Executive Summary
Informations | |||
---|---|---|---|
Name | MDVSA-2009:318 | First vendor Publication | 2009-12-05 |
Vendor | Mandriva | Last vendor Modification | 2009-12-05 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 6.9 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 3.4 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Multiple security vulnerabilities has been identified and fixed in xmlsec1: A missing check for the recommended minimum length of the truncated form of HMAC-based XML signatures was found in xmlsec1 prior to 1.2.12. An attacker could use this flaw to create a specially-crafted XML file that forges an XML signature, allowing the attacker to bypass authentication that is based on the XML Signature specification (CVE-2009-0217). All versions of libtool prior to 2.2.6b suffers from a local privilege escalation vulnerability that could be exploited under certain conditions to load arbitrary code (CVE-2009-3736). Packages for 2008.0 are being provided due to extended support for Corporate products. This update fixes this vulnerability. |
Original Source
Url : http://www.mandriva.com/security/advisories?name=MDVSA-2009:318 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10186 | |||
Oval ID: | oval:org.mitre.oval:def:10186 | ||
Title: | The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits. | ||
Description: | The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0217 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12656 | |||
Oval ID: | oval:org.mitre.oval:def:12656 | ||
Title: | DSA-1958-1 libtool -- privilege escalation | ||
Description: | It was discovered that ltdl, a system-independent dlopen wrapper for GNU libtool, can be tricked to load and run modules from an arbitrary directory, which might be used to execute arbitrary code with the privileges of the user running an application that uses libltdl. For the stable distribution, this problem has been fixed in version 1.5.26-4+lenny1. For the oldstable distribution, this problem has been fixed in version 1.5.22-4+etch1. For the testing distribution and unstable distribution, this problem has been fixed in 2.2.6b-1. We recommend that you upgrade your libtool packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1958-1 CVE-2009-3736 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | libtool |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13798 | |||
Oval ID: | oval:org.mitre.oval:def:13798 | ||
Title: | DSA-1849-1 xml-security-c -- design flaw | ||
Description: | It was discovered that the W3C XML Signature recommendation contains a protocol-level vulnerability related to HMAC output truncation. This update implements the proposed workaround in the C++ version of the Apache implementation of this standard, xml-security-c, by preventing truncation to output strings shorter than 80 bits or half of the original HMAC output, whichever is greater. For the old stable distribution, this problem has been fixed in version 1.2.1-3+etch1. For the stable distribution, this problem has been fixed in version 1.4.0-3+lenny2. For the unstable distribution, this problem has been fixed in version 1.4.0-4. We recommend that you upgrade your xml-security-c packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1849-1 CVE-2009-0217 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | xml-security-c |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22980 | |||
Oval ID: | oval:org.mitre.oval:def:22980 | ||
Title: | ELSA-2009:1428: xmlsec1 security update (Moderate) | ||
Description: | The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:1428-01 CVE-2009-0217 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | xmlsec1 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23008 | |||
Oval ID: | oval:org.mitre.oval:def:23008 | ||
Title: | ELSA-2009:1646: libtool security update (Moderate) | ||
Description: | ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:1646-01 CVE-2009-3736 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | libtool |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:29283 | |||
Oval ID: | oval:org.mitre.oval:def:29283 | ||
Title: | RHSA-2009:1646 -- libtool security update (Moderate) | ||
Description: | Updated libtool packages that fix one security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2009:1646 CESA-2009:1646-CentOS 3 CESA-2009:1646-CentOS 5 CVE-2009-3736 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 3 CentOS Linux 5 | Product(s): | libtool |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:29320 | |||
Oval ID: | oval:org.mitre.oval:def:29320 | ||
Title: | RHSA-2009:1428 -- xmlsec1 security update (Moderate) | ||
Description: | Updated xmlsec1 packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The XML Security Library is a C library based on libxml2 and OpenSSL. It implements the XML Signature Syntax and Processing and XML Encryption Syntax and Processing standards. HMAC is used for message authentication using cryptographic hash functions. The HMAC algorithm allows the hash output to be truncated (as documented in RFC 2104). | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2009:1428 CESA-2009:1428-CentOS 5 CVE-2009-0217 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 4 CentOS Linux 5 | Product(s): | xmlsec1 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6951 | |||
Oval ID: | oval:org.mitre.oval:def:6951 | ||
Title: | GNU Libtool 'libltdl' Library Search Path Local Privilege Escalation Vulnerability | ||
Description: | ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3736 | Version: | 6 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7158 | |||
Oval ID: | oval:org.mitre.oval:def:7158 | ||
Title: | XML Signature HMAC Truncation Authentication Bypass Vulnerability | ||
Description: | The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0217 | Version: | 11 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | Microsoft .NET Framework |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7481 | |||
Oval ID: | oval:org.mitre.oval:def:7481 | ||
Title: | DSA-1958 libtool -- privilege escalation | ||
Description: | It was discovered that ltdl, a system-independent dlopen wrapper for GNU libtool, can be tricked to load and run modules from an arbitrary directory, which might be used to execute arbitrary code with the privileges of the user running an application that uses libltdl. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1958 CVE-2009-3736 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | libtool |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7932 | |||
Oval ID: | oval:org.mitre.oval:def:7932 | ||
Title: | DSA-1849 xml-security-c -- design flaw | ||
Description: | It was discovered that the W3C XML Signature recommendation contains a protocol-level vulnerability related to HMAC output truncation. This update implements the proposed workaround in the C++ version of the Apache implementation of this standard, xml-security-c, by preventing truncation to output strings shorter than 80 bits or half of the original HMAC output, whichever is greater. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1849 CVE-2009-0217 | Version: | 3 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | xml-security-c |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-08-10 | Name : Gentoo Security Advisory GLSA 201206-13 (mono mono-debugger) File : nvt/glsa_201206_13.nasl |
2012-04-16 | Name : VMSA-2010-0009: ESXi utilities and ESX Service Console third party updates File : nvt/gb_VMSA-2010-0009.nasl |
2011-08-09 | Name : CentOS Update for java CESA-2009:1201 centos5 i386 File : nvt/gb_CESA-2009_1201_java_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for xmlsec1 CESA-2009:1428 centos4 i386 File : nvt/gb_CESA-2009_1428_xmlsec1_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for cpp CESA-2010:0039 centos5 i386 File : nvt/gb_CESA-2010_0039_cpp_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for libtool CESA-2009:1646 centos5 i386 File : nvt/gb_CESA-2009_1646_libtool_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for libtool CESA-2009:1646 centos4 i386 File : nvt/gb_CESA-2009_1646_libtool_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for libtool CESA-2009:1646 centos3 i386 File : nvt/gb_CESA-2009_1646_libtool_centos3_i386.nasl |
2011-08-09 | Name : CentOS Update for xmlsec1 CESA-2009:1428 centos5 i386 File : nvt/gb_CESA-2009_1428_xmlsec1_centos5_i386.nasl |
2011-03-07 | Name : Fedora Update for q FEDORA-2011-1967 File : nvt/gb_fedora_2011_1967_q_fc14.nasl |
2011-03-07 | Name : Fedora Update for q FEDORA-2011-1958 File : nvt/gb_fedora_2011_1958_q_fc13.nasl |
2010-07-12 | Name : Fedora Update for libtool FEDORA-2010-10640 File : nvt/gb_fedora_2010_10640_libtool_fc12.nasl |
2010-07-12 | Name : Fedora Update for gcc FEDORA-2010-10640 File : nvt/gb_fedora_2010_10640_gcc_fc12.nasl |
2010-06-09 | Name : Microsoft .NET Framework XML HMAC Truncation Vulnerability (981343) File : nvt/secpod_ms10-041.nasl |
2010-05-28 | Name : Mandriva Update for openoffice.org MDVSA-2010:105 (openoffice.org) File : nvt/gb_mandriva_MDVSA_2010_105.nasl |
2010-05-28 | Name : Fedora Update for libprelude FEDORA-2010-8756 File : nvt/gb_fedora_2010_8756_libprelude_fc12.nasl |
2010-05-28 | Name : Java for Mac OS X 10.5 Update 5 File : nvt/macosx_java_for_10_5_upd_5.nasl |
2010-05-07 | Name : Mandriva Update for openoffice.org MDVSA-2010:091 (openoffice.org) File : nvt/gb_mandriva_MDVSA_2010_091.nasl |
2010-04-16 | Name : Mandriva Update for openoffice.org MDVSA-2010:075 (openoffice.org) File : nvt/gb_mandriva_MDVSA_2010_075.nasl |
2010-04-06 | Name : Fedora Update for hamlib FEDORA-2010-4407 File : nvt/gb_fedora_2010_4407_hamlib_fc12.nasl |
2010-04-06 | Name : Fedora Update for hamlib FEDORA-2010-4352 File : nvt/gb_fedora_2010_4352_hamlib_fc11.nasl |
2010-03-22 | Name : SuSE Update for OpenOffice_org SUSE-SA:2010:017 File : nvt/gb_suse_2010_017.nasl |
2010-03-22 | Name : Mandriva Update for lvm2 MDVA-2010:105 (lvm2) File : nvt/gb_mandriva_MDVA_2010_105.nasl |
2010-03-22 | Name : Fedora Update for gnu-smalltalk FEDORA-2010-4392 File : nvt/gb_fedora_2010_4392_gnu-smalltalk_fc11.nasl |
2010-03-22 | Name : Fedora Update for gnu-smalltalk FEDORA-2010-4339 File : nvt/gb_fedora_2010_4339_gnu-smalltalk_fc12.nasl |
2010-03-22 | Name : Fedora Update for esorex FEDORA-2010-3314 File : nvt/gb_fedora_2010_3314_esorex_fc11.nasl |
2010-03-22 | Name : Fedora Update for esorex FEDORA-2010-3216 File : nvt/gb_fedora_2010_3216_esorex_fc12.nasl |
2010-03-16 | Name : FreeBSD Ports: openoffice.org File : nvt/freebsd_openoffice.org.nasl |
2010-03-12 | Name : Mandriva Update for slib MDVA-2010:091 (slib) File : nvt/gb_mandriva_MDVA_2010_091.nasl |
2010-03-12 | Name : Mandriva Update for openoffice.org MDVSA-2010:056 (openoffice.org) File : nvt/gb_mandriva_MDVSA_2010_056.nasl |
2010-03-02 | Name : Fedora Update for mingw32-libltdl FEDORA-2010-2943 File : nvt/gb_fedora_2010_2943_mingw32-libltdl_fc11.nasl |
2010-03-02 | Name : Mandriva Update for phpmyadmin MDVA-2010:075 (phpmyadmin) File : nvt/gb_mandriva_MDVA_2010_075.nasl |
2010-03-02 | Name : Ubuntu Update for openoffice.org vulnerabilities USN-903-1 File : nvt/gb_ubuntu_USN_903_1.nasl |
2010-03-02 | Name : Fedora Update for mingw32-libltdl FEDORA-2010-2341 File : nvt/gb_fedora_2010_2341_mingw32-libltdl_fc12.nasl |
2010-03-02 | Name : Fedora Update for gambas FEDORA-2010-1924 File : nvt/gb_fedora_2010_1924_gambas_fc11.nasl |
2010-03-02 | Name : Fedora Update for gambas FEDORA-2010-1872 File : nvt/gb_fedora_2010_1872_gambas_fc12.nasl |
2010-03-02 | Name : Fedora Update for gnash FEDORA-2010-1833 File : nvt/gb_fedora_2010_1833_gnash_fc11.nasl |
2010-03-02 | Name : Fedora Update for gnash FEDORA-2010-1820 File : nvt/gb_fedora_2010_1820_gnash_fc12.nasl |
2010-02-15 | Name : Mandriva Update for openoffice.org MDVSA-2010:035 (openoffice.org) File : nvt/gb_mandriva_MDVSA_2010_035.nasl |
2010-02-15 | Name : Mandriva Update for samba MDVA-2010:056 (samba) File : nvt/gb_mandriva_MDVA_2010_056.nasl |
2010-01-19 | Name : CentOS Update for cpp CESA-2010:0039 centos4 i386 File : nvt/gb_CESA-2010_0039_cpp_centos4_i386.nasl |
2010-01-19 | Name : CentOS Update for cpp CESA-2010:0039 centos3 x86_64 File : nvt/gb_CESA-2010_0039_cpp_centos3_x86_64.nasl |
2010-01-19 | Name : CentOS Update for cpp CESA-2010:0039 centos3 i386 File : nvt/gb_CESA-2010_0039_cpp_centos3_i386.nasl |
2010-01-19 | Name : RedHat Update for gcc and gcc4 RHSA-2010:0039-01 File : nvt/gb_RHSA-2010_0039-01_gcc_and_gcc4.nasl |
2010-01-19 | Name : CentOS Update for cpp CESA-2010:0039 centos4 x86_64 File : nvt/gb_CESA-2010_0039_cpp_centos4_x86_64.nasl |
2009-12-30 | Name : Fedora Core 12 FEDORA-2009-12562 (libtool) File : nvt/fcore_2009_12562.nasl |
2009-12-30 | Name : Fedora Core 11 FEDORA-2009-12725 (libtool) File : nvt/fcore_2009_12725.nasl |
2009-12-30 | Name : Fedora Core 12 FEDORA-2009-12813 (gcc) File : nvt/fcore_2009_12813.nasl |
2009-12-30 | Name : Debian Security Advisory DSA 1958-1 (libtool) File : nvt/deb_1958_1.nasl |
2009-12-30 | Name : RedHat Security Advisory RHSA-2009:1694 File : nvt/RHSA_2009_1694.nasl |
2009-12-14 | Name : CentOS Security Advisory CESA-2009:1646 (libtool) File : nvt/ovcesa2009_1646.nasl |
2009-12-14 | Name : RedHat Security Advisory RHSA-2009:1646 File : nvt/RHSA_2009_1646.nasl |
2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:307-1 (libtool) File : nvt/mdksa_2009_307_1.nasl |
2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:318 (xmlsec1) File : nvt/mdksa_2009_318.nasl |
2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:322 (mono) File : nvt/mdksa_2009_322.nasl |
2009-12-03 | Name : FreeBSD Ports: libtool File : nvt/freebsd_libtool0.nasl |
2009-11-11 | Name : SLES11: Security update for IBM Java 1.6.0 File : nvt/sles11_java-1_6_0-ibm1.nasl |
2009-10-19 | Name : Mandrake Security Advisory MDVSA-2009:268 (mono) File : nvt/mdksa_2009_268.nasl |
2009-10-19 | Name : Mandrake Security Advisory MDVSA-2009:269 (mono) File : nvt/mdksa_2009_269.nasl |
2009-10-19 | Name : Mandrake Security Advisory MDVSA-2009:267 (xmlsec1) File : nvt/mdksa_2009_267.nasl |
2009-09-15 | Name : CentOS Security Advisory CESA-2009:1428 (xmlsec1) File : nvt/ovcesa2009_1428.nasl |
2009-09-09 | Name : RedHat Security Advisory RHSA-2009:1428 File : nvt/RHSA_2009_1428.nasl |
2009-09-02 | Name : Ubuntu USN-826-1 (mono) File : nvt/ubuntu_826_1.nasl |
2009-09-02 | Name : Mandrake Security Advisory MDVSA-2009:209 (java-1.6.0-openjdk) File : nvt/mdksa_2009_209.nasl |
2009-08-17 | Name : FreeBSD Ports: mono File : nvt/freebsd_mono0.nasl |
2009-08-17 | Name : Fedora Core 11 FEDORA-2009-8473 (xmlsec1) File : nvt/fcore_2009_8473.nasl |
2009-08-17 | Name : Fedora Core 10 FEDORA-2009-8456 (xmlsec1) File : nvt/fcore_2009_8456.nasl |
2009-08-17 | Name : Fedora Core 10 FEDORA-2009-8337 (java-1.6.0-openjdk) File : nvt/fcore_2009_8337.nasl |
2009-08-17 | Name : Fedora Core 11 FEDORA-2009-8329 (java-1.6.0-openjdk) File : nvt/fcore_2009_8329.nasl |
2009-08-17 | Name : CentOS Security Advisory CESA-2009:1201 (java-1.6.0-openjdk) File : nvt/ovcesa2009_1201.nasl |
2009-08-17 | Name : Fedora Core 11 FEDORA-2009-8157 (xml-security-c) File : nvt/fcore_2009_8157.nasl |
2009-08-17 | Name : Fedora Core 10 FEDORA-2009-8121 (xml-security-c) File : nvt/fcore_2009_8121.nasl |
2009-08-17 | Name : Debian Security Advisory DSA 1849-1 (xml-security-c) File : nvt/deb_1849_1.nasl |
2009-08-17 | Name : RedHat Security Advisory RHSA-2009:1201 File : nvt/RHSA_2009_1201.nasl |
2009-08-17 | Name : Ubuntu USN-814-1 (openjdk-6) File : nvt/ubuntu_814_1.nasl |
2009-08-17 | Name : RedHat Security Advisory RHSA-2009:1200 File : nvt/RHSA_2009_1200.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
60522 | libtool libltdl ltdl.c Library Search Path Subversion Local Privilege Escalation |
56243 | W3C XML Signature Syntax and Processing (XMLDsig) HMACOutputLength Signature ... |
55907 | Oracle BEA WebLogic Server Web Services Package HMACOutputLength Signature Sp... |
55895 | Oracle Application Server Security Developer Tools HMACOutputLength Signature... |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2010-06-10 | IAVM : 2010-B-0046 - Microsoft .NET Framework Data Tampering Vulnerability Severity : Category II - VMSKEY : V0024367 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Apache XML HMAC truncation authentication bypass attempt RuleID : 21337 - Revision : 4 - Type : SERVER-APACHE |
2014-01-10 | Microsoft Windows .NET framework XMLDsig data tampering attempt RuleID : 16636 - Revision : 14 - Type : OS-WINDOWS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-08 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2010-0009_remote.nasl - Type : ACT_GATHER_INFO |
2014-12-15 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201412-08.nasl - Type : ACT_GATHER_INFO |
2014-09-01 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201408-19.nasl - Type : ACT_GATHER_INFO |
2013-11-19 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201311-10.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1201.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1428.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1646.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0039.nasl - Type : ACT_GATHER_INFO |
2013-02-22 | Name : The remote Unix host contains a runtime environment that is affected by multi... File : sun_java_jre_263408_unix.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1636.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1637.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1649.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1650.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090806_java_1_6_0_openjdk_on_SL5_3.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090824_java__jdk_1_6_0__on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090908_xmlsec1_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20091208_libtool_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100113_gcc_and_gcc4_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-06-22 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201206-13.nasl - Type : ACT_GATHER_INFO |
2012-01-24 | Name : The remote web server may be affected by multiple vulnerabilities. File : oracle_application_server_pci.nasl - Type : ACT_GATHER_INFO |
2011-03-04 | Name : The remote Fedora host is missing a security update. File : fedora_2011-1958.nasl - Type : ACT_GATHER_INFO |
2011-03-04 | Name : The remote Fedora host is missing a security update. File : fedora_2011-1967.nasl - Type : ACT_GATHER_INFO |
2011-03-03 | Name : The remote Fedora host is missing a security update. File : fedora_2011-1990.nasl - Type : ACT_GATHER_INFO |
2011-01-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_OpenOffice_org-6883.nasl - Type : ACT_GATHER_INFO |
2011-01-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_OpenOffice_org-6884.nasl - Type : ACT_GATHER_INFO |
2011-01-21 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_OpenOffice_org-100225.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libtool-6683.nasl - Type : ACT_GATHER_INFO |
2010-07-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-269.nasl - Type : ACT_GATHER_INFO |
2010-07-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-035.nasl - Type : ACT_GATHER_INFO |
2010-07-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-075.nasl - Type : ACT_GATHER_INFO |
2010-07-07 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-10640.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-1820.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-1833.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-1872.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-1924.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-2341.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-2943.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-3216.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-3314.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-4098.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-4339.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-4340.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-4352.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-4392.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-4407.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-8756.nasl - Type : ACT_GATHER_INFO |
2010-06-09 | Name : It is possible to tamper with signed XML content without being detected on th... File : smb_nt_ms10-041.nasl - Type : ACT_GATHER_INFO |
2010-06-01 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2010-0009.nasl - Type : ACT_GATHER_INFO |
2010-05-24 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-105.nasl - Type : ACT_GATHER_INFO |
2010-03-17 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_OpenOffice_org-100211.nasl - Type : ACT_GATHER_INFO |
2010-03-17 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_OpenOffice_org-base-drivers-postgresql-100211.nasl - Type : ACT_GATHER_INFO |
2010-03-17 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_OpenOffice_org-base-drivers-postgresql-100216.nasl - Type : ACT_GATHER_INFO |
2010-03-16 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_OpenOffice_org-100226.nasl - Type : ACT_GATHER_INFO |
2010-03-08 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-056.nasl - Type : ACT_GATHER_INFO |
2010-03-01 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_c97d7a37223311df96dd001b2134ef46.nasl - Type : ACT_GATHER_INFO |
2010-03-01 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12554.nasl - Type : ACT_GATHER_INFO |
2010-02-25 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-903-1.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1849.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1958.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1995.nasl - Type : ACT_GATHER_INFO |
2010-02-12 | Name : The remote Windows host has a program affected by multiple buffer overflows. File : openoffice_32.nasl - Type : ACT_GATHER_INFO |
2010-01-15 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0039.nasl - Type : ACT_GATHER_INFO |
2010-01-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0043.nasl - Type : ACT_GATHER_INFO |
2010-01-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0039.nasl - Type : ACT_GATHER_INFO |
2010-01-13 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-100105.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1201.nasl - Type : ACT_GATHER_INFO |
2010-01-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_libltdl-3-091201.nasl - Type : ACT_GATHER_INFO |
2010-01-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libltdl-3-091201.nasl - Type : ACT_GATHER_INFO |
2010-01-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_libltdl-3-091202.nasl - Type : ACT_GATHER_INFO |
2010-01-05 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libltdl7-091201.nasl - Type : ACT_GATHER_INFO |
2010-01-05 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libtool-6678.nasl - Type : ACT_GATHER_INFO |
2009-12-30 | Name : The remote Fedora host is missing a security update. File : fedora_2009-12562.nasl - Type : ACT_GATHER_INFO |
2009-12-30 | Name : The remote Fedora host is missing a security update. File : fedora_2009-12813.nasl - Type : ACT_GATHER_INFO |
2009-12-27 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1694.nasl - Type : ACT_GATHER_INFO |
2009-12-22 | Name : The remote Fedora host is missing a security update. File : fedora_2009-12725.nasl - Type : ACT_GATHER_INFO |
2009-12-09 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1646.nasl - Type : ACT_GATHER_INFO |
2009-12-09 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1646.nasl - Type : ACT_GATHER_INFO |
2009-12-08 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-322.nasl - Type : ACT_GATHER_INFO |
2009-12-07 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-318.nasl - Type : ACT_GATHER_INFO |
2009-12-01 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-307.nasl - Type : ACT_GATHER_INFO |
2009-11-30 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_77c14729dc5e11de92ae02e0184b8d35.nasl - Type : ACT_GATHER_INFO |
2009-11-05 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-091102.nasl - Type : ACT_GATHER_INFO |
2009-10-13 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-268.nasl - Type : ACT_GATHER_INFO |
2009-10-12 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-267.nasl - Type : ACT_GATHER_INFO |
2009-09-09 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1428.nasl - Type : ACT_GATHER_INFO |
2009-09-09 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1428.nasl - Type : ACT_GATHER_INFO |
2009-09-03 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_5_update5.nasl - Type : ACT_GATHER_INFO |
2009-08-31 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_java-1_6_0-openjdk-090826.nasl - Type : ACT_GATHER_INFO |
2009-08-31 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_6_0-openjdk-090827.nasl - Type : ACT_GATHER_INFO |
2009-08-27 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-826-1.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-209.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1200.nasl - Type : ACT_GATHER_INFO |
2009-08-12 | Name : The remote Fedora host is missing a security update. File : fedora_2009-8456.nasl - Type : ACT_GATHER_INFO |
2009-08-12 | Name : The remote Fedora host is missing a security update. File : fedora_2009-8473.nasl - Type : ACT_GATHER_INFO |
2009-08-11 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-814-1.nasl - Type : ACT_GATHER_INFO |
2009-08-10 | Name : The remote Fedora host is missing a security update. File : fedora_2009-8337.nasl - Type : ACT_GATHER_INFO |
2009-08-07 | Name : The remote Fedora host is missing a security update. File : fedora_2009-8329.nasl - Type : ACT_GATHER_INFO |
2009-08-07 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1201.nasl - Type : ACT_GATHER_INFO |
2009-08-05 | Name : The remote Windows host contains a runtime environment that is affected by mu... File : sun_java_jre_263408.nasl - Type : ACT_GATHER_INFO |
2009-08-01 | Name : The remote Fedora host is missing a security update. File : fedora_2009-8121.nasl - Type : ACT_GATHER_INFO |
2009-08-01 | Name : The remote Fedora host is missing a security update. File : fedora_2009-8157.nasl - Type : ACT_GATHER_INFO |
2009-07-30 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_708c65a57c5811dea9940030843d3802.nasl - Type : ACT_GATHER_INFO |
2009-06-03 | Name : The remote host is missing Sun Security Patch number 141709-03 File : solaris10_141709.nasl - Type : ACT_GATHER_INFO |
2009-06-03 | Name : The remote host is missing Sun Security Patch number 141710-03 File : solaris10_x86_141710.nasl - Type : ACT_GATHER_INFO |
2009-06-03 | Name : The remote host is missing Sun Security Patch number 141709-03 File : solaris9_141709.nasl - Type : ACT_GATHER_INFO |
2009-06-03 | Name : The remote host is missing Sun Security Patch number 141710-03 File : solaris9_x86_141710.nasl - Type : ACT_GATHER_INFO |
2009-01-19 | Name : The remote host is missing Sun Security Patch number 128640-30 File : solaris10_128640.nasl - Type : ACT_GATHER_INFO |
2009-01-19 | Name : The remote host is missing Sun Security Patch number 128641-30 File : solaris10_x86_128641.nasl - Type : ACT_GATHER_INFO |
2009-01-19 | Name : The remote host is missing Sun Security Patch number 128640-30 File : solaris9_128640.nasl - Type : ACT_GATHER_INFO |
2009-01-19 | Name : The remote host is missing Sun Security Patch number 128641-30 File : solaris9_x86_128641.nasl - Type : ACT_GATHER_INFO |
2007-10-12 | Name : The remote host is missing Sun Security Patch number 125136-97 File : solaris10_125136.nasl - Type : ACT_GATHER_INFO |
2007-10-12 | Name : The remote host is missing Sun Security Patch number 125136-97 File : solaris8_125136.nasl - Type : ACT_GATHER_INFO |
2007-10-12 | Name : The remote host is missing Sun Security Patch number 125136-97 File : solaris9_125136.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:41:03 |
|