, Privilege Escalation, Unauthorized Disclosure of Information, Unauthorized Modification
Informations
Name HPSBOV02762 SSRT100825 First vendor Publication 2012-04-16
Vendor HP Last vendor Modification 2012-04-16
Severity (Vendor) N/A Revision 1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Potential vulnerabilities have been identified with HP Secure Web Server (SWS) for OpenVMS running CSWS_JAVA. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS), unauthorized access, privilege escalation, unauthorized disclosure of information, or unauthorized modifications.

Original Source

Url : http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03281831

CWE : Common Weakness Enumeration

% Id Name
29 % CWE-264 Permissions, Privileges, and Access Controls
21 % CWE-200 Information Exposure
14 % CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)
14 % CWE-20 Improper Input Validation
7 % CWE-310 Cryptographic Issues
7 % CWE-255 Credentials Management
7 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10088
 
Oval ID: oval:org.mitre.oval:def:10088
Title: The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
Description: The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3555
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10231
 
Oval ID: oval:org.mitre.oval:def:10231
Title: Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
Description: Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0033
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11041
 
Oval ID: oval:org.mitre.oval:def:11041
Title: Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
Description: Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
Family: unix Class: vulnerability
Reference(s): CVE-2009-0781
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11578
 
Oval ID: oval:org.mitre.oval:def:11578
Title: Security Vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer 3.0 (SSLv3) Protocols Involving Handshake Renegotiation Affects OpenSSL
Description: The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3555
Version: 3
Platform(s): Sun Solaris 10
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11617
 
Oval ID: oval:org.mitre.oval:def:11617
Title: AIX OpenSSL session renegotiation vulnerability
Description: The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3555
Version: 3
Platform(s): IBM AIX 5.2
IBM AIX 5.3
IBM AIX 6.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12662
 
Oval ID: oval:org.mitre.oval:def:12662
Title: HP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: vulnerability
Reference(s): CVE-2010-4476
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12745
 
Oval ID: oval:org.mitre.oval:def:12745
Title: HP-UX Apache Web Server, Remote Information Disclosure, Cross-Site Scripting (XSS), Denial of Service (DoS)
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: vulnerability
Reference(s): CVE-2010-4476
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12879
 
Oval ID: oval:org.mitre.oval:def:12879
Title: DSA-2161-1 openjdk-6 -- denial of service
Description: It was discovered that the floating point parser in OpenJDK, an implementation of the Java platform, can enter an infinite loop when processing certain input strings. Such input strings represent valid numbers and can be contained in data supplied by an attacker over the network, leading to a denial-of-service attack.
Family: unix Class: patch
Reference(s): DSA-2161-1
CVE-2010-4476
Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): openjdk-6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12995
 
Oval ID: oval:org.mitre.oval:def:12995
Title: USN-899-1 -- tomcat6 vulnerabilities
Description: It was discovered that Tomcat did not correctly validate WAR filenames or paths when deploying. A remote attacker could send a specially crafted WAR file to be deployed and cause arbitrary files and directories to be created, overwritten, or deleted.
Family: unix Class: patch
Reference(s): USN-899-1
CVE-2009-2693
CVE-2009-2901
CVE-2009-2902
Version: 5
Platform(s): Ubuntu 8.10
Ubuntu 9.10
Ubuntu 9.04
Product(s): tomcat6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13085
 
Oval ID: oval:org.mitre.oval:def:13085
Title: USN-927-1 -- nss vulnerability
Description: Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user�s session. This update adds support for the new new renegotiation extension and will use it when the server supports it.
Family: unix Class: patch
Reference(s): USN-927-1
CVE-2009-3555
Version: 5
Platform(s): Ubuntu 9.10
Product(s): nss
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13424
 
Oval ID: oval:org.mitre.oval:def:13424
Title: USN-990-1 -- openssl vulnerability
Description: Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user�s session. This update adds backported support for the new RFC5746 renegotiation extension and will use it when both the client and the server support it. ATTENTION: After applying this update, a patched server will allow both patched and unpatched clients to connect, but unpatched clients will not be able to renegotiate
Family: unix Class: patch
Reference(s): USN-990-1
CVE-2009-3555
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 10.04
Ubuntu 9.10
Ubuntu 6.06
Ubuntu 9.04
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13440
 
Oval ID: oval:org.mitre.oval:def:13440
Title: USN-927-4 -- nss vulnerability
Description: USN-927-1 fixed vulnerabilities in nss in Ubuntu 9.10. This update provides the corresponding updates for Ubuntu 8.04 LTS. Original advisory details: Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user�s session. This update adds support for the new new renegotiation extension and will use it when the server supports it.
Family: unix Class: patch
Reference(s): USN-927-4
CVE-2009-3555
Version: 5
Platform(s): Ubuntu 8.04
Product(s): nss
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13529
 
Oval ID: oval:org.mitre.oval:def:13529
Title: USN-990-2 -- apache2 vulnerability
Description: USN-860-1 introduced a partial workaround to Apache that disabled client initiated TLS renegotiation in order to mitigate CVE-2009-3555. USN-990-1 introduced the new RFC5746 renegotiation extension in openssl, and completely resolves the issue. After updating openssl, an Apache server will allow both patched and unpatched web browsers to connect, but unpatched browsers will not be able to renegotiate. This update introduces the new SSLInsecureRenegotiation directive for Apache that may be used to re-enable insecure renegotiations with unpatched web browsers. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user�s session. This update adds backported support for the new RFC5746 renegotiation extension and will use it when both the client and the server support it.
Family: unix Class: patch
Reference(s): USN-990-2
CVE-2009-3555
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 10.04
Ubuntu 9.10
Ubuntu 6.06
Ubuntu 9.04
Product(s): apache2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13532
 
Oval ID: oval:org.mitre.oval:def:13532
Title: USN-927-6 -- nss vulnerability
Description: USN-927-1 fixed vulnerabilities in NSS on Ubuntu 9.10. This update provides the corresponding updates for Ubuntu 9.04. Original advisory details: Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user�s session. This update adds support for the new new renegotiation extension and will use it when the server supports it.
Family: unix Class: patch
Reference(s): USN-927-6
CVE-2009-3555
Version: 5
Platform(s): Ubuntu 9.04
Product(s): nss
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13623
 
Oval ID: oval:org.mitre.oval:def:13623
Title: DSA-1934-1 apache2 -- multiple issues
Description: A design flaw has been found in the TLS and SSL protocol that allows an attacker to inject arbitrary content at the beginning of a TLS/SSL connection. The attack is related to the way how TLS and SSL handle session renegotiations. CVE-2009-3555 has been assigned to this vulnerability. As a partial mitigation against this attack, this apache2 update disables client-initiated renegotiations. This should fix the vulnerability for the majority of Apache configurations in use. NOTE: This is not a complete fix for the problem. The attack is still possible in configurations where the server initiates the renegotiation. This is the case for the following configurations: - - The "SSLVerifyClient" directive is used in a Directory or Location context. - - The "SSLCipherSuite" directive is used in a Directory or Location context. As a workaround, you may rearrange your configuration in a way that SSLVerifyClient and SSLCipherSuite are only used on the server or virtual host level. A complete fix for the problem will require a protocol change. Further information will be included in a separate announcement about this issue. In addition, this update fixes the following issues in Apache's mod_proxy_ftp: CVE-2009-3094: Insufficient input validation in the mod_proxy_ftp module allowed remote FTP servers to cause a denial of service via a malformed reply to an EPSV command. CVE-2009-3095: Insufficient input validation in the mod_proxy_ftp module allowed remote authenticated attackers to bypass intended access restrictions and send arbitrary FTP commands to an FTP server. For the stable distribution, these problems have been fixed in version 2.2.9-10+lenny6. This version also includes some non-security bug fixes that were scheduled for inclusion in the next stable point release. The oldstable distribution, these problems have been fixed in version 2.2.3-4+etch11. For the testing distribution and the unstable distribution, these problems will be fixed in version 2.2.14-2. This advisory also provides updated apache2-mpm-itk packages which have been recompiled against the new apache2 packages. Updated apache2-mpm-itk packages for the armel architecture are not included yet. They will be released as soon as they become available. We recommend that you upgrade your apache2 and apache2-mpm-itk packages.
Family: unix Class: patch
Reference(s): DSA-1934-1
CVE-2009-3094
CVE-2009-3095
CVE-2009-3555
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): apache2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14328
 
Oval ID: oval:org.mitre.oval:def:14328
Title: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: windows Class: vulnerability
Reference(s): CVE-2010-4476
Version: 9
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Development Kit
Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14573
 
Oval ID: oval:org.mitre.oval:def:14573
Title: HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Authentication Bypass, Cross-Site Scripting (XSS), Unauthorized Access, Denial of Service (DoS)
Description: Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
Family: unix Class: vulnerability
Reference(s): CVE-2011-2526
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14589
 
Oval ID: oval:org.mitre.oval:def:14589
Title: HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Authentication Bypass, Cross-Site Scripting (XSS), Unauthorized Access, Denial of Service (DoS)
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: vulnerability
Reference(s): CVE-2010-4476
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14743
 
Oval ID: oval:org.mitre.oval:def:14743
Title: HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Authentication Bypass, Cross-Site Scripting (XSS), Unauthorized Access, Denial of Service (DoS)
Description: native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
Family: unix Class: vulnerability
Reference(s): CVE-2011-2729
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14931
 
Oval ID: oval:org.mitre.oval:def:14931
Title: HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Authentication Bypass, Cross-Site Scripting (XSS), Unauthorized Access, Denial of Service (DoS)
Description: Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
Family: unix Class: vulnerability
Reference(s): CVE-2011-2204
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14933
 
Oval ID: oval:org.mitre.oval:def:14933
Title: HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Authentication Bypass, Cross-Site Scripting (XSS), Unauthorized Access, Denial of Service (DoS)
Description: Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
Family: unix Class: vulnerability
Reference(s): CVE-2011-3190
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15171
 
Oval ID: oval:org.mitre.oval:def:15171
Title: USN-1298-1 -- Apache Commons Daemon vulnerability
Description: commons-daemon: wrapper to launch Java applications as daemons Apache Commons Daemon would allow unintended access to files over the network.
Family: unix Class: patch
Reference(s): USN-1298-1
CVE-2011-2729
Version: 5
Platform(s): Ubuntu 11.04
Ubuntu 11.10
Product(s): Apache
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15435
 
Oval ID: oval:org.mitre.oval:def:15435
Title: USN-1252-1 -- Tomcat vulnerabilities
Description: tomcat6: Servlet and JSP engine Tomcat could be made to crash or expose sensitive information over the network.
Family: unix Class: patch
Reference(s): USN-1252-1
CVE-2011-1184
CVE-2011-2204
CVE-2011-2526
CVE-2011-3190
Version: 5
Platform(s): Ubuntu 11.04
Ubuntu 11.10
Ubuntu 10.04
Ubuntu 10.10
Product(s): Tomcat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18915
 
Oval ID: oval:org.mitre.oval:def:18915
Title: HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities
Description: Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0580
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19110
 
Oval ID: oval:org.mitre.oval:def:19110
Title: HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities
Description: Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0033
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19169
 
Oval ID: oval:org.mitre.oval:def:19169
Title: HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities
Description: The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
Family: unix Class: vulnerability
Reference(s): CVE-2011-1184
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19345
 
Oval ID: oval:org.mitre.oval:def:19345
Title: HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities
Description: Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
Family: unix Class: vulnerability
Reference(s): CVE-2009-0781
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19355
 
Oval ID: oval:org.mitre.oval:def:19355
Title: HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities
Description: Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2693
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19414
 
Oval ID: oval:org.mitre.oval:def:19414
Title: HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities
Description: The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3548
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19431
 
Oval ID: oval:org.mitre.oval:def:19431
Title: HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities
Description: Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2902
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19450
 
Oval ID: oval:org.mitre.oval:def:19450
Title: HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities
Description: native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
Family: unix Class: vulnerability
Reference(s): CVE-2011-2729
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19465
 
Oval ID: oval:org.mitre.oval:def:19465
Title: HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities
Description: Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
Family: unix Class: vulnerability
Reference(s): CVE-2011-3190
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19492
 
Oval ID: oval:org.mitre.oval:def:19492
Title: HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities
Description: Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
Family: unix Class: vulnerability
Reference(s): CVE-2010-1157
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19493
 
Oval ID: oval:org.mitre.oval:def:19493
Title: HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: vulnerability
Reference(s): CVE-2010-4476
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19514
 
Oval ID: oval:org.mitre.oval:def:19514
Title: HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities
Description: Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
Family: unix Class: vulnerability
Reference(s): CVE-2011-2526
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19532
 
Oval ID: oval:org.mitre.oval:def:19532
Title: HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities
Description: Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
Family: unix Class: vulnerability
Reference(s): CVE-2011-2204
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19631
 
Oval ID: oval:org.mitre.oval:def:19631
Title: Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Description: Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2902
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19852
 
Oval ID: oval:org.mitre.oval:def:19852
Title: Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Description: Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
Family: unix Class: vulnerability
Reference(s): CVE-2010-1157
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20357
 
Oval ID: oval:org.mitre.oval:def:20357
Title: Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Description: The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3555
Version: 4
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20399
 
Oval ID: oval:org.mitre.oval:def:20399
Title: Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Description: The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2901
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20415
 
Oval ID: oval:org.mitre.oval:def:20415
Title: Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Description: The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3548
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20429
 
Oval ID: oval:org.mitre.oval:def:20429
Title: Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Description: Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2693
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20649
 
Oval ID: oval:org.mitre.oval:def:20649
Title: VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: vulnerability
Reference(s): CVE-2010-4476
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20657
 
Oval ID: oval:org.mitre.oval:def:20657
Title: VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, Workstation, Player, ESXi and ESX address several security issues
Description: Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
Family: unix Class: vulnerability
Reference(s): CVE-2011-3190
Version: 5
Platform(s): VMWare ESX Server 4.0
VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21255
 
Oval ID: oval:org.mitre.oval:def:21255
Title: RHSA-2010:0155: java-1.4.2-ibm security and bug fix update (Moderate)
Description: The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
Family: unix Class: patch
Reference(s): RHSA-2010:0155-01
CVE-2009-3555
Version: 4
Platform(s): Red Hat Enterprise Linux 5
Product(s): java-1.4.2-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21273
 
Oval ID: oval:org.mitre.oval:def:21273
Title: RHSA-2011:0290: java-1.6.0-ibm security update (Moderate)
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: patch
Reference(s): RHSA-2011:0290-01
CVE-2010-4476
Version: 4
Platform(s): Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
Product(s): java-1.6.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21420
 
Oval ID: oval:org.mitre.oval:def:21420
Title: RHSA-2011:0336: tomcat5 security update (Important)
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: patch
Reference(s): RHSA-2011:0336-01
CESA-2011:0336
CVE-2010-4476
Version: 4
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): tomcat5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21587
 
Oval ID: oval:org.mitre.oval:def:21587
Title: RHSA-2010:0165: nss security update (Moderate)
Description: The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
Family: unix Class: patch
Reference(s): RHSA-2010:0165-01
CESA-2010:0165
CVE-2009-3555
Version: 4
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): nspr
nss
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21713
 
Oval ID: oval:org.mitre.oval:def:21713
Title: RHSA-2011:0214: java-1.6.0-openjdk security update (Moderate)
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: patch
Reference(s): RHSA-2011:0214-01
CVE-2010-4476
CESA-2011:0214-CentOS 5
Version: 6
Platform(s): Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21809
 
Oval ID: oval:org.mitre.oval:def:21809
Title: RHSA-2011:0291: java-1.5.0-ibm security update (Moderate)
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: patch
Reference(s): RHSA-2011:0291-01
CVE-2010-4476
Version: 4
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Product(s): java-1.5.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21828
 
Oval ID: oval:org.mitre.oval:def:21828
Title: RHSA-2010:0166: gnutls security update (Moderate)
Description: The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
Family: unix Class: patch
Reference(s): RHSA-2010:0166-01
CESA-2010:0166
CVE-2009-2409
CVE-2009-3555
Version: 29
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): gnutls
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21859
 
Oval ID: oval:org.mitre.oval:def:21859
Title: RHSA-2011:0282: java-1.6.0-sun security update (Critical)
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: patch
Reference(s): RHSA-2011:0282-01
CVE-2010-4422
CVE-2010-4447
CVE-2010-4448
CVE-2010-4450
CVE-2010-4451
CVE-2010-4452
CVE-2010-4454
CVE-2010-4462
CVE-2010-4463
CVE-2010-4465
CVE-2010-4466
CVE-2010-4467
CVE-2010-4468
CVE-2010-4469
CVE-2010-4470
CVE-2010-4471
CVE-2010-4472
CVE-2010-4473
CVE-2010-4475
CVE-2010-4476
Version: 250
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Product(s): java-1.6.0-sun
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21877
 
Oval ID: oval:org.mitre.oval:def:21877
Title: RHSA-2010:0164: openssl097a security update (Moderate)
Description: The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
Family: unix Class: patch
Reference(s): RHSA-2010:0164-01
CESA-2010:0164
CVE-2009-3555
Version: 4
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): openssl097a
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21907
 
Oval ID: oval:org.mitre.oval:def:21907
Title: RHSA-2011:0292: java-1.4.2-ibm security update (Moderate)
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: patch
Reference(s): RHSA-2011:0292-01
CVE-2010-4476
Version: 4
Platform(s): Red Hat Enterprise Linux 5
Product(s): java-1.4.2-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22673
 
Oval ID: oval:org.mitre.oval:def:22673
Title: DEPRECATED: ELSA-2011:0282: java-1.6.0-sun security update (Critical)
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: patch
Reference(s): ELSA-2011:0282-01
CVE-2010-4422
CVE-2010-4447
CVE-2010-4448
CVE-2010-4450
CVE-2010-4451
CVE-2010-4452
CVE-2010-4454
CVE-2010-4462
CVE-2010-4463
CVE-2010-4465
CVE-2010-4466
CVE-2010-4467
CVE-2010-4468
CVE-2010-4469
CVE-2010-4470
CVE-2010-4471
CVE-2010-4472
CVE-2010-4473
CVE-2010-4475
CVE-2010-4476
Version: 82
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): java-1.6.0-sun
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22820
 
Oval ID: oval:org.mitre.oval:def:22820
Title: ELSA-2009:1579: httpd security update (Moderate)
Description: The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
Family: unix Class: patch
Reference(s): ELSA-2009:1579-02
CVE-2009-3094
CVE-2009-3095
CVE-2009-3555
Version: 17
Platform(s): Oracle Linux 5
Product(s): httpd
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22826
 
Oval ID: oval:org.mitre.oval:def:22826
Title: ELSA-2011:0292: java-1.4.2-ibm security update (Moderate)
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: patch
Reference(s): ELSA-2011:0292-01
CVE-2010-4476
Version: 6
Platform(s): Oracle Linux 5
Product(s): java-1.4.2-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22836
 
Oval ID: oval:org.mitre.oval:def:22836
Title: DEPRECATED: ELSA-2011:0290: java-1.6.0-ibm security update (Moderate)
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: patch
Reference(s): ELSA-2011:0290-01
CVE-2010-4476
Version: 7
Platform(s): Oracle Linux 6
Oracle Linux 5
Product(s): java-1.6.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22908
 
Oval ID: oval:org.mitre.oval:def:22908
Title: DEPRECATED: ELSA-2011:0291: java-1.5.0-ibm security update (Moderate)
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: patch
Reference(s): ELSA-2011:0291-01
CVE-2010-4476
Version: 7
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): java-1.5.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22913
 
Oval ID: oval:org.mitre.oval:def:22913
Title: ELSA-2010:0155: java-1.4.2-ibm security and bug fix update (Moderate)
Description: The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
Family: unix Class: patch
Reference(s): ELSA-2010:0155-01
CVE-2009-3555
Version: 6
Platform(s): Oracle Linux 5
Product(s): java-1.4.2-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22977
 
Oval ID: oval:org.mitre.oval:def:22977
Title: ELSA-2011:0336: tomcat5 security update (Important)
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: patch
Reference(s): ELSA-2011:0336-01
CVE-2010-4476
Version: 6
Platform(s): Oracle Linux 5
Product(s): tomcat5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22993
 
Oval ID: oval:org.mitre.oval:def:22993
Title: ELSA-2010:0165: nss security update (Moderate)
Description: The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
Family: unix Class: patch
Reference(s): ELSA-2010:0165-01
CVE-2009-3555
Version: 6
Platform(s): Oracle Linux 5
Product(s): nspr
nss
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23000
 
Oval ID: oval:org.mitre.oval:def:23000
Title: ELSA-2010:0166: gnutls security update (Moderate)
Description: The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
Family: unix Class: patch
Reference(s): ELSA-2010:0166-01
CVE-2009-2409
CVE-2009-3555
Version: 13
Platform(s): Oracle Linux 5
Product(s): gnutls
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23090
 
Oval ID: oval:org.mitre.oval:def:23090
Title: ELSA-2010:0164: openssl097a security update (Moderate)
Description: The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
Family: unix Class: patch
Reference(s): ELSA-2010:0164-01
CVE-2009-3555
Version: 6
Platform(s): Oracle Linux 5
Product(s): openssl097a
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23319
 
Oval ID: oval:org.mitre.oval:def:23319
Title: ELSA-2011:0214: java-1.6.0-openjdk security update (Moderate)
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: patch
Reference(s): ELSA-2011:0214-01
CVE-2010-4476
Version: 6
Platform(s): Oracle Linux 6
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23406
 
Oval ID: oval:org.mitre.oval:def:23406
Title: ELSA-2011:0290: java-1.6.0-ibm security update (Moderate)
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: patch
Reference(s): ELSA-2011:0290-01
CVE-2010-4476
Version: 6
Platform(s): Oracle Linux 6
Oracle Linux 5
Product(s): java-1.6.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23595
 
Oval ID: oval:org.mitre.oval:def:23595
Title: ELSA-2011:0291: java-1.5.0-ibm security update (Moderate)
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: patch
Reference(s): ELSA-2011:0291-01
CVE-2010-4476
Version: 6
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): java-1.5.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23615
 
Oval ID: oval:org.mitre.oval:def:23615
Title: ELSA-2011:0282: java-1.6.0-sun security update (Critical)
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: patch
Reference(s): ELSA-2011:0282-01
CVE-2010-4422
CVE-2010-4447
CVE-2010-4448
CVE-2010-4450
CVE-2010-4451
CVE-2010-4452
CVE-2010-4454
CVE-2010-4462
CVE-2010-4463
CVE-2010-4465
CVE-2010-4466
CVE-2010-4467
CVE-2010-4468
CVE-2010-4469
CVE-2010-4470
CVE-2010-4471
CVE-2010-4472
CVE-2010-4473
CVE-2010-4475
CVE-2010-4476
Version: 81
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): java-1.6.0-sun
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25097
 
Oval ID: oval:org.mitre.oval:def:25097
Title: Vulnerability in OpenSSL before 0.9.8i, allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL
Description: The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
Family: windows Class: vulnerability
Reference(s): CVE-2009-3555
Version: 4
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): OpenSSL
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27295
 
Oval ID: oval:org.mitre.oval:def:27295
Title: DEPRECATED: ELSA-2010-0164 -- openssl097a security update (moderate)
Description: [0.9.7a-9.2] - CVE-2009-3555 - support the secure renegotiation RFC (#533125)
Family: unix Class: patch
Reference(s): ELSA-2010-0164
CVE-2009-3555
Version: 4
Platform(s): Oracle Linux 5
Product(s): openssl097a
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27748
 
Oval ID: oval:org.mitre.oval:def:27748
Title: DEPRECATED: ELSA-2010-0162 -- openssl security update (important)
Description: [0.9.8e-12.6] - fix CVE-2009-3245 - add missing bn_wexpand return checks (#570924) [0.9.8e-12.5] - fix CVE-2010-0433 - do not pass NULL princ to krb5_kt_get_entry which in the RHEL-5 and newer versions will crash in such case (#569774) [0.9.8e-12.4] - do not disable SSLv2 in the renegotiation patch - SSLv2 does not support renegotiation - allow unsafe renegotiation on clients with SSL_OP_LEGACY_SERVER_CONNECT [0.9.8e-12.3] - mention the RFC5746 in the CVE-2009-3555 doc [0.9.8e-12.2] - fix CVE-2009-3555 - support the safe renegotiation extension and do not allow legacy renegotiation on the server by default (#533125)
Family: unix Class: patch
Reference(s): ELSA-2010-0162
CVE-2010-0433
CVE-2009-3245
CVE-2009-3555
Version: 4
Platform(s): Oracle Linux 5
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27881
 
Oval ID: oval:org.mitre.oval:def:27881
Title: DEPRECATED: ELSA-2010-0166 -- gnutls security update (moderate)
Description: [1.4.1-3.8] - fix safe renegotiation on SSL3 protocol [1.4.1-3.7] - implement safe renegotiation - CVE-2009-3555 (#533125) - do not allow MD2 in certificate signatures by default - CVE-2009-2409 (#510197)
Family: unix Class: patch
Reference(s): ELSA-2010-0166
CVE-2009-2409
CVE-2009-3555
Version: 4
Platform(s): Oracle Linux 5
Product(s): gnutls
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27948
 
Oval ID: oval:org.mitre.oval:def:27948
Title: DEPRECATED: ELSA-2011-0336 -- tomcat5 security update (important)
Description: [0:5.5.23-0jpp.17] - Resolves: rhbz 674599 JDK Double.parseDouble DoS
Family: unix Class: patch
Reference(s): ELSA-2011-0336
CVE-2010-4476
Version: 4
Platform(s): Oracle Linux 5
Product(s): tomcat5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28054
 
Oval ID: oval:org.mitre.oval:def:28054
Title: DEPRECATED: ELSA-2011-0214 -- java-1.6.0-openjdk security update (moderate)
Description: [1.6.0.0-1.36.b17] - removed plugin. How it comes in?! - Resolves: rhbz#676295 [1.6.0.0-1.33.b17] - bumped release number, it was accidentaly reduced, and now lower version then last one was released. - Resolves: rhbz#676295 [1.6.0.0-1.22.b17] - Updated to 1.7.9 tarball - removed patch6, fixed upstrream - Resolves: rhbz#676295
Family: unix Class: patch
Reference(s): ELSA-2011-0214
CVE-2010-4476
Version: 4
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28188
 
Oval ID: oval:org.mitre.oval:def:28188
Title: DEPRECATED: ELSA-2010-0768 -- java-1.6.0-openjdk security and bug fix update (important)
Description: [1.6.0.0-1.16.b17.0.1.el5] - Add oracle-enterprise.patch [1.6.0.0-1.16.b17.el5] - Updated 1.7.5 tarball (contains additional security fixes) - Resolves: bz639951 [1.6.0.0-1.15.b17.el5] - Rebuild - Resolves: bz639951 [1.6.0.0-1.14.b17.el5] - Synched with el6 branch - Updated to IcedTea 1.7.5 - Resolves: bz639951 - Also resolves 619800 and 621303
Family: unix Class: patch
Reference(s): ELSA-2010-0768
CVE-2010-3541
CVE-2010-3548
CVE-2010-3549
CVE-2010-3551
CVE-2010-3553
CVE-2010-3554
CVE-2010-3557
CVE-2010-3561
CVE-2010-3562
CVE-2010-3564
CVE-2010-3565
CVE-2010-3567
CVE-2010-3568
CVE-2010-3569
CVE-2010-3573
CVE-2010-3574
CVE-2009-3555
Version: 4
Platform(s): Oracle Linux 5
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28269
 
Oval ID: oval:org.mitre.oval:def:28269
Title: DEPRECATED: ELSA-2010-0339 -- java-1.6.0-openjdk security update (important)
Description: [1:1.6.0.0-1.11.b16.0.1.el5] - Add oracle-enterprise.patch [1:1.6.0.0-1.11.b16.el5] - Remove javaws alternative due to conflict with java-1.6.0-sun's alternatives [1:1.6.0-1.10.b16] - Update to openjdk build b16 - Update to icedtea6-1.6 - Added tzdata-java requirement - Added autoconf and automake build requirement - Added tzdata-java requirement - Added java-1.6.0-openjdk-gcc-stack-markings.patch - Added java-1.6.0-openjdk-memory-barriers.patch - Added java-1.6.0-openjdk-jar-misc.patch - Added java-1.6.0-openjdk-linux-separate-debuginfo.patch - Added java-1.6.0-openjdk-securitypatches-20100323.patch - Added STRIP_KEEP_SYMTAB=libjvm* to install section, fix bz530402 - Resolves: rhbz#576124 [1:1.6.0-1.8.b09] - Added java-1.6.0-openjdk-debuginfo.patch - Added java-1.6.0-openjdk-elf-debuginfo.patch
Family: unix Class: patch
Reference(s): ELSA-2010-0339
CVE-2010-0082
CVE-2010-0084
CVE-2010-0085
CVE-2010-0088
CVE-2010-0091
CVE-2010-0092
CVE-2010-0093
CVE-2010-0094
CVE-2010-0095
CVE-2010-0837
CVE-2010-0838
CVE-2010-0840
CVE-2010-0845
CVE-2010-0847
CVE-2010-0848
CVE-2009-3555
Version: 4
Platform(s): Oracle Linux 5
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29317
 
Oval ID: oval:org.mitre.oval:def:29317
Title: RHSA-2009:1579 -- httpd security update (Moderate)
Description: Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handle session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client's session (for example, an HTTPS connection to a website). This could force the server to process an attacker's request as if authenticated using the victim's credentials. This update partially mitigates this flaw for SSL sessions to HTTP servers using mod_ssl by rejecting client-requested renegotiation. (CVE-2009-3555)
Family: unix Class: patch
Reference(s): RHSA-2009:1579
CESA-2009:1579-CentOS 3
CESA-2009:1579-CentOS 5
CVE-2009-3094
CVE-2009-3095
CVE-2009-3555
Version: 3
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 3
CentOS Linux 3
CentOS Linux 5
Product(s): httpd
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5739
 
Oval ID: oval:org.mitre.oval:def:5739
Title: HP-UX Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Unauthorized Access
Description: Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0033
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6564
 
Oval ID: oval:org.mitre.oval:def:6564
Title: HP-UX Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Unauthorized Access
Description: Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
Family: unix Class: vulnerability
Reference(s): CVE-2009-0781
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6628
 
Oval ID: oval:org.mitre.oval:def:6628
Title: HP-UX Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Unauthorized Access
Description: Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0580
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7017
 
Oval ID: oval:org.mitre.oval:def:7017
Title: HP-UX Running Tomcat Servlet Engine, Remote Increase in Privilege, Arbitrary File Modification
Description: Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2693
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7033
 
Oval ID: oval:org.mitre.oval:def:7033
Title: HP-UX Running Tomcat Servlet Engine, Remote Increase in Privilege, Arbitrary File Modification
Description: The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3548
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7092
 
Oval ID: oval:org.mitre.oval:def:7092
Title: HP-UX Running Tomcat Servlet Engine, Remote Increase in Privilege, Arbitrary File Modification
Description: Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2902
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7315
 
Oval ID: oval:org.mitre.oval:def:7315
Title: TLS/SSL Renegotiation Vulnerability
Description: The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
Family: windows Class: vulnerability
Reference(s): CVE-2009-3555
Version: 23
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla SeaMonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7478
 
Oval ID: oval:org.mitre.oval:def:7478
Title: VMware ESX, Service Console update for OpenSSL, GnuTLS, NSS and NSPR.
Description: The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3555
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7973
 
Oval ID: oval:org.mitre.oval:def:7973
Title: Security Vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer 3.0 (SSLv3) Protocols Involving Handshake Renegotiation Affects Applications Utilizing Network Security Services (NSS)
Description: The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3555
Version: 1
Platform(s): Sun Solaris 8
Sun Solaris 9
Sun Solaris 10
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8201
 
Oval ID: oval:org.mitre.oval:def:8201
Title: DSA-1934 apache2 -- multiple issues
Description: A design flaw has been found in the TLS and SSL protocol that allows an attacker to inject arbitrary content at the beginning of a TLS/SSL connection. The attack is related to the way how TLS and SSL handle session renegotiations. CVE-2009-3555 has been assigned to this vulnerability. As a partial mitigation against this attack, this apache2 update disables client-initiated renegotiations. This should fix the vulnerability for the majority of Apache configurations in use. NOTE: This is not a complete fix for the problem. The attack is still possible in configurations where the server initiates the renegotiation. This is the case for the following configurations (the information in the changelog of the updated packages is slightly inaccurate): As a workaround, you may rearrange your configuration in a way that SSLVerifyClient and SSLCipherSuite are only used on the server or virtual host level. A complete fix for the problem will require a protocol change. Further information will be included in a separate announcement about this issue. In addition, this update fixes the following issues in Apache's mod_proxy_ftp: Insufficient input validation in the mod_proxy_ftp module allowed remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command. Insufficient input validation in the mod_proxy_ftp module allowed remote authenticated attackers to bypass intended access restrictions and send arbitrary FTP commands to an FTP server. The oldstable distribution (etch), these problems have been fixed in version 2.2.3-4+etch11.
Family: unix Class: patch
Reference(s): DSA-1934
CVE-2009-3094
CVE-2009-3095
CVE-2009-3555
Version: 3
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): apache2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8366
 
Oval ID: oval:org.mitre.oval:def:8366
Title: HP-UX Running Apache, Remote Unauthorized Data Injection, Denial of Service (DoS)
Description: The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3555
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8535
 
Oval ID: oval:org.mitre.oval:def:8535
Title: HP-UX Running OpenSSL, Remote Unauthorized Data Injection, Denial of Service (DoS)
Description: The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3555
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9101
 
Oval ID: oval:org.mitre.oval:def:9101
Title: Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
Description: Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0580
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 4
Application 177
Application 177
Application 134
Application 1
Application 32
Application 255
Application 321
Application 356
Application 105
Os 6
Os 5
Os 4

SAINT Exploits

Description Link
HP Performance Manager Apache Tomcat Policy Bypass More info here

ExploitDB Exploits

id Description
2010-04-22 Apache Tomcat v. 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 information disclosure...
2009-12-21 TLS Renegotiation Vulnerability PoC Exploit

OpenVAS Exploits

Date Description
2012-08-14 Name : Fedora Update for tomcat6 FEDORA-2012-7593
File : nvt/gb_fedora_2012_7593_tomcat6_fc16.nasl
2012-08-10 Name : Gentoo Security Advisory GLSA 201206-18 (GnuTLS)
File : nvt/glsa_201206_18.nasl
2012-08-10 Name : Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
File : nvt/glsa_201206_24.nasl
2012-08-02 Name : SuSE Update for tomcat6 openSUSE-SU-2012:0208-1 (tomcat6)
File : nvt/gb_suse_2012_0208_1.nasl
2012-07-30 Name : CentOS Update for java CESA-2011:0214 centos5 x86_64
File : nvt/gb_CESA-2011_0214_java_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for tomcat5 CESA-2011:0336 centos5 x86_64
File : nvt/gb_CESA-2011_0336_tomcat5_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for tomcat6 CESA-2011:1780 centos6
File : nvt/gb_CESA-2011_1780_tomcat6_centos6.nasl
2012-07-30 Name : CentOS Update for tomcat5 CESA-2011:1845 centos5 x86_64
File : nvt/gb_CESA-2011_1845_tomcat5_centos5_x86_64.nasl
2012-07-09 Name : RedHat Update for tomcat6 RHSA-2011:1780-01
File : nvt/gb_RHSA-2011_1780-01_tomcat6.nasl
2012-06-06 Name : RedHat Update for tomcat6 RHSA-2011:0335-01
File : nvt/gb_RHSA-2011_0335-01_tomcat6.nasl
2012-04-30 Name : Gentoo Security Advisory GLSA 201203-22 (nginx)
File : nvt/glsa_201203_22.nasl
2012-04-02 Name : Fedora Update for apache-commons-daemon FEDORA-2011-10880
File : nvt/gb_fedora_2011_10880_apache-commons-daemon_fc16.nasl
2012-04-02 Name : Fedora Update for tomcat6 FEDORA-2011-13426
File : nvt/gb_fedora_2011_13426_tomcat6_fc16.nasl
2012-03-16 Name : VMSA-2011-0003.2 Third party component updates for VMware vCenter Server, vCe...
File : nvt/gb_VMSA-2011-0003.nasl
2012-03-16 Name : VMSA-2012-0005 VMware vCenter Server, Orchestrator, Update Manager, vShield, ...
File : nvt/gb_VMSA-2012-0005.nasl
2012-03-15 Name : VMSA-2011-0013.2 VMware third party component updates for VMware vCenter Serv...
File : nvt/gb_VMSA-2011-0013.nasl
2012-02-12 Name : Debian Security Advisory DSA 2401-1 (tomcat6)
File : nvt/deb_2401_1.nasl
2012-02-12 Name : Gentoo Security Advisory GLSA 201110-05 (gnutls)
File : nvt/glsa_201110_05.nasl
2012-02-12 Name : Gentoo Security Advisory GLSA 201111-02 (sun-jre-bin sun-jdk emul-linux-x86-j...
File : nvt/glsa_201111_02.nasl
2012-02-06 Name : Mac OS X Multiple Vulnerabilities (2012-001)
File : nvt/gb_macosx_su12-001.nasl
2012-01-16 Name : Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
File : nvt/gb_apache_tomcat_mult_security_bypass_vuln_win.nasl
2011-12-23 Name : CentOS Update for tomcat5 CESA-2011:1845 centos5 i386
File : nvt/gb_CESA-2011_1845_tomcat5_centos5_i386.nasl
2011-12-23 Name : RedHat Update for tomcat5 RHSA-2011:1845-01
File : nvt/gb_RHSA-2011_1845-01_tomcat5.nasl
2011-12-16 Name : Ubuntu Update for commons-daemon USN-1298-1
File : nvt/gb_ubuntu_USN_1298_1.nasl
2011-11-11 Name : Fedora Update for tomcat6 FEDORA-2011-15005
File : nvt/gb_fedora_2011_15005_tomcat6_fc15.nasl
2011-11-11 Name : Ubuntu Update for tomcat6 USN-1252-1
File : nvt/gb_ubuntu_USN_1252_1.nasl
2011-10-21 Name : Fedora Update for tomcat6 FEDORA-2011-13456
File : nvt/gb_fedora_2011_13456_tomcat6_fc15.nasl
2011-10-21 Name : Fedora Update for tomcat6 FEDORA-2011-13457
File : nvt/gb_fedora_2011_13457_tomcat6_fc14.nasl
2011-10-21 Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-14638
File : nvt/gb_fedora_2011_14638_java-1.6.0-openjdk_fc14.nasl
2011-10-21 Name : Mandriva Update for tomcat5 MDVSA-2011:156 (tomcat5)
File : nvt/gb_mandriva_MDVSA_2011_156.nasl
2011-10-20 Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2011-006)
File : nvt/gb_macosx_su11-006.nasl
2011-09-09 Name : Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
File : nvt/gb_tomcat_48667.nasl
2011-09-08 Name : Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
File : nvt/gb_tomcat_48456.nasl
2011-09-08 Name : Apache Tomcat AJP Protocol Security Bypass Vulnerability
File : nvt/gb_tomcat_49353.nasl
2011-08-31 Name : Fedora Update for apache-commons-daemon FEDORA-2011-10936
File : nvt/gb_fedora_2011_10936_apache-commons-daemon_fc15.nasl
2011-08-29 Name : Java for Mac OS X 10.5 Update 9
File : nvt/secpod_macosx_java_10_5_upd_9.nasl
2011-08-29 Name : Java for Mac OS X 10.6 Update 4
File : nvt/secpod_macosx_java_10_6_upd_4.nasl
2011-08-17 Name : Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
File : nvt/gb_tomcat_49143.nasl
2011-08-12 Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-9523
File : nvt/gb_fedora_2011_9523_java-1.6.0-openjdk_fc14.nasl
2011-08-09 Name : CentOS Update for tomcat5 CESA-2009:1164 centos5 i386
File : nvt/gb_CESA-2009_1164_tomcat5_centos5_i386.nasl
2011-08-09 Name : CentOS Update for httpd CESA-2009:1579 centos3 i386
File : nvt/gb_CESA-2009_1579_httpd_centos3_i386.nasl
2011-08-09 Name : CentOS Update for httpd CESA-2009:1579 centos5 i386
File : nvt/gb_CESA-2009_1579_httpd_centos5_i386.nasl
2011-08-09 Name : CentOS Update for httpd CESA-2009:1580 centos4 i386
File : nvt/gb_CESA-2009_1580_httpd_centos4_i386.nasl
2011-08-09 Name : CentOS Update for openssl CESA-2010:0162 centos5 i386
File : nvt/gb_CESA-2010_0162_openssl_centos5_i386.nasl
2011-08-09 Name : CentOS Update for openssl097a CESA-2010:0164 centos5 i386
File : nvt/gb_CESA-2010_0164_openssl097a_centos5_i386.nasl
2011-08-09 Name : CentOS Update for nspr CESA-2010:0165 centos5 i386
File : nvt/gb_CESA-2010_0165_nspr_centos5_i386.nasl
2011-08-09 Name : CentOS Update for gnutls CESA-2010:0166 centos5 i386
File : nvt/gb_CESA-2010_0166_gnutls_centos5_i386.nasl
2011-08-09 Name : CentOS Update for java CESA-2010:0339 centos5 i386
File : nvt/gb_CESA-2010_0339_java_centos5_i386.nasl
2011-08-09 Name : CentOS Update for tomcat5 CESA-2010:0580 centos5 i386
File : nvt/gb_CESA-2010_0580_tomcat5_centos5_i386.nasl
2011-08-09 Name : CentOS Update for java CESA-2010:0768 centos5 i386
File : nvt/gb_CESA-2010_0768_java_centos5_i386.nasl
2011-08-09 Name : CentOS Update for java CESA-2011:0214 centos5 i386
File : nvt/gb_CESA-2011_0214_java_centos5_i386.nasl
2011-08-09 Name : CentOS Update for tomcat5 CESA-2011:0336 centos5 i386
File : nvt/gb_CESA-2011_0336_tomcat5_centos5_i386.nasl
2011-06-20 Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-8003
File : nvt/gb_fedora_2011_8003_java-1.6.0-openjdk_fc14.nasl
2011-06-20 Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-8020
File : nvt/gb_fedora_2011_8020_java-1.6.0-openjdk_fc13.nasl
2011-06-06 Name : HP-UX Update for Java HPSBUX02685
File : nvt/gb_hp_ux_HPSBUX02685.nasl
2011-05-12 Name : Debian Security Advisory DSA 2207-1 (tomcat5.5)
File : nvt/deb_2207_1.nasl
2011-05-05 Name : HP-UX Update for Apache Web Server HPSBUX02645
File : nvt/gb_hp_ux_HPSBUX02645.nasl
2011-04-01 Name : Mandriva Update for java-1.6.0-openjdk MDVSA-2011:054 (java-1.6.0-openjdk)
File : nvt/gb_mandriva_MDVSA_2011_054.nasl
2011-03-15 Name : RedHat Update for tomcat5 RHSA-2011:0336-01
File : nvt/gb_RHSA-2011_0336-01_tomcat5.nasl
2011-03-09 Name : Gentoo Security Advisory GLSA 201006-18 (sun-jre-bin sun-jdk emul-linux-x86-j...
File : nvt/glsa_201006_18.nasl
2011-03-07 Name : Debian Security Advisory DSA 2161-1 (openjdk-6)
File : nvt/deb_2161_1.nasl
2011-03-07 Name : Debian Security Advisory DSA 2161-2 (openjdk-6)
File : nvt/deb_2161_2.nasl
2011-03-07 Name : Ubuntu Update for openjdk-6 vulnerabilities USN-1079-1
File : nvt/gb_ubuntu_USN_1079_1.nasl
2011-02-28 Name : SuSE Update for java-1_6_0-sun SUSE-SA:2011:010
File : nvt/gb_suse_2011_010.nasl
2011-02-28 Name : Oracle Java SE Multiple Unspecified Vulnerabilities (Windows)
File : nvt/secpod_oracle_java_mult_unspecified_vuln_win_feb11.nasl
2011-02-18 Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-1631
File : nvt/gb_fedora_2011_1631_java-1.6.0-openjdk_fc13.nasl
2011-02-18 Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-1645
File : nvt/gb_fedora_2011_1645_java-1.6.0-openjdk_fc14.nasl
2011-02-16 Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-1231
File : nvt/gb_fedora_2011_1231_java-1.6.0-openjdk_fc13.nasl
2011-02-16 Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-1263
File : nvt/gb_fedora_2011_1263_java-1.6.0-openjdk_fc14.nasl
2011-02-11 Name : RedHat Update for java-1.6.0-openjdk RHSA-2011:0214-01
File : nvt/gb_RHSA-2011_0214-01_java-1.6.0-openjdk.nasl
2011-01-04 Name : HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
File : nvt/gb_hp_ux_HPSBUX02579.nasl
2011-01-04 Name : HP-UX Update for Java HPSBUX02608
File : nvt/gb_hp_ux_HPSBUX02608.nasl
2010-12-02 Name : Fedora Update for java-1.6.0-openjdk FEDORA-2010-16312
File : nvt/gb_fedora_2010_16312_java-1.6.0-openjdk_fc14.nasl
2010-11-23 Name : Fedora Update for openssl FEDORA-2010-17826
File : nvt/gb_fedora_2010_17826_openssl_fc12.nasl
2010-11-16 Name : Fedora Update for nss FEDORA-2010-15989
File : nvt/gb_fedora_2010_15989_nss_fc12.nasl
2010-11-16 Name : Fedora Update for tomcat6 FEDORA-2010-16248
File : nvt/gb_fedora_2010_16248_tomcat6_fc12.nasl
2010-11-16 Name : Fedora Update for proftpd FEDORA-2010-17220
File : nvt/gb_fedora_2010_17220_proftpd_fc12.nasl
2010-11-04 Name : Ubuntu Update for openjdk-6, openjdk-6b18 vulnerabilities USN-1010-1
File : nvt/gb_ubuntu_USN_1010_1.nasl
2010-10-22 Name : Fedora Update for java-1.6.0-openjdk FEDORA-2010-16240
File : nvt/gb_fedora_2010_16240_java-1.6.0-openjdk_fc12.nasl
2010-10-22 Name : Fedora Update for java-1.6.0-openjdk FEDORA-2010-16294
File : nvt/gb_fedora_2010_16294_java-1.6.0-openjdk_fc13.nasl
2010-10-19 Name : RedHat Update for java-1.6.0-openjdk RHSA-2010:0768-01
File : nvt/gb_RHSA-2010_0768-01_java-1.6.0-openjdk.nasl
2010-09-27 Name : Ubuntu Update for openssl vulnerability USN-990-1
File : nvt/gb_ubuntu_USN_990_1.nasl
2010-09-27 Name : Ubuntu Update for apache2 vulnerability USN-990-2
File : nvt/gb_ubuntu_USN_990_2.nasl
2010-09-14 Name : Mandriva Update for tomcat5 MDVSA-2010:176 (tomcat5)
File : nvt/gb_mandriva_MDVSA_2010_176.nasl
2010-09-14 Name : Mandriva Update for tomcat5 MDVSA-2010:177 (tomcat5)
File : nvt/gb_mandriva_MDVSA_2010_177.nasl
2010-08-11 Name : Remote Code Execution Vulnerabilities in SChannel (980436)
File : nvt/secpod_ms10-049.nasl
2010-08-06 Name : RedHat Update for tomcat5 RHSA-2010:0580-01
File : nvt/gb_RHSA-2010_0580-01_tomcat5.nasl
2010-07-26 Name : Ubuntu Update for nss vulnerability USN-927-6
File : nvt/gb_ubuntu_USN_927_6.nasl
2010-07-02 Name : Ubuntu Update for nss vulnerability USN-927-4
File : nvt/gb_ubuntu_USN_927_4.nasl
2010-07-02 Name : Ubuntu Update for nspr update USN-927-5
File : nvt/gb_ubuntu_USN_927_5.nasl
2010-06-28 Name : Fedora Update for gnutls FEDORA-2010-9487
File : nvt/gb_fedora_2010_9487_gnutls_fc12.nasl
2010-06-25 Name : Fedora Update for openssl FEDORA-2010-9421
File : nvt/gb_fedora_2010_9421_openssl_fc11.nasl
2010-06-25 Name : Fedora Update for gnutls FEDORA-2010-9518
File : nvt/gb_fedora_2010_9518_gnutls_fc13.nasl
2010-06-23 Name : HP-UX Update for Tomcat Servlet Engine HPSBUX02541
File : nvt/gb_hp_ux_HPSBUX02541.nasl
2010-06-18 Name : Fedora Update for openssl FEDORA-2010-9639
File : nvt/gb_fedora_2010_9639_openssl_fc12.nasl
2010-06-07 Name : Fedora Update for httpd FEDORA-2010-6055
File : nvt/gb_fedora_2010_6055_httpd_fc12.nasl
2010-06-07 Name : HP-UX Update for Java HPSBUX02524
File : nvt/gb_hp_ux_HPSBUX02524.nasl
2010-05-28 Name : Fedora Update for openssl FEDORA-2010-8742
File : nvt/gb_fedora_2010_8742_openssl_fc12.nasl
2010-05-28 Name : Java for Mac OS X 10.5 Update 7
File : nvt/macosx_java_for_10_5_upd_7.nasl
2010-05-28 Name : Java for Mac OS X 10.6 Update 2
File : nvt/macosx_java_for_10_6_upd_2.nasl
2010-05-12 Name : Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002
File : nvt/macosx_upd_10_6_3_secupd_2010-002.nasl
2010-05-07 Name : Fedora Update for httpd FEDORA-2010-6131
File : nvt/gb_fedora_2010_6131_httpd_fc11.nasl
2010-05-04 Name : FreeBSD Ports: tomcat
File : nvt/freebsd_tomcat.nasl
2010-04-30 Name : HP-UX Update for OpenSSL HPSBUX02517
File : nvt/gb_hp_ux_HPSBUX02517.nasl
2010-04-30 Name : Mandriva Update for java-1.6.0-openjdk MDVSA-2010:084 (java-1.6.0-openjdk)
File : nvt/gb_mandriva_MDVSA_2010_084.nasl
2010-04-29 Name : Mandriva Update for firefox MDVSA-2010:070-1 (firefox)
File : nvt/gb_mandriva_MDVSA_2010_070_1.nasl
2010-04-29 Name : Mandriva Update for openssl MDVSA-2010:076-1 (openssl)
File : nvt/gb_mandriva_MDVSA_2010_076_1.nasl
2010-04-29 Name : SuSE Update for MozillaFirefox,MozillaThunderbird,seamonkey,mozilla-nss SUSE-...
File : nvt/gb_suse_2010_021.nasl
2010-04-29 Name : Apache Tomcat Security bypass vulnerability
File : nvt/secpod_apache_tomcat_sec_bypass_vuln.nasl
2010-04-23 Name : Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnera...
File : nvt/gb_apache_tomcat_39635.nasl
2010-04-19 Name : Fedora Update for openssl FEDORA-2010-5357
File : nvt/gb_fedora_2010_5357_openssl_fc11.nasl
2010-04-19 Name : Mandriva Update for openssl MDVSA-2010:076 (openssl)
File : nvt/gb_mandriva_MDVSA_2010_076.nasl
2010-04-16 Name : Mandriva Update for firefox MDVSA-2010:070 (firefox)
File : nvt/gb_mandriva_MDVSA_2010_070.nasl
2010-04-16 Name : Ubuntu Update for nss vulnerability USN-927-1
File : nvt/gb_ubuntu_USN_927_1.nasl
2010-04-09 Name : Fedora Update for java-1.6.0-openjdk FEDORA-2010-6025
File : nvt/gb_fedora_2010_6025_java-1.6.0-openjdk_fc12.nasl
2010-04-09 Name : Fedora Update for java-1.6.0-openjdk FEDORA-2010-6039
File : nvt/gb_fedora_2010_6039_java-1.6.0-openjdk_fc11.nasl
2010-04-09 Name : Mandriva Update for nss MDVSA-2010:069 (nss)
File : nvt/gb_mandriva_MDVSA_2010_069.nasl
2010-04-09 Name : Ubuntu Update for openjdk-6 vulnerabilities USN-923-1
File : nvt/gb_ubuntu_USN_923_1.nasl
2010-04-07 Name : Oracle Java SE Multiple Vulnerabilities (Linux)
File : nvt/gb_oracle_java_se_mult_vuln_lin_apr10.nasl
2010-04-07 Name : Oracle Java SE Multiple Vulnerabilities (Windows)
File : nvt/gb_oracle_java_se_mult_vuln_win_apr10.nasl
2010-04-06 Name : FreeBSD Ports: seamonkey
File : nvt/freebsd_seamonkey0.nasl
2010-04-06 Name : RedHat Update for java-1.6.0-openjdk RHSA-2010:0339-01
File : nvt/gb_RHSA-2010_0339-01_java-1.6.0-openjdk.nasl
2010-04-06 Name : Mac OS X Security Update 2010-001
File : nvt/macosx_secupd_2010-001.nasl
2010-03-31 Name : CentOS Update for openssl CESA-2010:0163 centos3 i386
File : nvt/gb_CESA-2010_0163_openssl_centos3_i386.nasl
2010-03-31 Name : CentOS Update for openssl CESA-2010:0163 centos4 i386
File : nvt/gb_CESA-2010_0163_openssl_centos4_i386.nasl
2010-03-31 Name : CentOS Update for nspr CESA-2010:0165 centos4 i386
File : nvt/gb_CESA-2010_0165_nspr_centos4_i386.nasl
2010-03-31 Name : CentOS Update for gnutls CESA-2010:0167 centos4 i386
File : nvt/gb_CESA-2010_0167_gnutls_centos4_i386.nasl
2010-03-31 Name : RedHat Update for openssl RHSA-2010:0162-01
File : nvt/gb_RHSA-2010_0162-01_openssl.nasl
2010-03-31 Name : RedHat Update for openssl RHSA-2010:0163-01
File : nvt/gb_RHSA-2010_0163-01_openssl.nasl
2010-03-31 Name : RedHat Update for openssl097a RHSA-2010:0164-01
File : nvt/gb_RHSA-2010_0164-01_openssl097a.nasl
2010-03-31 Name : RedHat Update for nss RHSA-2010:0165-01
File : nvt/gb_RHSA-2010_0165-01_nss.nasl
2010-03-31 Name : RedHat Update for gnutls RHSA-2010:0166-01
File : nvt/gb_RHSA-2010_0166-01_gnutls.nasl
2010-03-31 Name : RedHat Update for gnutls RHSA-2010:0167-01
File : nvt/gb_RHSA-2010_0167-01_gnutls.nasl
2010-03-31 Name : Fedora Update for nss FEDORA-2010-3905
File : nvt/gb_fedora_2010_3905_nss_fc11.nasl
2010-03-12 Name : Mandriva Update for cacti MDVA-2010:089 (cacti)
File : nvt/gb_mandriva_MDVA_2010_089.nasl
2010-03-02 Name : Fedora Update for httpd FEDORA-2009-12747
File : nvt/gb_fedora_2009_12747_httpd_fc11.nasl
2010-03-02 Name : Fedora Update for nss FEDORA-2010-1127
File : nvt/gb_fedora_2010_1127_nss_fc12.nasl
2010-03-02 Name : Mandriva Update for rsh MDVA-2010:076 (rsh)
File : nvt/gb_mandriva_MDVA_2010_076.nasl
2010-03-02 Name : Mandriva Update for x11-driver-video-ati MDVA-2010:084 (x11-driver-video-ati)
File : nvt/gb_mandriva_MDVA_2010_084.nasl
2010-02-19 Name : Mandriva Update for mandriva-release MDVA-2010:069 (mandriva-release)
File : nvt/gb_mandriva_MDVA_2010_069.nasl
2010-02-15 Name : Ubuntu Update for tomcat6 vulnerabilities USN-899-1
File : nvt/gb_ubuntu_USN_899_1.nasl
2010-02-11 Name : Microsoft Windows TLS/SSL Spoofing Vulnerability (977377)
File : nvt/gb_ms_tls_ssl_spoofing_vuln.nasl
2010-01-28 Name : Apache Tomcat Multiple Vulnerabilities January 2010
File : nvt/apache_tomcat_multiple_vulnerabilities_jan_10.nasl
2009-12-30 Name : Fedora Core 12 FEDORA-2009-12229 (tomcat-native)
File : nvt/fcore_2009_12229.nasl
2009-12-30 Name : Fedora Core 11 FEDORA-2009-12305 (tomcat-native)
File : nvt/fcore_2009_12305.nasl
2009-12-30 Name : Fedora Core 12 FEDORA-2009-12606 (httpd)
File : nvt/fcore_2009_12606.nasl
2009-12-30 Name : Fedora Core 11 FEDORA-2009-13236 (proftpd)
File : nvt/fcore_2009_13236.nasl
2009-12-30 Name : Fedora Core 12 FEDORA-2009-13250 (proftpd)
File : nvt/fcore_2009_13250.nasl
2009-12-14 Name : Fedora Core 10 FEDORA-2009-12604 (httpd)
File : nvt/fcore_2009_12604.nasl
2009-12-14 Name : Fedora Core 12 FEDORA-2009-12968 (nss-util)
File : nvt/fcore_2009_12968.nasl
2009-12-14 Name : Gentoo Security Advisory GLSA 200912-01 (openssl)
File : nvt/glsa_200912_01.nasl
2009-12-10 Name : Fedora Core 12 FEDORA-2009-12750 (nginx)
File : nvt/fcore_2009_12750.nasl
2009-12-10 Name : Fedora Core 10 FEDORA-2009-12775 (nginx)
File : nvt/fcore_2009_12775.nasl
2009-12-10 Name : Fedora Core 11 FEDORA-2009-12782 (nginx)
File : nvt/fcore_2009_12782.nasl
2009-12-10 Name : FreeBSD Security Advisory (FreeBSD-SA-09:15.ssl.asc)
File : nvt/freebsdsa_ssl.nasl
2009-12-10 Name : Mandriva Security Advisory MDVSA-2009:323 (apache)
File : nvt/mdksa_2009_323.nasl
2009-12-03 Name : Fedora Core 12 FEDORA-2009-11352 (tomcat6)
File : nvt/fcore_2009_11352.nasl
2009-12-03 Name : Fedora Core 10 FEDORA-2009-11356 (tomcat6)
File : nvt/fcore_2009_11356.nasl
2009-12-03 Name : Fedora Core 11 FEDORA-2009-11374 (tomcat6)
File : nvt/fcore_2009_11374.nasl
2009-11-23 Name : SLES9: Security update for OpenSSL
File : nvt/sles9p5062661.nasl
2009-11-23 Name : SuSE Security Advisory SUSE-SA:2009:057 (openssl)
File : nvt/suse_sa_2009_057.nasl
2009-11-17 Name : RedHat Security Advisory RHSA-2009:1579
File : nvt/RHSA_2009_1579.nasl
2009-11-17 Name : RedHat Security Advisory RHSA-2009:1580
File : nvt/RHSA_2009_1580.nasl
2009-11-17 Name : CentOS Security Advisory CESA-2009:1579 (httpd)
File : nvt/ovcesa2009_1579.nasl
2009-11-17 Name : CentOS Security Advisory CESA-2009:1580 (httpd)
File : nvt/ovcesa2009_1580.nasl
2009-11-17 Name : Apache Tomcat Windows Installer Privilege Escalation Vulnerability
File : nvt/secpod_apache_tomcat_priv_esc_vuln_win.nasl
2009-11-17 Name : SLES10: Security update for OpenSSL
File : nvt/sles10_compat-openssl02.nasl
2009-11-17 Name : SLES10: Security update for OpenSSL
File : nvt/sles10_openssl3.nasl
2009-11-17 Name : SLES11: Security update for libopenssl
File : nvt/sles11_libopenssl0_9_82.nasl
2009-11-11 Name : RedHat Security Advisory RHSA-2009:1562
File : nvt/RHSA_2009_1562.nasl
2009-11-11 Name : RedHat Security Advisory RHSA-2009:1563
File : nvt/RHSA_2009_1563.nasl
2009-10-22 Name : HP-UX Update for Tomcat Servlet Engine HPSBUX02466
File : nvt/gb_hp_ux_HPSBUX02466.nasl
2009-10-13 Name : SLES10: Security update for Tomcat 5
File : nvt/sles10_tomcat52.nasl
2009-10-13 Name : SLES10: Security update for Websphere Community Edition
File : nvt/sles10_websphere-as_ce.nasl
2009-10-11 Name : SLES11: Security update for Websphere Community Edition
File : nvt/sles11_websphere-as_ce.nasl
2009-10-10 Name : SLES9: Security update for Tomcat
File : nvt/sles9p5055024.nasl
2009-08-17 Name : Mandrake Security Advisory MDVSA-2009:163 (tomcat5)
File : nvt/mdksa_2009_163.nasl
2009-08-17 Name : CentOS Security Advisory CESA-2009:1164 (tomcat)
File : nvt/ovcesa2009_1164.nasl
2009-08-17 Name : SuSE Security Summary SUSE-SR:2009:013
File : nvt/suse_sr_2009_013.nasl
2009-07-29 Name : RedHat Security Advisory RHSA-2009:1164
File : nvt/RHSA_2009_1164.nasl
2009-07-06 Name : SuSE Security Summary SUSE-SR:2009:012
File : nvt/suse_sr_2009_012.nasl
2009-06-30 Name : Mandrake Security Advisory MDVSA-2009:136 (tomcat5)
File : nvt/mdksa_2009_136.nasl
2009-06-30 Name : Mandrake Security Advisory MDVSA-2009:138 (tomcat5)
File : nvt/mdksa_2009_138.nasl
2009-06-30 Name : Ubuntu USN-789-1 (gst-plugins-good0.10)
File : nvt/ubuntu_789_1.nasl
2009-06-23 Name : Ubuntu USN-788-1 (tomcat6)
File : nvt/ubuntu_788_1.nasl
2009-06-16 Name : Apache Tomcat Multiple Vulnerabilities June-09
File : nvt/gb_apache_tomcat_mult_vuln_jun09.nasl
2009-03-18 Name : Apache Tomcat cal2.jsp Cross Site Scripting Vulnerability
File : nvt/gb_apache_tomcat_xss_vuln.nasl
0000-00-00 Name : Slackware Advisory SSA:2009-320-01 openssl
File : nvt/esoft_slk_ssa_2009_320_01.nasl
0000-00-00 Name : Slackware Advisory SSA:2010-067-01 httpd
File : nvt/esoft_slk_ssa_2010_067_01.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
77832 Parallels Plesk Panel Billing System TLS Renegotiation Handshakes MiTM Plaint...

76189 Apache Tomcat HTTP DIGEST Authentication Weakness

75622 Blue Coat Director TLS Renegotiation Handshakes MiTM Plaintext Data Injection

74818 Apache Tomcat AJP Message Injection Authentication Bypass

Apache Tomcat contains a flaw related to the processing of certain requests. The issue is triggered when a remote attacker injects arbitrary AJP messages. This may disclose sensitive information to an attacker or allow them to bypass authentication.
74541 Apache Tomcat Commons Daemon Jsvc Permissions Weakness Arbitrary File Access

74335 Hitachi Web Server TLS Renegotiation Handshakes MiTM Plaintext Data Injection

Hitachi Web Server contains a flaw related to the SSL protocol failing to properly associate renegotiation handshakes with an existing connection, allowing a man-in-the-middle attacker to insert data into HTTPS sessions, and possibly other sessions which are protected by TLS or SSL. The issue is triggered when a remote attacker sends an unauthenticated request which is processed retroactively by the server in a post-renegotiation context, related to a plaintext injection attack.
73798 Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS

73797 Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Res...

73429 Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure

71961 Oracle Fusion Middleware Oracle WebLogic Server TLS Renegotiation Handshakes ...

Oracle Fusion Middleware contains a flaw related to the Oracle WebLogic Server component. The component fails to properly associate renegotiation handshakes with an existing connection, allowing a man-in-the-middle attacker to insert data into HTTPS sessions, and possibly other sessions which are protected by TLS or SSL. The issue is triggered when a remote attacker sends an unauthenticated request which is processed retroactively by the server in a post-renegotiation context, related to a plaintext injection attack.
71951 Oracle Multiple Products Oracle Security Service TLS Renegotiation Handshakes...

Oracle Database and Fusion Middleware contain a flaw related to the Oracle Security Service component. The component fails to properly associate renegotiation handshakes with an existing connection, allowing a man-in-the-middle attacker to insert data into HTTPS sessions, and possibly other sessions which are protected by TLS or SSL. The issue is triggered when a remote attacker sends an unauthenticated request which is processed retroactively by the server in a post-renegotiation context, related to a plaintext injection attack.
70965 Oracle Java SE / Java for Business Double.parseDouble Method Floating Point ...

Oracle Java SE and Java for Business contain a flaw that may allow a remote denial of service. The issue is triggered when the 'Double.parseDouble' method in JRE allows remote attackers to trigger an infinite loop with a crafted string, resulting in a denial of service.
70620 mGuard TLS Renegotiation Handshakes MiTM Plaintext Data Injection

mGuard contains a flaw related to the TLS protocol's failure to properly associate renegotiation handshakes with an existing connection. The issue is triggered when a man-in-the-middle attacker uses unauthenticated requests processed retroactively. This may allow an attacker to inject data into HTTPS sessions.
70055 Oracle Supply Chain Transportation Management TLS Renegotiation Handshakes Mi...

Oracle Supply Chain contains a flaw related to the Transportation Management component. The component fails to properly associate renegotiation handshakes with an existing connection, allowing a man-in-the-middle attacker to insert data into HTTPS sessions, and possibly other sessions which are protected by TLS or SSL. The issue is triggered when a remote attacker sends an unauthenticated request which is processed retroactively by the server in a post-renegotiation context, related to a plaintext injection attack.
69561 IBM WebSphere MQ Internet Pass-Thru TLS Renegotiation Handshake MiTM Plaintex...

IBM WebSphere MQ Internet Pass-Thru contains a flaw related to the TLS Renegotiation Handshake protocol. The issue is triggered when a remote attacker uses a MiTM attack to insert arbitrary plaintext into data sent by a legitimate client.
69032 Oracle Java SE / Java for Business TLS Renegotiation Handshake MiTM Plaintext...

Oracle Java SE and Java for Business contains a flaw related to the JSSE component. The application fails to properly associate renegotiation handshakes with an existing connection, allowing a MiTM attacker to use an unauthenticated request to insert data into HTTPS sessions, related to a 'plaintext injection' attack
67029 HP Threat Management Services zl Module TLS Renegotiation Handshakes MiTM Pla...

66315 HP Insight Manager TLS Renegotiation Handshakes MiTM Plaintext Data Injection

65202 OpenOffice.org (OOo) TLS Renegotiation Handshakes MiTM Plaintext Data Injection

64725 HP System Management Homepage (SMH) TLS Renegotiation Handshakes MiTM Plainte...

64499 ArubaOS HTTPS WebUI Admin Interface TLS Renegotiation Handshakes MiTM Plainte...

64040 IBM DB2 TLS Renegotiation Handshakes MiTM Plaintext Data Injection

64023 Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure

62877 SSH Tectia Audit Player TLS Renegotiation Handshakes MiTM Plaintext Data Inje...

62536 Blue Coat Products TLS Renegotiation Handshakes MiTM Plaintext Data Injection

62273 Opera TLS Renegotiation Handshakes MiTM Plaintext Data Injection

62210 Aruba Mobility Controller TLS Renegotiation Handshakes MiTM Plaintext Data In...

62135 Network Security Services (NSS) TLS Renegotiation Handshakes MiTM Plaintext D...

62064 IBM Java TLS Renegotiation Handshakes MiTM Plaintext Data Injection

62054 Apache Tomcat WAR Filename Traversal Work-directory File Deletion

Apache Tomcat contains a flaw that allows a remote attacker to traverse outside of a restricted path of the host's work directory. The issue is due to Apache Tomcat not properly sanitizing the contents of a WAR file before it is deployed, which could be exploited by a directory traversal sequence in the file name(s) to delete and possibly create malicious files in the host's work directory.
62053 Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication...

62052 Apache Tomcat WAR File Traversal Arbitrary File Overwrite

Apache Tomcat contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the program not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via file names of files contained in a WAR file. This directory traversal attack would allow the attacker to create or overwrite arbitrary files.
61929 IBM WebSphere Application Server TLS Renegotiation Handshakes MiTM Plaintext ...

61785 Avaya Products Multiple Product TLS Renegotiation Handshakes MiTM Plaintext D...

61784 Sun Java System Multiple Product TLS Renegotiation Handshakes MiTM Plaintext ...

61718 IBM WebSphere DataPower TLS Renegotiation Handshakes MiTM Plaintext Data Inje...

61234 IBM SDK for Java TLS Renegotiation Handshakes MiTM Plaintext Data Injection

60521 Ingate Firewall/SIParator SSL / TLS Renegotiation Handshakes MiTM Plaintext D...

60366 Cisco Multiple Devices TLS Renegotiation Handshakes MiTM Plaintext Data Injec...

60176 Apache Tomcat Windows Installer Admin Default Password

59974 MatrixSSL TLS Renegotiation Handshakes MiTM Plaintext Data Injection

59973 Citrix Secure Gateway TLS Renegotiation Handshakes MiTM Plaintext Data Injection

59972 GnuTLS TLS Renegotiation Handshakes MiTM Plaintext Data Injection

59971 OpenSSL TLS Renegotiation Handshakes MiTM Plaintext Data Injection

59970 Mozilla Network Security Services (NSS) SSL / TLS Renegotiation Handshakes Mi...

59969 Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext ...

59968 Microsoft Multiple Products SSL / TLS Renegotiation Handshakes MiTM Plaintext...

55055 Apache Tomcat Illegally URL Encoded Password Request Username Enumeration

55054 Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Heade...

52899 Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp ...

Apache Tomcat Examples Web Application Calendar Application contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'time' parameter upon submission to the 'jsp/cal/cal2.jsp' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

Information Assurance Vulnerability Management (IAVM)

Date Description
2012-05-03 IAVM : 2012-B-0048 - Multiple Vulnerabilities in HP Systems Insight Manager
Severity : Category I - VMSKEY : V0032178
2012-04-05 IAVM : 2012-B-0038 - Multiple Vulnerabilities in HP Onboard Administrator
Severity : Category I - VMSKEY : V0031972
2011-12-15 IAVM : 2011-A-0173 - Multiple Vulnerabilities in VMware ESX 4.0
Severity : Category I - VMSKEY : V0030824
2011-12-01 IAVM : 2011-A-0160 - Multiple Vulnerabilities in VMware vCenter Server 4.0 and vCenter Update Mana...
Severity : Category I - VMSKEY : V0030769
2011-05-12 IAVM : 2011-A-0066 - Multiple Vulnerabilities in VMware Products
Severity : Category I - VMSKEY : V0027158

Snort® IPS/IDS

Date Description
2014-01-10 Apache Tomcat Java AJP connector invalid header timeout denial of service att...
RuleID : 20613 - Revision : 2 - Type : SPECIFIC-THREATS
2014-01-10 Apache Tomcat Java AJP connector invalid header timeout DOS attempt
RuleID : 20612 - Revision : 10 - Type : SERVER-APACHE
2014-01-10 Java floating point number denial of service - via POST
RuleID : 18471 - Revision : 8 - Type : SERVER-WEBAPP
2014-01-10 Java floating point number denial of service - via URI
RuleID : 18470 - Revision : 9 - Type : SERVER-WEBAPP
2014-01-10 Apache Tomcat username enumeration attempt
RuleID : 18096 - Revision : 7 - Type : SERVER-APACHE
2014-01-10 HP Performance Manager Apache Tomcat policy bypass attempt
RuleID : 17156 - Revision : 8 - Type : SERVER-APACHE

Nessus® Vulnerability Scanner

Date Description
2018-04-03 Name : The remote web server may allow remote code execution.
File : iis_7_pci.nasl - Type : ACT_GATHER_INFO
2018-03-09 Name : The remote web server is affected by multiple vulnerabilities.
File : nginx_0_7_64.nasl - Type : ACT_GATHER_INFO
2017-11-17 Name : The remote host is affected by a MITM vulnerability.
File : fortios_FG-IR-17-137.nasl - Type : ACT_GATHER_INFO
2016-03-08 Name : The remote VMware ESX host is missing a security-related patch.
File : vmware_VMSA-2010-0015_remote.nasl - Type : ACT_GATHER_INFO
2016-03-08 Name : The remote VMware ESX host is missing a security-related patch.
File : vmware_VMSA-2010-0019_remote.nasl - Type : ACT_GATHER_INFO
2016-03-04 Name : The remote VMware ESX / ESXi host is missing a security-related patch.
File : vmware_VMSA-2011-0003_remote.nasl - Type : ACT_GATHER_INFO
2016-03-04 Name : The remote VMware ESX / ESXi host is missing a security-related patch.
File : vmware_VMSA-2011-0013_remote.nasl - Type : ACT_GATHER_INFO
2016-03-03 Name : The remote host is missing a security-related patch.
File : vmware_VMSA-2009-0016_remote.nasl - Type : ACT_GATHER_INFO
2016-03-03 Name : The remote VMware ESXi / ESX host is missing a security-related patch.
File : vmware_VMSA-2012-0005_remote.nasl - Type : ACT_GATHER_INFO
2016-01-25 Name : The remote Debian host is missing a security update.
File : debian_DLA-400.nasl - Type : ACT_GATHER_INFO
2015-05-11 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3253.nasl - Type : ACT_GATHER_INFO
2015-01-19 Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_tomcat_20140401.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote OracleVM host is missing a security update.
File : oraclevm_OVMSA-2014-0007.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote OracleVM host is missing a security update.
File : oraclevm_OVMSA-2014-0008.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0680.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0682.nasl - Type : ACT_GATHER_INFO
2014-10-10 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL10737.nasl - Type : ACT_GATHER_INFO
2014-06-30 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201406-32.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-883.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-884.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_compat-openssl097g-110721.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_gnutls-101025.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_gnutls-101206.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_java-1_6_0-openjdk-101103.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_java-1_6_0-sun-101019.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_java-1_6_0-sun-110217.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_tomcat6-100719.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_tomcat6-110815.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_tomcat6-110916.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_compat-openssl097g-110721.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_jakarta-commons-daemon-110916.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_java-1_6_0-sun-110314.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_tomcat6-110815.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_tomcat6-110916.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_tomcat6-120207.nasl - Type : ACT_GATHER_INFO
2014-04-16 Name : The remote AIX host is running a vulnerable version of OpenSSL.
File : aix_ssl_advisory.nasl - Type : ACT_GATHER_INFO
2013-11-21 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201311-13.nasl - Type : ACT_GATHER_INFO
2013-09-25 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201309-15.nasl - Type : ACT_GATHER_INFO
2013-09-04 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2011-25.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1164.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1579.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1580.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0162.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0163.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2010-0164.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0165.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0166.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0167.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0333.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0339.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0580.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0768.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0214.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0335.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0336.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-1780.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-1845.nasl - Type : ACT_GATHER_INFO
2013-06-29 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1579.nasl - Type : ACT_GATHER_INFO
2013-06-29 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1580.nasl - Type : ACT_GATHER_INFO
2013-06-05 Name : The remote host has a virtualization management application installed that is...
File : vmware_vcenter_vmsa-2012-0005.nasl - Type : ACT_GATHER_INFO
2013-03-09 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1079-2.nasl - Type : ACT_GATHER_INFO
2013-03-09 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1079-3.nasl - Type : ACT_GATHER_INFO
2013-02-22 Name : The remote Unix host contains a programming platform that is affected by mult...
File : oracle_java_cpu_feb_2011_unix.nasl - Type : ACT_GATHER_INFO
2013-02-22 Name : The remote Unix host contains a runtime environment that is affected by multi...
File : oracle_java_cpu_mar_2010_unix.nasl - Type : ACT_GATHER_INFO
2013-02-22 Name : The remote Unix host contains a programming platform that is affected by mult...
File : oracle_java_cpu_oct_2010_unix.nasl - Type : ACT_GATHER_INFO
2013-02-18 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2626.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1143.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1144.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1145.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1146.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2010-0584.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0880.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0074.nasl - Type : ACT_GATHER_INFO
2013-01-08 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO
2012-08-10 Name : The remote Fedora host is missing a security update.
File : fedora_2012-7593.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090723_tomcat_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20091111_httpd_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100325_gnutls_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100325_nss_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing a security update.
File : sl_20100325_openssl097a_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100325_openssl_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100325_openssl_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100331_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100331_java__jdk_1_6_0__on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100802_tomcat5_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20101013_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20101014_java__jdk_1_6_0__on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20101110_java_1_6_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110210_java_1_6_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110217_java__jdk_1_6_0__on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110309_tomcat5_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110309_tomcat6_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20111205_tomcat6_on_SL6.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20111220_tomcat5_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-06-25 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201206-18.nasl - Type : ACT_GATHER_INFO
2012-06-25 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201206-24.nasl - Type : ACT_GATHER_INFO
2012-06-21 Name : The remote database server is affected by multiple denial of service vulnerab...
File : db2_9fp11.nasl - Type : ACT_GATHER_INFO
2012-06-21 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201203-22.nasl - Type : ACT_GATHER_INFO
2012-06-15 Name : The remote Windows host contains software that is affected by multiple vulner...
File : hp_systems_insight_manager_700_multiple_vulns.nasl - Type : ACT_GATHER_INFO
2012-05-17 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_4_2-ibm-7036.nasl - Type : ACT_GATHER_INFO
2012-03-16 Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2012-0005.nasl - Type : ACT_GATHER_INFO
2012-02-07 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_tomcat6-120206.nasl - Type : ACT_GATHER_INFO
2012-02-03 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2401.nasl - Type : ACT_GATHER_INFO
2012-02-02 Name : The remote host is missing a Mac OS X update that fixes multiple security vul...
File : macosx_SecUpd2012-001.nasl - Type : ACT_GATHER_INFO
2011-12-23 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-1780.nasl - Type : ACT_GATHER_INFO
2011-12-21 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-1845.nasl - Type : ACT_GATHER_INFO
2011-12-21 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1845.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_compat-openssl097g-7645.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_4_2-ibm-7440.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_6_0-ibm-7443.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_tomcat5-7689.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_tomcat5-7756.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1298-1.nasl - Type : ACT_GATHER_INFO
2011-12-12 Name : The remote web server is affected by multiple vulnerabilities.
File : tomcat_6_0_35.nasl - Type : ACT_GATHER_INFO
2011-12-06 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1780.nasl - Type : ACT_GATHER_INFO
2011-11-23 Name : The remote database server is affected by multiple denial of service vulnerab...
File : db2_97fp5.nasl - Type : ACT_GATHER_INFO
2011-11-14 Name : The remote Fedora host is missing a security update.
File : fedora_2011-15005.nasl - Type : ACT_GATHER_INFO
2011-11-09 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1252-1.nasl - Type : ACT_GATHER_INFO
2011-11-07 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201111-02.nasl - Type : ACT_GATHER_INFO
2011-10-28 Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2011-0013.nasl - Type : ACT_GATHER_INFO
2011-10-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_tomcat5-7755.nasl - Type : ACT_GATHER_INFO
2011-10-21 Name : The remote Fedora host is missing a security update.
File : fedora_2011-13456.nasl - Type : ACT_GATHER_INFO
2011-10-21 Name : The remote Fedora host is missing a security update.
File : fedora_2011-13457.nasl - Type : ACT_GATHER_INFO
2011-10-19 Name : The remote Fedora host is missing a security update.
File : fedora_2011-13426.nasl - Type : ACT_GATHER_INFO
2011-10-19 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-156.nasl - Type : ACT_GATHER_INFO
2011-10-13 Name : The remote host is missing a Mac OS X update that fixes several security issues.
File : macosx_SecUpd2011-006.nasl - Type : ACT_GATHER_INFO
2011-10-12 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201110-05.nasl - Type : ACT_GATHER_INFO
2011-09-26 Name : The remote web server is affected by multiple vulnerabilities.
File : tomcat_5_5_34.nasl - Type : ACT_GATHER_INFO
2011-09-02 Name : The remote web server is affected by an authentication bypass vulnerability t...
File : tomcat_7_0_21.nasl - Type : ACT_GATHER_INFO
2011-09-01 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_tomcat5-7688.nasl - Type : ACT_GATHER_INFO
2011-08-30 Name : The remote web server is affected by multiple vulnerabilities.
File : tomcat_6_0_33.nasl - Type : ACT_GATHER_INFO
2011-08-29 Name : The remote Fedora host is missing a security update.
File : fedora_2011-10936.nasl - Type : ACT_GATHER_INFO
2011-08-24 Name : The remote Fedora host is missing a security update.
File : fedora_2011-10880.nasl - Type : ACT_GATHER_INFO
2011-08-16 Name : The remote web server is affected by an information disclosure vulnerability.
File : tomcat_7_0_20.nasl - Type : ACT_GATHER_INFO
2011-08-03 Name : The remote web server is affected by multiple vulnerabilities.
File : tomcat_7_0_19.nasl - Type : ACT_GATHER_INFO
2011-07-28 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_compat-openssl097g-110721.nasl - Type : ACT_GATHER_INFO
2011-07-28 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_compat-openssl097g-7644.nasl - Type : ACT_GATHER_INFO
2011-05-13 Name : The remote database server is affected by multiple vulnerabilities.
File : oracle_rdbms_cpu_apr_2011.nasl - Type : ACT_GATHER_INFO
2011-05-13 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12706.nasl - Type : ACT_GATHER_INFO
2011-05-13 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_4_2-ibm-110504.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_gnutls-101025.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_gnutls-101206.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_java-1_6_0-openjdk-101103.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_gnutls-101025.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_gnutls-101206.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_java-1_6_0-openjdk-101103.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_java-1_6_0-sun-110217.nasl - Type : ACT_GATHER_INFO
2011-05-02 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12705.nasl - Type : ACT_GATHER_INFO
2011-04-15 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-0214.nasl - Type : ACT_GATHER_INFO
2011-04-15 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-0336.nasl - Type : ACT_GATHER_INFO
2011-04-07 Name : The remote web server is affected by multiple vulnerabilities.
File : tomcat_7_0_12.nasl - Type : ACT_GATHER_INFO
2011-03-30 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2207.nasl - Type : ACT_GATHER_INFO
2011-03-28 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-054.nasl - Type : ACT_GATHER_INFO
2011-03-22 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_6_0-ibm-110307.nasl - Type : ACT_GATHER_INFO
2011-03-22 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_6_0-ibm-7369.nasl - Type : ACT_GATHER_INFO
2011-03-21 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_5_0-ibm-7350.nasl - Type : ACT_GATHER_INFO
2011-03-17 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12683.nasl - Type : ACT_GATHER_INFO
2011-03-17 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_MozillaFirefox-100407.nasl - Type : ACT_GATHER_INFO
2011-03-17 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_mozilla-xulrunner190-100407.nasl - Type : ACT_GATHER_INFO
2011-03-17 Name : The remote SuSE 11 host is missing a security update.
File : suse_11_websphere-as_ce-090619.nasl - Type : ACT_GATHER_INFO
2011-03-11 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12682.nasl - Type : ACT_GATHER_INFO
2011-03-11 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_4_2-ibm-110223.nasl - Type : ACT_GATHER_INFO
2011-03-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_4_2-ibm-7348.nasl - Type : ACT_GATHER_INFO
2011-03-10 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0335.nasl - Type : ACT_GATHER_INFO
2011-03-10 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0336.nasl - Type : ACT_GATHER_INFO
2011-03-09 Name : The remote host has a version of Java that is affected by multiple vulnerabil...
File : macosx_java_10_5_update9.nasl - Type : ACT_GATHER_INFO
2011-03-09 Name : The remote host has a version of Java that is affected by multiple vulnerabil...
File : macosx_java_10_6_update4.nasl - Type : ACT_GATHER_INFO
2011-03-02 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1079-1.nasl - Type : ACT_GATHER_INFO
2011-02-23 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0290.nasl - Type : ACT_GATHER_INFO
2011-02-23 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0291.nasl - Type : ACT_GATHER_INFO
2011-02-23 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0292.nasl - Type : ACT_GATHER_INFO
2011-02-23 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_6_0-sun-110217.nasl - Type : ACT_GATHER_INFO
2011-02-23 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_6_0-sun-7342.nasl - Type : ACT_GATHER_INFO
2011-02-18 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0282.nasl - Type : ACT_GATHER_INFO
2011-02-16 Name : The remote Windows host contains a programming platform that is affected by m...
File : oracle_java_cpu_feb_2011.nasl - Type : ACT_GATHER_INFO
2011-02-15 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2161.nasl - Type : ACT_GATHER_INFO
2011-02-14 Name : The remote Fedora host is missing a security update.
File : fedora_2011-1231.nasl - Type : ACT_GATHER_INFO
2011-02-14 Name : The remote Fedora host is missing a security update.
File : fedora_2011-1263.nasl - Type : ACT_GATHER_INFO
2011-02-14 Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2011-0003.nasl - Type : ACT_GATHER_INFO
2011-02-11 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0214.nasl - Type : ACT_GATHER_INFO
2011-01-27 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_gnutls-7299.nasl - Type : ACT_GATHER_INFO
2011-01-27 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_6_0-sun-7204.nasl - Type : ACT_GATHER_INFO
2011-01-25 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_6_0-ibm-101220.nasl - Type : ACT_GATHER_INFO
2011-01-21 Name : The remote SuSE 11 host is missing a security update.
File : suse_11_java-1_4_2-ibm-100510.nasl - Type : ACT_GATHER_INFO
2011-01-21 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_4_2-ibm-101112.nasl - Type : ACT_GATHER_INFO
2011-01-10 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2141.nasl - Type : ACT_GATHER_INFO
2010-12-17 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12658.nasl - Type : ACT_GATHER_INFO
2010-12-16 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0987.nasl - Type : ACT_GATHER_INFO
2010-12-16 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_gnutls-101206.nasl - Type : ACT_GATHER_INFO
2010-12-08 Name : The remote VMware ESX host is missing one or more security-related patches.
File : vmware_VMSA-2010-0019.nasl - Type : ACT_GATHER_INFO
2010-12-02 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_MozillaFirefox-100406.nasl - Type : ACT_GATHER_INFO
2010-12-02 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_6_0-sun-100331.nasl - Type : ACT_GATHER_INFO
2010-12-02 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_6_0-sun-101019.nasl - Type : ACT_GATHER_INFO
2010-12-02 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libfreebl3-100406.nasl - Type : ACT_GATHER_INFO
2010-12-02 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libopenssl-devel-100331.nasl - Type : ACT_GATHER_INFO
2010-12-02 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_mozilla-xulrunner190-100406.nasl - Type : ACT_GATHER_INFO
2010-12-02 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_5_0-ibm-7205.nasl - Type : ACT_GATHER_INFO
2010-12-01 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12659.nasl - Type : ACT_GATHER_INFO
2010-11-18 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0865.nasl - Type : ACT_GATHER_INFO
2010-10-29 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1010-1.nasl - Type : ACT_GATHER_INFO
2010-10-28 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0807.nasl - Type : ACT_GATHER_INFO
2010-10-22 Name : The remote Fedora host is missing a security update.
File : fedora_2010-16240.nasl - Type : ACT_GATHER_INFO
2010-10-22 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_java-1_6_0-sun-101019.nasl - Type : ACT_GATHER_INFO
2010-10-22 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_java-1_6_0-sun-101019.nasl - Type : ACT_GATHER_INFO
2010-10-21 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0786.nasl - Type : ACT_GATHER_INFO
2010-10-20 Name : The remote web server is affected by multiple vulnerabilities.
File : apache_2_0_64.nasl - Type : ACT_GATHER_INFO
2010-10-20 Name : The remote web server is affected by multiple vulnerabilities
File : apache_2_2_15.nasl - Type : ACT_GATHER_INFO
2010-10-20 Name : The remote Fedora host is missing a security update.
File : fedora_2010-16294.nasl - Type : ACT_GATHER_INFO
2010-10-20 Name : The remote host has a version of Java that is affected by multiple vulnerabil...
File : macosx_java_10_5_update8.nasl - Type : ACT_GATHER_INFO
2010-10-20 Name : The remote host has a version of Java that is affected by multiple vulnerabil...
File : macosx_java_10_6_update3.nasl - Type : ACT_GATHER_INFO
2010-10-18 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0768.nasl - Type : ACT_GATHER_INFO
2010-10-18 Name : The remote Fedora host is missing a security update.
File : fedora_2010-16312.nasl - Type : ACT_GATHER_INFO
2010-10-15 Name : The remote Windows host contains a programming platform that is affected by m...
File : oracle_java_cpu_oct_2010.nasl - Type : ACT_GATHER_INFO
2010-10-15 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0770.nasl - Type : ACT_GATHER_INFO
2010-10-14 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0768.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_MozillaFirefox-6979.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_compat-openssl097g-6657.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_5_0-ibm-7077.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_mozilla-nss-6978.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_mozilla-xulrunner190-6971.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_openssl-6655.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_openssl-6944.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_tomcat5-6839.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_tomcat5-7099.nasl - Type : ACT_GATHER_INFO
2010-10-04 Name : The remote VMware ESX host is missing one or more security-related patches.
File : vmware_VMSA-2010-0015.nasl - Type : ACT_GATHER_INFO
2010-09-22 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-990-1.nasl - Type : ACT_GATHER_INFO
2010-09-22 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-990-2.nasl - Type : ACT_GATHER_INFO
2010-09-17 Name : The remote web server is affected by multiple vulnerabilities.
File : hpsmh_6_2_0_12.nasl - Type : ACT_GATHER_INFO
2010-09-16 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12625.nasl - Type : ACT_GATHER_INFO
2010-09-16 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_tomcat6-100719.nasl - Type : ACT_GATHER_INFO
2010-09-16 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_tomcat6-100719.nasl - Type : ACT_GATHER_INFO
2010-09-13 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-176.nasl - Type : ACT_GATHER_INFO
2010-09-13 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-177.nasl - Type : ACT_GATHER_INFO
2010-09-07 Name : The remote database server is affected by multiple vulnerabilities.
File : db2_95fp6.nasl - Type : ACT_GATHER_INFO
2010-08-11 Name : It may be possible to execute arbitrary code on the remote Windows host using...
File : smb_nt_ms10-049.nasl - Type : ACT_GATHER_INFO
2010-08-05 Name : The remote Apache Tomcat server is affected by multiple vulnerabilities.
File : tomcat_6_0_28.nasl - Type : ACT_GATHER_INFO
2010-08-03 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0580.nasl - Type : ACT_GATHER_INFO
2010-08-03 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0580.nasl - Type : ACT_GATHER_INFO
2010-07-26 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-927-6.nasl - Type : ACT_GATHER_INFO
2010-07-16 Name : The remote Apache Tomcat server is affected by multiple vulnerabilities.
File : tomcat_transfer_encoding.nasl - Type : ACT_ATTACK
2010-07-07 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12623.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2009-12747.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-1127.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-3905.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-3929.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-3956.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-5357.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-5942.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-6025.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-6039.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-6131.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-6279.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-8742.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-9487.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-9518.nasl - Type : ACT_GATHER_INFO
2010-06-30 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-927-4.nasl - Type : ACT_GATHER_INFO
2010-06-14 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0339.nasl - Type : ACT_GATHER_INFO
2010-06-11 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12621.nasl - Type : ACT_GATHER_INFO
2010-06-07 Name : The remote Windows host has an application installed that is affected by mult...
File : openoffice_321.nasl - Type : ACT_GATHER_INFO
2010-06-04 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201006-18.nasl - Type : ACT_GATHER_INFO
2010-06-01 Name : The remote database server is affected by multiple vulnerabilities.
File : db2_97fp2.nasl - Type : ACT_GATHER_INFO
2010-05-28 Name : The remote Apache Tomcat server is affected by multiple vulnerabilities.
File : tomcat_form_user_enum.nasl - Type : ACT_GATHER_INFO
2010-05-19 Name : The remote web server has multiple vulnerabilities.
File : hpsmh_6_1_0_102.nasl - Type : ACT_GATHER_INFO
2010-05-19 Name : The remote host has a version of Java that is affected by multiple vulnerabil...
File : macosx_java_10_5_update7.nasl - Type : ACT_GATHER_INFO
2010-05-19 Name : The remote host has a version of Java that is affected by multiple vulnerabil...
File : macosx_java_10_6_update2.nasl - Type : ACT_GATHER_INFO
2010-05-11 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0155.nasl - Type : ACT_GATHER_INFO
2010-05-11 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0162.nasl - Type : ACT_GATHER_INFO
2010-05-11 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0163.nasl - Type : ACT_GATHER_INFO
2010-05-11 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2010-0164.nasl - Type : ACT_GATHER_INFO
2010-05-11 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0165.nasl - Type : ACT_GATHER_INFO
2010-05-11 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0166.nasl - Type : ACT_GATHER_INFO
2010-05-11 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0167.nasl - Type : ACT_GATHER_INFO
2010-05-11 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0333.nasl - Type : ACT_GATHER_INFO
2010-05-11 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0337.nasl - Type : ACT_GATHER_INFO
2010-05-11 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2010-0338.nasl - Type : ACT_GATHER_INFO
2010-05-11 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0339.nasl - Type : ACT_GATHER_INFO
2010-04-30 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_java-1_6_0-openjdk-100428.nasl - Type : ACT_GATHER_INFO
2010-04-30 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_java-1_6_0-openjdk-100428.nasl - Type : ACT_GATHER_INFO
2010-04-30 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_java-1_6_0-openjdk-100412.nasl - Type : ACT_GATHER_INFO
2010-04-29 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-084.nasl - Type : ACT_GATHER_INFO
2010-04-28 Name : The remote database server is affected by multiple issues.
File : db2_9fp9.nasl - Type : ACT_GATHER_INFO
2010-04-28 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_tomcat5-7003.nasl - Type : ACT_GATHER_INFO
2010-04-26 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_3383e7064fc311df83fb0015587e2cc1.nasl - Type : ACT_GATHER_INFO
2010-04-19 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-076.nasl - Type : ACT_GATHER_INFO
2010-04-14 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-070.nasl - Type : ACT_GATHER_INFO
2010-04-14 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_firefox35upgrade-100407.nasl - Type : ACT_GATHER_INFO
2010-04-14 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_mozilla-xulrunner190-100407.nasl - Type : ACT_GATHER_INFO
2010-04-14 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_MozillaFirefox-branding-openSUSE-100413.nasl - Type : ACT_GATHER_INFO
2010-04-14 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_firefox35upgrade-100407.nasl - Type : ACT_GATHER_INFO
2010-04-14 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_mozilla-xulrunner190-100407.nasl - Type : ACT_GATHER_INFO
2010-04-14 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_MozillaFirefox-100412.nasl - Type : ACT_GATHER_INFO
2010-04-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_libfreebl3-100407.nasl - Type : ACT_GATHER_INFO
2010-04-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_libfreebl3-100407.nasl - Type : ACT_GATHER_INFO
2010-04-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_MozillaThunderbird-100406.nasl - Type : ACT_GATHER_INFO
2010-04-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_libfreebl3-100406.nasl - Type : ACT_GATHER_INFO
2010-04-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_seamonkey-100406.nasl - Type : ACT_GATHER_INFO
2010-04-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_MozillaFirefox-6970.nasl - Type : ACT_GATHER_INFO
2010-04-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_mozilla-nspr-6977.nasl - Type : ACT_GATHER_INFO
2010-04-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_mozilla-xulrunner190-6976.nasl - Type : ACT_GATHER_INFO
2010-04-12 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-927-1.nasl - Type : ACT_GATHER_INFO
2010-04-09 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0333.nasl - Type : ACT_GATHER_INFO
2010-04-09 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-069.nasl - Type : ACT_GATHER_INFO
2010-04-09 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12585.nasl - Type : ACT_GATHER_INFO
2010-04-09 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_java-1_6_0-sun-100331.nasl - Type : ACT_GATHER_INFO
2010-04-09 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_tomcat6-100216.nasl - Type : ACT_GATHER_INFO
2010-04-09 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_java-1_6_0-sun-100331.nasl - Type : ACT_GATHER_INFO
2010-04-09 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_libopenssl-devel-100331.nasl - Type : ACT_GATHER_INFO
2010-04-09 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_tomcat6-100211.nasl - Type : ACT_GATHER_INFO
2010-04-09 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_java-1_6_0-sun-100331.nasl - Type : ACT_GATHER_INFO
2010-04-09 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_libopenssl-devel-100401.nasl - Type : ACT_GATHER_INFO
2010-04-09 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_tomcat6-100210.nasl - Type : ACT_GATHER_INFO
2010-04-09 Name : The remote SuSE system is missing the security patch tomcat5-6841
File : suse_tomcat5-6841.nasl - Type : ACT_GATHER_INFO
2010-04-09 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-923-1.nasl - Type : ACT_GATHER_INFO
2010-04-02 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12606.nasl - Type : ACT_GATHER_INFO
2010-03-31 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_9ccfee393c3b11df9edc000f20797ede.nasl - Type : ACT_GATHER_INFO
2010-03-31 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_359.nasl - Type : ACT_GATHER_INFO
2010-03-31 Name : The remote Windows host contains a mail client that is affected by multiple v...
File : mozilla_thunderbird_304.nasl - Type : ACT_GATHER_INFO
2010-03-31 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : seamonkey_204.nasl - Type : ACT_GATHER_INFO
2010-03-31 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_openssl-6943.nasl - Type : ACT_GATHER_INFO
2010-03-30 Name : The remote Windows host contains a runtime environment that is affected by mu...
File : oracle_java_cpu_mar_2010.nasl - Type : ACT_GATHER_INFO
2010-03-29 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0162.nasl - Type : ACT_GATHER_INFO
2010-03-29 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2010-0164.nasl - Type : ACT_GATHER_INFO
2010-03-29 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0165.nasl - Type : ACT_GATHER_INFO
2010-03-29 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0166.nasl - Type : ACT_GATHER_INFO
2010-03-29 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0167.nasl - Type : ACT_GATHER_INFO
2010-03-29 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_10_6_3.nasl - Type : ACT_GATHER_INFO
2010-03-29 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_SecUpd2010-002.nasl - Type : ACT_GATHER_INFO
2010-03-26 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0163.nasl - Type : ACT_GATHER_INFO
2010-03-23 Name : The remote Windows host contains a web browser that is affected by Multiple V...
File : mozilla_firefox_362.nasl - Type : ACT_GATHER_INFO
2010-03-11 Name : The remote web server has multiple SSL-related vulnerabilities.
File : openssl_0_9_8m.nasl - Type : ACT_GATHER_INFO
2010-03-09 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2010-067-01.nasl - Type : ACT_GATHER_INFO
2010-03-04 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0130.nasl - Type : ACT_GATHER_INFO
2010-03-02 Name : The remote host contains a web browser that is affected by multiple issues.
File : opera_1050.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1934.nasl - Type : ACT_GATHER_INFO
2010-02-12 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-899-1.nasl - Type : ACT_GATHER_INFO
2010-01-26 Name : The web server running on the remote host is affected by multiple vulnerabili...
File : tomcat_war_deploy_multiple_vulnerabilities.nasl - Type : ACT_GATHER_INFO
2010-01-20 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_SecUpd2010-001.nasl - Type : ACT_GATHER_INFO
2010-01-10 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1616.nasl - Type : ACT_GATHER_INFO
2010-01-10 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2009-1617.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1164.nasl - Type : ACT_GATHER_INFO
2009-12-28 Name : The remote Fedora host is missing a security update.
File : fedora_2009-13236.nasl - Type : ACT_GATHER_INFO
2009-12-28 Name : The remote Fedora host is missing a security update.
File : fedora_2009-13250.nasl - Type : ACT_GATHER_INFO
2009-12-27 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1694.nasl - Type : ACT_GATHER_INFO
2009-12-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-337.nasl - Type : ACT_GATHER_INFO
2009-12-18 Name : The remote Fedora host is missing a security update.
File : fedora_2009-12229.nasl - Type : ACT_GATHER_INFO
2009-12-18 Name : The remote Fedora host is missing a security update.
File : fedora_2009-12305.nasl - Type : ACT_GATHER_INFO
2009-12-18 Name : The remote Fedora host is missing a security update.
File : fedora_2009-12606.nasl - Type : ACT_GATHER_INFO
2009-12-10 Name : The remote Fedora host is missing a security update.
File : fedora_2009-12604.nasl - Type : ACT_GATHER_INFO
2009-12-10 Name : The remote Fedora host is missing a security update.
File : fedora_2009-12968.nasl - Type : ACT_GATHER_INFO
2009-12-08 Name : The remote Fedora host is missing a security update.
File : fedora_2009-12750.nasl - Type : ACT_GATHER_INFO
2009-12-08 Name : The remote Fedora host is missing a security update.
File : fedora_2009-12775.nasl - Type : ACT_GATHER_INFO
2009-12-08 Name : The remote Fedora host is missing a security update.
File : fedora_2009-12782.nasl - Type : ACT_GATHER_INFO
2009-12-08 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-323.nasl - Type : ACT_GATHER_INFO
2009-12-02 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200912-01.nasl - Type : ACT_GATHER_INFO
2009-11-30 Name : The remote Fedora host is missing a security update.
File : fedora_2009-11352.nasl - Type : ACT_GATHER_INFO
2009-11-30 Name : The remote Fedora host is missing a security update.
File : fedora_2009-11356.nasl - Type : ACT_GATHER_INFO
2009-11-30 Name : The remote Fedora host is missing a security update.
File : fedora_2009-11374.nasl - Type : ACT_GATHER_INFO
2009-11-24 Name : The remote service allows insecure renegotiation of TLS / SSL connections.
File : ssl_renegotiation.nasl - Type : ACT_GATHER_INFO
2009-11-23 Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2009-0016.nasl - Type : ACT_GATHER_INFO
2009-11-19 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_libopenssl-devel-091112.nasl - Type : ACT_GATHER_INFO
2009-11-19 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_libopenssl-devel-091112.nasl - Type : ACT_GATHER_INFO
2009-11-19 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_libopenssl-devel-091113.nasl - Type : ACT_GATHER_INFO
2009-11-19 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-860-1.nasl - Type : ACT_GATHER_INFO
2009-11-18 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12550.nasl - Type : ACT_GATHER_INFO
2009-11-18 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_compat-openssl097g-091113.nasl - Type : ACT_GATHER_INFO
2009-11-18 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_compat-openssl097g-091113.nasl - Type : ACT_GATHER_INFO
2009-11-18 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_compat-openssl097g-091113.nasl - Type : ACT_GATHER_INFO
2009-11-18 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_compat-openssl097g-6656.nasl - Type : ACT_GATHER_INFO
2009-11-18 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_openssl-6654.nasl - Type : ACT_GATHER_INFO
2009-11-17 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2009-320-01.nasl - Type : ACT_GATHER_INFO
2009-11-17 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_compat-openssl097g-091113.nasl - Type : ACT_GATHER_INFO
2009-11-17 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libopenssl-devel-091112.nasl - Type : ACT_GATHER_INFO
2009-11-12 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1579.nasl - Type : ACT_GATHER_INFO
2009-11-12 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1580.nasl - Type : ACT_GATHER_INFO
2009-11-09 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-295.nasl - Type : ACT_GATHER_INFO
2009-10-06 Name : The remote openSUSE host is missing a security update.
File : suse_tomcat55-6369.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12460.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 11 host is missing a security update.
File : suse_11_websphere-as_ce-090620.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_tomcat5-6352.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_websphere-as_ce-6312.nasl - Type : ACT_GATHER_INFO
2009-07-22 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1164.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_tomcat6-090613.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_tomcat6-090613.nasl - Type : ACT_GATHER_INFO
2009-06-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-136.nasl - Type : ACT_GATHER_INFO
2009-06-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-138.nasl - Type : ACT_GATHER_INFO
2009-06-16 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-788-1.nasl - Type : ACT_GATHER_INFO
2009-03-09 Name : The remote web server contains a JSP application that is affected by a cross-...
File : tomcat_sample_cal2_xss2.nasl - Type : ACT_ATTACK
2009-01-19 Name : The remote host is missing Sun Security Patch number 128640-30
File : solaris10_128640.nasl - Type : ACT_GATHER_INFO
2009-01-19 Name : The remote host is missing Sun Security Patch number 128641-30
File : solaris10_x86_128641.nasl - Type : ACT_GATHER_INFO
2009-01-19 Name : The remote host is missing Sun Security Patch number 128640-30
File : solaris9_128640.nasl - Type : ACT_GATHER_INFO
2009-01-19 Name : The remote host is missing Sun Security Patch number 128641-30
File : solaris9_x86_128641.nasl - Type : ACT_GATHER_INFO
2008-11-26 Name : The management console for the remote web server is protected using a known s...
File : tomcat_manager_common_creds.nasl - Type : ACT_ATTACK
2007-10-12 Name : The remote host is missing Sun Security Patch number 125437-22
File : solaris10_125437.nasl - Type : ACT_GATHER_INFO
2007-10-12 Name : The remote host is missing Sun Security Patch number 125438-22
File : solaris10_x86_125438.nasl - Type : ACT_GATHER_INFO
2007-10-12 Name : The remote host is missing Sun Security Patch number 125437-22
File : solaris8_125437.nasl - Type : ACT_GATHER_INFO
2007-10-12 Name : The remote host is missing Sun Security Patch number 125437-22
File : solaris9_125437.nasl - Type : ACT_GATHER_INFO
2007-10-12 Name : The remote host is missing Sun Security Patch number 125438-22
File : solaris9_x86_125438.nasl - Type : ACT_GATHER_INFO