6.9 - MDVSA-2009:318

Executive Summary

Informations
Name	MDVSA-2009:318	First vendor Publication	2009-12-05
Vendor	Mandriva	Last vendor Modification	2009-12-05
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	6.9	Attack Range	Local
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	3.4	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple security vulnerabilities has been identified and fixed in xmlsec1:

A missing check for the recommended minimum length of the truncated form of HMAC-based XML signatures was found in xmlsec1 prior to 1.2.12. An attacker could use this flaw to create a specially-crafted XML file that forges an XML signature, allowing the attacker to bypass authentication that is based on the XML Signature specification (CVE-2009-0217).

All versions of libtool prior to 2.2.6b suffers from a local privilege escalation vulnerability that could be exploited under certain conditions to load arbitrary code (CVE-2009-3736).

Packages for 2008.0 are being provided due to extended support for Corporate products.

This update fixes this vulnerability.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2009:318

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10186

Oval ID:	oval:org.mitre.oval:def:10186
Title:	The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.
Description:	The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-0217	Version:	5
Platform(s):	Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section xmlsec1-openssl is earlier than 0:1.2.6-3.1 AND xmlsec1 is earlier than 0:1.2.6-3.1 AND xmlsec1-devel is earlier than 0:1.2.6-3.1 AND xmlsec1-openssl-devel is earlier than 0:1.2.6-3.1 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section xmlsec1-nss-devel is earlier than 0:1.2.9-8.1.1 AND xmlsec1-gnutls is earlier than 0:1.2.9-8.1.1 AND xmlsec1-openssl is earlier than 0:1.2.9-8.1.1 AND xmlsec1-gnutls-devel is earlier than 0:1.2.9-8.1.1 AND xmlsec1-devel is earlier than 0:1.2.9-8.1.1 AND java-1.6.0-openjdk-devel is earlier than 1:1.6.0.0-1.2.b09.el5 AND java-1.6.0-openjdk is earlier than 1:1.6.0.0-1.2.b09.el5 AND java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.0-1.2.b09.el5 AND java-1.6.0-openjdk-src is earlier than 1:1.6.0.0-1.2.b09.el5 AND xmlsec1 is earlier than 0:1.2.9-8.1.1 AND xmlsec1-nss is earlier than 0:1.2.9-8.1.1 AND java-1.6.0-openjdk-demo is earlier than 1:1.6.0.0-1.2.b09.el5 AND xmlsec1-openssl-devel is earlier than 0:1.2.9-8.1.1

Definition Id: oval:org.mitre.oval:def:11687

Oval ID:	oval:org.mitre.oval:def:11687
Title:	ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.
Description:	ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-3736	Version:	6
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section gcc-ppc32 is earlier than 0:3.2.3-60 AND gcc-java is earlier than 0:3.2.3-60 AND gcc-g77 is earlier than 0:3.2.3-60 AND libgcj is earlier than 0:3.2.3-60 AND gcc-c++ is earlier than 0:3.2.3-60 AND libobjc is earlier than 0:3.2.3-60 AND libstdc++ is earlier than 0:3.2.3-60 AND libf2c is earlier than 0:3.2.3-60 AND gcc-c++-ppc32 is earlier than 0:3.2.3-60 AND gcc-objc is earlier than 0:3.2.3-60 AND libgnat is earlier than 0:3.2.3-60 AND libtool-libs is earlier than 0:1.4.3-7 AND libstdc++-devel is earlier than 0:3.2.3-60 AND gcc-gnat is earlier than 0:3.2.3-60 AND cpp is earlier than 0:3.2.3-60 AND libgcj-devel is earlier than 0:3.2.3-60 AND gcc is earlier than 0:3.2.3-60 AND libgcc is earlier than 0:3.2.3-60 AND libtool is earlier than 0:1.4.3-7 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section gcc-ppc32 is earlier than 0:3.4.6-11.el4_8.1 AND gcc4-gfortran is earlier than 0:4.1.2-44.EL4_8.1 AND gcc-java is earlier than 0:3.4.6-11.el4_8.1 AND gcc-g77 is earlier than 0:3.4.6-11.el4_8.1 AND libgcj is earlier than 0:3.4.6-11.el4_8.1 AND gcc-c++ is earlier than 0:3.4.6-11.el4_8.1 AND libobjc is earlier than 0:3.4.6-11.el4_8.1 AND libgomp is earlier than 0:4.1.2-44.EL4_8.1 AND libstdc++ is earlier than 0:3.4.6-11.el4_8.1 AND libgcj4-src is earlier than 0:4.1.2-44.EL4_8.1 AND libmudflap-devel is earlier than 0:4.1.2-44.EL4_8.1 AND libf2c is earlier than 0:3.4.6-11.el4_8.1 AND gcc-c++-ppc32 is earlier than 0:3.4.6-11.el4_8.1 AND gcc-objc is earlier than 0:3.4.6-11.el4_8.1 AND gcc4-c++ is earlier than 0:4.1.2-44.EL4_8.1 AND libgnat is earlier than 0:3.4.6-11.el4_8.1 AND gcc4 is earlier than 0:4.1.2-44.EL4_8.1 AND libtool-libs is earlier than 0:1.5.6-5.el4_8 AND libgfortran is earlier than 0:4.1.2-44.EL4_8.1 AND gcc4-java is earlier than 0:4.1.2-44.EL4_8.1 AND libmudflap is earlier than 0:4.1.2-44.EL4_8.1 AND libstdc++-devel is earlier than 0:3.4.6-11.el4_8.1 AND libgcj4-devel is earlier than 0:4.1.2-44.EL4_8.1 AND libgcj-devel is earlier than 0:3.4.6-11.el4_8.1 AND gcc-gnat is earlier than 0:3.4.6-11.el4_8.1 AND cpp is earlier than 0:3.4.6-11.el4_8.1 AND gcc is earlier than 0:3.4.6-11.el4_8.1 AND libgcc is earlier than 0:3.4.6-11.el4_8.1 AND libtool is earlier than 0:1.5.6-5.el4_8 AND libgcj4 is earlier than 0:4.1.2-44.EL4_8.1 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section libtool-ltdl-devel is earlier than 0:1.5.22-7.el5_4 AND gcc-gfortran is earlier than 0:4.1.2-46.el5_4.2 AND gcc-java is earlier than 0:4.1.2-46.el5_4.2 AND libgcj is earlier than 0:4.1.2-46.el5_4.2 AND gcc-c++ is earlier than 0:4.1.2-46.el5_4.2 AND libobjc is earlier than 0:4.1.2-46.el5_4.2 AND libstdc++ is earlier than 0:4.1.2-46.el5_4.2 AND libmudflap-devel is earlier than 0:4.1.2-46.el5_4.2 AND gcc-objc is earlier than 0:4.1.2-46.el5_4.2 AND libgnat is earlier than 0:4.1.2-46.el5_4.2 AND libgcj-src is earlier than 0:4.1.2-46.el5_4.2 AND libgfortran is earlier than 0:4.1.2-46.el5_4.2 AND libtool-ltdl is earlier than 0:1.5.22-7.el5_4 AND libmudflap is earlier than 0:4.1.2-46.el5_4.2 AND libstdc++-devel is earlier than 0:4.1.2-46.el5_4.2 AND gcc-objc++ is earlier than 0:4.1.2-46.el5_4.2 AND gcc-gnat is earlier than 0:4.1.2-46.el5_4.2 AND cpp is earlier than 0:4.1.2-46.el5_4.2 AND libgcj-devel is earlier than 0:4.1.2-46.el5_4.2 AND gcc is earlier than 0:4.1.2-46.el5_4.2 AND libgcc is earlier than 0:4.1.2-46.el5_4.2 AND libtool is earlier than 0:1.5.22-7.el5_4

Definition Id: oval:org.mitre.oval:def:12656

Oval ID:	oval:org.mitre.oval:def:12656
Title:	DSA-1958-1 libtool -- privilege escalation
Description:	It was discovered that ltdl, a system-independent dlopen wrapper for GNU libtool, can be tricked to load and run modules from an arbitrary directory, which might be used to execute arbitrary code with the privileges of the user running an application that uses libltdl. For the stable distribution, this problem has been fixed in version 1.5.26-4+lenny1. For the oldstable distribution, this problem has been fixed in version 1.5.22-4+etch1. For the testing distribution and unstable distribution, this problem has been fixed in 2.2.6b-1. We recommend that you upgrade your libtool packages.
Family:	unix	Class:	patch
Reference(s):	DSA-1958-1 CVE-2009-3736	Version:	5
Platform(s):	Debian GNU/Linux 5.0 Debian GNU/Linux 4.0	Product(s):	libtool
Definition Synopsis:
Release section Debian GNU/Linux 5.0 is installed AND Architecture section Architecture independent section Installed architecture is all AND libtool-doc DPKG is earlier than 1.5.26-4+lenny1 OR Architecture depended section Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is armel AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is mipsel AND Installed architecture is hppa AND Packages section libltdl3 DPKG is earlier than 1.5.26-4+lenny1 AND libltdl3-dev DPKG is earlier than 1.5.26-4+lenny1 AND libtool DPKG is earlier than 1.5.26-4+lenny1 OR Release section Debian GNU/Linux 4.0 is installed. AND Architecture section Architecture independent section Installed architecture is all AND libtool-doc DPKG is earlier than 1.5.22-4+etch1 AND libltdl3 DPKG is earlier than 1.5.22-4+etch1 AND libltdl3-dev DPKG is earlier than 1.5.22-4+etch1 AND libtool DPKG is earlier than 1.5.22-4+etch1

Definition Id: oval:org.mitre.oval:def:13798

Oval ID:	oval:org.mitre.oval:def:13798
Title:	DSA-1849-1 xml-security-c -- design flaw
Description:	It was discovered that the W3C XML Signature recommendation contains a protocol-level vulnerability related to HMAC output truncation. This update implements the proposed workaround in the C++ version of the Apache implementation of this standard, xml-security-c, by preventing truncation to output strings shorter than 80 bits or half of the original HMAC output, whichever is greater. For the old stable distribution, this problem has been fixed in version 1.2.1-3+etch1. For the stable distribution, this problem has been fixed in version 1.4.0-3+lenny2. For the unstable distribution, this problem has been fixed in version 1.4.0-4. We recommend that you upgrade your xml-security-c packages.
Family:	unix	Class:	patch
Reference(s):	DSA-1849-1 CVE-2009-0217	Version:	5
Platform(s):	Debian GNU/Linux 5.0 Debian GNU/Linux 4.0	Product(s):	xml-security-c
Definition Synopsis:
Release section Debian GNU/Linux 5.0 is installed AND Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is armel AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is mipsel AND Installed architecture is hppa AND Packages section libxml-security-c-dev DPKG is earlier than 1.4.0-3+lenny2 AND libxml-security-c14 DPKG is earlier than 1.4.0-3+lenny2 OR Release section Debian GNU/Linux 4.0 is installed. AND Architecture section Architecture independent section Installed architecture is all AND libxml-security-c-doc DPKG is earlier than 1.2.1-3+etch1 AND libxml-security-c12 DPKG is earlier than 1.2.1-3+etch1 AND libxml-security-c-dev DPKG is earlier than 1.2.1-3+etch1

Definition Id: oval:org.mitre.oval:def:21943

Oval ID:	oval:org.mitre.oval:def:21943
Title:	RHSA-2010:0039: gcc and gcc4 security update (Moderate)
Description:	ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.
Family:	unix	Class:	patch
Reference(s):	RHSA-2010:0039-01 CESA-2010:0039 CVE-2009-3736	Version:	4
Platform(s):	Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 5 CentOS Linux 5	Product(s):	gcc gcc4
Definition Synopsis:
Redhat 5 or Centos 5 release The operating system installed on the system is Red Hat Enterprise Linux 5 AND The operating system installed on the system is CentOS Linux 5.x Packages section gcc-objc++ is earlier than 0:4.1.2-46.el5_4.2 AND libgfortran is earlier than 0:4.1.2-46.el5_4.2 AND libgcj-src is earlier than 0:4.1.2-46.el5_4.2 AND libmudflap is earlier than 0:4.1.2-46.el5_4.2 AND gcc-gfortran is earlier than 0:4.1.2-46.el5_4.2 AND libgcj-devel is earlier than 0:4.1.2-46.el5_4.2 AND libgcc is earlier than 0:4.1.2-46.el5_4.2 AND cpp is earlier than 0:4.1.2-46.el5_4.2 AND gcc-gnat is earlier than 0:4.1.2-46.el5_4.2 AND libstdc++ is earlier than 0:4.1.2-46.el5_4.2 AND libmudflap-devel is earlier than 0:4.1.2-46.el5_4.2 AND gcc-objc is earlier than 0:4.1.2-46.el5_4.2 AND gcc-c++ is earlier than 0:4.1.2-46.el5_4.2 AND gcc is earlier than 0:4.1.2-46.el5_4.2 AND gcc-java is earlier than 0:4.1.2-46.el5_4.2 AND libgnat is earlier than 0:4.1.2-46.el5_4.2 AND libgcj is earlier than 0:4.1.2-46.el5_4.2 AND libstdc++-devel is earlier than 0:4.1.2-46.el5_4.2 AND libobjc is earlier than 0:4.1.2-46.el5_4.2

Definition Id: oval:org.mitre.oval:def:22980

Oval ID:	oval:org.mitre.oval:def:22980
Title:	ELSA-2009:1428: xmlsec1 security update (Moderate)
Description:	The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.
Family:	unix	Class:	patch
Reference(s):	ELSA-2009:1428-01 CVE-2009-0217	Version:	6
Platform(s):	Oracle Linux 5	Product(s):	xmlsec1
Definition Synopsis:
Oracle Linux 5.x rpm test xmlsec1-nss-devel is earlier than 0:1.2.9-8.1.1 AND xmlsec1-openssl is earlier than 0:1.2.9-8.1.1 AND xmlsec1-nss is earlier than 0:1.2.9-8.1.1 AND xmlsec1-gnutls is earlier than 0:1.2.9-8.1.1 AND xmlsec1 is earlier than 0:1.2.9-8.1.1 AND xmlsec1-gnutls-devel is earlier than 0:1.2.9-8.1.1 AND xmlsec1-openssl-devel is earlier than 0:1.2.9-8.1.1 AND xmlsec1-devel is earlier than 0:1.2.9-8.1.1

Definition Id: oval:org.mitre.oval:def:23008

Oval ID:	oval:org.mitre.oval:def:23008
Title:	ELSA-2009:1646: libtool security update (Moderate)
Description:	ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.
Family:	unix	Class:	patch
Reference(s):	ELSA-2009:1646-01 CVE-2009-3736	Version:	6
Platform(s):	Oracle Linux 5	Product(s):	libtool
Definition Synopsis:
Oracle Linux 5.x rpm test libtool is earlier than 0:1.5.22-7.el5_4 AND libtool-ltdl is earlier than 0:1.5.22-7.el5_4 AND libtool-ltdl-devel is earlier than 0:1.5.22-7.el5_4

Definition Id: oval:org.mitre.oval:def:23036

Oval ID:	oval:org.mitre.oval:def:23036
Title:	ELSA-2010:0039: gcc and gcc4 security update (Moderate)
Description:	ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.
Family:	unix	Class:	patch
Reference(s):	ELSA-2010:0039-01 CVE-2009-3736	Version:	6
Platform(s):	Oracle Linux 5	Product(s):	gcc gcc4
Definition Synopsis:
Oracle Linux 5.x rpm test gcc-objc++ is earlier than 0:4.1.2-46.el5_4.2 AND libgfortran is earlier than 0:4.1.2-46.el5_4.2 AND libgcj-src is earlier than 0:4.1.2-46.el5_4.2 AND libmudflap is earlier than 0:4.1.2-46.el5_4.2 AND gcc-gfortran is earlier than 0:4.1.2-46.el5_4.2 AND libgcj-devel is earlier than 0:4.1.2-46.el5_4.2 AND libgcc is earlier than 0:4.1.2-46.el5_4.2 AND cpp is earlier than 0:4.1.2-46.el5_4.2 AND gcc-gnat is earlier than 0:4.1.2-46.el5_4.2 AND libstdc++ is earlier than 0:4.1.2-46.el5_4.2 AND libmudflap-devel is earlier than 0:4.1.2-46.el5_4.2 AND gcc-objc is earlier than 0:4.1.2-46.el5_4.2 AND gcc-c++ is earlier than 0:4.1.2-46.el5_4.2 AND gcc is earlier than 0:4.1.2-46.el5_4.2 AND gcc-java is earlier than 0:4.1.2-46.el5_4.2 AND libgnat is earlier than 0:4.1.2-46.el5_4.2 AND libgcj is earlier than 0:4.1.2-46.el5_4.2 AND libstdc++-devel is earlier than 0:4.1.2-46.el5_4.2 AND libobjc is earlier than 0:4.1.2-46.el5_4.2

Definition Id: oval:org.mitre.oval:def:29283

Oval ID:	oval:org.mitre.oval:def:29283
Title:	RHSA-2009:1646 -- libtool security update (Moderate)
Description:	Updated libtool packages that fix one security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team.
Family:	unix	Class:	patch
Reference(s):	RHSA-2009:1646 CESA-2009:1646-CentOS 3 CESA-2009:1646-CentOS 5 CVE-2009-3736	Version:	3
Platform(s):	Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 3 CentOS Linux 5	Product(s):	libtool
Definition Synopsis:
Red Hat Enterprise Linux 5 and CentOS Linux 5 release section Operation system section The operating system installed on the system is Red Hat Enterprise Linux 5 AND The operating system installed on the system is CentOS Linux 5.x Packages match section libtool is earlier than 0:1.5.22-7.el5_4 AND libtool-ltdl-devel is earlier than 0:1.5.22-7.el5_4 AND libtool-ltdl is earlier than 0:1.5.22-7.el5_4 AND Red Hat Enterprise Linux 3 release section The operating system installed on the system is Red Hat Enterprise Linux 3 Packages match section libtool is earlier than 0:1.4.3-7 AND libtool-libs is earlier than 0:1.4.3-7 AND Red Hat Enterprise Linux 4 release section The operating system installed on the system is Red Hat Enterprise Linux 4 Packages match section libtool is earlier than 0:1.5.6-5.el4_8 AND libtool-libs is earlier than 0:1.5.6-5.el4_8

Definition Id: oval:org.mitre.oval:def:29320

Oval ID:	oval:org.mitre.oval:def:29320
Title:	RHSA-2009:1428 -- xmlsec1 security update (Moderate)
Description:	Updated xmlsec1 packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The XML Security Library is a C library based on libxml2 and OpenSSL. It implements the XML Signature Syntax and Processing and XML Encryption Syntax and Processing standards. HMAC is used for message authentication using cryptographic hash functions. The HMAC algorithm allows the hash output to be truncated (as documented in RFC 2104).
Family:	unix	Class:	patch
Reference(s):	RHSA-2009:1428 CESA-2009:1428-CentOS 5 CVE-2009-0217	Version:	3
Platform(s):	Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 4 CentOS Linux 5	Product(s):	xmlsec1
Definition Synopsis:
Red Hat Enterprise Linux 5 and CentOS Linux 5 release section Operation system section The operating system installed on the system is Red Hat Enterprise Linux 5 AND The operating system installed on the system is CentOS Linux 5.x Packages match section xmlsec1-devel is earlier than 0:1.2.9-8.1.1 AND xmlsec1-gnutls-devel is earlier than 0:1.2.9-8.1.1 AND xmlsec1-nss-devel is earlier than 0:1.2.9-8.1.1 AND xmlsec1-openssl-devel is earlier than 0:1.2.9-8.1.1 AND xmlsec1 is earlier than 0:1.2.9-8.1.1 AND xmlsec1-gnutls is earlier than 0:1.2.9-8.1.1 AND xmlsec1-nss is earlier than 0:1.2.9-8.1.1 AND xmlsec1-openssl is earlier than 0:1.2.9-8.1.1 AND Red Hat Enterprise Linux 4 release section The operating system installed on the system is Red Hat Enterprise Linux 4 Packages match section xmlsec1 is earlier than 0:1.2.6-3.1 AND xmlsec1-devel is earlier than 0:1.2.6-3.1 AND xmlsec1-openssl is earlier than 0:1.2.6-3.1 AND xmlsec1-openssl-devel is earlier than 0:1.2.6-3.1

Definition Id: oval:org.mitre.oval:def:6951

Oval ID:	oval:org.mitre.oval:def:6951
Title:	GNU Libtool 'libltdl' Library Search Path Local Privilege Escalation Vulnerability
Description:	ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-3736	Version:	6
Platform(s):	VMWare ESX Server 4.0	Product(s):
Definition Synopsis:
VMware ESX Server 4.0 is installed AND Patch ESX400-201005407-SG is not installed

Definition Id: oval:org.mitre.oval:def:7158

Oval ID:	oval:org.mitre.oval:def:7158
Title:	XML Signature HMAC Truncation Authentication Bypass Vulnerability
Description:	The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-0217	Version:	11
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2	Product(s):	Microsoft .NET Framework
Definition Synopsis:
.NET Framework 1.1 SP1 For OS Check Microsoft Windows 2000 is installed AND Microsoft Windows XP (32-bit) is installed AND Microsoft Windows XP x64 is installed AND Microsoft Windows Server 2003 (x64) is installed AND Microsoft Windows Server 2003 (ia64) Gold is installed AND Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows Server 2008 (ia-64) is installed AND Microsoft .NET Framework 1.1 Service Pack 1 is Installed AND the version of Mscorlib.dll is less than 1.1.4322.2463 OR .NET Framework 1.1 Service Pack 1 Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft .NET Framework 1.1 Service Pack 1 is Installed AND the version of System.Security.dll is less than 1.1.4322.2460 OR .NET Framework 3.5 For OS Check Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows Server 2008 (ia-64) is installed AND Microsoft .NET Framework 3.5 Original Release is installed AND System.web.dll version is less than 2.0.50727.1878 OR .NET Framework 2.0 SP2 or 3.5 SP1 For OS Check Microsoft Windows 2000 is installed AND Microsoft Windows XP (32-bit) is installed AND Microsoft Windows XP x64 is installed AND Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (x64) is installed AND Microsoft Windows Server 2003 (ia64) Gold is installed AND Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows Server 2008 (ia-64) is installed AND Check for Microsoft .NET Framework 2.0 Service Pack 2 or 3.5 SP1 Microsoft .NET Framework 2.0 Service Pack 2 is installed AND Microsoft .NET Framework 3.5 SP1 is installed AND Check for GDR and LDR versions the version of System.Security.dll is less than 2.0.50727.3613 OR Check for LDR version Check if System.Security.dll version is greater than or equal to 2.0.50727.4000 AND Check if System.Security.dll version is less than 2.0.50727.4434 OR .NET Framework 3.5 For OS Check Microsoft Windows XP (32-bit) is installed AND Microsoft Windows XP x64 is installed AND Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (x64) is installed AND Microsoft Windows Server 2003 (ia64) Gold is installed AND Microsoft .NET Framework 3.5 Original Release is installed AND the version of System.Security.dll is less than 2.0.50727.1879 OR .NET Framework 3.5 SP1 on Vista x86/x64, Windows Server 2008 x86/x64/ia64 For OS Check Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows Server 2008 (ia-64) is installed AND Microsoft .NET Framework 3.5 SP1 is installed AND Check for GDR and LDR versions the version of system.security.dll is less than 2.0.50727.4204 OR Check for LDR versions Check if System.Security.dll version is greater than or equal to 2.0.50727.4300 AND Check if System.Security.dll version is less than 2.0.50727.4434 OR Microsoft .NET Framework 3.5.1 on Windows 7 x86/x64, Server 2008 R2 x64/ia64 For OS Check Microsoft Windows 7 (32-bit) is installed AND Microsoft Windows 7 x64 Edition is installed AND Microsoft Windows Server 2008 R2 x64 Edition is installed AND Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND Microsoft .NET Framework 3.5 SP1 is installed AND Check for GDR and LDR versions the version of system.security.dll is less than 2.0.50727.4951 OR Check for LDR versions Check if System.Security.dll version is greater than or equal to 2.0.50727.5000 AND Check if system.security.dll version is less than 2.0.50727.5007

Definition Id: oval:org.mitre.oval:def:7481

Oval ID:	oval:org.mitre.oval:def:7481
Title:	DSA-1958 libtool -- privilege escalation
Description:	It was discovered that ltdl, a system-independent dlopen wrapper for GNU libtool, can be tricked to load and run modules from an arbitrary directory, which might be used to execute arbitrary code with the privileges of the user running an application that uses libltdl.
Family:	unix	Class:	patch
Reference(s):	DSA-1958 CVE-2009-3736	Version:	5
Platform(s):	Debian GNU/Linux 5.0 Debian GNU/Linux 4.0	Product(s):	libtool
Definition Synopsis:
Release section Debian GNU/Linux 5.0 is installed AND Architecture section Architecture independent section Installed architecture is all AND libtool-doc is earlier than 1.5.26-4+lenny1 OR Architecture dependent section Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is armel AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is mipsel AND Installed architecture is hppa AND Packages section libltdl3 is earlier than 1.5.26-4+lenny1 AND libltdl3-dev is earlier than 1.5.26-4+lenny1 AND libtool is earlier than 1.5.26-4+lenny1 OR Release section Debian GNU/Linux 4.0 is installed. AND Architecture section Architecture independent section Installed architecture is all AND libtool-doc is earlier than 1.5.22-4+etch1 AND libltdl3 is earlier than 1.5.22-4+etch1 AND libltdl3-dev is earlier than 1.5.22-4+etch1 AND libtool is earlier than 1.5.22-4+etch1

Definition Id: oval:org.mitre.oval:def:7932

Oval ID:	oval:org.mitre.oval:def:7932
Title:	DSA-1849 xml-security-c -- design flaw
Description:	It was discovered that the W3C XML Signature recommendation contains a protocol-level vulnerability related to HMAC output truncation. This update implements the proposed workaround in the C++ version of the Apache implementation of this standard, xml-security-c, by preventing truncation to output strings shorter than 80 bits or half of the original HMAC output, whichever is greater.
Family:	unix	Class:	patch
Reference(s):	DSA-1849 CVE-2009-0217	Version:	3
Platform(s):	Debian GNU/Linux 5.0 Debian GNU/Linux 4.0	Product(s):	xml-security-c
Definition Synopsis:
Release section Debian GNU/Linux 5.0 is installed AND Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is armel AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is mipsel AND Installed architecture is hppa AND Packages section libxml-security-c-dev is earlier than 1.4.0-3+lenny2 AND libxml-security-c14 is earlier than 1.4.0-3+lenny2 OR Release section Debian GNU/Linux 4.0 is installed. AND Architecture section Architecture independent section Installed architecture is all AND libxml-security-c-doc is earlier than 1.2.1-3+etch1 AND libxml-security-c12 is earlier than 1.2.1-3+etch1 AND libxml-security-c-dev is earlier than 1.2.1-3+etch1

Definition Id: oval:org.mitre.oval:def:8717

Oval ID:	oval:org.mitre.oval:def:8717
Title:	HP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other Vulnerabilities
Description:	The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-0217	Version:	11
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
IF HP Release B.11.11 AND HP Release B.11.23 AND HP-UX B.11.31 AND filesets tests Jdk14.JDK14-IPF32 version is less than 1.4.2.23.00 AND Jre14.JRE14-IPF32-HS version is less than 1.4.2.23.00 AND Jre14.JRE14-IPF64 version is less than 1.4.2.23.00 AND Jdk14.JDK14-IPF64 version is less than 1.4.2.23.00 AND Jdk14.JDK14-PA11 version is less than 1.4.2.23.00 AND Jre14.JRE14-COM version is less than 1.4.2.23.00 AND Jdk14.JDK14-PA20 version is less than 1.4.2.23.00 AND Jre14.JRE14-PA11 version is less than 1.4.2.23.00 AND Jdk14.JDK14-PA20W version is less than 1.4.2.23.00 AND Jre14.JRE14-PA11-HS version is less than 1.4.2.23.00 AND Jre14.JRE14-PA20 version is less than 1.4.2.23.00 AND Jre14.JRE14-PA20-HS version is less than 1.4.2.23.00 AND Jre14.JRE14-PA20W version is less than 1.4.2.23.00 AND Jre14.JRE14-IPF64-HS version is less than 1.4.2.23.00 AND Jre14.JRE14-PA20W-HS version is less than 1.4.2.23.00 AND Jre14.JRE14-IPF32 version is less than 1.4.2.23.00 AND Jdk14.JDK14-COM version is less than 1.4.2.23.00 AND Jre15.JRE15-IPF64-HS version is less than 1.5.0.17.00 AND Jdk15.JDK15-IPF32 version is less than 1.5.0.17.00 AND Jdk15.JDK15-PA20 version is less than 1.5.0.17.00 AND Jdk15.JDK15-IPF64 version is less than 1.5.0.17.00 AND Jre15.JRE15-COM version is less than 1.5.0.17.00 AND Jre15.JRE15-PA20 version is less than 1.5.0.17.00 AND Jre15.JRE15-PA20-HS version is less than 1.5.0.17.00 AND Jre15.JRE15-PA20W version is less than 1.5.0.17.00 AND Jre15.JRE15-PA20W-HS version is less than 1.5.0.17.00 AND Jre15.JRE15-IPF32 version is less than 1.5.0.17.00 AND Jre15.JRE15-IPF32-HS version is less than 1.5.0.17.00 AND Jdk15.JDK15-PA20W version is less than 1.5.0.17.00 AND Jre15.JRE15-IPF64 version is less than 1.5.0.17.00 AND Jdk15.JDK15-COM version is less than 1.5.0.17.00 AND Jdk60.JDK60-PA20 version is less than 1.6.0.05.00 AND Jre60.JRE60-PA20W-HS version is less than 1.6.0.05.00 AND Jdk60.JDK60-PA20W version is less than 1.6.0.05.00 AND Jdk60.JDK60-COM version is less than 1.6.0.05.00 AND Jre60.JRE60-COM version is less than 1.6.0.05.00 AND Jre60.JRE60-IPF32 version is less than 1.6.0.05.00 AND Jre60.JRE60-IPF32-HS version is less than 1.6.0.05.00 AND Jre60.JRE60-IPF64 version is less than 1.6.0.05.00 AND Jre60.JRE60-IPF64-HS version is less than 1.6.0.05.00 AND Jre60.JRE60-PA20 version is less than 1.6.0.05.00 AND Jdk60.JDK60-IPF32 version is less than 1.6.0.05.00 AND Jre60.JRE60-PA20-HS version is less than 1.6.0.05.00 AND Jdk60.JDK60-IPF64 version is less than 1.6.0.05.00 AND Jre60.JRE60-PA20W version is less than 1.6.0.05.00

CPE : Common Platform Enumeration

Type	Description	Count
Application	Gnu Libtool cpe:2.3:a:gnu:libtool:2.2.6a:::::::* cpe:2.3:a:gnu:libtool:1.5.8:::::::* cpe:2.3:a:gnu:libtool:1.5.6:::::::* cpe:2.3:a:gnu:libtool:1.5.4:::::::* cpe:2.3:a:gnu:libtool:1.5.26:::::::* cpe:2.3:a:gnu:libtool:1.5.24:::::::* cpe:2.3:a:gnu:libtool:1.5.22:::::::* cpe:2.3:a:gnu:libtool:1.5.20:::::::* cpe:2.3:a:gnu:libtool:1.5.2:::::::* cpe:2.3:a:gnu:libtool:1.5.18:::::::* cpe:2.3:a:gnu:libtool:1.5.16:::::::* cpe:2.3:a:gnu:libtool:1.5.14:::::::* cpe:2.3:a:gnu:libtool:1.5.12:::::::* cpe:2.3:a:gnu:libtool:1.5.10:::::::* cpe:2.3:a:gnu:libtool:1.5:::::::*	15
Application	Ibm Websphere Application Server cpe:2.3:a:ibm:websphere_application_server:7.0.0.1:::::::* cpe:2.3:a:ibm:websphere_application_server:7.0:::::::* cpe:2.3:a:ibm:websphere_application_server:6.1.0.9:::::::* cpe:2.3:a:ibm:websphere_application_server:6.1.0.8:::::::* cpe:2.3:a:ibm:websphere_application_server:6.1.0.7:::::::* cpe:2.3:a:ibm:websphere_application_server:6.1.0.6:::::::* cpe:2.3:a:ibm:websphere_application_server:6.1.0.5:::::::* cpe:2.3:a:ibm:websphere_application_server:6.1.0.4:::::::* cpe:2.3:a:ibm:websphere_application_server:6.1.0.3:::::::* cpe:2.3:a:ibm:websphere_application_server:6.1.0.23:::::::* cpe:2.3:a:ibm:websphere_application_server:6.1.0.22:::::::* cpe:2.3:a:ibm:websphere_application_server:6.1.0.21:::::::* cpe:2.3:a:ibm:websphere_application_server:6.1.0.20:::::::* cpe:2.3:a:ibm:websphere_application_server:6.1.0.2:::::::* cpe:2.3:a:ibm:websphere_application_server:6.1.0.19:::::::* cpe:2.3:a:ibm:websphere_application_server:6.1.0.18:::::::* cpe:2.3:a:ibm:websphere_application_server:6.1.0.17:::::::* cpe:2.3:a:ibm:websphere_application_server:6.1.0.16:::::::* cpe:2.3:a:ibm:websphere_application_server:6.1.0.15:::::::* cpe:2.3:a:ibm:websphere_application_server:6.1.0.14:::::::* cpe:2.3:a:ibm:websphere_application_server:6.1.0.13:::::::* cpe:2.3:a:ibm:websphere_application_server:6.1.0.12:::::::* cpe:2.3:a:ibm:websphere_application_server:6.1.0.11:::::::* cpe:2.3:a:ibm:websphere_application_server:6.1.0.10:::::::* cpe:2.3:a:ibm:websphere_application_server:6.1.0.1:::::::* cpe:2.3:a:ibm:websphere_application_server:6.1.0.0:::::::* cpe:2.3:a:ibm:websphere_application_server:6.1.0:::::::* cpe:2.3:a:ibm:websphere_application_server:6.1:::::::* cpe:2.3:a:ibm:websphere_application_server:6.0.2.33:::::::* cpe:2.3:a:ibm:websphere_application_server:6.0.2.32:::::::* cpe:2.3:a:ibm:websphere_application_server:6.0.2.31:::::::* cpe:2.3:a:ibm:websphere_application_server:6.0.2.30:::::::* cpe:2.3:a:ibm:websphere_application_server:6.0.2.3:::::::* cpe:2.3:a:ibm:websphere_application_server:6.0.2.29:::::::* cpe:2.3:a:ibm:websphere_application_server:6.0.2.28:::::::* cpe:2.3:a:ibm:websphere_application_server:6.0.2.25:::::::* cpe:2.3:a:ibm:websphere_application_server:6.0.2.24:::::::* cpe:2.3:a:ibm:websphere_application_server:6.0.2.23:::::::* cpe:2.3:a:ibm:websphere_application_server:6.0.2.22:::::::* cpe:2.3:a:ibm:websphere_application_server:6.0.2.21:::::::* cpe:2.3:a:ibm:websphere_application_server:6.0.2.20:::::::* cpe:2.3:a:ibm:websphere_application_server:6.0.2.2:::::::* cpe:2.3:a:ibm:websphere_application_server:6.0.2.19:::::::* cpe:2.3:a:ibm:websphere_application_server:6.0.2.18:::::::* cpe:2.3:a:ibm:websphere_application_server:6.0.2.17:::::::* cpe:2.3:a:ibm:websphere_application_server:6.0.2.16:::::::* cpe:2.3:a:ibm:websphere_application_server:6.0.2.15:::::::* cpe:2.3:a:ibm:websphere_application_server:6.0.2.14:::::::* cpe:2.3:a:ibm:websphere_application_server:6.0.2.13:::::::* cpe:2.3:a:ibm:websphere_application_server:6.0.2.12:::::::* cpe:2.3:a:ibm:websphere_application_server:6.0.2.11:::::::* cpe:2.3:a:ibm:websphere_application_server:6.0.2.10:::::::* cpe:2.3:a:ibm:websphere_application_server:6.0.2.1:::::::* cpe:2.3:a:ibm:websphere_application_server:6.0.2:::::::* cpe:2.3:a:ibm:websphere_application_server:6.0.2::fp17::::: cpe:2.3:a:ibm:websphere_application_server:6.0.1.9:::::::* cpe:2.3:a:ibm:websphere_application_server:6.0.1.7:::::::* cpe:2.3:a:ibm:websphere_application_server:6.0.1.5:::::::* cpe:2.3:a:ibm:websphere_application_server:6.0.1.3:::::::* cpe:2.3:a:ibm:websphere_application_server:6.0.1.2:::::::* cpe:2.3:a:ibm:websphere_application_server:6.0.1.17:::::::* cpe:2.3:a:ibm:websphere_application_server:6.0.1.15:::::::* cpe:2.3:a:ibm:websphere_application_server:6.0.1.13:::::::* cpe:2.3:a:ibm:websphere_application_server:6.0.1.11:::::::* cpe:2.3:a:ibm:websphere_application_server:6.0.1.1:::::::* cpe:2.3:a:ibm:websphere_application_server:6.0.1:::::::* cpe:2.3:a:ibm:websphere_application_server:6.0.0.3:::::::* cpe:2.3:a:ibm:websphere_application_server:6.0.0.2:::::::* cpe:2.3:a:ibm:websphere_application_server:6.0.0.1:::::::* cpe:2.3:a:ibm:websphere_application_server:6.0:::::::*	70
Application	Mono Project Mono cpe:2.3:a:mono_project:mono:2.0:::::::* cpe:2.3:a:mono_project:mono:1.9:::::::* cpe:2.3:a:mono_project:mono:1.2.6:::::::* cpe:2.3:a:mono_project:mono:1.2.5:::::::* cpe:2.3:a:mono_project:mono:1.2.4:::::::* cpe:2.3:a:mono_project:mono:1.2.3:::::::* cpe:2.3:a:mono_project:mono:1.2.2:::::::* cpe:2.3:a:mono_project:mono:1.2.1:::::::*	8
Application	Oracle Application Server cpe:2.3:a:oracle:application_server:10.1.4.3im:::::::* cpe:2.3:a:oracle:application_server:10.1.3.4:::::::* cpe:2.3:a:oracle:application_server:10.1.2.3:::::::*	3
Application	Oracle Bea Product Suite cpe:2.3:a:oracle:bea_product_suite:10.3:::::::* cpe:2.3:a:oracle:bea_product_suite:10.0:mp1:::::: cpe:2.3:a:oracle:bea_product_suite:9.2:mp3:::::: cpe:2.3:a:oracle:bea_product_suite:9.1:::::::* cpe:2.3:a:oracle:bea_product_suite:9.0:::::::* cpe:2.3:a:oracle:bea_product_suite:8.1:sp6::::::	6
Application	Oracle Weblogic Server Component cpe:2.3:a:oracle:weblogic_server_component:10.3:::::::* cpe:2.3:a:oracle:weblogic_server_component:10.0:mp1:::::: cpe:2.3:a:oracle:weblogic_server_component:9.2:mp3:::::: cpe:2.3:a:oracle:weblogic_server_component:9.1:::::::* cpe:2.3:a:oracle:weblogic_server_component:9.0:::::::* cpe:2.3:a:oracle:weblogic_server_component:8.1:sp6::::::	6

OpenVAS Exploits

Date	Description
2012-08-10	Name : Gentoo Security Advisory GLSA 201206-13 (mono mono-debugger) File : nvt/glsa_201206_13.nasl
2012-04-16	Name : VMSA-2010-0009: ESXi utilities and ESX Service Console third party updates File : nvt/gb_VMSA-2010-0009.nasl
2011-08-09	Name : CentOS Update for java CESA-2009:1201 centos5 i386 File : nvt/gb_CESA-2009_1201_java_centos5_i386.nasl
2011-08-09	Name : CentOS Update for xmlsec1 CESA-2009:1428 centos4 i386 File : nvt/gb_CESA-2009_1428_xmlsec1_centos4_i386.nasl
2011-08-09	Name : CentOS Update for cpp CESA-2010:0039 centos5 i386 File : nvt/gb_CESA-2010_0039_cpp_centos5_i386.nasl
2011-08-09	Name : CentOS Update for libtool CESA-2009:1646 centos5 i386 File : nvt/gb_CESA-2009_1646_libtool_centos5_i386.nasl
2011-08-09	Name : CentOS Update for libtool CESA-2009:1646 centos4 i386 File : nvt/gb_CESA-2009_1646_libtool_centos4_i386.nasl
2011-08-09	Name : CentOS Update for libtool CESA-2009:1646 centos3 i386 File : nvt/gb_CESA-2009_1646_libtool_centos3_i386.nasl
2011-08-09	Name : CentOS Update for xmlsec1 CESA-2009:1428 centos5 i386 File : nvt/gb_CESA-2009_1428_xmlsec1_centos5_i386.nasl
2011-03-07	Name : Fedora Update for q FEDORA-2011-1967 File : nvt/gb_fedora_2011_1967_q_fc14.nasl
2011-03-07	Name : Fedora Update for q FEDORA-2011-1958 File : nvt/gb_fedora_2011_1958_q_fc13.nasl
2010-07-12	Name : Fedora Update for libtool FEDORA-2010-10640 File : nvt/gb_fedora_2010_10640_libtool_fc12.nasl
2010-07-12	Name : Fedora Update for gcc FEDORA-2010-10640 File : nvt/gb_fedora_2010_10640_gcc_fc12.nasl
2010-06-09	Name : Microsoft .NET Framework XML HMAC Truncation Vulnerability (981343) File : nvt/secpod_ms10-041.nasl
2010-05-28	Name : Mandriva Update for openoffice.org MDVSA-2010:105 (openoffice.org) File : nvt/gb_mandriva_MDVSA_2010_105.nasl
2010-05-28	Name : Fedora Update for libprelude FEDORA-2010-8756 File : nvt/gb_fedora_2010_8756_libprelude_fc12.nasl
2010-05-28	Name : Java for Mac OS X 10.5 Update 5 File : nvt/macosx_java_for_10_5_upd_5.nasl
2010-05-07	Name : Mandriva Update for openoffice.org MDVSA-2010:091 (openoffice.org) File : nvt/gb_mandriva_MDVSA_2010_091.nasl
2010-04-16	Name : Mandriva Update for openoffice.org MDVSA-2010:075 (openoffice.org) File : nvt/gb_mandriva_MDVSA_2010_075.nasl
2010-04-06	Name : Fedora Update for hamlib FEDORA-2010-4407 File : nvt/gb_fedora_2010_4407_hamlib_fc12.nasl
2010-04-06	Name : Fedora Update for hamlib FEDORA-2010-4352 File : nvt/gb_fedora_2010_4352_hamlib_fc11.nasl
2010-03-22	Name : SuSE Update for OpenOffice_org SUSE-SA:2010:017 File : nvt/gb_suse_2010_017.nasl
2010-03-22	Name : Mandriva Update for lvm2 MDVA-2010:105 (lvm2) File : nvt/gb_mandriva_MDVA_2010_105.nasl
2010-03-22	Name : Fedora Update for gnu-smalltalk FEDORA-2010-4392 File : nvt/gb_fedora_2010_4392_gnu-smalltalk_fc11.nasl
2010-03-22	Name : Fedora Update for gnu-smalltalk FEDORA-2010-4339 File : nvt/gb_fedora_2010_4339_gnu-smalltalk_fc12.nasl
2010-03-22	Name : Fedora Update for esorex FEDORA-2010-3314 File : nvt/gb_fedora_2010_3314_esorex_fc11.nasl
2010-03-22	Name : Fedora Update for esorex FEDORA-2010-3216 File : nvt/gb_fedora_2010_3216_esorex_fc12.nasl
2010-03-16	Name : FreeBSD Ports: openoffice.org File : nvt/freebsd_openoffice.org.nasl
2010-03-12	Name : Mandriva Update for slib MDVA-2010:091 (slib) File : nvt/gb_mandriva_MDVA_2010_091.nasl
2010-03-12	Name : Mandriva Update for openoffice.org MDVSA-2010:056 (openoffice.org) File : nvt/gb_mandriva_MDVSA_2010_056.nasl
2010-03-02	Name : Fedora Update for mingw32-libltdl FEDORA-2010-2943 File : nvt/gb_fedora_2010_2943_mingw32-libltdl_fc11.nasl
2010-03-02	Name : Mandriva Update for phpmyadmin MDVA-2010:075 (phpmyadmin) File : nvt/gb_mandriva_MDVA_2010_075.nasl
2010-03-02	Name : Ubuntu Update for openoffice.org vulnerabilities USN-903-1 File : nvt/gb_ubuntu_USN_903_1.nasl
2010-03-02	Name : Fedora Update for mingw32-libltdl FEDORA-2010-2341 File : nvt/gb_fedora_2010_2341_mingw32-libltdl_fc12.nasl
2010-03-02	Name : Fedora Update for gambas FEDORA-2010-1924 File : nvt/gb_fedora_2010_1924_gambas_fc11.nasl
2010-03-02	Name : Fedora Update for gambas FEDORA-2010-1872 File : nvt/gb_fedora_2010_1872_gambas_fc12.nasl
2010-03-02	Name : Fedora Update for gnash FEDORA-2010-1833 File : nvt/gb_fedora_2010_1833_gnash_fc11.nasl
2010-03-02	Name : Fedora Update for gnash FEDORA-2010-1820 File : nvt/gb_fedora_2010_1820_gnash_fc12.nasl
2010-02-15	Name : Mandriva Update for openoffice.org MDVSA-2010:035 (openoffice.org) File : nvt/gb_mandriva_MDVSA_2010_035.nasl
2010-02-15	Name : Mandriva Update for samba MDVA-2010:056 (samba) File : nvt/gb_mandriva_MDVA_2010_056.nasl
2010-01-19	Name : CentOS Update for cpp CESA-2010:0039 centos4 i386 File : nvt/gb_CESA-2010_0039_cpp_centos4_i386.nasl
2010-01-19	Name : CentOS Update for cpp CESA-2010:0039 centos3 x86_64 File : nvt/gb_CESA-2010_0039_cpp_centos3_x86_64.nasl
2010-01-19	Name : CentOS Update for cpp CESA-2010:0039 centos3 i386 File : nvt/gb_CESA-2010_0039_cpp_centos3_i386.nasl
2010-01-19	Name : RedHat Update for gcc and gcc4 RHSA-2010:0039-01 File : nvt/gb_RHSA-2010_0039-01_gcc_and_gcc4.nasl
2010-01-19	Name : CentOS Update for cpp CESA-2010:0039 centos4 x86_64 File : nvt/gb_CESA-2010_0039_cpp_centos4_x86_64.nasl
2009-12-30	Name : Fedora Core 12 FEDORA-2009-12562 (libtool) File : nvt/fcore_2009_12562.nasl
2009-12-30	Name : Fedora Core 11 FEDORA-2009-12725 (libtool) File : nvt/fcore_2009_12725.nasl
2009-12-30	Name : Fedora Core 12 FEDORA-2009-12813 (gcc) File : nvt/fcore_2009_12813.nasl
2009-12-30	Name : Debian Security Advisory DSA 1958-1 (libtool) File : nvt/deb_1958_1.nasl
2009-12-30	Name : RedHat Security Advisory RHSA-2009:1694 File : nvt/RHSA_2009_1694.nasl
2009-12-14	Name : CentOS Security Advisory CESA-2009:1646 (libtool) File : nvt/ovcesa2009_1646.nasl
2009-12-14	Name : RedHat Security Advisory RHSA-2009:1646 File : nvt/RHSA_2009_1646.nasl
2009-12-10	Name : Mandriva Security Advisory MDVSA-2009:307-1 (libtool) File : nvt/mdksa_2009_307_1.nasl
2009-12-10	Name : Mandriva Security Advisory MDVSA-2009:318 (xmlsec1) File : nvt/mdksa_2009_318.nasl
2009-12-10	Name : Mandriva Security Advisory MDVSA-2009:322 (mono) File : nvt/mdksa_2009_322.nasl
2009-12-03	Name : FreeBSD Ports: libtool File : nvt/freebsd_libtool0.nasl
2009-11-11	Name : SLES11: Security update for IBM Java 1.6.0 File : nvt/sles11_java-1_6_0-ibm1.nasl
2009-10-19	Name : Mandrake Security Advisory MDVSA-2009:268 (mono) File : nvt/mdksa_2009_268.nasl
2009-10-19	Name : Mandrake Security Advisory MDVSA-2009:269 (mono) File : nvt/mdksa_2009_269.nasl
2009-10-19	Name : Mandrake Security Advisory MDVSA-2009:267 (xmlsec1) File : nvt/mdksa_2009_267.nasl
2009-09-15	Name : CentOS Security Advisory CESA-2009:1428 (xmlsec1) File : nvt/ovcesa2009_1428.nasl
2009-09-09	Name : RedHat Security Advisory RHSA-2009:1428 File : nvt/RHSA_2009_1428.nasl
2009-09-02	Name : Ubuntu USN-826-1 (mono) File : nvt/ubuntu_826_1.nasl
2009-09-02	Name : Mandrake Security Advisory MDVSA-2009:209 (java-1.6.0-openjdk) File : nvt/mdksa_2009_209.nasl
2009-08-17	Name : FreeBSD Ports: mono File : nvt/freebsd_mono0.nasl
2009-08-17	Name : Fedora Core 11 FEDORA-2009-8473 (xmlsec1) File : nvt/fcore_2009_8473.nasl
2009-08-17	Name : Fedora Core 10 FEDORA-2009-8456 (xmlsec1) File : nvt/fcore_2009_8456.nasl
2009-08-17	Name : Fedora Core 10 FEDORA-2009-8337 (java-1.6.0-openjdk) File : nvt/fcore_2009_8337.nasl
2009-08-17	Name : Fedora Core 11 FEDORA-2009-8329 (java-1.6.0-openjdk) File : nvt/fcore_2009_8329.nasl
2009-08-17	Name : CentOS Security Advisory CESA-2009:1201 (java-1.6.0-openjdk) File : nvt/ovcesa2009_1201.nasl
2009-08-17	Name : Fedora Core 11 FEDORA-2009-8157 (xml-security-c) File : nvt/fcore_2009_8157.nasl
2009-08-17	Name : Fedora Core 10 FEDORA-2009-8121 (xml-security-c) File : nvt/fcore_2009_8121.nasl
2009-08-17	Name : Debian Security Advisory DSA 1849-1 (xml-security-c) File : nvt/deb_1849_1.nasl
2009-08-17	Name : RedHat Security Advisory RHSA-2009:1201 File : nvt/RHSA_2009_1201.nasl
2009-08-17	Name : Ubuntu USN-814-1 (openjdk-6) File : nvt/ubuntu_814_1.nasl
2009-08-17	Name : RedHat Security Advisory RHSA-2009:1200 File : nvt/RHSA_2009_1200.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
60522	libtool libltdl ltdl.c Library Search Path Subversion Local Privilege Escalation
56243	W3C XML Signature Syntax and Processing (XMLDsig) HMACOutputLength Signature ...
55907	Oracle BEA WebLogic Server Web Services Package HMACOutputLength Signature Sp...
55895	Oracle Application Server Security Developer Tools HMACOutputLength Signature...

Information Assurance Vulnerability Management (IAVM)

Date	Description
2010-06-10	IAVM : 2010-B-0046 - Microsoft .NET Framework Data Tampering Vulnerability Severity : Category II - VMSKEY : V0024367

Snort® IPS/IDS

Date	Description
2014-01-10	Apache XML HMAC truncation authentication bypass attempt RuleID : 21337 - Revision : 4 - Type : SERVER-APACHE
2014-01-10	Microsoft Windows .NET framework XMLDsig data tampering attempt RuleID : 16636 - Revision : 14 - Type : OS-WINDOWS

Nessus® Vulnerability Scanner

Date	Description
2016-03-08	Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2010-0009_remote.nasl - Type : ACT_GATHER_INFO
2014-12-15	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201412-08.nasl - Type : ACT_GATHER_INFO
2014-09-01	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201408-19.nasl - Type : ACT_GATHER_INFO
2013-11-19	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201311-10.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1201.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1428.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1646.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0039.nasl - Type : ACT_GATHER_INFO
2013-02-22	Name : The remote Unix host contains a runtime environment that is affected by multi... File : sun_java_jre_263408_unix.nasl - Type : ACT_GATHER_INFO
2013-01-24	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1636.nasl - Type : ACT_GATHER_INFO
2013-01-24	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1637.nasl - Type : ACT_GATHER_INFO
2013-01-24	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1649.nasl - Type : ACT_GATHER_INFO
2013-01-24	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1650.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090806_java_1_6_0_openjdk_on_SL5_3.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090824_java__jdk_1_6_0__on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090908_xmlsec1_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20091208_libtool_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100113_gcc_and_gcc4_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-06-22	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201206-13.nasl - Type : ACT_GATHER_INFO
2012-01-24	Name : The remote web server may be affected by multiple vulnerabilities. File : oracle_application_server_pci.nasl - Type : ACT_GATHER_INFO
2011-03-04	Name : The remote Fedora host is missing a security update. File : fedora_2011-1958.nasl - Type : ACT_GATHER_INFO
2011-03-04	Name : The remote Fedora host is missing a security update. File : fedora_2011-1967.nasl - Type : ACT_GATHER_INFO
2011-03-03	Name : The remote Fedora host is missing a security update. File : fedora_2011-1990.nasl - Type : ACT_GATHER_INFO
2011-01-27	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_OpenOffice_org-6883.nasl - Type : ACT_GATHER_INFO
2011-01-27	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_OpenOffice_org-6884.nasl - Type : ACT_GATHER_INFO
2011-01-21	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_OpenOffice_org-100225.nasl - Type : ACT_GATHER_INFO
2010-10-11	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libtool-6683.nasl - Type : ACT_GATHER_INFO
2010-07-30	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-269.nasl - Type : ACT_GATHER_INFO
2010-07-30	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-035.nasl - Type : ACT_GATHER_INFO
2010-07-30	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-075.nasl - Type : ACT_GATHER_INFO
2010-07-07	Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-10640.nasl - Type : ACT_GATHER_INFO
2010-07-01	Name : The remote Fedora host is missing a security update. File : fedora_2010-1820.nasl - Type : ACT_GATHER_INFO
2010-07-01	Name : The remote Fedora host is missing a security update. File : fedora_2010-1833.nasl - Type : ACT_GATHER_INFO
2010-07-01	Name : The remote Fedora host is missing a security update. File : fedora_2010-1872.nasl - Type : ACT_GATHER_INFO
2010-07-01	Name : The remote Fedora host is missing a security update. File : fedora_2010-1924.nasl - Type : ACT_GATHER_INFO
2010-07-01	Name : The remote Fedora host is missing a security update. File : fedora_2010-2341.nasl - Type : ACT_GATHER_INFO
2010-07-01	Name : The remote Fedora host is missing a security update. File : fedora_2010-2943.nasl - Type : ACT_GATHER_INFO
2010-07-01	Name : The remote Fedora host is missing a security update. File : fedora_2010-3216.nasl - Type : ACT_GATHER_INFO
2010-07-01	Name : The remote Fedora host is missing a security update. File : fedora_2010-3314.nasl - Type : ACT_GATHER_INFO
2010-07-01	Name : The remote Fedora host is missing a security update. File : fedora_2010-4098.nasl - Type : ACT_GATHER_INFO
2010-07-01	Name : The remote Fedora host is missing a security update. File : fedora_2010-4339.nasl - Type : ACT_GATHER_INFO
2010-07-01	Name : The remote Fedora host is missing a security update. File : fedora_2010-4340.nasl - Type : ACT_GATHER_INFO
2010-07-01	Name : The remote Fedora host is missing a security update. File : fedora_2010-4352.nasl - Type : ACT_GATHER_INFO
2010-07-01	Name : The remote Fedora host is missing a security update. File : fedora_2010-4392.nasl - Type : ACT_GATHER_INFO
2010-07-01	Name : The remote Fedora host is missing a security update. File : fedora_2010-4407.nasl - Type : ACT_GATHER_INFO
2010-07-01	Name : The remote Fedora host is missing a security update. File : fedora_2010-8756.nasl - Type : ACT_GATHER_INFO
2010-06-09	Name : It is possible to tamper with signed XML content without being detected on th... File : smb_nt_ms10-041.nasl - Type : ACT_GATHER_INFO
2010-06-01	Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2010-0009.nasl - Type : ACT_GATHER_INFO
2010-05-24	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-105.nasl - Type : ACT_GATHER_INFO
2010-03-17	Name : The remote openSUSE host is missing a security update. File : suse_11_0_OpenOffice_org-100211.nasl - Type : ACT_GATHER_INFO
2010-03-17	Name : The remote openSUSE host is missing a security update. File : suse_11_1_OpenOffice_org-base-drivers-postgresql-100211.nasl - Type : ACT_GATHER_INFO
2010-03-17	Name : The remote openSUSE host is missing a security update. File : suse_11_2_OpenOffice_org-base-drivers-postgresql-100216.nasl - Type : ACT_GATHER_INFO
2010-03-16	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_OpenOffice_org-100226.nasl - Type : ACT_GATHER_INFO
2010-03-08	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-056.nasl - Type : ACT_GATHER_INFO
2010-03-01	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_c97d7a37223311df96dd001b2134ef46.nasl - Type : ACT_GATHER_INFO
2010-03-01	Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12554.nasl - Type : ACT_GATHER_INFO
2010-02-25	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-903-1.nasl - Type : ACT_GATHER_INFO
2010-02-24	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1849.nasl - Type : ACT_GATHER_INFO
2010-02-24	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1958.nasl - Type : ACT_GATHER_INFO
2010-02-24	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1995.nasl - Type : ACT_GATHER_INFO
2010-02-12	Name : The remote Windows host has a program affected by multiple buffer overflows. File : openoffice_32.nasl - Type : ACT_GATHER_INFO
2010-01-15	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0039.nasl - Type : ACT_GATHER_INFO
2010-01-15	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0043.nasl - Type : ACT_GATHER_INFO
2010-01-14	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0039.nasl - Type : ACT_GATHER_INFO
2010-01-13	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-100105.nasl - Type : ACT_GATHER_INFO
2010-01-06	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1201.nasl - Type : ACT_GATHER_INFO
2010-01-05	Name : The remote openSUSE host is missing a security update. File : suse_11_0_libltdl-3-091201.nasl - Type : ACT_GATHER_INFO
2010-01-05	Name : The remote openSUSE host is missing a security update. File : suse_11_1_libltdl-3-091201.nasl - Type : ACT_GATHER_INFO
2010-01-05	Name : The remote openSUSE host is missing a security update. File : suse_11_2_libltdl-3-091202.nasl - Type : ACT_GATHER_INFO
2010-01-05	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libltdl7-091201.nasl - Type : ACT_GATHER_INFO
2010-01-05	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libtool-6678.nasl - Type : ACT_GATHER_INFO
2009-12-30	Name : The remote Fedora host is missing a security update. File : fedora_2009-12562.nasl - Type : ACT_GATHER_INFO
2009-12-30	Name : The remote Fedora host is missing a security update. File : fedora_2009-12813.nasl - Type : ACT_GATHER_INFO
2009-12-27	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1694.nasl - Type : ACT_GATHER_INFO
2009-12-22	Name : The remote Fedora host is missing a security update. File : fedora_2009-12725.nasl - Type : ACT_GATHER_INFO
2009-12-09	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1646.nasl - Type : ACT_GATHER_INFO
2009-12-09	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1646.nasl - Type : ACT_GATHER_INFO
2009-12-08	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-322.nasl - Type : ACT_GATHER_INFO
2009-12-07	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-318.nasl - Type : ACT_GATHER_INFO
2009-12-01	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-307.nasl - Type : ACT_GATHER_INFO
2009-11-30	Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_77c14729dc5e11de92ae02e0184b8d35.nasl - Type : ACT_GATHER_INFO
2009-11-05	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-091102.nasl - Type : ACT_GATHER_INFO
2009-10-13	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-268.nasl - Type : ACT_GATHER_INFO
2009-10-12	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-267.nasl - Type : ACT_GATHER_INFO
2009-09-09	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1428.nasl - Type : ACT_GATHER_INFO
2009-09-09	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1428.nasl - Type : ACT_GATHER_INFO
2009-09-03	Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_5_update5.nasl - Type : ACT_GATHER_INFO
2009-08-31	Name : The remote openSUSE host is missing a security update. File : suse_11_0_java-1_6_0-openjdk-090826.nasl - Type : ACT_GATHER_INFO
2009-08-31	Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_6_0-openjdk-090827.nasl - Type : ACT_GATHER_INFO
2009-08-27	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-826-1.nasl - Type : ACT_GATHER_INFO
2009-08-24	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-209.nasl - Type : ACT_GATHER_INFO
2009-08-24	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1200.nasl - Type : ACT_GATHER_INFO
2009-08-12	Name : The remote Fedora host is missing a security update. File : fedora_2009-8456.nasl - Type : ACT_GATHER_INFO
2009-08-12	Name : The remote Fedora host is missing a security update. File : fedora_2009-8473.nasl - Type : ACT_GATHER_INFO
2009-08-11	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-814-1.nasl - Type : ACT_GATHER_INFO
2009-08-10	Name : The remote Fedora host is missing a security update. File : fedora_2009-8337.nasl - Type : ACT_GATHER_INFO
2009-08-07	Name : The remote Fedora host is missing a security update. File : fedora_2009-8329.nasl - Type : ACT_GATHER_INFO
2009-08-07	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1201.nasl - Type : ACT_GATHER_INFO
2009-08-05	Name : The remote Windows host contains a runtime environment that is affected by mu... File : sun_java_jre_263408.nasl - Type : ACT_GATHER_INFO
2009-08-01	Name : The remote Fedora host is missing a security update. File : fedora_2009-8121.nasl - Type : ACT_GATHER_INFO
2009-08-01	Name : The remote Fedora host is missing a security update. File : fedora_2009-8157.nasl - Type : ACT_GATHER_INFO
2009-07-30	Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_708c65a57c5811dea9940030843d3802.nasl - Type : ACT_GATHER_INFO
2009-06-03	Name : The remote host is missing Sun Security Patch number 141709-03 File : solaris10_141709.nasl - Type : ACT_GATHER_INFO
2009-06-03	Name : The remote host is missing Sun Security Patch number 141710-03 File : solaris10_x86_141710.nasl - Type : ACT_GATHER_INFO
2009-06-03	Name : The remote host is missing Sun Security Patch number 141709-03 File : solaris9_141709.nasl - Type : ACT_GATHER_INFO
2009-06-03	Name : The remote host is missing Sun Security Patch number 141710-03 File : solaris9_x86_141710.nasl - Type : ACT_GATHER_INFO
2009-01-19	Name : The remote host is missing Sun Security Patch number 128640-30 File : solaris10_128640.nasl - Type : ACT_GATHER_INFO
2009-01-19	Name : The remote host is missing Sun Security Patch number 128641-30 File : solaris10_x86_128641.nasl - Type : ACT_GATHER_INFO
2009-01-19	Name : The remote host is missing Sun Security Patch number 128640-30 File : solaris9_128640.nasl - Type : ACT_GATHER_INFO
2009-01-19	Name : The remote host is missing Sun Security Patch number 128641-30 File : solaris9_x86_128641.nasl - Type : ACT_GATHER_INFO
2007-10-12	Name : The remote host is missing Sun Security Patch number 125136-97 File : solaris10_125136.nasl - Type : ACT_GATHER_INFO
2007-10-12	Name : The remote host is missing Sun Security Patch number 125136-97 File : solaris8_125136.nasl - Type : ACT_GATHER_INFO
2007-10-12	Name : The remote host is missing Sun Security Patch number 125136-97 File : solaris9_125136.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 11:41:03	Multiple Updates

Global Informations

Type	Count
Oval ID(s)	15
CPE ID(s)	108
osvdb(s)	4
Openvas Exploit(s)	76
IAVM(s)	1
Snort® Rule(s)	2
Nessus® Exploit(s)	113

	Related
6.9	CVE-2009-3736
5	VU#466161
5	CVE-2009-0217
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 3 more Alert(s)

6.9 - MDVSA-2009:318

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

OVAL Definitions

CPE : Common Platform Enumeration

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Information Assurance Vulnerability Management (IAVM)

Snort® IPS/IDS

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU