Executive Summary
Summary | |
---|---|
Title | HP-UX Apache Web Server, Remote Information Disclosure, Cross-Site Scripting (XSS), Denial of Service (DoS) |
Informations | |||
---|---|---|---|
Name | HPSBUX02645 SSRT100387 | First vendor Publication | 2011-03-29 |
Vendor | HP | Last vendor Modification | 2011-03-29 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Potential security vulnerabilities have been identified with HP-UX Apache Web Server. These vulnerabilities could be exploited remotely to disclose information, allow cross-site scripting (XSS), or create a Denial of Service (DoS). The Tomcat-based Servlet Engine is contained in the HP-UX Apache Web Server Suite. |
Original Source
Url : http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02752210 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
67 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
33 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10613 | |||
Oval ID: | oval:org.mitre.oval:def:10613 | ||
Title: | The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720. | ||
Description: | The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3560 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11019 | |||
Oval ID: | oval:org.mitre.oval:def:11019 | ||
Title: | The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625. | ||
Description: | The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3720 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12456 | |||
Oval ID: | oval:org.mitre.oval:def:12456 | ||
Title: | DSA-2117-1 apr-util -- denial of service | ||
Description: | APR-util is part of the Apache Portable Runtime library which is used by projects such as Apache httpd and Subversion. Jeff Trawick discovered a flaw in the apr_brigade_split_line function in apr-util. A remote attacker could send crafted http requests to cause a greatly increased memory consumption in Apache httpd, resulting in a denial of service. This upgrade fixes this issue. After the upgrade, any running apache2 server processes need to be restarted. For the stable distribution, this problem has been fixed in version 1.2.12+dfsg-8+lenny5. For the testing distribution and the unstable distribution, this problem has been fixed in version 1.3.9+dfsg-4. We recommend that you upgrade your apr-util packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2117-1 CVE-2010-1623 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | apr-util |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12879 | |||
Oval ID: | oval:org.mitre.oval:def:12879 | ||
Title: | DSA-2161-1 openjdk-6 -- denial of service | ||
Description: | It was discovered that the floating point parser in OpenJDK, an implementation of the Java platform, can enter an infinite loop when processing certain input strings. Such input strings represent valid numbers and can be contained in data supplied by an attacker over the network, leading to a denial-of-service attack. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2161-1 CVE-2010-4476 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | openjdk-6 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:13090 | |||
Oval ID: | oval:org.mitre.oval:def:13090 | ||
Title: | USN-890-6 -- cmake vulnerabilities | ||
Description: | USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for CMake. Original advisory details: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash | ||
Family: | unix | Class: | patch |
Reference(s): | USN-890-6 CVE-2009-2625 CVE-2009-3720 CVE-2009-3560 | Version: | 5 |
Platform(s): | Ubuntu 8.10 Ubuntu 8.04 Ubuntu 9.04 | Product(s): | cmake |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13120 | |||
Oval ID: | oval:org.mitre.oval:def:13120 | ||
Title: | USN-890-5 -- xmlrpc-c vulnerabilities | ||
Description: | USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for XML-RPC for C and C++. Original advisory details: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash | ||
Family: | unix | Class: | patch |
Reference(s): | USN-890-5 CVE-2009-2625 CVE-2009-3720 CVE-2009-3560 | Version: | 5 |
Platform(s): | Ubuntu 9.10 | Product(s): | xmlrpc-c |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13155 | |||
Oval ID: | oval:org.mitre.oval:def:13155 | ||
Title: | USN-890-1 -- expat vulnerabilities | ||
Description: | Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash | ||
Family: | unix | Class: | patch |
Reference(s): | USN-890-1 CVE-2009-2625 CVE-2009-3720 CVE-2009-3560 | Version: | 5 |
Platform(s): | Ubuntu 8.04 Ubuntu 8.10 Ubuntu 9.10 Ubuntu 6.06 Ubuntu 9.04 | Product(s): | expat |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13228 | |||
Oval ID: | oval:org.mitre.oval:def:13228 | ||
Title: | USN-890-3 -- python2.4 vulnerabilities | ||
Description: | USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for the PyExpat module in Python 2.4. Original advisory details: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash | ||
Family: | unix | Class: | patch |
Reference(s): | USN-890-3 CVE-2009-2625 CVE-2009-3720 CVE-2009-3560 | Version: | 5 |
Platform(s): | Ubuntu 8.04 Ubuntu 8.10 Ubuntu 9.10 Ubuntu 6.06 Ubuntu 9.04 | Product(s): | python2.4 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13312 | |||
Oval ID: | oval:org.mitre.oval:def:13312 | ||
Title: | USN-890-4 -- python-xml vulnerabilities | ||
Description: | USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for PyXML. Original advisory details: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash | ||
Family: | unix | Class: | patch |
Reference(s): | USN-890-4 CVE-2009-2625 CVE-2009-3720 CVE-2009-3560 | Version: | 5 |
Platform(s): | Ubuntu 6.06 | Product(s): | python-xml |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13420 | |||
Oval ID: | oval:org.mitre.oval:def:13420 | ||
Title: | DSA-1953-2 expat -- denial of service | ||
Description: | The expat updates released in DSA-1953-1 caused a regression: In some cases, expat would abort with the message "error in processing external entity reference". For the old stable distribution, this problem has been fixed in version 1.95.8-3.4+etch3. For the stable distribution, this problem has been fixed in version 2.0.1-4+lenny3. For the testing distribution and the unstable distribution , this problem will be fixed soon. We recommend that you upgrade your expat packages. For reference, the original advisory text is provided below. Jan Lieskovsky discovered an error in expat, an XML parsing C library, when parsing certain UTF-8 sequences, which can be exploited to crash an application using the library. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1953-2 CVE-2009-3560 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | expat |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13596 | |||
Oval ID: | oval:org.mitre.oval:def:13596 | ||
Title: | USN-890-2 -- python2.5 vulnerabilities | ||
Description: | USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for the PyExpat module in Python 2.5. Original advisory details: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash | ||
Family: | unix | Class: | patch |
Reference(s): | USN-890-2 CVE-2009-2625 CVE-2009-3720 CVE-2009-3560 | Version: | 5 |
Platform(s): | Ubuntu 8.04 Ubuntu 8.10 Ubuntu 9.10 Ubuntu 9.04 | Product(s): | python2.5 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13655 | |||
Oval ID: | oval:org.mitre.oval:def:13655 | ||
Title: | DSA-1953-1 expat -- denial of service | ||
Description: | Jan Lieskovsky discovered an error in expat, an XML parsing C library, when parsing certain UTF-8 sequences, which can be exploited to crash an application using the library. For the old stable distribution, this problem has been fixed in version 1.95.8-3.4+etch2. For the stable distribution, this problem has been fixed in version 2.0.1-4+lenny2. For the testing distribution and the unstable distribution , this problem will be in version 2.0.1-6. The builds for the mipsel architecture for the old stable distribution are not included yet. They will be released when they become available. We recommend that you upgrade your expat packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1953-1 CVE-2009-3560 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | expat |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13969 | |||
Oval ID: | oval:org.mitre.oval:def:13969 | ||
Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Authentication Bypass, Cross-Site Scripting (XSS), Unauthorized Access, Denial of Service (DoS) | ||
Description: | Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-3718 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:14328 | |||
Oval ID: | oval:org.mitre.oval:def:14328 | ||
Title: | The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | ||
Description: | The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-4476 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14589 | |||
Oval ID: | oval:org.mitre.oval:def:14589 | ||
Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Authentication Bypass, Cross-Site Scripting (XSS), Unauthorized Access, Denial of Service (DoS) | ||
Description: | The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-4476 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:14945 | |||
Oval ID: | oval:org.mitre.oval:def:14945 | ||
Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Authentication Bypass, Cross-Site Scripting (XSS), Unauthorized Access, Denial of Service (DoS) | ||
Description: | Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-0013 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:18064 | |||
Oval ID: | oval:org.mitre.oval:def:18064 | ||
Title: | DSA-1977-1 python - several vulnerabilities | ||
Description: | Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that the embedded Expat copy in the interpreter for the Python language, does not properly process malformed or crafted XML files. (<a href="http://security-tracker.debian.org/tracker/CVE-2009-3560">CVE-2009-3560</a> <a href="http://security-tracker.debian.org/tracker/CVE-2009-3720">CVE-2009-3720</a>) This vulnerability could allow an attacker to cause a denial of service while parsing a malformed XML file. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1977-1 CVE-2008-2316 CVE-2009-3560 CVE-2009-3720 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 Debian GNU/Linux 5.0 | Product(s): | python2.4 python2.5 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19269 | |||
Oval ID: | oval:org.mitre.oval:def:19269 | ||
Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities | ||
Description: | Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-0013 | Version: | 12 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:19379 | |||
Oval ID: | oval:org.mitre.oval:def:19379 | ||
Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities | ||
Description: | Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-3718 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:19493 | |||
Oval ID: | oval:org.mitre.oval:def:19493 | ||
Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities | ||
Description: | The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-4476 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:20637 | |||
Oval ID: | oval:org.mitre.oval:def:20637 | ||
Title: | VMware ESXi and ESX updates to third party library and ESX Service Console | ||
Description: | The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3720 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20649 | |||
Oval ID: | oval:org.mitre.oval:def:20649 | ||
Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-4476 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21420 | |||
Oval ID: | oval:org.mitre.oval:def:21420 | ||
Title: | RHSA-2011:0336: tomcat5 security update (Important) | ||
Description: | The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:0336-01 CESA-2011:0336 CVE-2010-4476 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | tomcat5 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21713 | |||
Oval ID: | oval:org.mitre.oval:def:21713 | ||
Title: | RHSA-2011:0214: java-1.6.0-openjdk security update (Moderate) | ||
Description: | The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:0214-01 CVE-2010-4476 CESA-2011:0214-CentOS 5 | Version: | 6 |
Platform(s): | Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | java-1.6.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21907 | |||
Oval ID: | oval:org.mitre.oval:def:21907 | ||
Title: | RHSA-2011:0292: java-1.4.2-ibm security update (Moderate) | ||
Description: | The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:0292-01 CVE-2010-4476 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 5 | Product(s): | java-1.4.2-ibm |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21948 | |||
Oval ID: | oval:org.mitre.oval:def:21948 | ||
Title: | RHSA-2010:0002: PyXML security update (Moderate) | ||
Description: | The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0002-01 CESA-2010:0002 CVE-2009-3720 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | PyXML |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22351 | |||
Oval ID: | oval:org.mitre.oval:def:22351 | ||
Title: | RHSA-2010:0950: apr-util security update (Moderate) | ||
Description: | Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0950-01 CVE-2010-1623 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 | Product(s): | apr-util |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22826 | |||
Oval ID: | oval:org.mitre.oval:def:22826 | ||
Title: | ELSA-2011:0292: java-1.4.2-ibm security update (Moderate) | ||
Description: | The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:0292-01 CVE-2010-4476 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | java-1.4.2-ibm |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22880 | |||
Oval ID: | oval:org.mitre.oval:def:22880 | ||
Title: | ELSA-2009:1625: expat security update (Moderate) | ||
Description: | The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:1625-01 CVE-2009-3560 CVE-2009-3720 | Version: | 13 |
Platform(s): | Oracle Linux 5 | Product(s): | expat |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22977 | |||
Oval ID: | oval:org.mitre.oval:def:22977 | ||
Title: | ELSA-2011:0336: tomcat5 security update (Important) | ||
Description: | The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:0336-01 CVE-2010-4476 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | tomcat5 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23002 | |||
Oval ID: | oval:org.mitre.oval:def:23002 | ||
Title: | ELSA-2010:0002: PyXML security update (Moderate) | ||
Description: | The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0002-01 CVE-2009-3720 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | PyXML |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23037 | |||
Oval ID: | oval:org.mitre.oval:def:23037 | ||
Title: | DEPRECATED: ELSA-2010:0950: apr-util security update (Moderate) | ||
Description: | Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0950-01 CVE-2010-1623 | Version: | 7 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | apr-util |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23319 | |||
Oval ID: | oval:org.mitre.oval:def:23319 | ||
Title: | ELSA-2011:0214: java-1.6.0-openjdk security update (Moderate) | ||
Description: | The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:0214-01 CVE-2010-4476 | Version: | 6 |
Platform(s): | Oracle Linux 6 | Product(s): | java-1.6.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23523 | |||
Oval ID: | oval:org.mitre.oval:def:23523 | ||
Title: | ELSA-2011:0791: tomcat6 security and bug fix update (Moderate) | ||
Description: | Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:0791-01 CVE-2010-3718 CVE-2010-4172 CVE-2011-0013 | Version: | 17 |
Platform(s): | Oracle Linux 6 | Product(s): | tomcat6 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23618 | |||
Oval ID: | oval:org.mitre.oval:def:23618 | ||
Title: | ELSA-2010:0950: apr-util security update (Moderate) | ||
Description: | Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0950-01 CVE-2010-1623 | Version: | 6 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | apr-util |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28054 | |||
Oval ID: | oval:org.mitre.oval:def:28054 | ||
Title: | DEPRECATED: ELSA-2011-0214 -- java-1.6.0-openjdk security update (moderate) | ||
Description: | [1.6.0.0-1.36.b17] - removed plugin. How it comes in?! - Resolves: rhbz#676295 [1.6.0.0-1.33.b17] - bumped release number, it was accidentaly reduced, and now lower version then last one was released. - Resolves: rhbz#676295 [1.6.0.0-1.22.b17] - Updated to 1.7.9 tarball - removed patch6, fixed upstrream - Resolves: rhbz#676295 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011-0214 CVE-2010-4476 | Version: | 4 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | java-1.6.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28146 | |||
Oval ID: | oval:org.mitre.oval:def:28146 | ||
Title: | DEPRECATED: ELSA-2011-0791 -- tomcat6 security and bug fix update (moderate) | ||
Description: | [6.0.24-33] - resolves: rhbz 695284 - multiple instances logging fiasco [6.0.24-32] - Resolves: rhbz 698624 - inet4address can't be cast to String [6.0.24-31] - Resolves: rhbz 656403 - cve-2010-4172 jsp syntax error [6.0.24-30] - Resolves: rhbz#697504 initscript logging location [6.0.24-29] - Resolves: rhbz#656403, rhbz#675926, rhbz#676011 - CVE-2010-4172, CVE-2010-3718, CVE-2011-0013, CVE-2010-4476, - CVE-2011-0534 [6.0.24-28] - Resovles rhbz#695284 - wrapper logs to different locations - CVE-2010-4172, CVE-2011-0013, CVE-2010-3718 commented out - until needed. [6.0.24-27] - naming-factory-dbcp missing fix in tomcat6.conf - Add Obsoletes for log4j [6.0.24-26] - Add log4j to package lib. Corrected typo in log4 Provides - epock versus epoch [6.0.24-25] - Installed permissions do not allow tomcat to start - incrementing NVR so yum won't get confused with the zstream | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011-0791 CVE-2010-3718 CVE-2010-4172 CVE-2011-0013 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | tomcat6 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:29347 | |||
Oval ID: | oval:org.mitre.oval:def:29347 | ||
Title: | RHSA-2009:1625 -- expat security update (Moderate) | ||
Description: | Updated expat packages that fix two security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Expat is a C library written by James Clark for parsing XML documents. Two buffer over-read flaws were found in the way Expat handled malformed UTF-8 sequences when processing XML files. A specially-crafted XML file could cause applications using Expat to crash while parsing the file. (CVE-2009-3560, CVE-2009-3720) | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2009:1625 CESA-2009:1625-CentOS 3 CESA-2009:1625-CentOS 5 CVE-2009-3560 CVE-2009-3720 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 3 CentOS Linux 5 | Product(s): | expat |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6760 | |||
Oval ID: | oval:org.mitre.oval:def:6760 | ||
Title: | DSA-1953 expat -- denial of service | ||
Description: | Jan Lieskovsky discovered an error in expat, an XML parsing C library, when parsing certain UTF-8 sequences, which can be exploited to crash an application using the library. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1953 CVE-2009-3560 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | expat |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6883 | |||
Oval ID: | oval:org.mitre.oval:def:6883 | ||
Title: | Expat Unspecified XML Parsing Remote Denial of Service Vulnerability | ||
Description: | The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3560 | Version: | 5 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7112 | |||
Oval ID: | oval:org.mitre.oval:def:7112 | ||
Title: | Expat UTF-8 Character XML Parsing Remote Denial of Service Vulnerability | ||
Description: | The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3720 | Version: | 5 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-09-26 | Name : Gentoo Security Advisory GLSA 201209-06 (expat) File : nvt/glsa_201209_06.nasl |
2012-08-10 | Name : Gentoo Security Advisory GLSA 201206-24 (apache tomcat) File : nvt/glsa_201206_24.nasl |
2012-07-30 | Name : CentOS Update for apr-util CESA-2010:0950 centos4 x86_64 File : nvt/gb_CESA-2010_0950_apr-util_centos4_x86_64.nasl |
2012-07-30 | Name : CentOS Update for java CESA-2011:0214 centos5 x86_64 File : nvt/gb_CESA-2011_0214_java_centos5_x86_64.nasl |
2012-07-30 | Name : CentOS Update for tomcat5 CESA-2011:0336 centos5 x86_64 File : nvt/gb_CESA-2011_0336_tomcat5_centos5_x86_64.nasl |
2012-07-30 | Name : CentOS Update for python CESA-2011:0491 centos4 x86_64 File : nvt/gb_CESA-2011_0491_python_centos4_x86_64.nasl |
2012-07-30 | Name : CentOS Update for python CESA-2011:0492 centos5 x86_64 File : nvt/gb_CESA-2011_0492_python_centos5_x86_64.nasl |
2012-07-30 | Name : CentOS Update for tomcat5 CESA-2011:1845 centos5 x86_64 File : nvt/gb_CESA-2011_1845_tomcat5_centos5_x86_64.nasl |
2012-06-06 | Name : RedHat Update for tomcat6 RHSA-2011:0335-01 File : nvt/gb_RHSA-2011_0335-01_tomcat6.nasl |
2012-06-06 | Name : RedHat Update for tomcat6 RHSA-2011:0791-01 File : nvt/gb_RHSA-2011_0791-01_tomcat6.nasl |
2012-03-15 | Name : VMSA-2011-0013.2 VMware third party component updates for VMware vCenter Serv... File : nvt/gb_VMSA-2011-0013.nasl |
2012-03-15 | Name : VMSA-2012-0001 VMware ESXi and ESX updates to third party library and ESX Ser... File : nvt/gb_VMSA-2012-0001.nasl |
2012-02-12 | Name : Gentoo Security Advisory GLSA 201111-02 (sun-jre-bin sun-jdk emul-linux-x86-j... File : nvt/glsa_201111_02.nasl |
2011-12-23 | Name : CentOS Update for tomcat5 CESA-2011:1845 centos5 i386 File : nvt/gb_CESA-2011_1845_tomcat5_centos5_i386.nasl |
2011-12-23 | Name : RedHat Update for tomcat5 RHSA-2011:1845-01 File : nvt/gb_RHSA-2011_1845-01_tomcat5.nasl |
2011-10-21 | Name : Fedora Update for tomcat6 FEDORA-2011-13457 File : nvt/gb_fedora_2011_13457_tomcat6_fc14.nasl |
2011-10-21 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-14638 File : nvt/gb_fedora_2011_14638_java-1.6.0-openjdk_fc14.nasl |
2011-10-20 | Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2011-006) File : nvt/gb_macosx_su11-006.nasl |
2011-08-29 | Name : Java for Mac OS X 10.5 Update 9 File : nvt/secpod_macosx_java_10_5_upd_9.nasl |
2011-08-29 | Name : Java for Mac OS X 10.6 Update 4 File : nvt/secpod_macosx_java_10_6_upd_4.nasl |
2011-08-12 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-9523 File : nvt/gb_fedora_2011_9523_java-1.6.0-openjdk_fc14.nasl |
2011-08-09 | Name : CentOS Update for 4Suite CESA-2009:1572 centos3 i386 File : nvt/gb_CESA-2009_1572_4Suite_centos3_i386.nasl |
2011-08-09 | Name : CentOS Update for 4Suite CESA-2009:1572 centos4 i386 File : nvt/gb_CESA-2009_1572_4Suite_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for expat CESA-2009:1625 centos3 i386 File : nvt/gb_CESA-2009_1625_expat_centos3_i386.nasl |
2011-08-09 | Name : CentOS Update for expat CESA-2009:1625 centos4 i386 File : nvt/gb_CESA-2009_1625_expat_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for expat CESA-2009:1625 centos5 i386 File : nvt/gb_CESA-2009_1625_expat_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for PyXML CESA-2010:0002 centos5 i386 File : nvt/gb_CESA-2010_0002_PyXML_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for java CESA-2011:0214 centos5 i386 File : nvt/gb_CESA-2011_0214_java_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for tomcat5 CESA-2011:0336 centos5 i386 File : nvt/gb_CESA-2011_0336_tomcat5_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for python CESA-2011:0491 centos4 i386 File : nvt/gb_CESA-2011_0491_python_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for python CESA-2011:0492 centos5 i386 File : nvt/gb_CESA-2011_0492_python_centos5_i386.nasl |
2011-06-20 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-8003 File : nvt/gb_fedora_2011_8003_java-1.6.0-openjdk_fc14.nasl |
2011-06-20 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-8020 File : nvt/gb_fedora_2011_8020_java-1.6.0-openjdk_fc13.nasl |
2011-06-06 | Name : HP-UX Update for Java HPSBUX02685 File : nvt/gb_hp_ux_HPSBUX02685.nasl |
2011-05-06 | Name : RedHat Update for python RHSA-2011:0491-01 File : nvt/gb_RHSA-2011_0491-01_python.nasl |
2011-05-06 | Name : RedHat Update for python RHSA-2011:0492-01 File : nvt/gb_RHSA-2011_0492-01_python.nasl |
2011-05-05 | Name : Fedora Update for SimGear FEDORA-2011-5727 File : nvt/gb_fedora_2011_5727_SimGear_fc14.nasl |
2011-05-05 | Name : Fedora Update for SimGear FEDORA-2011-5744 File : nvt/gb_fedora_2011_5744_SimGear_fc13.nasl |
2011-05-05 | Name : HP-UX Update for Apache Web Server HPSBUX02645 File : nvt/gb_hp_ux_HPSBUX02645.nasl |
2011-04-01 | Name : Mandriva Update for java-1.6.0-openjdk MDVSA-2011:054 (java-1.6.0-openjdk) File : nvt/gb_mandriva_MDVSA_2011_054.nasl |
2011-04-01 | Name : Ubuntu Update for tomcat6 vulnerabilities USN-1097-1 File : nvt/gb_ubuntu_USN_1097_1.nasl |
2011-03-24 | Name : Fedora Update for whatsup FEDORA-2011-2794 File : nvt/gb_fedora_2011_2794_whatsup_fc13.nasl |
2011-03-24 | Name : Fedora Update for whatsup FEDORA-2011-2801 File : nvt/gb_fedora_2011_2801_whatsup_fc14.nasl |
2011-03-15 | Name : RedHat Update for tomcat5 RHSA-2011:0336-01 File : nvt/gb_RHSA-2011_0336-01_tomcat5.nasl |
2011-03-07 | Name : Debian Security Advisory DSA 2160-1 (tomcat6) File : nvt/deb_2160_1.nasl |
2011-03-07 | Name : Debian Security Advisory DSA 2161-1 (openjdk-6) File : nvt/deb_2161_1.nasl |
2011-03-07 | Name : Debian Security Advisory DSA 2161-2 (openjdk-6) File : nvt/deb_2161_2.nasl |
2011-03-07 | Name : Ubuntu Update for openjdk-6 vulnerabilities USN-1079-1 File : nvt/gb_ubuntu_USN_1079_1.nasl |
2011-03-05 | Name : FreeBSD Ports: tomcat55 File : nvt/freebsd_tomcat55.nasl |
2011-02-28 | Name : SuSE Update for java-1_6_0-sun SUSE-SA:2011:010 File : nvt/gb_suse_2011_010.nasl |
2011-02-28 | Name : Oracle Java SE Multiple Unspecified Vulnerabilities (Windows) File : nvt/secpod_oracle_java_mult_unspecified_vuln_win_feb11.nasl |
2011-02-22 | Name : Mandriva Update for tomcat5 MDVSA-2011:030 (tomcat5) File : nvt/gb_mandriva_MDVSA_2011_030.nasl |
2011-02-18 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-1631 File : nvt/gb_fedora_2011_1631_java-1.6.0-openjdk_fc13.nasl |
2011-02-18 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-1645 File : nvt/gb_fedora_2011_1645_java-1.6.0-openjdk_fc14.nasl |
2011-02-16 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-1231 File : nvt/gb_fedora_2011_1231_java-1.6.0-openjdk_fc13.nasl |
2011-02-16 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-1263 File : nvt/gb_fedora_2011_1263_java-1.6.0-openjdk_fc14.nasl |
2011-02-11 | Name : RedHat Update for java-1.6.0-openjdk RHSA-2011:0214-01 File : nvt/gb_RHSA-2011_0214-01_java-1.6.0-openjdk.nasl |
2011-01-31 | Name : CentOS Update for apr-util CESA-2010:0950 centos4 i386 File : nvt/gb_CESA-2010_0950_apr-util_centos4_i386.nasl |
2010-12-23 | Name : RedHat Update for apr-util RHSA-2010:0950-01 File : nvt/gb_RHSA-2010_0950-01_apr-util.nasl |
2010-12-02 | Name : Fedora Update for apr-util FEDORA-2010-16178 File : nvt/gb_fedora_2010_16178_apr-util_fc14.nasl |
2010-12-02 | Name : Fedora Update for libtlen FEDORA-2010-17720 File : nvt/gb_fedora_2010_17720_libtlen_fc14.nasl |
2010-12-02 | Name : Fedora Update for udunits2 FEDORA-2010-17807 File : nvt/gb_fedora_2010_17807_udunits2_fc13.nasl |
2010-12-02 | Name : Fedora Update for udunits2 FEDORA-2010-17819 File : nvt/gb_fedora_2010_17819_udunits2_fc14.nasl |
2010-12-02 | Name : Ubuntu Update for apache2 vulnerabilities USN-1021-1 File : nvt/gb_ubuntu_USN_1021_1.nasl |
2010-12-02 | Name : Ubuntu Update for apr-util vulnerability USN-1022-1 File : nvt/gb_ubuntu_USN_1022_1.nasl |
2010-11-23 | Name : Fedora Update for libtlen FEDORA-2010-17732 File : nvt/gb_fedora_2010_17732_libtlen_fc13.nasl |
2010-11-23 | Name : Fedora Update for libtlen FEDORA-2010-17762 File : nvt/gb_fedora_2010_17762_libtlen_fc12.nasl |
2010-11-04 | Name : Fedora Update for apr-util FEDORA-2010-15916 File : nvt/gb_fedora_2010_15916_apr-util_fc12.nasl |
2010-11-04 | Name : Fedora Update for apr-util FEDORA-2010-15953 File : nvt/gb_fedora_2010_15953_apr-util_fc13.nasl |
2010-10-10 | Name : FreeBSD Ports: apr File : nvt/freebsd_apr0.nasl |
2010-10-07 | Name : Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability File : nvt/gb_apache_apr_util_dos_vuln.nasl |
2010-10-04 | Name : Mandriva Update for apr-util MDVSA-2010:192 (apr-util) File : nvt/gb_mandriva_MDVSA_2010_192.nasl |
2010-04-16 | Name : Ubuntu Update for cmake vulnerabilities USN-890-6 File : nvt/gb_ubuntu_USN_890_6.nasl |
2010-02-19 | Name : Ubuntu Update for xmlrpc-c vulnerabilities USN-890-5 File : nvt/gb_ubuntu_USN_890_5.nasl |
2010-01-29 | Name : Ubuntu Update for python-xml vulnerabilities USN-890-4 File : nvt/gb_ubuntu_USN_890_4.nasl |
2010-01-25 | Name : Ubuntu Update for python2.4 vulnerabilities USN-890-3 File : nvt/gb_ubuntu_USN_890_3.nasl |
2010-01-22 | Name : Ubuntu Update for expat vulnerabilities USN-890-1 File : nvt/gb_ubuntu_USN_890_1.nasl |
2010-01-22 | Name : Ubuntu Update for python2.5 vulnerabilities USN-890-2 File : nvt/gb_ubuntu_USN_890_2.nasl |
2010-01-19 | Name : CentOS Update for PyXML CESA-2010:0002 centos4 i386 File : nvt/gb_CESA-2010_0002_PyXML_centos4_i386.nasl |
2010-01-19 | Name : CentOS Update for PyXML CESA-2010:0002 centos4 x86_64 File : nvt/gb_CESA-2010_0002_PyXML_centos4_x86_64.nasl |
2010-01-15 | Name : RedHat Update for PyXML RHSA-2010:0002-01 File : nvt/gb_RHSA-2010_0002-01_PyXML.nasl |
2010-01-15 | Name : Mandriva Update for davfs MDVSA-2009:220-1 (davfs) File : nvt/gb_mandriva_MDVSA_2009_220_1.nasl |
2010-01-15 | Name : Mandriva Update for expat MDVSA-2009:316-1 (expat) File : nvt/gb_mandriva_MDVSA_2009_316_1.nasl |
2010-01-15 | Name : Mandriva Update for expat MDVSA-2009:316-2 (expat) File : nvt/gb_mandriva_MDVSA_2009_316_2.nasl |
2010-01-15 | Name : Mandriva Update for expat MDVSA-2009:316-3 (expat) File : nvt/gb_mandriva_MDVSA_2009_316_3.nasl |
2009-12-14 | Name : SLES11: Security update for expat File : nvt/sles11_expat0.nasl |
2009-12-14 | Name : SLES9: Security update for expat File : nvt/sles9p5064331.nasl |
2009-12-10 | Name : RedHat Security Advisory RHSA-2009:1625 File : nvt/RHSA_2009_1625.nasl |
2009-12-10 | Name : Fedora Core 10 FEDORA-2009-12690 (expat) File : nvt/fcore_2009_12690.nasl |
2009-12-10 | Name : Fedora Core 11 FEDORA-2009-12716 (expat) File : nvt/fcore_2009_12716.nasl |
2009-12-10 | Name : Fedora Core 12 FEDORA-2009-12737 (expat) File : nvt/fcore_2009_12737.nasl |
2009-12-10 | Name : FreeBSD Ports: expat2 File : nvt/freebsd_expat2.nasl |
2009-12-10 | Name : FreeBSD Ports: expat2 File : nvt/freebsd_expat20.nasl |
2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:211-1 (expat) File : nvt/mdksa_2009_211_1.nasl |
2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:212-1 (python) File : nvt/mdksa_2009_212_1.nasl |
2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:213-1 (wxgtk) File : nvt/mdksa_2009_213_1.nasl |
2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:215-1 (audacity) File : nvt/mdksa_2009_215_1.nasl |
2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:217-3 (mozilla-thunderbird) File : nvt/mdksa_2009_217_3.nasl |
2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:218-1 (w3c-libwww) File : nvt/mdksa_2009_218_1.nasl |
2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:219-1 (kompozer) File : nvt/mdksa_2009_219_1.nasl |
2009-12-10 | Name : CentOS Security Advisory CESA-2009:1625 (expat) File : nvt/ovcesa2009_1625.nasl |
2009-11-23 | Name : SLES10: Security update for expat File : nvt/sles10_expat.nasl |
2009-11-23 | Name : SLES11: Security update for expat File : nvt/sles11_expat.nasl |
2009-11-23 | Name : SLES9: Security update for expat File : nvt/sles9p5062940.nasl |
2009-11-17 | Name : RedHat Security Advisory RHSA-2009:1572 File : nvt/RHSA_2009_1572.nasl |
2009-11-17 | Name : CentOS Security Advisory CESA-2009:1572 (4Suite) File : nvt/ovcesa2009_1572.nasl |
2009-11-11 | Name : Fedora Core 10 FEDORA-2009-10949 (PyXML) File : nvt/fcore_2009_10949.nasl |
2009-11-11 | Name : Fedora Core 10 FEDORA-2009-10956 (python-4Suite-XML) File : nvt/fcore_2009_10956.nasl |
2009-11-11 | Name : Fedora Core 11 FEDORA-2009-10972 (python-4Suite-XML) File : nvt/fcore_2009_10972.nasl |
2009-11-11 | Name : Fedora Core 11 FEDORA-2009-10987 (expat) File : nvt/fcore_2009_10987.nasl |
2009-11-11 | Name : Fedora Core 10 FEDORA-2009-11029 (expat) File : nvt/fcore_2009_11029.nasl |
2009-11-11 | Name : Fedora Core 11 FEDORA-2009-11030 (PyXML) File : nvt/fcore_2009_11030.nasl |
2009-11-11 | Name : SuSE Security Summary SUSE-SR:2009:018 File : nvt/suse_sr_2009_018.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2011-041-01 apr-util File : nvt/esoft_slk_ssa_2011_041_01.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2011-041-02 expat File : nvt/esoft_slk_ssa_2011_041_02.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2011-041-03 httpd File : nvt/esoft_slk_ssa_2011_041_03.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
71558 | Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary Fi... Apache Tomcat contains a flaw that allows a local attacker to traverse outside of a restricted path. The issue is due to the 'SecurityManager' not properly making the 'ServletContext' attribute read-only, allowing for directory traversal style attacks (e.g., ../../). This directory traversal attack would allow the attacker to manipulate arbitrary files. |
71557 | Apache Tomcat HTML Manager Multiple XSS The HTML Manager Interface in Apache Tomcat contains multiple flaws that allow a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input related to the display-name tag before returning it to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. |
70965 | Oracle Java SE / Java for Business Double.parseDouble Method Floating Point ... Oracle Java SE and Java for Business contain a flaw that may allow a remote denial of service. The issue is triggered when the 'Double.parseDouble' method in JRE allows remote attackers to trigger an infinite loop with a crafted string, resulting in a denial of service. |
68327 | Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memor... Apache APR-util contains a flaw that may allow a remote denial of service. The issue is triggered when a memory leak occurs in the 'apr_brigade_split_line()' function in 'buckets/apr_brigade.c', allowing a remote attacker to destroy an APR bucket to cause a denial of service via memory consumption. |
60797 | Expat libexpat lib/xmltok.c big2_toUtf8 Function UTF-8 XML Document Handling ... |
59737 | Expat libexpat lib/xmltok_impl.c updatePosition Function UTF-8 XML Document H... |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2012-05-03 | IAVM : 2012-B-0048 - Multiple Vulnerabilities in HP Systems Insight Manager Severity : Category I - VMSKEY : V0032178 |
2012-02-02 | IAVM : 2012-A-0020 - Multiple Vulnerabilities in VMware ESX 4.1 and ESXi 4.1 Severity : Category I - VMSKEY : V0031252 |
2011-12-15 | IAVM : 2011-A-0173 - Multiple Vulnerabilities in VMware ESX 4.0 Severity : Category I - VMSKEY : V0030824 |
2011-12-01 | IAVM : 2011-A-0160 - Multiple Vulnerabilities in VMware vCenter Server 4.0 and vCenter Update Mana... Severity : Category I - VMSKEY : V0030769 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Expat xml UTF-8 buffer over-read attempt RuleID : 24070 - Revision : 3 - Type : FILE-OTHER |
2014-01-10 | Expat xml UTF-8 buffer over-read attempt RuleID : 24069 - Revision : 3 - Type : FILE-OTHER |
2014-01-10 | Expat xml UTF-8 bufer over-read attempt RuleID : 24068 - Revision : 3 - Type : FILE-OTHER |
2014-01-10 | Expat xml UTF-8 buffer over-read attempt RuleID : 24067 - Revision : 3 - Type : FILE-OTHER |
2014-01-10 | Java floating point number denial of service - via POST RuleID : 18471 - Revision : 8 - Type : SERVER-WEBAPP |
2014-01-10 | Java floating point number denial of service - via URI RuleID : 18470 - Revision : 9 - Type : SERVER-WEBAPP |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2017-05-08 | Name : An application installed on the remote host is affected by multiple vulnerabi... File : itunes_12_6.nasl - Type : ACT_GATHER_INFO |
2017-05-08 | Name : An application running on the remote host is affected by multiple vulnerabili... File : itunes_12_6_banner.nasl - Type : ACT_GATHER_INFO |
2017-05-08 | Name : The remote host contains an application that is affected by multiple vulnerab... File : macos_itunes_12_6.nasl - Type : ACT_GATHER_INFO |
2016-11-30 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_18449f92ab3911e68011005056925db4.nasl - Type : ACT_GATHER_INFO |
2016-03-08 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0004_remote.nasl - Type : ACT_GATHER_INFO |
2016-03-04 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2011-0013_remote.nasl - Type : ACT_GATHER_INFO |
2016-03-03 | Name : The remote VMware ESXi / ESX host is missing a security-related patch. File : vmware_VMSA-2012-0001_remote.nasl - Type : ACT_GATHER_INFO |
2015-09-16 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15902.nasl - Type : ACT_GATHER_INFO |
2014-12-15 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15905.nasl - Type : ACT_GATHER_INFO |
2014-06-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201406-32.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_apache2-110726.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_java-1_6_0-sun-110217.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_tomcat6-110211.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_apache2-110726.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_java-1_6_0-sun-110314.nasl - Type : ACT_GATHER_INFO |
2014-05-19 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201405-24.nasl - Type : ACT_GATHER_INFO |
2013-11-13 | Name : The remote VMware ESXi 5.0 host is affected by multiple vulnerabilities. File : vmware_esxi_5_0_build_608089_remote.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2009-1572.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1625.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2010-0002.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0950.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0214.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0335.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0336.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0491.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0492.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-1845.nasl - Type : ACT_GATHER_INFO |
2013-06-29 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2009-1572.nasl - Type : ACT_GATHER_INFO |
2013-03-09 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1079-2.nasl - Type : ACT_GATHER_INFO |
2013-03-09 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1079-3.nasl - Type : ACT_GATHER_INFO |
2013-02-22 | Name : The remote Unix host contains a programming platform that is affected by mult... File : oracle_java_cpu_feb_2011_unix.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0880.nasl - Type : ACT_GATHER_INFO |
2012-09-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201209-06.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20091110_4Suite_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20091207_expat_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20100104_PyXML_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101207_apr_util_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110210_java_1_6_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110217_java__jdk_1_6_0__on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110309_tomcat5_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110309_tomcat6_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110505_python_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110519_tomcat6_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20111220_tomcat5_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-06-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201206-24.nasl - Type : ACT_GATHER_INFO |
2012-06-21 | Name : The remote database server is affected by multiple denial of service vulnerab... File : db2_9fp11.nasl - Type : ACT_GATHER_INFO |
2012-06-15 | Name : The remote Windows host contains software that is affected by multiple vulner... File : hp_systems_insight_manager_700_multiple_vulns.nasl - Type : ACT_GATHER_INFO |
2012-04-20 | Name : The remote web server is affected by multiple vulnerabilities. File : hpsmh_7_0_0_24.nasl - Type : ACT_GATHER_INFO |
2012-01-31 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2012-0001.nasl - Type : ACT_GATHER_INFO |
2011-12-21 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-1845.nasl - Type : ACT_GATHER_INFO |
2011-12-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1845.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-ibm-7440.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_6_0-ibm-7443.nasl - Type : ACT_GATHER_INFO |
2011-11-23 | Name : The remote database server is affected by multiple denial of service vulnerab... File : db2_97fp5.nasl - Type : ACT_GATHER_INFO |
2011-11-07 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201111-02.nasl - Type : ACT_GATHER_INFO |
2011-10-28 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2011-0013.nasl - Type : ACT_GATHER_INFO |
2011-10-21 | Name : The remote Fedora host is missing a security update. File : fedora_2011-13457.nasl - Type : ACT_GATHER_INFO |
2011-10-13 | Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_SecUpd2011-006.nasl - Type : ACT_GATHER_INFO |
2011-07-12 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libapr-util1-110701.nasl - Type : ACT_GATHER_INFO |
2011-07-12 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libapr-util1-110706.nasl - Type : ACT_GATHER_INFO |
2011-07-12 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libapr-util1-7611.nasl - Type : ACT_GATHER_INFO |
2011-05-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0791.nasl - Type : ACT_GATHER_INFO |
2011-05-13 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12706.nasl - Type : ACT_GATHER_INFO |
2011-05-13 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_4_2-ibm-110504.nasl - Type : ACT_GATHER_INFO |
2011-05-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-0491.nasl - Type : ACT_GATHER_INFO |
2011-05-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-0492.nasl - Type : ACT_GATHER_INFO |
2011-05-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0491.nasl - Type : ACT_GATHER_INFO |
2011-05-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0492.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_java-1_6_0-sun-110217.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_tomcat6-110211.nasl - Type : ACT_GATHER_INFO |
2011-05-02 | Name : The remote Fedora host is missing a security update. File : fedora_2011-5727.nasl - Type : ACT_GATHER_INFO |
2011-05-02 | Name : The remote Fedora host is missing a security update. File : fedora_2011-5744.nasl - Type : ACT_GATHER_INFO |
2011-04-27 | Name : The remote Fedora host is missing a security update. File : fedora_2011-5777.nasl - Type : ACT_GATHER_INFO |
2011-04-15 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-0214.nasl - Type : ACT_GATHER_INFO |
2011-04-15 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-0336.nasl - Type : ACT_GATHER_INFO |
2011-03-30 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1097-1.nasl - Type : ACT_GATHER_INFO |
2011-03-28 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-054.nasl - Type : ACT_GATHER_INFO |
2011-03-22 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-110307.nasl - Type : ACT_GATHER_INFO |
2011-03-22 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_6_0-ibm-7369.nasl - Type : ACT_GATHER_INFO |
2011-03-21 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_5_0-ibm-7350.nasl - Type : ACT_GATHER_INFO |
2011-03-18 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12687.nasl - Type : ACT_GATHER_INFO |
2011-03-17 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12683.nasl - Type : ACT_GATHER_INFO |
2011-03-17 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_expat-100109.nasl - Type : ACT_GATHER_INFO |
2011-03-16 | Name : The remote Fedora host is missing a security update. File : fedora_2011-2794.nasl - Type : ACT_GATHER_INFO |
2011-03-16 | Name : The remote Fedora host is missing a security update. File : fedora_2011-2801.nasl - Type : ACT_GATHER_INFO |
2011-03-16 | Name : The remote Fedora host is missing a security update. File : fedora_2011-3097.nasl - Type : ACT_GATHER_INFO |
2011-03-11 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12682.nasl - Type : ACT_GATHER_INFO |
2011-03-11 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_4_2-ibm-110223.nasl - Type : ACT_GATHER_INFO |
2011-03-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-ibm-7348.nasl - Type : ACT_GATHER_INFO |
2011-03-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0335.nasl - Type : ACT_GATHER_INFO |
2011-03-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0336.nasl - Type : ACT_GATHER_INFO |
2011-03-09 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_5_update9.nasl - Type : ACT_GATHER_INFO |
2011-03-09 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_6_update4.nasl - Type : ACT_GATHER_INFO |
2011-03-03 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_tomcat5-7337.nasl - Type : ACT_GATHER_INFO |
2011-03-02 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1079-1.nasl - Type : ACT_GATHER_INFO |
2011-02-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0290.nasl - Type : ACT_GATHER_INFO |
2011-02-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0291.nasl - Type : ACT_GATHER_INFO |
2011-02-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0292.nasl - Type : ACT_GATHER_INFO |
2011-02-23 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-sun-110217.nasl - Type : ACT_GATHER_INFO |
2011-02-23 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_6_0-sun-7342.nasl - Type : ACT_GATHER_INFO |
2011-02-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-030.nasl - Type : ACT_GATHER_INFO |
2011-02-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0282.nasl - Type : ACT_GATHER_INFO |
2011-02-16 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_553ec4ed38d611e094b1000c29ba66d2.nasl - Type : ACT_GATHER_INFO |
2011-02-16 | Name : The remote Windows host contains a programming platform that is affected by m... File : oracle_java_cpu_feb_2011.nasl - Type : ACT_GATHER_INFO |
2011-02-15 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2161.nasl - Type : ACT_GATHER_INFO |
2011-02-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2160.nasl - Type : ACT_GATHER_INFO |
2011-02-14 | Name : The remote Fedora host is missing a security update. File : fedora_2011-1231.nasl - Type : ACT_GATHER_INFO |
2011-02-14 | Name : The remote Fedora host is missing a security update. File : fedora_2011-1263.nasl - Type : ACT_GATHER_INFO |
2011-02-14 | Name : The remote web server is affected by multiple vulnerabilities. File : tomcat_6_0_30.nasl - Type : ACT_GATHER_INFO |
2011-02-14 | Name : The remote web server is affected by a cross-site scripting vulnerability. File : tomcat_7_0_6.nasl - Type : ACT_GATHER_INFO |
2011-02-11 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2011-041-01.nasl - Type : ACT_GATHER_INFO |
2011-02-11 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2011-041-02.nasl - Type : ACT_GATHER_INFO |
2011-02-11 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2011-041-03.nasl - Type : ACT_GATHER_INFO |
2011-02-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0214.nasl - Type : ACT_GATHER_INFO |
2011-02-11 | Name : The remote web server is affected by a cross-site scripting vulnerability. File : tomcat_5_5_32.nasl - Type : ACT_GATHER_INFO |
2011-02-11 | Name : The remote web server is affected by a security bypass vulnerability. File : tomcat_7_0_4.nasl - Type : ACT_GATHER_INFO |
2011-01-28 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0950.nasl - Type : ACT_GATHER_INFO |
2011-01-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libicecore-6857.nasl - Type : ACT_GATHER_INFO |
2011-01-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libicecore-6862.nasl - Type : ACT_GATHER_INFO |
2010-12-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0950.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libpython2_6-1_0-100323.nasl - Type : ACT_GATHER_INFO |
2010-11-28 | Name : The remote Fedora host is missing a security update. File : fedora_2010-17807.nasl - Type : ACT_GATHER_INFO |
2010-11-28 | Name : The remote Fedora host is missing a security update. File : fedora_2010-17819.nasl - Type : ACT_GATHER_INFO |
2010-11-28 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1021-1.nasl - Type : ACT_GATHER_INFO |
2010-11-28 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1022-1.nasl - Type : ACT_GATHER_INFO |
2010-11-24 | Name : The remote Fedora host is missing a security update. File : fedora_2010-17720.nasl - Type : ACT_GATHER_INFO |
2010-11-22 | Name : The remote Fedora host is missing a security update. File : fedora_2010-17732.nasl - Type : ACT_GATHER_INFO |
2010-11-22 | Name : The remote Fedora host is missing a security update. File : fedora_2010-17762.nasl - Type : ACT_GATHER_INFO |
2010-11-10 | Name : The remote Fedora host is missing a security update. File : fedora_2010-16178.nasl - Type : ACT_GATHER_INFO |
2010-10-29 | Name : The remote Fedora host is missing a security update. File : fedora_2010-15916.nasl - Type : ACT_GATHER_INFO |
2010-10-29 | Name : The remote Fedora host is missing a security update. File : fedora_2010-15953.nasl - Type : ACT_GATHER_INFO |
2010-10-20 | Name : The remote web server is affected by multiple vulnerabilities. File : apache_2_0_64.nasl - Type : ACT_GATHER_INFO |
2010-10-20 | Name : The remote web server may be affected by several issues. File : apache_2_2_17.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_expat-6619.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_expat-6703.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_expat-6765.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_python-6946.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_pyxml-6715.nasl - Type : ACT_GATHER_INFO |
2010-10-06 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2117.nasl - Type : ACT_GATHER_INFO |
2010-10-06 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_dd943fbbd0fe11df95a800219b0fc4d8.nasl - Type : ACT_GATHER_INFO |
2010-10-06 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-192.nasl - Type : ACT_GATHER_INFO |
2010-07-16 | Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_transfer_encoding.nasl - Type : ACT_ATTACK |
2010-06-22 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12591.nasl - Type : ACT_GATHER_INFO |
2010-05-15 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_libpython2_6-1_0-100328.nasl - Type : ACT_GATHER_INFO |
2010-05-15 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libpython2_6-1_0-100330.nasl - Type : ACT_GATHER_INFO |
2010-05-15 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_libpython2_6-1_0-100329.nasl - Type : ACT_GATHER_INFO |
2010-05-14 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12600.nasl - Type : ACT_GATHER_INFO |
2010-04-16 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-890-6.nasl - Type : ACT_GATHER_INFO |
2010-03-05 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2010-0004.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1953.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1977.nasl - Type : ACT_GATHER_INFO |
2010-02-23 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_libexpat0-100220.nasl - Type : ACT_GATHER_INFO |
2010-02-23 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libexpat0-100220.nasl - Type : ACT_GATHER_INFO |
2010-02-23 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_libexpat0-100220.nasl - Type : ACT_GATHER_INFO |
2010-02-19 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-890-5.nasl - Type : ACT_GATHER_INFO |
2010-01-27 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-890-4.nasl - Type : ACT_GATHER_INFO |
2010-01-25 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-890-3.nasl - Type : ACT_GATHER_INFO |
2010-01-22 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-890-2.nasl - Type : ACT_GATHER_INFO |
2010-01-21 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-890-1.nasl - Type : ACT_GATHER_INFO |
2010-01-15 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12568.nasl - Type : ACT_GATHER_INFO |
2010-01-15 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_expat-100111.nasl - Type : ACT_GATHER_INFO |
2010-01-15 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_expat-100111.nasl - Type : ACT_GATHER_INFO |
2010-01-15 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_expat-100111.nasl - Type : ACT_GATHER_INFO |
2010-01-15 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_expat-100108.nasl - Type : ACT_GATHER_INFO |
2010-01-15 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_expat-6764.nasl - Type : ACT_GATHER_INFO |
2010-01-05 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0002.nasl - Type : ACT_GATHER_INFO |
2010-01-05 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0002.nasl - Type : ACT_GATHER_INFO |
2009-12-27 | Name : The remote Fedora host is missing a security update. File : fedora_2009-12753.nasl - Type : ACT_GATHER_INFO |
2009-12-18 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_pyxml-091210.nasl - Type : ACT_GATHER_INFO |
2009-12-18 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_pyxml-091210.nasl - Type : ACT_GATHER_INFO |
2009-12-18 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_pyxml-091210.nasl - Type : ACT_GATHER_INFO |
2009-12-18 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_pyxml-091211.nasl - Type : ACT_GATHER_INFO |
2009-12-18 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_pyxml-6714.nasl - Type : ACT_GATHER_INFO |
2009-12-14 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12558.nasl - Type : ACT_GATHER_INFO |
2009-12-14 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_expat-091207.nasl - Type : ACT_GATHER_INFO |
2009-12-14 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_expat-091207.nasl - Type : ACT_GATHER_INFO |
2009-12-14 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_expat-091207.nasl - Type : ACT_GATHER_INFO |
2009-12-14 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_expat-091207.nasl - Type : ACT_GATHER_INFO |
2009-12-14 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_expat-6702.nasl - Type : ACT_GATHER_INFO |
2009-12-08 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1625.nasl - Type : ACT_GATHER_INFO |
2009-12-08 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_5f030587e39a11de881e001aa0166822.nasl - Type : ACT_GATHER_INFO |
2009-12-08 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_e9fca207e39911de881e001aa0166822.nasl - Type : ACT_GATHER_INFO |
2009-12-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1625.nasl - Type : ACT_GATHER_INFO |
2009-12-07 | Name : The remote Fedora host is missing a security update. File : fedora_2009-12690.nasl - Type : ACT_GATHER_INFO |
2009-12-07 | Name : The remote Fedora host is missing a security update. File : fedora_2009-12716.nasl - Type : ACT_GATHER_INFO |
2009-12-07 | Name : The remote Fedora host is missing a security update. File : fedora_2009-12737.nasl - Type : ACT_GATHER_INFO |
2009-12-07 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-316.nasl - Type : ACT_GATHER_INFO |
2009-11-23 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12529.nasl - Type : ACT_GATHER_INFO |
2009-11-23 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_expat-091030.nasl - Type : ACT_GATHER_INFO |
2009-11-23 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_expat-6618.nasl - Type : ACT_GATHER_INFO |
2009-11-11 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2009-1572.nasl - Type : ACT_GATHER_INFO |
2009-11-05 | Name : The remote Fedora host is missing a security update. File : fedora_2009-10949.nasl - Type : ACT_GATHER_INFO |
2009-11-05 | Name : The remote Fedora host is missing a security update. File : fedora_2009-10956.nasl - Type : ACT_GATHER_INFO |
2009-11-05 | Name : The remote Fedora host is missing a security update. File : fedora_2009-10972.nasl - Type : ACT_GATHER_INFO |
2009-11-05 | Name : The remote Fedora host is missing a security update. File : fedora_2009-10987.nasl - Type : ACT_GATHER_INFO |
2009-11-05 | Name : The remote Fedora host is missing a security update. File : fedora_2009-11029.nasl - Type : ACT_GATHER_INFO |
2009-11-05 | Name : The remote Fedora host is missing a security update. File : fedora_2009-11030.nasl - Type : ACT_GATHER_INFO |
2009-11-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_expat-091030.nasl - Type : ACT_GATHER_INFO |
2009-11-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_expat-091030.nasl - Type : ACT_GATHER_INFO |
2009-11-05 | Name : The remote openSUSE host is missing a security update. File : suse_expat-6613.nasl - Type : ACT_GATHER_INFO |
2009-08-25 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-218.nasl - Type : ACT_GATHER_INFO |
2009-08-25 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-219.nasl - Type : ACT_GATHER_INFO |
2009-08-25 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2009-220.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-211.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-212.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-213.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2009-214.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2009-215.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-217.nasl - Type : ACT_GATHER_INFO |