Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title HP-UX Apache Web Server, Remote Information Disclosure, Cross-Site Scripting (XSS), Denial of Service (DoS)
Informations
Name HPSBUX02645 SSRT100387 First vendor Publication 2011-03-29
Vendor HP Last vendor Modification 2011-03-29
Severity (Vendor) N/A Revision 1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Potential security vulnerabilities have been identified with HP-UX Apache Web Server. These vulnerabilities could be exploited remotely to disclose information, allow cross-site scripting (XSS), or create a Denial of Service (DoS). The Tomcat-based Servlet Engine is contained in the HP-UX Apache Web Server Suite.

Original Source

Url : http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02752210

CWE : Common Weakness Enumeration

% Id Name
67 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
33 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10613
 
Oval ID: oval:org.mitre.oval:def:10613
Title: The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.
Description: The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3560
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11019
 
Oval ID: oval:org.mitre.oval:def:11019
Title: The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.
Description: The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3720
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12456
 
Oval ID: oval:org.mitre.oval:def:12456
Title: DSA-2117-1 apr-util -- denial of service
Description: APR-util is part of the Apache Portable Runtime library which is used by projects such as Apache httpd and Subversion. Jeff Trawick discovered a flaw in the apr_brigade_split_line function in apr-util. A remote attacker could send crafted http requests to cause a greatly increased memory consumption in Apache httpd, resulting in a denial of service. This upgrade fixes this issue. After the upgrade, any running apache2 server processes need to be restarted. For the stable distribution, this problem has been fixed in version 1.2.12+dfsg-8+lenny5. For the testing distribution and the unstable distribution, this problem has been fixed in version 1.3.9+dfsg-4. We recommend that you upgrade your apr-util packages.
Family: unix Class: patch
Reference(s): DSA-2117-1
CVE-2010-1623
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): apr-util
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12517
 
Oval ID: oval:org.mitre.oval:def:12517
Title: HP-UX Apache Web Server, Remote Information Disclosure, Cross-Site Scripting (XSS), Denial of Service (DoS)
Description: Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3718
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12662
 
Oval ID: oval:org.mitre.oval:def:12662
Title: HP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: vulnerability
Reference(s): CVE-2010-4476
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12719
 
Oval ID: oval:org.mitre.oval:def:12719
Title: HP-UX Apache Web Server, Remote Information Disclosure, Cross-Site Scripting (XSS), Denial of Service (DoS)
Description: The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3720
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12745
 
Oval ID: oval:org.mitre.oval:def:12745
Title: HP-UX Apache Web Server, Remote Information Disclosure, Cross-Site Scripting (XSS), Denial of Service (DoS)
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: vulnerability
Reference(s): CVE-2010-4476
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12800
 
Oval ID: oval:org.mitre.oval:def:12800
Title: HP-UX Apache Web Server, Remote Information Disclosure, Cross-Site Scripting (XSS), Denial of Service (DoS)
Description: Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
Family: unix Class: vulnerability
Reference(s): CVE-2010-1623
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12878
 
Oval ID: oval:org.mitre.oval:def:12878
Title: HP-UX Apache Web Server, Remote Information Disclosure, Cross-Site Scripting (XSS), Denial of Service (DoS)
Description: Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
Family: unix Class: vulnerability
Reference(s): CVE-2011-0013
Version: 13
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12879
 
Oval ID: oval:org.mitre.oval:def:12879
Title: DSA-2161-1 openjdk-6 -- denial of service
Description: It was discovered that the floating point parser in OpenJDK, an implementation of the Java platform, can enter an infinite loop when processing certain input strings. Such input strings represent valid numbers and can be contained in data supplied by an attacker over the network, leading to a denial-of-service attack.
Family: unix Class: patch
Reference(s): DSA-2161-1
CVE-2010-4476
Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): openjdk-6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12942
 
Oval ID: oval:org.mitre.oval:def:12942
Title: HP-UX Apache Web Server, Remote Information Disclosure, Cross-Site Scripting (XSS), Denial of Service (DoS)
Description: The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3560
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13027
 
Oval ID: oval:org.mitre.oval:def:13027
Title: USN-1022-1 -- apr-util vulnerability
Description: It was discovered that APR-util did not properly handle memory when destroying APR buckets. An attacker could exploit this and cause a denial of service via memory exhaustion.
Family: unix Class: patch
Reference(s): USN-1022-1
CVE-2010-1623
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 10.10
Ubuntu 9.10
Ubuntu 10.04
Product(s): apr-util
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13090
 
Oval ID: oval:org.mitre.oval:def:13090
Title: USN-890-6 -- cmake vulnerabilities
Description: USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for CMake. Original advisory details: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash
Family: unix Class: patch
Reference(s): USN-890-6
CVE-2009-2625
CVE-2009-3720
CVE-2009-3560
Version: 5
Platform(s): Ubuntu 8.10
Ubuntu 8.04
Ubuntu 9.04
Product(s): cmake
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13120
 
Oval ID: oval:org.mitre.oval:def:13120
Title: USN-890-5 -- xmlrpc-c vulnerabilities
Description: USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for XML-RPC for C and C++. Original advisory details: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash
Family: unix Class: patch
Reference(s): USN-890-5
CVE-2009-2625
CVE-2009-3720
CVE-2009-3560
Version: 5
Platform(s): Ubuntu 9.10
Product(s): xmlrpc-c
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13155
 
Oval ID: oval:org.mitre.oval:def:13155
Title: USN-890-1 -- expat vulnerabilities
Description: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash
Family: unix Class: patch
Reference(s): USN-890-1
CVE-2009-2625
CVE-2009-3720
CVE-2009-3560
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 8.10
Ubuntu 9.10
Ubuntu 6.06
Ubuntu 9.04
Product(s): expat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13162
 
Oval ID: oval:org.mitre.oval:def:13162
Title: USN-1021-1 -- apache2 vulnerabilities
Description: It was discovered that Apache�s mod_cache and mod_dav modules incorrectly handled requests that lacked a path. A remote attacker could exploit this with a crafted request and cause a denial of service. This issue affected Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. It was discovered that Apache did not properly handle memory when destroying APR buckets. A remote attacker could exploit this with crafted requests and cause a denial of service via memory exhaustion. This issue affected Ubuntu 6.06 LTS and 10.10
Family: unix Class: patch
Reference(s): USN-1021-1
CVE-2010-1452
CVE-2010-1623
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 10.10
Ubuntu 10.04
Ubuntu 9.10
Ubuntu 6.06
Product(s): apache2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13228
 
Oval ID: oval:org.mitre.oval:def:13228
Title: USN-890-3 -- python2.4 vulnerabilities
Description: USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for the PyExpat module in Python 2.4. Original advisory details: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash
Family: unix Class: patch
Reference(s): USN-890-3
CVE-2009-2625
CVE-2009-3720
CVE-2009-3560
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 8.10
Ubuntu 9.10
Ubuntu 6.06
Ubuntu 9.04
Product(s): python2.4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13312
 
Oval ID: oval:org.mitre.oval:def:13312
Title: USN-890-4 -- python-xml vulnerabilities
Description: USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for PyXML. Original advisory details: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash
Family: unix Class: patch
Reference(s): USN-890-4
CVE-2009-2625
CVE-2009-3720
CVE-2009-3560
Version: 5
Platform(s): Ubuntu 6.06
Product(s): python-xml
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13420
 
Oval ID: oval:org.mitre.oval:def:13420
Title: DSA-1953-2 expat -- denial of service
Description: The expat updates released in DSA-1953-1 caused a regression: In some cases, expat would abort with the message "error in processing external entity reference". For the old stable distribution, this problem has been fixed in version 1.95.8-3.4+etch3. For the stable distribution, this problem has been fixed in version 2.0.1-4+lenny3. For the testing distribution and the unstable distribution , this problem will be fixed soon. We recommend that you upgrade your expat packages. For reference, the original advisory text is provided below. Jan Lieskovsky discovered an error in expat, an XML parsing C library, when parsing certain UTF-8 sequences, which can be exploited to crash an application using the library.
Family: unix Class: patch
Reference(s): DSA-1953-2
CVE-2009-3560
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): expat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13596
 
Oval ID: oval:org.mitre.oval:def:13596
Title: USN-890-2 -- python2.5 vulnerabilities
Description: USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for the PyExpat module in Python 2.5. Original advisory details: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash
Family: unix Class: patch
Reference(s): USN-890-2
CVE-2009-2625
CVE-2009-3720
CVE-2009-3560
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 8.10
Ubuntu 9.10
Ubuntu 9.04
Product(s): python2.5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13655
 
Oval ID: oval:org.mitre.oval:def:13655
Title: DSA-1953-1 expat -- denial of service
Description: Jan Lieskovsky discovered an error in expat, an XML parsing C library, when parsing certain UTF-8 sequences, which can be exploited to crash an application using the library. For the old stable distribution, this problem has been fixed in version 1.95.8-3.4+etch2. For the stable distribution, this problem has been fixed in version 2.0.1-4+lenny2. For the testing distribution and the unstable distribution , this problem will be in version 2.0.1-6. The builds for the mipsel architecture for the old stable distribution are not included yet. They will be released when they become available. We recommend that you upgrade your expat packages.
Family: unix Class: patch
Reference(s): DSA-1953-1
CVE-2009-3560
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): expat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13969
 
Oval ID: oval:org.mitre.oval:def:13969
Title: HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Authentication Bypass, Cross-Site Scripting (XSS), Unauthorized Access, Denial of Service (DoS)
Description: Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3718
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14328
 
Oval ID: oval:org.mitre.oval:def:14328
Title: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: windows Class: vulnerability
Reference(s): CVE-2010-4476
Version: 9
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Development Kit
Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14589
 
Oval ID: oval:org.mitre.oval:def:14589
Title: HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Authentication Bypass, Cross-Site Scripting (XSS), Unauthorized Access, Denial of Service (DoS)
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: vulnerability
Reference(s): CVE-2010-4476
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14945
 
Oval ID: oval:org.mitre.oval:def:14945
Title: HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Authentication Bypass, Cross-Site Scripting (XSS), Unauthorized Access, Denial of Service (DoS)
Description: Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
Family: unix Class: vulnerability
Reference(s): CVE-2011-0013
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18064
 
Oval ID: oval:org.mitre.oval:def:18064
Title: DSA-1977-1 python - several vulnerabilities
Description: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that the embedded Expat copy in the interpreter for the Python language, does not properly process malformed or crafted XML files. (<a href="http://security-tracker.debian.org/tracker/CVE-2009-3560">CVE-2009-3560</a> <a href="http://security-tracker.debian.org/tracker/CVE-2009-3720">CVE-2009-3720</a>) This vulnerability could allow an attacker to cause a denial of service while parsing a malformed XML file.
Family: unix Class: patch
Reference(s): DSA-1977-1
CVE-2008-2316
CVE-2009-3560
CVE-2009-3720
Version: 7
Platform(s): Debian GNU/Linux 4.0
Debian GNU/Linux 5.0
Product(s): python2.4
python2.5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19269
 
Oval ID: oval:org.mitre.oval:def:19269
Title: HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities
Description: Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
Family: unix Class: vulnerability
Reference(s): CVE-2011-0013
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19379
 
Oval ID: oval:org.mitre.oval:def:19379
Title: HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities
Description: Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3718
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19493
 
Oval ID: oval:org.mitre.oval:def:19493
Title: HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: vulnerability
Reference(s): CVE-2010-4476
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20637
 
Oval ID: oval:org.mitre.oval:def:20637
Title: VMware ESXi and ESX updates to third party library and ESX Service Console
Description: The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3720
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20649
 
Oval ID: oval:org.mitre.oval:def:20649
Title: VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: vulnerability
Reference(s): CVE-2010-4476
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21273
 
Oval ID: oval:org.mitre.oval:def:21273
Title: RHSA-2011:0290: java-1.6.0-ibm security update (Moderate)
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: patch
Reference(s): RHSA-2011:0290-01
CVE-2010-4476
Version: 4
Platform(s): Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
Product(s): java-1.6.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21420
 
Oval ID: oval:org.mitre.oval:def:21420
Title: RHSA-2011:0336: tomcat5 security update (Important)
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: patch
Reference(s): RHSA-2011:0336-01
CESA-2011:0336
CVE-2010-4476
Version: 4
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): tomcat5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21713
 
Oval ID: oval:org.mitre.oval:def:21713
Title: RHSA-2011:0214: java-1.6.0-openjdk security update (Moderate)
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: patch
Reference(s): RHSA-2011:0214-01
CVE-2010-4476
CESA-2011:0214-CentOS 5
Version: 6
Platform(s): Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21809
 
Oval ID: oval:org.mitre.oval:def:21809
Title: RHSA-2011:0291: java-1.5.0-ibm security update (Moderate)
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: patch
Reference(s): RHSA-2011:0291-01
CVE-2010-4476
Version: 4
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Product(s): java-1.5.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21859
 
Oval ID: oval:org.mitre.oval:def:21859
Title: RHSA-2011:0282: java-1.6.0-sun security update (Critical)
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: patch
Reference(s): RHSA-2011:0282-01
CVE-2010-4422
CVE-2010-4447
CVE-2010-4448
CVE-2010-4450
CVE-2010-4451
CVE-2010-4452
CVE-2010-4454
CVE-2010-4462
CVE-2010-4463
CVE-2010-4465
CVE-2010-4466
CVE-2010-4467
CVE-2010-4468
CVE-2010-4469
CVE-2010-4470
CVE-2010-4471
CVE-2010-4472
CVE-2010-4473
CVE-2010-4475
CVE-2010-4476
Version: 250
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Product(s): java-1.6.0-sun
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21907
 
Oval ID: oval:org.mitre.oval:def:21907
Title: RHSA-2011:0292: java-1.4.2-ibm security update (Moderate)
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: patch
Reference(s): RHSA-2011:0292-01
CVE-2010-4476
Version: 4
Platform(s): Red Hat Enterprise Linux 5
Product(s): java-1.4.2-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21948
 
Oval ID: oval:org.mitre.oval:def:21948
Title: RHSA-2010:0002: PyXML security update (Moderate)
Description: The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.
Family: unix Class: patch
Reference(s): RHSA-2010:0002-01
CESA-2010:0002
CVE-2009-3720
Version: 4
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): PyXML
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21956
 
Oval ID: oval:org.mitre.oval:def:21956
Title: RHSA-2011:0791: tomcat6 security and bug fix update (Moderate)
Description: Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
Family: unix Class: patch
Reference(s): RHSA-2011:0791-01
CVE-2010-3718
CVE-2010-4172
CVE-2011-0013
Version: 42
Platform(s): Red Hat Enterprise Linux 6
Product(s): tomcat6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22351
 
Oval ID: oval:org.mitre.oval:def:22351
Title: RHSA-2010:0950: apr-util security update (Moderate)
Description: Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
Family: unix Class: patch
Reference(s): RHSA-2010:0950-01
CVE-2010-1623
Version: 4
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Product(s): apr-util
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22673
 
Oval ID: oval:org.mitre.oval:def:22673
Title: DEPRECATED: ELSA-2011:0282: java-1.6.0-sun security update (Critical)
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: patch
Reference(s): ELSA-2011:0282-01
CVE-2010-4422
CVE-2010-4447
CVE-2010-4448
CVE-2010-4450
CVE-2010-4451
CVE-2010-4452
CVE-2010-4454
CVE-2010-4462
CVE-2010-4463
CVE-2010-4465
CVE-2010-4466
CVE-2010-4467
CVE-2010-4468
CVE-2010-4469
CVE-2010-4470
CVE-2010-4471
CVE-2010-4472
CVE-2010-4473
CVE-2010-4475
CVE-2010-4476
Version: 82
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): java-1.6.0-sun
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22826
 
Oval ID: oval:org.mitre.oval:def:22826
Title: ELSA-2011:0292: java-1.4.2-ibm security update (Moderate)
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: patch
Reference(s): ELSA-2011:0292-01
CVE-2010-4476
Version: 6
Platform(s): Oracle Linux 5
Product(s): java-1.4.2-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22836
 
Oval ID: oval:org.mitre.oval:def:22836
Title: DEPRECATED: ELSA-2011:0290: java-1.6.0-ibm security update (Moderate)
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: patch
Reference(s): ELSA-2011:0290-01
CVE-2010-4476
Version: 7
Platform(s): Oracle Linux 6
Oracle Linux 5
Product(s): java-1.6.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22880
 
Oval ID: oval:org.mitre.oval:def:22880
Title: ELSA-2009:1625: expat security update (Moderate)
Description: The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.
Family: unix Class: patch
Reference(s): ELSA-2009:1625-01
CVE-2009-3560
CVE-2009-3720
Version: 13
Platform(s): Oracle Linux 5
Product(s): expat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22908
 
Oval ID: oval:org.mitre.oval:def:22908
Title: DEPRECATED: ELSA-2011:0291: java-1.5.0-ibm security update (Moderate)
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: patch
Reference(s): ELSA-2011:0291-01
CVE-2010-4476
Version: 7
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): java-1.5.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22977
 
Oval ID: oval:org.mitre.oval:def:22977
Title: ELSA-2011:0336: tomcat5 security update (Important)
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: patch
Reference(s): ELSA-2011:0336-01
CVE-2010-4476
Version: 6
Platform(s): Oracle Linux 5
Product(s): tomcat5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23002
 
Oval ID: oval:org.mitre.oval:def:23002
Title: ELSA-2010:0002: PyXML security update (Moderate)
Description: The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.
Family: unix Class: patch
Reference(s): ELSA-2010:0002-01
CVE-2009-3720
Version: 6
Platform(s): Oracle Linux 5
Product(s): PyXML
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23037
 
Oval ID: oval:org.mitre.oval:def:23037
Title: DEPRECATED: ELSA-2010:0950: apr-util security update (Moderate)
Description: Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
Family: unix Class: patch
Reference(s): ELSA-2010:0950-01
CVE-2010-1623
Version: 7
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): apr-util
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23319
 
Oval ID: oval:org.mitre.oval:def:23319
Title: ELSA-2011:0214: java-1.6.0-openjdk security update (Moderate)
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: patch
Reference(s): ELSA-2011:0214-01
CVE-2010-4476
Version: 6
Platform(s): Oracle Linux 6
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23406
 
Oval ID: oval:org.mitre.oval:def:23406
Title: ELSA-2011:0290: java-1.6.0-ibm security update (Moderate)
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: patch
Reference(s): ELSA-2011:0290-01
CVE-2010-4476
Version: 6
Platform(s): Oracle Linux 6
Oracle Linux 5
Product(s): java-1.6.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23523
 
Oval ID: oval:org.mitre.oval:def:23523
Title: ELSA-2011:0791: tomcat6 security and bug fix update (Moderate)
Description: Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
Family: unix Class: patch
Reference(s): ELSA-2011:0791-01
CVE-2010-3718
CVE-2010-4172
CVE-2011-0013
Version: 17
Platform(s): Oracle Linux 6
Product(s): tomcat6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23595
 
Oval ID: oval:org.mitre.oval:def:23595
Title: ELSA-2011:0291: java-1.5.0-ibm security update (Moderate)
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: patch
Reference(s): ELSA-2011:0291-01
CVE-2010-4476
Version: 6
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): java-1.5.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23615
 
Oval ID: oval:org.mitre.oval:def:23615
Title: ELSA-2011:0282: java-1.6.0-sun security update (Critical)
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: patch
Reference(s): ELSA-2011:0282-01
CVE-2010-4422
CVE-2010-4447
CVE-2010-4448
CVE-2010-4450
CVE-2010-4451
CVE-2010-4452
CVE-2010-4454
CVE-2010-4462
CVE-2010-4463
CVE-2010-4465
CVE-2010-4466
CVE-2010-4467
CVE-2010-4468
CVE-2010-4469
CVE-2010-4470
CVE-2010-4471
CVE-2010-4472
CVE-2010-4473
CVE-2010-4475
CVE-2010-4476
Version: 81
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): java-1.6.0-sun
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23618
 
Oval ID: oval:org.mitre.oval:def:23618
Title: ELSA-2010:0950: apr-util security update (Moderate)
Description: Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
Family: unix Class: patch
Reference(s): ELSA-2010:0950-01
CVE-2010-1623
Version: 6
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): apr-util
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27948
 
Oval ID: oval:org.mitre.oval:def:27948
Title: DEPRECATED: ELSA-2011-0336 -- tomcat5 security update (important)
Description: [0:5.5.23-0jpp.17] - Resolves: rhbz 674599 JDK Double.parseDouble DoS
Family: unix Class: patch
Reference(s): ELSA-2011-0336
CVE-2010-4476
Version: 4
Platform(s): Oracle Linux 5
Product(s): tomcat5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28054
 
Oval ID: oval:org.mitre.oval:def:28054
Title: DEPRECATED: ELSA-2011-0214 -- java-1.6.0-openjdk security update (moderate)
Description: [1.6.0.0-1.36.b17] - removed plugin. How it comes in?! - Resolves: rhbz#676295 [1.6.0.0-1.33.b17] - bumped release number, it was accidentaly reduced, and now lower version then last one was released. - Resolves: rhbz#676295 [1.6.0.0-1.22.b17] - Updated to 1.7.9 tarball - removed patch6, fixed upstrream - Resolves: rhbz#676295
Family: unix Class: patch
Reference(s): ELSA-2011-0214
CVE-2010-4476
Version: 4
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28146
 
Oval ID: oval:org.mitre.oval:def:28146
Title: DEPRECATED: ELSA-2011-0791 -- tomcat6 security and bug fix update (moderate)
Description: [6.0.24-33] - resolves: rhbz 695284 - multiple instances logging fiasco [6.0.24-32] - Resolves: rhbz 698624 - inet4address can't be cast to String [6.0.24-31] - Resolves: rhbz 656403 - cve-2010-4172 jsp syntax error [6.0.24-30] - Resolves: rhbz#697504 initscript logging location [6.0.24-29] - Resolves: rhbz#656403, rhbz#675926, rhbz#676011 - CVE-2010-4172, CVE-2010-3718, CVE-2011-0013, CVE-2010-4476, - CVE-2011-0534 [6.0.24-28] - Resovles rhbz#695284 - wrapper logs to different locations - CVE-2010-4172, CVE-2011-0013, CVE-2010-3718 commented out - until needed. [6.0.24-27] - naming-factory-dbcp missing fix in tomcat6.conf - Add Obsoletes for log4j [6.0.24-26] - Add log4j to package lib. Corrected typo in log4 Provides - epock versus epoch [6.0.24-25] - Installed permissions do not allow tomcat to start - incrementing NVR so yum won't get confused with the zstream
Family: unix Class: patch
Reference(s): ELSA-2011-0791
CVE-2010-3718
CVE-2010-4172
CVE-2011-0013
Version: 4
Platform(s): Oracle Linux 6
Product(s): tomcat6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29347
 
Oval ID: oval:org.mitre.oval:def:29347
Title: RHSA-2009:1625 -- expat security update (Moderate)
Description: Updated expat packages that fix two security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Expat is a C library written by James Clark for parsing XML documents. Two buffer over-read flaws were found in the way Expat handled malformed UTF-8 sequences when processing XML files. A specially-crafted XML file could cause applications using Expat to crash while parsing the file. (CVE-2009-3560, CVE-2009-3720)
Family: unix Class: patch
Reference(s): RHSA-2009:1625
CESA-2009:1625-CentOS 3
CESA-2009:1625-CentOS 5
CVE-2009-3560
CVE-2009-3720
Version: 3
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 3
CentOS Linux 5
Product(s): expat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6760
 
Oval ID: oval:org.mitre.oval:def:6760
Title: DSA-1953 expat -- denial of service
Description: Jan Lieskovsky discovered an error in expat, an XML parsing C library, when parsing certain UTF-8 sequences, which can be exploited to crash an application using the library.
Family: unix Class: patch
Reference(s): DSA-1953
CVE-2009-3560
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): expat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6883
 
Oval ID: oval:org.mitre.oval:def:6883
Title: Expat Unspecified XML Parsing Remote Denial of Service Vulnerability
Description: The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3560
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7112
 
Oval ID: oval:org.mitre.oval:def:7112
Title: Expat UTF-8 Character XML Parsing Remote Denial of Service Vulnerability
Description: The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3720
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7152
 
Oval ID: oval:org.mitre.oval:def:7152
Title: DSA-1977 python2.4 python2.5 -- several vulnerabilities
Description: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that the embedded Expat copy in the interpreter for the Python language, does not properly process malformed or crafted XML files. This vulnerability could allow an attacker to cause a denial of service while parsing a malformed XML file. In addition, this update fixes an integer overflow in the hashlib module in python2.5. This vulnerability could allow an attacker to defeat cryptographic digests. It only affects the oldstable distribution.
Family: unix Class: patch
Reference(s): DSA-1977
CVE-2008-2316
CVE-2009-3560
CVE-2009-3720
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): python2.4 python2.5
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 48
Application 182
Application 66
Application 1
Application 321
Application 356
Application 104

OpenVAS Exploits

Date Description
2012-09-26 Name : Gentoo Security Advisory GLSA 201209-06 (expat)
File : nvt/glsa_201209_06.nasl
2012-08-10 Name : Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
File : nvt/glsa_201206_24.nasl
2012-07-30 Name : CentOS Update for apr-util CESA-2010:0950 centos4 x86_64
File : nvt/gb_CESA-2010_0950_apr-util_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for java CESA-2011:0214 centos5 x86_64
File : nvt/gb_CESA-2011_0214_java_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for tomcat5 CESA-2011:0336 centos5 x86_64
File : nvt/gb_CESA-2011_0336_tomcat5_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for python CESA-2011:0491 centos4 x86_64
File : nvt/gb_CESA-2011_0491_python_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for python CESA-2011:0492 centos5 x86_64
File : nvt/gb_CESA-2011_0492_python_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for tomcat5 CESA-2011:1845 centos5 x86_64
File : nvt/gb_CESA-2011_1845_tomcat5_centos5_x86_64.nasl
2012-06-06 Name : RedHat Update for tomcat6 RHSA-2011:0335-01
File : nvt/gb_RHSA-2011_0335-01_tomcat6.nasl
2012-06-06 Name : RedHat Update for tomcat6 RHSA-2011:0791-01
File : nvt/gb_RHSA-2011_0791-01_tomcat6.nasl
2012-03-15 Name : VMSA-2011-0013.2 VMware third party component updates for VMware vCenter Serv...
File : nvt/gb_VMSA-2011-0013.nasl
2012-03-15 Name : VMSA-2012-0001 VMware ESXi and ESX updates to third party library and ESX Ser...
File : nvt/gb_VMSA-2012-0001.nasl
2012-02-12 Name : Gentoo Security Advisory GLSA 201111-02 (sun-jre-bin sun-jdk emul-linux-x86-j...
File : nvt/glsa_201111_02.nasl
2011-12-23 Name : CentOS Update for tomcat5 CESA-2011:1845 centos5 i386
File : nvt/gb_CESA-2011_1845_tomcat5_centos5_i386.nasl
2011-12-23 Name : RedHat Update for tomcat5 RHSA-2011:1845-01
File : nvt/gb_RHSA-2011_1845-01_tomcat5.nasl
2011-10-21 Name : Fedora Update for tomcat6 FEDORA-2011-13457
File : nvt/gb_fedora_2011_13457_tomcat6_fc14.nasl
2011-10-21 Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-14638
File : nvt/gb_fedora_2011_14638_java-1.6.0-openjdk_fc14.nasl
2011-10-20 Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2011-006)
File : nvt/gb_macosx_su11-006.nasl
2011-08-29 Name : Java for Mac OS X 10.5 Update 9
File : nvt/secpod_macosx_java_10_5_upd_9.nasl
2011-08-29 Name : Java for Mac OS X 10.6 Update 4
File : nvt/secpod_macosx_java_10_6_upd_4.nasl
2011-08-12 Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-9523
File : nvt/gb_fedora_2011_9523_java-1.6.0-openjdk_fc14.nasl
2011-08-09 Name : CentOS Update for 4Suite CESA-2009:1572 centos3 i386
File : nvt/gb_CESA-2009_1572_4Suite_centos3_i386.nasl
2011-08-09 Name : CentOS Update for 4Suite CESA-2009:1572 centos4 i386
File : nvt/gb_CESA-2009_1572_4Suite_centos4_i386.nasl
2011-08-09 Name : CentOS Update for expat CESA-2009:1625 centos3 i386
File : nvt/gb_CESA-2009_1625_expat_centos3_i386.nasl
2011-08-09 Name : CentOS Update for expat CESA-2009:1625 centos4 i386
File : nvt/gb_CESA-2009_1625_expat_centos4_i386.nasl
2011-08-09 Name : CentOS Update for expat CESA-2009:1625 centos5 i386
File : nvt/gb_CESA-2009_1625_expat_centos5_i386.nasl
2011-08-09 Name : CentOS Update for PyXML CESA-2010:0002 centos5 i386
File : nvt/gb_CESA-2010_0002_PyXML_centos5_i386.nasl
2011-08-09 Name : CentOS Update for java CESA-2011:0214 centos5 i386
File : nvt/gb_CESA-2011_0214_java_centos5_i386.nasl
2011-08-09 Name : CentOS Update for tomcat5 CESA-2011:0336 centos5 i386
File : nvt/gb_CESA-2011_0336_tomcat5_centos5_i386.nasl
2011-08-09 Name : CentOS Update for python CESA-2011:0491 centos4 i386
File : nvt/gb_CESA-2011_0491_python_centos4_i386.nasl
2011-08-09 Name : CentOS Update for python CESA-2011:0492 centos5 i386
File : nvt/gb_CESA-2011_0492_python_centos5_i386.nasl
2011-06-20 Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-8003
File : nvt/gb_fedora_2011_8003_java-1.6.0-openjdk_fc14.nasl
2011-06-20 Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-8020
File : nvt/gb_fedora_2011_8020_java-1.6.0-openjdk_fc13.nasl
2011-06-06 Name : HP-UX Update for Java HPSBUX02685
File : nvt/gb_hp_ux_HPSBUX02685.nasl
2011-05-06 Name : RedHat Update for python RHSA-2011:0491-01
File : nvt/gb_RHSA-2011_0491-01_python.nasl
2011-05-06 Name : RedHat Update for python RHSA-2011:0492-01
File : nvt/gb_RHSA-2011_0492-01_python.nasl
2011-05-05 Name : Fedora Update for SimGear FEDORA-2011-5727
File : nvt/gb_fedora_2011_5727_SimGear_fc14.nasl
2011-05-05 Name : Fedora Update for SimGear FEDORA-2011-5744
File : nvt/gb_fedora_2011_5744_SimGear_fc13.nasl
2011-05-05 Name : HP-UX Update for Apache Web Server HPSBUX02645
File : nvt/gb_hp_ux_HPSBUX02645.nasl
2011-04-01 Name : Mandriva Update for java-1.6.0-openjdk MDVSA-2011:054 (java-1.6.0-openjdk)
File : nvt/gb_mandriva_MDVSA_2011_054.nasl
2011-04-01 Name : Ubuntu Update for tomcat6 vulnerabilities USN-1097-1
File : nvt/gb_ubuntu_USN_1097_1.nasl
2011-03-24 Name : Fedora Update for whatsup FEDORA-2011-2794
File : nvt/gb_fedora_2011_2794_whatsup_fc13.nasl
2011-03-24 Name : Fedora Update for whatsup FEDORA-2011-2801
File : nvt/gb_fedora_2011_2801_whatsup_fc14.nasl
2011-03-15 Name : RedHat Update for tomcat5 RHSA-2011:0336-01
File : nvt/gb_RHSA-2011_0336-01_tomcat5.nasl
2011-03-07 Name : Debian Security Advisory DSA 2160-1 (tomcat6)
File : nvt/deb_2160_1.nasl
2011-03-07 Name : Debian Security Advisory DSA 2161-1 (openjdk-6)
File : nvt/deb_2161_1.nasl
2011-03-07 Name : Debian Security Advisory DSA 2161-2 (openjdk-6)
File : nvt/deb_2161_2.nasl
2011-03-07 Name : Ubuntu Update for openjdk-6 vulnerabilities USN-1079-1
File : nvt/gb_ubuntu_USN_1079_1.nasl
2011-03-05 Name : FreeBSD Ports: tomcat55
File : nvt/freebsd_tomcat55.nasl
2011-02-28 Name : SuSE Update for java-1_6_0-sun SUSE-SA:2011:010
File : nvt/gb_suse_2011_010.nasl
2011-02-28 Name : Oracle Java SE Multiple Unspecified Vulnerabilities (Windows)
File : nvt/secpod_oracle_java_mult_unspecified_vuln_win_feb11.nasl
2011-02-22 Name : Mandriva Update for tomcat5 MDVSA-2011:030 (tomcat5)
File : nvt/gb_mandriva_MDVSA_2011_030.nasl
2011-02-18 Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-1631
File : nvt/gb_fedora_2011_1631_java-1.6.0-openjdk_fc13.nasl
2011-02-18 Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-1645
File : nvt/gb_fedora_2011_1645_java-1.6.0-openjdk_fc14.nasl
2011-02-16 Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-1231
File : nvt/gb_fedora_2011_1231_java-1.6.0-openjdk_fc13.nasl
2011-02-16 Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-1263
File : nvt/gb_fedora_2011_1263_java-1.6.0-openjdk_fc14.nasl
2011-02-11 Name : RedHat Update for java-1.6.0-openjdk RHSA-2011:0214-01
File : nvt/gb_RHSA-2011_0214-01_java-1.6.0-openjdk.nasl
2011-01-31 Name : CentOS Update for apr-util CESA-2010:0950 centos4 i386
File : nvt/gb_CESA-2010_0950_apr-util_centos4_i386.nasl
2010-12-23 Name : RedHat Update for apr-util RHSA-2010:0950-01
File : nvt/gb_RHSA-2010_0950-01_apr-util.nasl
2010-12-02 Name : Fedora Update for apr-util FEDORA-2010-16178
File : nvt/gb_fedora_2010_16178_apr-util_fc14.nasl
2010-12-02 Name : Fedora Update for libtlen FEDORA-2010-17720
File : nvt/gb_fedora_2010_17720_libtlen_fc14.nasl
2010-12-02 Name : Fedora Update for udunits2 FEDORA-2010-17807
File : nvt/gb_fedora_2010_17807_udunits2_fc13.nasl
2010-12-02 Name : Fedora Update for udunits2 FEDORA-2010-17819
File : nvt/gb_fedora_2010_17819_udunits2_fc14.nasl
2010-12-02 Name : Ubuntu Update for apache2 vulnerabilities USN-1021-1
File : nvt/gb_ubuntu_USN_1021_1.nasl
2010-12-02 Name : Ubuntu Update for apr-util vulnerability USN-1022-1
File : nvt/gb_ubuntu_USN_1022_1.nasl
2010-11-23 Name : Fedora Update for libtlen FEDORA-2010-17732
File : nvt/gb_fedora_2010_17732_libtlen_fc13.nasl
2010-11-23 Name : Fedora Update for libtlen FEDORA-2010-17762
File : nvt/gb_fedora_2010_17762_libtlen_fc12.nasl
2010-11-04 Name : Fedora Update for apr-util FEDORA-2010-15916
File : nvt/gb_fedora_2010_15916_apr-util_fc12.nasl
2010-11-04 Name : Fedora Update for apr-util FEDORA-2010-15953
File : nvt/gb_fedora_2010_15953_apr-util_fc13.nasl
2010-10-10 Name : FreeBSD Ports: apr
File : nvt/freebsd_apr0.nasl
2010-10-07 Name : Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
File : nvt/gb_apache_apr_util_dos_vuln.nasl
2010-10-04 Name : Mandriva Update for apr-util MDVSA-2010:192 (apr-util)
File : nvt/gb_mandriva_MDVSA_2010_192.nasl
2010-04-16 Name : Ubuntu Update for cmake vulnerabilities USN-890-6
File : nvt/gb_ubuntu_USN_890_6.nasl
2010-02-19 Name : Ubuntu Update for xmlrpc-c vulnerabilities USN-890-5
File : nvt/gb_ubuntu_USN_890_5.nasl
2010-01-29 Name : Ubuntu Update for python-xml vulnerabilities USN-890-4
File : nvt/gb_ubuntu_USN_890_4.nasl
2010-01-25 Name : Ubuntu Update for python2.4 vulnerabilities USN-890-3
File : nvt/gb_ubuntu_USN_890_3.nasl
2010-01-22 Name : Ubuntu Update for expat vulnerabilities USN-890-1
File : nvt/gb_ubuntu_USN_890_1.nasl
2010-01-22 Name : Ubuntu Update for python2.5 vulnerabilities USN-890-2
File : nvt/gb_ubuntu_USN_890_2.nasl
2010-01-19 Name : CentOS Update for PyXML CESA-2010:0002 centos4 i386
File : nvt/gb_CESA-2010_0002_PyXML_centos4_i386.nasl
2010-01-19 Name : CentOS Update for PyXML CESA-2010:0002 centos4 x86_64
File : nvt/gb_CESA-2010_0002_PyXML_centos4_x86_64.nasl
2010-01-15 Name : RedHat Update for PyXML RHSA-2010:0002-01
File : nvt/gb_RHSA-2010_0002-01_PyXML.nasl
2010-01-15 Name : Mandriva Update for davfs MDVSA-2009:220-1 (davfs)
File : nvt/gb_mandriva_MDVSA_2009_220_1.nasl
2010-01-15 Name : Mandriva Update for expat MDVSA-2009:316-1 (expat)
File : nvt/gb_mandriva_MDVSA_2009_316_1.nasl
2010-01-15 Name : Mandriva Update for expat MDVSA-2009:316-2 (expat)
File : nvt/gb_mandriva_MDVSA_2009_316_2.nasl
2010-01-15 Name : Mandriva Update for expat MDVSA-2009:316-3 (expat)
File : nvt/gb_mandriva_MDVSA_2009_316_3.nasl
2009-12-14 Name : SLES11: Security update for expat
File : nvt/sles11_expat0.nasl
2009-12-14 Name : SLES9: Security update for expat
File : nvt/sles9p5064331.nasl
2009-12-10 Name : RedHat Security Advisory RHSA-2009:1625
File : nvt/RHSA_2009_1625.nasl
2009-12-10 Name : Fedora Core 10 FEDORA-2009-12690 (expat)
File : nvt/fcore_2009_12690.nasl
2009-12-10 Name : Fedora Core 11 FEDORA-2009-12716 (expat)
File : nvt/fcore_2009_12716.nasl
2009-12-10 Name : Fedora Core 12 FEDORA-2009-12737 (expat)
File : nvt/fcore_2009_12737.nasl
2009-12-10 Name : FreeBSD Ports: expat2
File : nvt/freebsd_expat2.nasl
2009-12-10 Name : FreeBSD Ports: expat2
File : nvt/freebsd_expat20.nasl
2009-12-10 Name : Mandriva Security Advisory MDVSA-2009:211-1 (expat)
File : nvt/mdksa_2009_211_1.nasl
2009-12-10 Name : Mandriva Security Advisory MDVSA-2009:212-1 (python)
File : nvt/mdksa_2009_212_1.nasl
2009-12-10 Name : Mandriva Security Advisory MDVSA-2009:213-1 (wxgtk)
File : nvt/mdksa_2009_213_1.nasl
2009-12-10 Name : Mandriva Security Advisory MDVSA-2009:215-1 (audacity)
File : nvt/mdksa_2009_215_1.nasl
2009-12-10 Name : Mandriva Security Advisory MDVSA-2009:217-3 (mozilla-thunderbird)
File : nvt/mdksa_2009_217_3.nasl
2009-12-10 Name : Mandriva Security Advisory MDVSA-2009:218-1 (w3c-libwww)
File : nvt/mdksa_2009_218_1.nasl
2009-12-10 Name : Mandriva Security Advisory MDVSA-2009:219-1 (kompozer)
File : nvt/mdksa_2009_219_1.nasl
2009-12-10 Name : CentOS Security Advisory CESA-2009:1625 (expat)
File : nvt/ovcesa2009_1625.nasl
2009-11-23 Name : SLES10: Security update for expat
File : nvt/sles10_expat.nasl
2009-11-23 Name : SLES11: Security update for expat
File : nvt/sles11_expat.nasl
2009-11-23 Name : SLES9: Security update for expat
File : nvt/sles9p5062940.nasl
2009-11-17 Name : RedHat Security Advisory RHSA-2009:1572
File : nvt/RHSA_2009_1572.nasl
2009-11-17 Name : CentOS Security Advisory CESA-2009:1572 (4Suite)
File : nvt/ovcesa2009_1572.nasl
2009-11-11 Name : Fedora Core 10 FEDORA-2009-10949 (PyXML)
File : nvt/fcore_2009_10949.nasl
2009-11-11 Name : Fedora Core 10 FEDORA-2009-10956 (python-4Suite-XML)
File : nvt/fcore_2009_10956.nasl
2009-11-11 Name : Fedora Core 11 FEDORA-2009-10972 (python-4Suite-XML)
File : nvt/fcore_2009_10972.nasl
2009-11-11 Name : Fedora Core 11 FEDORA-2009-10987 (expat)
File : nvt/fcore_2009_10987.nasl
2009-11-11 Name : Fedora Core 10 FEDORA-2009-11029 (expat)
File : nvt/fcore_2009_11029.nasl
2009-11-11 Name : Fedora Core 11 FEDORA-2009-11030 (PyXML)
File : nvt/fcore_2009_11030.nasl
2009-11-11 Name : SuSE Security Summary SUSE-SR:2009:018
File : nvt/suse_sr_2009_018.nasl
0000-00-00 Name : Slackware Advisory SSA:2011-041-01 apr-util
File : nvt/esoft_slk_ssa_2011_041_01.nasl
0000-00-00 Name : Slackware Advisory SSA:2011-041-02 expat
File : nvt/esoft_slk_ssa_2011_041_02.nasl
0000-00-00 Name : Slackware Advisory SSA:2011-041-03 httpd
File : nvt/esoft_slk_ssa_2011_041_03.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
71558 Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary Fi...

Apache Tomcat contains a flaw that allows a local attacker to traverse outside of a restricted path. The issue is due to the 'SecurityManager' not properly making the 'ServletContext' attribute read-only, allowing for directory traversal style attacks (e.g., ../../). This directory traversal attack would allow the attacker to manipulate arbitrary files.
71557 Apache Tomcat HTML Manager Multiple XSS

The HTML Manager Interface in Apache Tomcat contains multiple flaws that allow a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input related to the display-name tag before returning it to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
70965 Oracle Java SE / Java for Business Double.parseDouble Method Floating Point ...

Oracle Java SE and Java for Business contain a flaw that may allow a remote denial of service. The issue is triggered when the 'Double.parseDouble' method in JRE allows remote attackers to trigger an infinite loop with a crafted string, resulting in a denial of service.
68327 Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memor...

Apache APR-util contains a flaw that may allow a remote denial of service. The issue is triggered when a memory leak occurs in the 'apr_brigade_split_line()' function in 'buckets/apr_brigade.c', allowing a remote attacker to destroy an APR bucket to cause a denial of service via memory consumption.
60797 Expat libexpat lib/xmltok.c big2_toUtf8 Function UTF-8 XML Document Handling ...

59737 Expat libexpat lib/xmltok_impl.c updatePosition Function UTF-8 XML Document H...

Information Assurance Vulnerability Management (IAVM)

Date Description
2012-05-03 IAVM : 2012-B-0048 - Multiple Vulnerabilities in HP Systems Insight Manager
Severity : Category I - VMSKEY : V0032178
2012-02-02 IAVM : 2012-A-0020 - Multiple Vulnerabilities in VMware ESX 4.1 and ESXi 4.1
Severity : Category I - VMSKEY : V0031252
2011-12-15 IAVM : 2011-A-0173 - Multiple Vulnerabilities in VMware ESX 4.0
Severity : Category I - VMSKEY : V0030824
2011-12-01 IAVM : 2011-A-0160 - Multiple Vulnerabilities in VMware vCenter Server 4.0 and vCenter Update Mana...
Severity : Category I - VMSKEY : V0030769

Snort® IPS/IDS

Date Description
2014-01-10 Expat xml UTF-8 buffer over-read attempt
RuleID : 24070 - Revision : 3 - Type : FILE-OTHER
2014-01-10 Expat xml UTF-8 buffer over-read attempt
RuleID : 24069 - Revision : 3 - Type : FILE-OTHER
2014-01-10 Expat xml UTF-8 bufer over-read attempt
RuleID : 24068 - Revision : 3 - Type : FILE-OTHER
2014-01-10 Expat xml UTF-8 buffer over-read attempt
RuleID : 24067 - Revision : 3 - Type : FILE-OTHER
2014-01-10 Java floating point number denial of service - via POST
RuleID : 18471 - Revision : 8 - Type : SERVER-WEBAPP
2014-01-10 Java floating point number denial of service - via URI
RuleID : 18470 - Revision : 9 - Type : SERVER-WEBAPP

Nessus® Vulnerability Scanner

Date Description
2017-05-08 Name : An application installed on the remote host is affected by multiple vulnerabi...
File : itunes_12_6.nasl - Type : ACT_GATHER_INFO
2017-05-08 Name : An application running on the remote host is affected by multiple vulnerabili...
File : itunes_12_6_banner.nasl - Type : ACT_GATHER_INFO
2017-05-08 Name : The remote host contains an application that is affected by multiple vulnerab...
File : macos_itunes_12_6.nasl - Type : ACT_GATHER_INFO
2016-11-30 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_18449f92ab3911e68011005056925db4.nasl - Type : ACT_GATHER_INFO
2016-03-08 Name : The remote VMware ESX host is missing a security-related patch.
File : vmware_VMSA-2010-0004_remote.nasl - Type : ACT_GATHER_INFO
2016-03-04 Name : The remote VMware ESX / ESXi host is missing a security-related patch.
File : vmware_VMSA-2011-0013_remote.nasl - Type : ACT_GATHER_INFO
2016-03-03 Name : The remote VMware ESXi / ESX host is missing a security-related patch.
File : vmware_VMSA-2012-0001_remote.nasl - Type : ACT_GATHER_INFO
2015-09-16 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL15902.nasl - Type : ACT_GATHER_INFO
2014-12-15 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL15905.nasl - Type : ACT_GATHER_INFO
2014-06-30 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201406-32.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_apache2-110726.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_java-1_6_0-sun-110217.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_tomcat6-110211.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_apache2-110726.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_java-1_6_0-sun-110314.nasl - Type : ACT_GATHER_INFO
2014-05-19 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201405-24.nasl - Type : ACT_GATHER_INFO
2013-11-13 Name : The remote VMware ESXi 5.0 host is affected by multiple vulnerabilities.
File : vmware_esxi_5_0_build_608089_remote.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2009-1572.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1625.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2010-0002.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0950.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0214.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0335.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0336.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0491.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0492.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-1845.nasl - Type : ACT_GATHER_INFO
2013-06-29 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2009-1572.nasl - Type : ACT_GATHER_INFO
2013-03-09 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1079-2.nasl - Type : ACT_GATHER_INFO
2013-03-09 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1079-3.nasl - Type : ACT_GATHER_INFO
2013-02-22 Name : The remote Unix host contains a programming platform that is affected by mult...
File : oracle_java_cpu_feb_2011_unix.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0880.nasl - Type : ACT_GATHER_INFO
2012-09-25 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201209-06.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing a security update.
File : sl_20091110_4Suite_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20091207_expat_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing a security update.
File : sl_20100104_PyXML_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20101207_apr_util_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110210_java_1_6_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110217_java__jdk_1_6_0__on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110309_tomcat5_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110309_tomcat6_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110505_python_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110519_tomcat6_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20111220_tomcat5_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-06-25 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201206-24.nasl - Type : ACT_GATHER_INFO
2012-06-21 Name : The remote database server is affected by multiple denial of service vulnerab...
File : db2_9fp11.nasl - Type : ACT_GATHER_INFO
2012-06-15 Name : The remote Windows host contains software that is affected by multiple vulner...
File : hp_systems_insight_manager_700_multiple_vulns.nasl - Type : ACT_GATHER_INFO
2012-04-20 Name : The remote web server is affected by multiple vulnerabilities.
File : hpsmh_7_0_0_24.nasl - Type : ACT_GATHER_INFO
2012-01-31 Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2012-0001.nasl - Type : ACT_GATHER_INFO
2011-12-21 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-1845.nasl - Type : ACT_GATHER_INFO
2011-12-21 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1845.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_4_2-ibm-7440.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_6_0-ibm-7443.nasl - Type : ACT_GATHER_INFO
2011-11-23 Name : The remote database server is affected by multiple denial of service vulnerab...
File : db2_97fp5.nasl - Type : ACT_GATHER_INFO
2011-11-07 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201111-02.nasl - Type : ACT_GATHER_INFO
2011-10-28 Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2011-0013.nasl - Type : ACT_GATHER_INFO
2011-10-21 Name : The remote Fedora host is missing a security update.
File : fedora_2011-13457.nasl - Type : ACT_GATHER_INFO
2011-10-13 Name : The remote host is missing a Mac OS X update that fixes several security issues.
File : macosx_SecUpd2011-006.nasl - Type : ACT_GATHER_INFO
2011-07-12 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libapr-util1-110701.nasl - Type : ACT_GATHER_INFO
2011-07-12 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libapr-util1-110706.nasl - Type : ACT_GATHER_INFO
2011-07-12 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_libapr-util1-7611.nasl - Type : ACT_GATHER_INFO
2011-05-20 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0791.nasl - Type : ACT_GATHER_INFO
2011-05-13 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12706.nasl - Type : ACT_GATHER_INFO
2011-05-13 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_4_2-ibm-110504.nasl - Type : ACT_GATHER_INFO
2011-05-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-0491.nasl - Type : ACT_GATHER_INFO
2011-05-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-0492.nasl - Type : ACT_GATHER_INFO
2011-05-06 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0491.nasl - Type : ACT_GATHER_INFO
2011-05-06 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0492.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_java-1_6_0-sun-110217.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_tomcat6-110211.nasl - Type : ACT_GATHER_INFO
2011-05-02 Name : The remote Fedora host is missing a security update.
File : fedora_2011-5727.nasl - Type : ACT_GATHER_INFO
2011-05-02 Name : The remote Fedora host is missing a security update.
File : fedora_2011-5744.nasl - Type : ACT_GATHER_INFO
2011-04-27 Name : The remote Fedora host is missing a security update.
File : fedora_2011-5777.nasl - Type : ACT_GATHER_INFO
2011-04-15 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-0214.nasl - Type : ACT_GATHER_INFO
2011-04-15 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-0336.nasl - Type : ACT_GATHER_INFO
2011-03-30 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1097-1.nasl - Type : ACT_GATHER_INFO
2011-03-28 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-054.nasl - Type : ACT_GATHER_INFO
2011-03-22 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_6_0-ibm-110307.nasl - Type : ACT_GATHER_INFO
2011-03-22 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_6_0-ibm-7369.nasl - Type : ACT_GATHER_INFO
2011-03-21 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_5_0-ibm-7350.nasl - Type : ACT_GATHER_INFO
2011-03-18 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12687.nasl - Type : ACT_GATHER_INFO
2011-03-17 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12683.nasl - Type : ACT_GATHER_INFO
2011-03-17 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_expat-100109.nasl - Type : ACT_GATHER_INFO
2011-03-16 Name : The remote Fedora host is missing a security update.
File : fedora_2011-2794.nasl - Type : ACT_GATHER_INFO
2011-03-16 Name : The remote Fedora host is missing a security update.
File : fedora_2011-2801.nasl - Type : ACT_GATHER_INFO
2011-03-16 Name : The remote Fedora host is missing a security update.
File : fedora_2011-3097.nasl - Type : ACT_GATHER_INFO
2011-03-11 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12682.nasl - Type : ACT_GATHER_INFO
2011-03-11 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_4_2-ibm-110223.nasl - Type : ACT_GATHER_INFO
2011-03-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_4_2-ibm-7348.nasl - Type : ACT_GATHER_INFO
2011-03-10 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0335.nasl - Type : ACT_GATHER_INFO
2011-03-10 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0336.nasl - Type : ACT_GATHER_INFO
2011-03-09 Name : The remote host has a version of Java that is affected by multiple vulnerabil...
File : macosx_java_10_5_update9.nasl - Type : ACT_GATHER_INFO
2011-03-09 Name : The remote host has a version of Java that is affected by multiple vulnerabil...
File : macosx_java_10_6_update4.nasl - Type : ACT_GATHER_INFO
2011-03-03 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_tomcat5-7337.nasl - Type : ACT_GATHER_INFO
2011-03-02 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1079-1.nasl - Type : ACT_GATHER_INFO
2011-02-23 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0290.nasl - Type : ACT_GATHER_INFO
2011-02-23 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0291.nasl - Type : ACT_GATHER_INFO
2011-02-23 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0292.nasl - Type : ACT_GATHER_INFO
2011-02-23 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_6_0-sun-110217.nasl - Type : ACT_GATHER_INFO
2011-02-23 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_6_0-sun-7342.nasl - Type : ACT_GATHER_INFO
2011-02-20 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-030.nasl - Type : ACT_GATHER_INFO
2011-02-18 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0282.nasl - Type : ACT_GATHER_INFO
2011-02-16 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_553ec4ed38d611e094b1000c29ba66d2.nasl - Type : ACT_GATHER_INFO
2011-02-16 Name : The remote Windows host contains a programming platform that is affected by m...
File : oracle_java_cpu_feb_2011.nasl - Type : ACT_GATHER_INFO
2011-02-15 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2161.nasl - Type : ACT_GATHER_INFO
2011-02-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2160.nasl - Type : ACT_GATHER_INFO
2011-02-14 Name : The remote Fedora host is missing a security update.
File : fedora_2011-1231.nasl - Type : ACT_GATHER_INFO
2011-02-14 Name : The remote Fedora host is missing a security update.
File : fedora_2011-1263.nasl - Type : ACT_GATHER_INFO
2011-02-14 Name : The remote web server is affected by multiple vulnerabilities.
File : tomcat_6_0_30.nasl - Type : ACT_GATHER_INFO
2011-02-14 Name : The remote web server is affected by a cross-site scripting vulnerability.
File : tomcat_7_0_6.nasl - Type : ACT_GATHER_INFO
2011-02-11 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2011-041-01.nasl - Type : ACT_GATHER_INFO
2011-02-11 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2011-041-02.nasl - Type : ACT_GATHER_INFO
2011-02-11 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2011-041-03.nasl - Type : ACT_GATHER_INFO
2011-02-11 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0214.nasl - Type : ACT_GATHER_INFO
2011-02-11 Name : The remote web server is affected by a cross-site scripting vulnerability.
File : tomcat_5_5_32.nasl - Type : ACT_GATHER_INFO
2011-02-11 Name : The remote web server is affected by a security bypass vulnerability.
File : tomcat_7_0_4.nasl - Type : ACT_GATHER_INFO
2011-01-28 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0950.nasl - Type : ACT_GATHER_INFO
2011-01-27 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_libicecore-6857.nasl - Type : ACT_GATHER_INFO
2011-01-27 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_libicecore-6862.nasl - Type : ACT_GATHER_INFO
2010-12-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0950.nasl - Type : ACT_GATHER_INFO
2010-12-02 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libpython2_6-1_0-100323.nasl - Type : ACT_GATHER_INFO
2010-11-28 Name : The remote Fedora host is missing a security update.
File : fedora_2010-17807.nasl - Type : ACT_GATHER_INFO
2010-11-28 Name : The remote Fedora host is missing a security update.
File : fedora_2010-17819.nasl - Type : ACT_GATHER_INFO
2010-11-28 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1021-1.nasl - Type : ACT_GATHER_INFO
2010-11-28 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1022-1.nasl - Type : ACT_GATHER_INFO
2010-11-24 Name : The remote Fedora host is missing a security update.
File : fedora_2010-17720.nasl - Type : ACT_GATHER_INFO
2010-11-22 Name : The remote Fedora host is missing a security update.
File : fedora_2010-17732.nasl - Type : ACT_GATHER_INFO
2010-11-22 Name : The remote Fedora host is missing a security update.
File : fedora_2010-17762.nasl - Type : ACT_GATHER_INFO
2010-11-10 Name : The remote Fedora host is missing a security update.
File : fedora_2010-16178.nasl - Type : ACT_GATHER_INFO
2010-10-29 Name : The remote Fedora host is missing a security update.
File : fedora_2010-15916.nasl - Type : ACT_GATHER_INFO
2010-10-29 Name : The remote Fedora host is missing a security update.
File : fedora_2010-15953.nasl - Type : ACT_GATHER_INFO
2010-10-20 Name : The remote web server is affected by multiple vulnerabilities.
File : apache_2_0_64.nasl - Type : ACT_GATHER_INFO
2010-10-20 Name : The remote web server may be affected by several issues.
File : apache_2_2_17.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_expat-6619.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_expat-6703.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_expat-6765.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_python-6946.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_pyxml-6715.nasl - Type : ACT_GATHER_INFO
2010-10-06 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2117.nasl - Type : ACT_GATHER_INFO
2010-10-06 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_dd943fbbd0fe11df95a800219b0fc4d8.nasl - Type : ACT_GATHER_INFO
2010-10-06 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-192.nasl - Type : ACT_GATHER_INFO
2010-07-16 Name : The remote Apache Tomcat server is affected by multiple vulnerabilities.
File : tomcat_transfer_encoding.nasl - Type : ACT_ATTACK
2010-06-22 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12591.nasl - Type : ACT_GATHER_INFO
2010-05-15 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_libpython2_6-1_0-100328.nasl - Type : ACT_GATHER_INFO
2010-05-15 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_libpython2_6-1_0-100330.nasl - Type : ACT_GATHER_INFO
2010-05-15 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_libpython2_6-1_0-100329.nasl - Type : ACT_GATHER_INFO
2010-05-14 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12600.nasl - Type : ACT_GATHER_INFO
2010-04-16 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-890-6.nasl - Type : ACT_GATHER_INFO
2010-03-05 Name : The remote VMware ESX host is missing one or more security-related patches.
File : vmware_VMSA-2010-0004.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1953.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1977.nasl - Type : ACT_GATHER_INFO
2010-02-23 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_libexpat0-100220.nasl - Type : ACT_GATHER_INFO
2010-02-23 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_libexpat0-100220.nasl - Type : ACT_GATHER_INFO
2010-02-23 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_libexpat0-100220.nasl - Type : ACT_GATHER_INFO
2010-02-19 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-890-5.nasl - Type : ACT_GATHER_INFO
2010-01-27 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-890-4.nasl - Type : ACT_GATHER_INFO
2010-01-25 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-890-3.nasl - Type : ACT_GATHER_INFO
2010-01-22 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-890-2.nasl - Type : ACT_GATHER_INFO
2010-01-21 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-890-1.nasl - Type : ACT_GATHER_INFO
2010-01-15 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12568.nasl - Type : ACT_GATHER_INFO
2010-01-15 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_expat-100111.nasl - Type : ACT_GATHER_INFO
2010-01-15 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_expat-100111.nasl - Type : ACT_GATHER_INFO
2010-01-15 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_expat-100111.nasl - Type : ACT_GATHER_INFO
2010-01-15 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_expat-100108.nasl - Type : ACT_GATHER_INFO
2010-01-15 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_expat-6764.nasl - Type : ACT_GATHER_INFO
2010-01-05 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2010-0002.nasl - Type : ACT_GATHER_INFO
2010-01-05 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2010-0002.nasl - Type : ACT_GATHER_INFO
2009-12-27 Name : The remote Fedora host is missing a security update.
File : fedora_2009-12753.nasl - Type : ACT_GATHER_INFO
2009-12-18 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_pyxml-091210.nasl - Type : ACT_GATHER_INFO
2009-12-18 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_pyxml-091210.nasl - Type : ACT_GATHER_INFO
2009-12-18 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_pyxml-091210.nasl - Type : ACT_GATHER_INFO
2009-12-18 Name : The remote SuSE 11 host is missing a security update.
File : suse_11_pyxml-091211.nasl - Type : ACT_GATHER_INFO
2009-12-18 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_pyxml-6714.nasl - Type : ACT_GATHER_INFO
2009-12-14 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12558.nasl - Type : ACT_GATHER_INFO
2009-12-14 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_expat-091207.nasl - Type : ACT_GATHER_INFO
2009-12-14 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_expat-091207.nasl - Type : ACT_GATHER_INFO
2009-12-14 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_expat-091207.nasl - Type : ACT_GATHER_INFO
2009-12-14 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_expat-091207.nasl - Type : ACT_GATHER_INFO
2009-12-14 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_expat-6702.nasl - Type : ACT_GATHER_INFO
2009-12-08 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1625.nasl - Type : ACT_GATHER_INFO
2009-12-08 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_5f030587e39a11de881e001aa0166822.nasl - Type : ACT_GATHER_INFO
2009-12-08 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_e9fca207e39911de881e001aa0166822.nasl - Type : ACT_GATHER_INFO
2009-12-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1625.nasl - Type : ACT_GATHER_INFO
2009-12-07 Name : The remote Fedora host is missing a security update.
File : fedora_2009-12690.nasl - Type : ACT_GATHER_INFO
2009-12-07 Name : The remote Fedora host is missing a security update.
File : fedora_2009-12716.nasl - Type : ACT_GATHER_INFO
2009-12-07 Name : The remote Fedora host is missing a security update.
File : fedora_2009-12737.nasl - Type : ACT_GATHER_INFO
2009-12-07 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-316.nasl - Type : ACT_GATHER_INFO
2009-11-23 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12529.nasl - Type : ACT_GATHER_INFO
2009-11-23 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_expat-091030.nasl - Type : ACT_GATHER_INFO
2009-11-23 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_expat-6618.nasl - Type : ACT_GATHER_INFO
2009-11-11 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2009-1572.nasl - Type : ACT_GATHER_INFO
2009-11-05 Name : The remote Fedora host is missing a security update.
File : fedora_2009-10949.nasl - Type : ACT_GATHER_INFO
2009-11-05 Name : The remote Fedora host is missing a security update.
File : fedora_2009-10956.nasl - Type : ACT_GATHER_INFO
2009-11-05 Name : The remote Fedora host is missing a security update.
File : fedora_2009-10972.nasl - Type : ACT_GATHER_INFO
2009-11-05 Name : The remote Fedora host is missing a security update.
File : fedora_2009-10987.nasl - Type : ACT_GATHER_INFO
2009-11-05 Name : The remote Fedora host is missing a security update.
File : fedora_2009-11029.nasl - Type : ACT_GATHER_INFO
2009-11-05 Name : The remote Fedora host is missing a security update.
File : fedora_2009-11030.nasl - Type : ACT_GATHER_INFO
2009-11-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_expat-091030.nasl - Type : ACT_GATHER_INFO
2009-11-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_expat-091030.nasl - Type : ACT_GATHER_INFO
2009-11-05 Name : The remote openSUSE host is missing a security update.
File : suse_expat-6613.nasl - Type : ACT_GATHER_INFO
2009-08-25 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-218.nasl - Type : ACT_GATHER_INFO
2009-08-25 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-219.nasl - Type : ACT_GATHER_INFO
2009-08-25 Name : The remote Mandriva Linux host is missing a security update.
File : mandriva_MDVSA-2009-220.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-211.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-212.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-213.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Mandriva Linux host is missing a security update.
File : mandriva_MDVSA-2009-214.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Mandriva Linux host is missing a security update.
File : mandriva_MDVSA-2009-215.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-217.nasl - Type : ACT_GATHER_INFO