Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
NameMDVSA-2013:150First vendor Publication2013-04-22
VendorMandrivaLast vendor Modification2013-04-22
Severity (Vendor) N/ARevisionN/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score10Attack RangeNetwork
Cvss Impact Score10Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple unspecified vulnerabilites has been found and corrected in mysql. Please read the Oracle Critical Patch Updates pages for further information.

The updated packages provides the latest supported mysql version from the 5.1.x branch (5.1.69).

Additionally the mysql 5.0 client libraries is also being provided to maintain compability where needed.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2013:150

CWE : Common Weakness Enumeration

%idName
24 %CWE-20Improper Input Validation
18 %CWE-399Resource Management Errors
12 %CWE-189Numeric Errors (CWE/SANS Top 25)
12 %CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer
9 %CWE-89Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') (CWE/SANS Top 25)
6 %CWE-287Improper Authentication
6 %CWE-264Permissions, Privileges, and Access Controls
6 %CWE-200Information Exposure
3 %CWE-59Improper Link Resolution Before File Access ('Link Following')
3 %CWE-16Configuration

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:15568
 
Oval ID: oval:org.mitre.oval:def:15568
Title: Oracle Outside In contains multiple exploitable vulnerabilities - VIII
Description: Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.
Family: windows Class: vulnerability
Reference(s): CVE-2012-1773
Version: 5
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Product(s): Microsoft Exchange Server 2007
Microsoft Exchange Server 2010
Microsoft FAST Search Server 2010 for SharePoint
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8261
 
Oval ID: oval:org.mitre.oval:def:8261
Title: Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
Description: mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1191
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows 7
Product(s): Apache
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15812
 
Oval ID: oval:org.mitre.oval:def:15812
Title: Oracle Outside In contains multiple exploitable vulnerabilities - II
Description: Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.
Family: windows Class: vulnerability
Reference(s): CVE-2012-1767
Version: 5
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Product(s): Microsoft Exchange Server 2007
Microsoft Exchange Server 2010
Microsoft FAST Search Server 2010 for SharePoint
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21317
 
Oval ID: oval:org.mitre.oval:def:21317
Title: RHSA-2012:0105: mysql security update (Important)
Description: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.60 and earlier, and 5.5.19 and earlier, allows remote authenticated users to affect availability, related to MyISAM.
Family: unix Class: patch
Reference(s): RHSA-2012:0105-01
CESA-2012:0105
CVE-2011-2262
CVE-2012-0075
CVE-2012-0087
CVE-2012-0101
CVE-2012-0102
CVE-2012-0112
CVE-2012-0113
CVE-2012-0114
CVE-2012-0115
CVE-2012-0116
CVE-2012-0118
CVE-2012-0119
CVE-2012-0120
CVE-2012-0484
CVE-2012-0485
CVE-2012-0490
CVE-2012-0492
CVE-2012-0583
Version: 237
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): mysql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23683
 
Oval ID: oval:org.mitre.oval:def:23683
Title: ELSA-2012:0105: mysql security update (Important)
Description: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.60 and earlier, and 5.5.19 and earlier, allows remote authenticated users to affect availability, related to MyISAM.
Family: unix Class: patch
Reference(s): ELSA-2012:0105-01
CVE-2011-2262
CVE-2012-0075
CVE-2012-0087
CVE-2012-0101
CVE-2012-0102
CVE-2012-0112
CVE-2012-0113
CVE-2012-0114
CVE-2012-0115
CVE-2012-0116
CVE-2012-0118
CVE-2012-0119
CVE-2012-0120
CVE-2012-0484
CVE-2012-0485
CVE-2012-0490
CVE-2012-0492
CVE-2012-0583
Version: 77
Platform(s): Oracle Linux 6
Product(s): mysql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16011
 
Oval ID: oval:org.mitre.oval:def:16011
Title: Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: JAX-WS) 7 Update 17 and before. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java Runtime Environment accessible data.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows local users to affect confidentiality via vectors related to JAX-WS. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "processing of MTOM attachments" and the creation of temporary files with weak permissions.
Family: windows Class: vulnerability
Reference(s): CVE-2013-2415
Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27353
 
Oval ID: oval:org.mitre.oval:def:27353
Title: DEPRECATED: ELSA-2013-0770 -- java-1.6.0-openjdk security update (important)
Description: [1:1.6.0.0-1.61.1.11.11] - added and applied (temporally) patch10 fixToFontSecurityFix.patch. - fixing regression in fonts introduced by one security patch. - Resolves: rhbz#950386 [1:1.6.0.0-1.60.1.11.11] - added and applied (temporally) one more patch to xalan/xerces privileges - patch9 jaxp-backport-factoryfinder.patch - will be upstreamed - Resolves: rhbz#950386 [1:1.6.0.0-1.59.1.11.11] - Updated to icedtea6 1.11.11 - fixed xalan/xerxes privledges - removed patch 8 - removingOfAarch64.patch.patch - fixed upstream - Resolves: rhbz#950386 [1:1.6.0.0-1.58.1.11.10] - Updated to icedtea6 1.11.10 - rewritten java-1.6.0-openjdk-java-access-bridge-security.patch - excluded aarch64.patch - by patch 8 - removingOfAarch64.patch.patch - Resolves: rhbz#950386
Family: unix Class: patch
Reference(s): ELSA-2013-0770
CVE-2013-2420
CVE-2013-2422
CVE-2013-2429
CVE-2013-2431
CVE-2013-1537
CVE-2013-2419
CVE-2013-2421
CVE-2013-2424
CVE-2013-2426
CVE-2013-2430
CVE-2013-0401
CVE-2013-1518
CVE-2013-2383
CVE-2013-1488
CVE-2013-1558
CVE-2013-1569
CVE-2013-2417
CVE-2013-1557
CVE-2013-2384
CVE-2013-2415
Version: 4
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18829
 
Oval ID: oval:org.mitre.oval:def:18829
Title: CRITICAL PATCH UPDATE OCTOBER 2012
Description: Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Gnome Trusted Extension.
Family: unix Class: vulnerability
Reference(s): CVE-2012-3199
Version: 3
Platform(s): Sun Solaris 10
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15724
 
Oval ID: oval:org.mitre.oval:def:15724
Title: Oracle Outside In contains multiple exploitable vulnerabilities - I
Description: Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.
Family: windows Class: vulnerability
Reference(s): CVE-2012-1766
Version: 5
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Product(s): Microsoft Exchange Server 2007
Microsoft Exchange Server 2010
Microsoft FAST Search Server 2010 for SharePoint
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19124
 
Oval ID: oval:org.mitre.oval:def:19124
Title: CRITICAL PATCH UPDATE APRIL 2013
Description: Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via vectors related to CPU performance counters drivers.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0408
Version: 3
Platform(s): Sun Solaris 10
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19192
 
Oval ID: oval:org.mitre.oval:def:19192
Title: CRITICAL PATCH UPDATE APRIL 2013
Description: Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via unknown vectors related to Kernel.
Family: unix Class: vulnerability
Reference(s): CVE-2013-1530
Version: 3
Platform(s): Sun Solaris 10
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19352
 
Oval ID: oval:org.mitre.oval:def:19352
Title: CRITICAL PATCH UPDATE APRIL 2013
Description: Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows remote attackers to affect confidentiality and integrity via vectors related to NFS client mounts and IPv6.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0405
Version: 3
Platform(s): Sun Solaris 10
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19650
 
Oval ID: oval:org.mitre.oval:def:19650
Title: CRITICAL PATCH UPDATE JULY 2012
Description: The ICMP path MTU (PMTU) discovery feature in various UNIX systems allows remote attackers to cause a denial of service by spoofing "ICMP Fragmentation needed but Don't Fragment (DF) set" packets between two target hosts, which could cause one host to lower its MTU when transmitting to the other host.
Family: unix Class: vulnerability
Reference(s): CVE-2001-0323
Version: 3
Platform(s): Sun Solaris 10
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16267
 
Oval ID: oval:org.mitre.oval:def:16267
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Replication). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized write access to any arbitrary Operating System location as well as read access to any arbitrary Operating System location
Description: Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows local users to affect confidentiality and integrity via unknown vectors related to Server Replication.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0385
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): MySQL Server 5.1
MySQL Server 5.5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15249
 
Oval ID: oval:org.mitre.oval:def:15249
Title: DSA-2359-1 mojarra -- EL injection
Description: It was discovered that Mojarra, an implementation of JavaServer Faces, evaluates untrusted values as EL expressions if includeViewParameters is set to true.
Family: unix Class: patch
Reference(s): DSA-2359-1
CVE-2011-4358
Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): mojarra
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20971
 
Oval ID: oval:org.mitre.oval:def:20971
Title: RHSA-2013:0772: mysql security update (Important)
Description: Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
Family: unix Class: patch
Reference(s): RHSA-2013:0772-01
CESA-2013:0772
CVE-2012-5614
CVE-2013-1506
CVE-2013-1521
CVE-2013-1531
CVE-2013-1532
CVE-2013-1544
CVE-2013-1548
CVE-2013-1552
CVE-2013-1555
CVE-2013-2375
CVE-2013-2378
CVE-2013-2389
CVE-2013-2391
CVE-2013-2392
Version: 199
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): mysql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18467
 
Oval ID: oval:org.mitre.oval:def:18467
Title: DSA-2667-1 mysql-5.5 - several
Description: Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to a new upstream version, 5.5.31, which includes additional changes, such as performance improvements and corrections for data loss defects.
Family: unix Class: patch
Reference(s): DSA-2667-1
CVE-2013-1502
CVE-2013-1511
CVE-2013-1532
CVE-2013-1544
CVE-2013-2375
CVE-2013-2376
CVE-2013-2389
CVE-2013-2391
CVE-2013-2392
Version: 8
Platform(s): Debian GNU/Linux 7
Debian GNU/kFreeBSD 7
Product(s): mysql-5.5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18379
 
Oval ID: oval:org.mitre.oval:def:18379
Title: USN-1807-2 -- mysql-5.5 vulnerabilities
Description: Several security issues were fixed in MySQL.
Family: unix Class: patch
Reference(s): USN-1807-2
CVE-2012-0553
CVE-2013-1492
CVE-2013-1502
CVE-2013-1506
CVE-2013-1511
CVE-2013-1512
CVE-2013-1521
CVE-2013-1523
CVE-2013-1526
CVE-2013-1532
CVE-2013-1544
CVE-2013-1552
CVE-2013-1555
CVE-2013-1623
CVE-2013-2375
CVE-2013-2376
CVE-2013-2378
CVE-2013-2389
CVE-2013-2391
CVE-2013-2392
Version: 7
Platform(s): Ubuntu 13.04
Product(s): mysql-5.5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17129
 
Oval ID: oval:org.mitre.oval:def:17129
Title: USN-1807-1 -- MySQL vulnerabilities
Description: Multiple security issues were discovered in MySQL.
Family: unix Class: patch
Reference(s): usn-1807-1
CVE-2012-0553
CVE-2013-1492
CVE-2013-1502
CVE-2013-1506
CVE-2013-1511
CVE-2013-1512
CVE-2013-1521
CVE-2013-1523
CVE-2013-1526
CVE-2013-1532
CVE-2013-1544
CVE-2013-1552
CVE-2013-1555
CVE-2013-1623
CVE-2013-2375
CVE-2013-2376
CVE-2013-2378
CVE-2013-2389
CVE-2013-2391
CVE-2013-2392
Version: 7
Platform(s): Ubuntu 11.10
Ubuntu 12.04
Ubuntu 10.04
Ubuntu 12.10
Product(s): mysql-5.1
mysql-5.5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19612
 
Oval ID: oval:org.mitre.oval:def:19612
Title: CRITICAL PATCH UPDATE JULY 2012
Description: Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
Family: unix Class: vulnerability
Reference(s): CVE-2012-3123
Version: 3
Platform(s): Sun Solaris 10
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19686
 
Oval ID: oval:org.mitre.oval:def:19686
Title: HP-UX Running Apache, Remote Denial of Service (DoS), Local Increase of Privilege
Description: Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
Family: unix Class: vulnerability
Reference(s): CVE-2011-3607
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12473
 
Oval ID: oval:org.mitre.oval:def:12473
Title: HP-UX Apache-based Web Server, Local Information Disclosure, Increase of Privilege, Remote Denial of Service (DoS)
Description: The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1955
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10270
 
Oval ID: oval:org.mitre.oval:def:10270
Title: The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
Description: The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1955
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16451
 
Oval ID: oval:org.mitre.oval:def:16451
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server
Description: Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability, related to MyISAM.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0371
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): MySQL Server 5.5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22649
 
Oval ID: oval:org.mitre.oval:def:22649
Title: Unspecified vulnerability in the Network Layer component in Oracle Database Server 11.2.0.2 and 11.2.0.3 allows remote attackers to affect availability via unknown vectors.
Description: Unspecified vulnerability in the Network Layer component in Oracle Database Server 11.2.0.2 and 11.2.0.3 allows remote attackers to affect availability via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1538
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Oracle Database Server
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19630
 
Oval ID: oval:org.mitre.oval:def:19630
Title: CRITICAL PATCH UPDATE JULY 2012
Description: Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, integrity, and availability, related to Gnome PDF viewer.
Family: unix Class: vulnerability
Reference(s): CVE-2012-3129
Version: 3
Platform(s): Sun Solaris 10
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19739
 
Oval ID: oval:org.mitre.oval:def:19739
Title: HP-UX Running Apache, Remote Denial of Service (DoS), Local Increase of Privilege
Description: scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
Family: unix Class: vulnerability
Reference(s): CVE-2012-0031
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19813
 
Oval ID: oval:org.mitre.oval:def:19813
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote attackers to affect confidentiality and availability via unknown vectors related to Sound.
Family: unix Class: vulnerability
Reference(s): CVE-2011-3563
Version: 10
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14942
 
Oval ID: oval:org.mitre.oval:def:14942
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote attackers to affect confidentiality and availability via unknown vectors related to Sound.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote attackers to affect confidentiality and availability via unknown vectors related to Sound.
Family: windows Class: vulnerability
Reference(s): CVE-2011-3563
Version: 9
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16202
 
Oval ID: oval:org.mitre.oval:def:16202
Title: Vulnerability in Microsoft Exchange Server Could Allow Remote Code Execution - CVE-2013-0393 - MS13-012
Description: Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2013-0418.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0393
Version: 3
Platform(s): Microsoft Windows Server 2008
Microsoft Windows Server 2003
Microsoft Windows Server 2008 R2
Product(s): Microsoft Exchange Server 2007
Microsoft Exchange Server 2010
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20023
 
Oval ID: oval:org.mitre.oval:def:20023
Title: DSA-2506-1 libapache-mod-security - modsecurity bypass
Description: Qualys Vulnerability &amp; Malware Research Labs discovered a vulnerability in ModSecurity, a security module for the Apache webserver. In situations where both <q>Content:Disposition: attachment</q> and <q>Content-Type: multipart</q> were present in HTTP headers, the vulnerability could allow an attacker to bypass policy and execute cross-site script (XSS) attacks through properly crafted HTML documents.
Family: unix Class: patch
Reference(s): DSA-2506-1
CVE-2012-2751
Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): libapache-mod-security
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15747
 
Oval ID: oval:org.mitre.oval:def:15747
Title: Oracle Outside In contains multiple exploitable vulnerabilities - XIII
Description: Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.
Family: windows Class: vulnerability
Reference(s): CVE-2012-3110
Version: 5
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Product(s): Microsoft Exchange Server 2007
Microsoft Exchange Server 2010
Microsoft FAST Search Server 2010 for SharePoint
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20142
 
Oval ID: oval:org.mitre.oval:def:20142
Title: DSA-2472-1 gridengine - privilege escalation
Description: Dave Love discovered that users who are allowed to submit jobs to a Grid Engine installation can escalate their privileges to root because the environment is not properly sanitised before creating processes.
Family: unix Class: patch
Reference(s): DSA-2472-1
CVE-2012-0208
Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): gridengine
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21500
 
Oval ID: oval:org.mitre.oval:def:21500
Title: RHSA-2011:0507: apr security update (Moderate)
Description: Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
Family: unix Class: patch
Reference(s): RHSA-2011:0507-01
CESA-2011:0507
CVE-2011-0419
Version: 4
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
CentOS Linux 5
CentOS Linux 6
Product(s): apr
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19767
 
Oval ID: oval:org.mitre.oval:def:19767
Title: CRITICAL PATCH UPDATE JULY 2012
Description: Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
Family: unix Class: vulnerability
Reference(s): CVE-2011-0419
Version: 3
Platform(s): Sun Solaris 10
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14804
 
Oval ID: oval:org.mitre.oval:def:14804
Title: HP-UX Apache Web Server, Remote Denial of Service (DoS)
Description: Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
Family: unix Class: vulnerability
Reference(s): CVE-2011-0419
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14638
 
Oval ID: oval:org.mitre.oval:def:14638
Title: HP-UX Apache Web Server, Remote Denial of Service (DoS)
Description: Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
Family: unix Class: vulnerability
Reference(s): CVE-2011-0419
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13067
 
Oval ID: oval:org.mitre.oval:def:13067
Title: DSA-2237-2 apr -- denial of service
Description: The recent APR update DSA-2237-1 introduced a regression that could lead to an endless loop in the apr_fnmatch function, causing a denial of service. This update fixes this problem. For reference, the description of the original DSA, which fixed CVE-2011-0419: A flaw was found in the APR library, which could be exploited through Apache HTTPD's mod_autoindex. If a directory indexed by mod_autoindex contained files with sufficiently long names, a remote attacker could send a carefully crafted request which would cause excessive CPU usage. This could be used in a denial of service attack.
Family: unix Class: patch
Reference(s): DSA-2237-2
CVE-2011-0419
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): apr
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12951
 
Oval ID: oval:org.mitre.oval:def:12951
Title: DSA-2237-1 apr -- denial of service
Description: A flaw was found in the APR library, which could be exploited through Apache HTTPD's mod_autoindex. If a directory indexed by mod_autoindex contained files with sufficiently long names, a remote attacker could send a carefully crafted request which would cause excessive CPU usage. This could be used in a denial of service attack.
Family: unix Class: patch
Reference(s): DSA-2237-1
CVE-2011-0419
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): apr
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23571
 
Oval ID: oval:org.mitre.oval:def:23571
Title: ELSA-2011:0507: apr security update (Moderate)
Description: Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
Family: unix Class: patch
Reference(s): ELSA-2011:0507-01
CVE-2011-0419
Version: 6
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): apr
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23204
 
Oval ID: oval:org.mitre.oval:def:23204
Title: DEPRECATED: ELSA-2011:0507: apr security update (Moderate)
Description: Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
Family: unix Class: patch
Reference(s): ELSA-2011:0507-01
CVE-2011-0419
Version: 7
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): apr
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19832
 
Oval ID: oval:org.mitre.oval:def:19832
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote authenticated users to have an unspecified impact via unknown vectors related to Networking. NOTE: the Oracle CPU states that this issue has a 0.0 CVSS score. If so, then this is not a vulnerability and this issue should not be included in CVE.
Family: unix Class: vulnerability
Reference(s): CVE-2012-5085
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16654
 
Oval ID: oval:org.mitre.oval:def:16654
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote authenticated users to have an unspecified impact via unknown vectors related to Networking. NOTE: the Oracle CPU states that this issue has a 0.0 CVSS score. If so, then this is not a vulnerability and this issue should not be included in CVE.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote authenticated users to have an unspecified impact via unknown vectors related to Networking. NOTE: the Oracle CPU states that this issue has a 0.0 CVSS score. If so, then this is not a vulnerability and this issue should not be included in CVE.
Family: windows Class: vulnerability
Reference(s): CVE-2012-5085
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19438
 
Oval ID: oval:org.mitre.oval:def:19438
Title: CRITICAL PATCH UPDATE APRIL 2013
Description: Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Filesystem.
Family: unix Class: vulnerability
Reference(s): CVE-2013-1507
Version: 3
Platform(s): Sun Solaris 10
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16500
 
Oval ID: oval:org.mitre.oval:def:16500
Title: Oracle Outside In Contains Multiple Exploitable Vulnerability - CVE-2012-3214 (MS13-013)
Description: Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7.0 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.
Family: windows Class: vulnerability
Reference(s): CVE-2012-3214
Version: 3
Platform(s): Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Product(s): Microsoft FAST Search Server 2010 for SharePoint
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16178
 
Oval ID: oval:org.mitre.oval:def:16178
Title: Oracle Outside In Contains Multiple Exploitable Vulnerabilities-I MS12-080
Description: Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7.0 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.
Family: windows Class: vulnerability
Reference(s): CVE-2012-3214
Version: 3
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Product(s): Microsoft Exchange Server 2007
Microsoft Exchange Server 2010
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19333
 
Oval ID: oval:org.mitre.oval:def:19333
Title: CRITICAL PATCH UPDATE JULY 2012
Description: Unspecified vulnerability in Oracle Solaris 9, 10, and 11 allows local users to affect availability via unknown vectors related to Kerberos/klist.
Family: unix Class: vulnerability
Reference(s): CVE-2012-0563
Version: 3
Platform(s): Sun Solaris 10
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18376
 
Oval ID: oval:org.mitre.oval:def:18376
Title: Oracle Outside In Contains Multiple Exploitable Vulnerabilities - CVE-2013-2393 (MS13-061)
Description: Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4.0 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.
Family: windows Class: vulnerability
Reference(s): CVE-2013-2393
Version: 4
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Product(s): Microsoft Exchange Server 2007
Microsoft Exchange Server 2010
Microsoft Exchange Server 2013
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21528
 
Oval ID: oval:org.mitre.oval:def:21528
Title: RHSA-2012:1551: mysql security update (Important)
Description: Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.
Family: unix Class: patch
Reference(s): RHSA-2012:1551-01
CESA-2012:1551
CVE-2012-5611
Version: 4
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): mysql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21022
 
Oval ID: oval:org.mitre.oval:def:21022
Title: RHSA-2013:0180: mysql security update (Important)
Description: Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.
Family: unix Class: patch
Reference(s): RHSA-2013:0180-00
CESA-2013:0180
CVE-2012-2749
CVE-2012-5611
Version: 31
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): mysql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18423
 
Oval ID: oval:org.mitre.oval:def:18423
Title: DSA-2581-1 mysql-5.1 - several
Description: Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to a new upstream version, 5.1.66, which includes additional changes, such as performance improvements and corrections for data loss defects. These changes are described in the <a href="http://dev.mysql.com/doc/refman/5.1/en/news-5-1-66.html">MySQL release notes</a>.
Family: unix Class: patch
Reference(s): DSA-2581-1
CVE-2012-3150
CVE-2012-3158
CVE-2012-3160
CVE-2012-3163
CVE-2012-3166
CVE-2012-3167
CVE-2012-3173
CVE-2012-3177
CVE-2012-3180
CVE-2012-3197
CVE-2012-5611
Version: 7
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): mysql-5.1
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17289
 
Oval ID: oval:org.mitre.oval:def:17289
Title: USN-1658-1 -- mysql-5.1, mysql-5.5, mysql-dfsg-5.1 vulnerability
Description: MySQL could be made to run programs if it received specially crafted network traffic from an authenticated user.
Family: unix Class: patch
Reference(s): USN-1658-1
CVE-2012-5611
Version: 7
Platform(s): Ubuntu 12.10
Ubuntu 12.04
Ubuntu 11.10
Ubuntu 10.04
Product(s): mysql-5.5
mysql-5.1
mysql-dfsg-5.1
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16395
 
Oval ID: oval:org.mitre.oval:def:16395
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Privileges). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution
Description: Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.
Family: windows Class: vulnerability
Reference(s): CVE-2012-5611
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): MySQL Server 5.1
MySQL Server 5.5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23921
 
Oval ID: oval:org.mitre.oval:def:23921
Title: ELSA-2012:1551: mysql security update (Important)
Description: Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.
Family: unix Class: patch
Reference(s): ELSA-2012:1551-01
CVE-2012-5611
Version: 6
Platform(s): Oracle Linux 6
Product(s): mysql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23326
 
Oval ID: oval:org.mitre.oval:def:23326
Title: ELSA-2013:0180: mysql security update (Important)
Description: Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.
Family: unix Class: patch
Reference(s): ELSA-2013:0180-00
CVE-2012-2749
CVE-2012-5611
Version: 13
Platform(s): Oracle Linux 5
Product(s): mysql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27670
 
Oval ID: oval:org.mitre.oval:def:27670
Title: DEPRECATED: ELSA-2013-0180 -- mysql security update (important)
Description: [5.0.95-5] - Rebuild to fix wrong package tag Related: #892679 [5.0.95-4] - Add patches for CVE-2012-2122, CVE-2012-2749, CVE-2012-5611 Resolves: #892679
Family: unix Class: patch
Reference(s): ELSA-2013-0180
CVE-2012-2749
CVE-2012-5611
Version: 4
Platform(s): Oracle Linux 5
Product(s): mysql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26706
 
Oval ID: oval:org.mitre.oval:def:26706
Title: DEPRECATED: ELSA-2012-1551 -- mysql security update (important)
Description: [5.1.66-2] - Add backported patch for CVE-2012-5611 Resolves: CVE-2012-5611
Family: unix Class: patch
Reference(s): ELSA-2012-1551
CVE-2012-5611
Version: 4
Platform(s): Oracle Linux 6
Product(s): mysql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16835
 
Oval ID: oval:org.mitre.oval:def:16835
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Stored Procedure). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS)
Description: Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0386
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): MySQL Server 5.5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21412
 
Oval ID: oval:org.mitre.oval:def:21412
Title: RHSA-2012:0474: tomcat5 security update (Moderate)
Description: Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
Family: unix Class: patch
Reference(s): RHSA-2012:0474-03
CESA-2012:0474
CVE-2011-4858
CVE-2012-0022
Version: 29
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): tomcat5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21312
 
Oval ID: oval:org.mitre.oval:def:21312
Title: RHSA-2012:0475: tomcat6 security update (Moderate)
Description: Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
Family: unix Class: patch
Reference(s): RHSA-2012:0475-03
CESA-2012:0475
CVE-2011-4858
CVE-2012-0022
Version: 29
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): tomcat6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20494
 
Oval ID: oval:org.mitre.oval:def:20494
Title: VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, Workstation, Player, ESXi and ESX address several security issues
Description: Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
Family: unix Class: vulnerability
Reference(s): CVE-2012-0022
Version: 5
Platform(s): VMWare ESX Server 4.0
VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18934
 
Oval ID: oval:org.mitre.oval:def:18934
Title: HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities
Description: Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
Family: unix Class: vulnerability
Reference(s): CVE-2012-0022
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16925
 
Oval ID: oval:org.mitre.oval:def:16925
Title: Vulnerability in the Management Pack for Oracle GoldenGate Server. Supported versions that are affected are 11.1.1.1.0. Vulnerability in the Oracle GoldenGate Veridata component of Oracle Fusion Middleware (subcomponent: Server). The supported version that is affected is 3.0.0.11.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GoldenGate Veridata
Description: Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
Family: windows Class: vulnerability
Reference(s): CVE-2012-0022
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Oracle GoldenGate Director
Oracle GoldenGate Veridata
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15309
 
Oval ID: oval:org.mitre.oval:def:15309
Title: DSA-2401-1 tomcat6 -- several
Description: Several vulnerabilities have been found in Tomcat, a servlet and JSP engine: CVE-2011-1184 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064 The HTTP Digest Access Authentication implementation performed insufficient countermeasures against replay attacks. CVE-2011-2204 In rare setups passwords were written into a logfile. CVE-2011-2526 Missing input sanisiting in the HTTP APR or HTTP NIO connectors could lead to denial of service. CVE-2011-3190 AJP requests could be spoofed in some setups. CVE-2011-3375 Incorrect request caching could lead to information disclosure. CVE-2011-4858 CVE-2012-0022 This update adds countermeasures against a collision denial of service vulnerability in the Java hashtable implementation and addresses denial of service potentials when processing large amounts of requests
Family: unix Class: patch
Reference(s): DSA-2401-1
CVE-2011-1184
CVE-2011-2204
CVE-2011-2526
CVE-2011-3190
CVE-2011-3375
CVE-2011-4858
CVE-2011-5062
CVE-2011-5063
CVE-2011-5064
CVE-2012-0022
Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): tomcat6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15018
 
Oval ID: oval:org.mitre.oval:def:15018
Title: USN-1359-1 -- Tomcat vulnerabilities
Description: tomcat6: Servlet and JSP engine Tomcat could be made to crash or expose sensitive information if it received specially crafted network traffic.
Family: unix Class: patch
Reference(s): USN-1359-1
CVE-2011-3375
CVE-2011-4858
CVE-2012-0022
Version: 5
Platform(s): Ubuntu 11.04
Ubuntu 11.10
Ubuntu 10.04
Ubuntu 10.10
Product(s): Tomcat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23745
 
Oval ID: oval:org.mitre.oval:def:23745
Title: ELSA-2012:0475: tomcat6 security update (Moderate)
Description: Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
Family: unix Class: patch
Reference(s): ELSA-2012:0475-03
CVE-2011-4858
CVE-2012-0022
Version: 13
Platform(s): Oracle Linux 6
Product(s): tomcat6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23331
 
Oval ID: oval:org.mitre.oval:def:23331
Title: ELSA-2012:0474: tomcat5 security update (Moderate)
Description: Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
Family: unix Class: patch
Reference(s): ELSA-2012:0474-03
CVE-2011-4858
CVE-2012-0022
Version: 13
Platform(s): Oracle Linux 5
Product(s): tomcat5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25819
 
Oval ID: oval:org.mitre.oval:def:25819
Title: SUSE-SU-2013:1374-1 -- Security update for tomcat6
Description: This update of tomcat6 fixes: * apache-tomcat-CVE-2012-3544.patch (bnc#831119) * use chown --no-dereference to prevent symlink attacks on log (bnc#822177#c7/prevents CVE-2013-1976) * Fix tomcat init scripts generating malformed classpath ( http://youtrack.jetbrains.com/issue/JT-18545 <http://youtrack.jetbrains.com/issue/JT-18545> ) bnc#804992 (patch from m407) * fix a typo in initscript (bnc#768772 ) * copy all shell scripts (bnc#818948)
Family: unix Class: patch
Reference(s): SUSE-SU-2013:1374-1
CVE-2012-3544
CVE-2013-1976
CVE-2012-0022
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
Product(s): tomcat6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27374
 
Oval ID: oval:org.mitre.oval:def:27374
Title: DEPRECATED: ELSA-2012-0475 -- tomcat6 security update (moderate)
Description: [0:6.0.24-36] - Resolves: CVE-2012-0022 regression. Changes made to patch file.
Family: unix Class: patch
Reference(s): ELSA-2012-0475
CVE-2011-4858
CVE-2012-0022
Version: 4
Platform(s): Oracle Linux 6
Product(s): tomcat6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27313
 
Oval ID: oval:org.mitre.oval:def:27313
Title: DEPRECATED: ELSA-2012-0474 -- tomcat5 security update (moderate)
Description: [0:5.5.23-0jpp.31] - Resolves: CVE-2012 regression. Changed patch file. [0:5.5.23-0jpp.30] - Resolves: CVE-2012-0022, CVE-2011-4858 [0:5.5.23-0jpp.27] - Resolves CVE-2011-0013 rhbz 675933 - Resolves CVE-2011-3718 rhbz 675933 [0:5.5.23-0jpp.23] - Resolves CVE-2011-1184 rhbz 744984 - Resolves CVE-2011-2204 rhbz 719188
Family: unix Class: patch
Reference(s): ELSA-2012-0474
CVE-2011-4858
CVE-2012-0022
Version: 4
Platform(s): Oracle Linux 5
Product(s): tomcat5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15668
 
Oval ID: oval:org.mitre.oval:def:15668
Title: Oracle Outside In contains multiple exploitable vulnerabilities - VI
Description: Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.
Family: windows Class: vulnerability
Reference(s): CVE-2012-1771
Version: 5
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Product(s): Microsoft Exchange Server 2007
Microsoft Exchange Server 2010
Microsoft FAST Search Server 2010 for SharePoint
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21346
 
Oval ID: oval:org.mitre.oval:def:21346
Title: RHSA-2012:0033: php security update (Moderate)
Description: PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
Family: unix Class: patch
Reference(s): RHSA-2012:0033-01
CESA-2012:0033
CVE-2011-0708
CVE-2011-1148
CVE-2011-1466
CVE-2011-1469
CVE-2011-2202
CVE-2011-4566
CVE-2011-4885
Version: 94
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21336
 
Oval ID: oval:org.mitre.oval:def:21336
Title: RHSA-2012:0019: php53 and php security update (Moderate)
Description: PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
Family: unix Class: patch
Reference(s): RHSA-2012:0019-01
CESA-2012:0019
CVE-2011-4566
CVE-2011-4885
Version: 29
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
CentOS Linux 5
CentOS Linux 6
Product(s): php53
php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19791
 
Oval ID: oval:org.mitre.oval:def:19791
Title: HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass
Description: PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
Family: unix Class: vulnerability
Reference(s): CVE-2011-4885
Version: 10
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23589
 
Oval ID: oval:org.mitre.oval:def:23589
Title: ELSA-2012:0019: php53 and php security update (Moderate)
Description: PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
Family: unix Class: patch
Reference(s): ELSA-2012:0019-01
CVE-2011-4566
CVE-2011-4885
Version: 13
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): php53
php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23207
 
Oval ID: oval:org.mitre.oval:def:23207
Title: ELSA-2012:0033: php security update (Moderate)
Description: PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
Family: unix Class: patch
Reference(s): ELSA-2012:0033-01
CVE-2011-0708
CVE-2011-1148
CVE-2011-1466
CVE-2011-1469
CVE-2011-2202
CVE-2011-4566
CVE-2011-4885
Version: 33
Platform(s): Oracle Linux 5
Product(s): php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23205
 
Oval ID: oval:org.mitre.oval:def:23205
Title: DEPRECATED: ELSA-2012:0019: php53 and php security update (Moderate)
Description: PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
Family: unix Class: patch
Reference(s): ELSA-2012:0019-01
CVE-2011-4566
CVE-2011-4885
Version: 14
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): php53
php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27760
 
Oval ID: oval:org.mitre.oval:def:27760
Title: DEPRECATED: ELSA-2012-0019 -- php53 and php security update (moderate)
Description: [5.3.3-3.5] - remove extra php.ini-prod/devel files caused by %patch -b [5.3.3-3.4] - add security fixes for CVE-2011-4885, CVE-2011-4566 (#769754)
Family: unix Class: patch
Reference(s): ELSA-2012-0019
CVE-2011-4566
CVE-2011-4885
Version: 4
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): php53
php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19773
 
Oval ID: oval:org.mitre.oval:def:19773
Title: CRITICAL PATCH UPDATE JULY 2012
Description: Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect availability, related to Kernel/KSSL.
Family: unix Class: vulnerability
Reference(s): CVE-2012-3124
Version: 3
Platform(s): Sun Solaris 10
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17266
 
Oval ID: oval:org.mitre.oval:def:17266
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server
Description: Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2012-0574
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): MySQL Server 5.1
MySQL Server 5.5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19861
 
Oval ID: oval:org.mitre.oval:def:19861
Title: DSA-2508-1 kfreebsd-8 - privilege escalation
Description: Rafal Wojtczuk from Bromium discovered that FreeBSD wasn't handling correctly uncanonical return addresses on Intel amd64 CPUs, allowing privilege escalation to kernel for local users.
Family: unix Class: patch
Reference(s): DSA-2508-1
CVE-2012-0217
Version: 5
Platform(s): Debian GNU/kFreeBSD 6.0
Product(s): kfreebsd-8
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19281
 
Oval ID: oval:org.mitre.oval:def:19281
Title: CRITICAL PATCH UPDATE OCTOBER 2012
Description: The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier.
Family: unix Class: vulnerability
Reference(s): CVE-2012-0217
Version: 3
Platform(s): Sun Solaris 10
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15596
 
Oval ID: oval:org.mitre.oval:def:15596
Title: User Mode Scheduler Memory Corruption Vulnerability (CVE-2012-0217)
Description: The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier.
Family: windows Class: vulnerability
Reference(s): CVE-2012-0217
Version: 8
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008 R2
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19399
 
Oval ID: oval:org.mitre.oval:def:19399
Title: CRITICAL PATCH UPDATE APRIL 2013
Description: Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows local users to affect confidentiality via unknown vectors related to Utility/fdformat.
Family: unix Class: vulnerability
Reference(s): CVE-2012-0568
Version: 3
Platform(s): Sun Solaris 10
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19542
 
Oval ID: oval:org.mitre.oval:def:19542
Title: CRITICAL PATCH UPDATE JULY 2012
Description: Unspecified vulnerability in Oracle Sun Solaris 9, 10, and 11 allows remote attackers to affect confidentiality, related to Network/NFS.
Family: unix Class: vulnerability
Reference(s): CVE-2012-3131
Version: 3
Platform(s): Sun Solaris 10
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16877
 
Oval ID: oval:org.mitre.oval:def:16877
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Privileges). Supported versions that are affected are 5.5.28 and earlier. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server
Description: Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users with Server Privileges to affect availability via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2012-5096
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): MySQL Server 5.5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22131
 
Oval ID: oval:org.mitre.oval:def:22131
Title: RHSA-2010:0659: httpd security and bug fix update (Moderate)
Description: mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
Family: unix Class: patch
Reference(s): RHSA-2010:0659-01
CESA-2010:0659
CVE-2010-1452
CVE-2010-2791
Version: 29
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): httpd
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22935
 
Oval ID: oval:org.mitre.oval:def:22935
Title: ELSA-2010:0659: httpd security and bug fix update (Moderate)
Description: mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
Family: unix Class: patch
Reference(s): ELSA-2010:0659-01
CVE-2010-1452
CVE-2010-2791
Version: 13
Platform(s): Oracle Linux 5
Product(s): httpd
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27980
 
Oval ID: oval:org.mitre.oval:def:27980
Title: DEPRECATED: ELSA-2010-0659 -- httpd security and bug fix update (moderate)
Description: [2.2.3-43.0.1.el5_5.3 ] - replace index.html with Oracle's index page oracle_index.html - update vstring and distro in specfile [2.2.3-43.3] - mod_ssl: improved fix for SSLRequire's OID() function (#625452) [2.2.3-43.2] - add security fixes for CVE-2010-1452, CVE-2010-2791 (#623210) - mod_deflate: rebase to 2.2.15 (#625435) - stop multiple invocations of filter init functions (#625451)
Family: unix Class: patch
Reference(s): ELSA-2010-0659
CVE-2010-1452
CVE-2010-2791
Version: 4
Platform(s): Oracle Linux 5
Product(s): httpd
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19152
 
Oval ID: oval:org.mitre.oval:def:19152
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect availability, related to JSSE.
Family: unix Class: vulnerability
Reference(s): CVE-2012-5081
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18120
 
Oval ID: oval:org.mitre.oval:def:18120
Title: USN-1619-1 -- openjdk-6, openjdk-7 vulnerabilities
Description: Several security issues were fixed in OpenJDK.
Family: unix Class: patch
Reference(s): USN-1619-1
CVE-2012-3216
CVE-2012-5069
CVE-2012-5072
CVE-2012-5075
CVE-2012-5077
CVE-2012-5085
CVE-2012-4416
CVE-2012-5071
CVE-2012-1531
CVE-2012-1532
CVE-2012-1533
CVE-2012-3143
CVE-2012-3159
CVE-2012-5068
CVE-2012-5083
CVE-2012-5084
CVE-2012-5086
CVE-2012-5089
CVE-2012-5067
CVE-2012-5070
CVE-2012-5073
CVE-2012-5079
CVE-2012-5074
CVE-2012-5076
CVE-2012-5087
CVE-2012-5088
CVE-2012-5081
Version: 7
Platform(s): Ubuntu 12.10
Ubuntu 12.04
Ubuntu 11.10
Ubuntu 11.04
Ubuntu 10.04
Product(s): openjdk-7
openjdk-6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16043
 
Oval ID: oval:org.mitre.oval:def:16043
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect availability, related to JSSE.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect availability, related to JSSE.
Family: windows Class: vulnerability
Reference(s): CVE-2012-5081
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19598
 
Oval ID: oval:org.mitre.oval:def:19598
Title: CRITICAL PATCH UPDATE JULY 2012
Description: Unspecified vulnerability in Oracle Solaris 10 and 11 allows local users to affect integrity and availability, related to Logical Domains (LDOM).
Family: unix Class: vulnerability
Reference(s): CVE-2012-1687
Version: 3
Platform(s): Sun Solaris 10
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15763
 
Oval ID: oval:org.mitre.oval:def:15763
Title: Unspecified vulnerability in the VirtualBox component in Oracle Virtualization 4.0, 4.1, and 4.2
Description: Unspecified vulnerability in the VirtualBox component in Oracle Virtualization 4.0, 4.1, and 4.2 allows local users to affect integrity and availability via unknown vectors related to Core. NOTE: The previous information was obtained from the January 2013 Oracle CPU. Oracle has not commented on claims from another vendor that this issue is related to an incorrect comparison in the vga_draw_text function in Devices/Graphics/DevVGA.cpp, which can cause VirtualBox to "draw more lines than necessary."
Family: windows Class: vulnerability
Reference(s): CVE-2013-0420
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): VirtualBox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20720
 
Oval ID: oval:org.mitre.oval:def:20720
Title: VMware vSphere and vCOps updates to third party libraries
Description: The IPv6 implementation in the Linux kernel before 3.1 does not generate Fragment Identification values separately for each destination, which makes it easier for remote attackers to cause a denial of service (disrupted networking) by predicting these values and sending crafted packets.
Family: unix Class: vulnerability
Reference(s): CVE-2011-2699
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19309
 
Oval ID: oval:org.mitre.oval:def:19309
Title: CRITICAL PATCH UPDATE JULY 2012
Description: The IPv6 implementation in the Linux kernel before 3.1 does not generate Fragment Identification values separately for each destination, which makes it easier for remote attackers to cause a denial of service (disrupted networking) by predicting these values and sending crafted packets.
Family: unix Class: vulnerability
Reference(s): CVE-2011-2699
Version: 3
Platform(s): Sun Solaris 10
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21643
 
Oval ID: oval:org.mitre.oval:def:21643
Title: RHSA-2012:1462: mysql security update (Important)
Description: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Replication.
Family: unix Class: patch
Reference(s): RHSA-2012:1462-01
CESA-2012:1462
CVE-2012-0540
CVE-2012-1688
CVE-2012-1689
CVE-2012-1690
CVE-2012-1703
CVE-2012-1734
CVE-2012-2749
CVE-2012-3150
CVE-2012-3158
CVE-2012-3160
CVE-2012-3163
CVE-2012-3166
CVE-2012-3167
CVE-2012-3173
CVE-2012-3177
CVE-2012-3180
CVE-2012-3197
Version: 211
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): mysql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17999
 
Oval ID: oval:org.mitre.oval:def:17999
Title: USN-1621-1 -- mysql-5.1, mysql-5.5, mysql-dfsg-5.1 vulnerabilities
Description: Several security issues were fixed in MySQL.
Family: unix Class: patch
Reference(s): USN-1621-1
CVE-2012-3144
CVE-2012-3147
CVE-2012-3149
CVE-2012-3150
CVE-2012-3156
CVE-2012-3158
CVE-2012-3160
CVE-2012-3163
CVE-2012-3166
CVE-2012-3167
CVE-2012-3173
CVE-2012-3177
CVE-2012-3180
CVE-2012-3197
Version: 7
Platform(s): Ubuntu 12.10
Ubuntu 12.04
Ubuntu 11.10
Ubuntu 10.04
Product(s): mysql-5.5
mysql-5.1
mysql-dfsg-5.1
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23931
 
Oval ID: oval:org.mitre.oval:def:23931
Title: ELSA-2012:1462: mysql security update (Important)
Description: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Replication.
Family: unix Class: patch
Reference(s): ELSA-2012:1462-01
CVE-2012-0540
CVE-2012-1688
CVE-2012-1689
CVE-2012-1690
CVE-2012-1703
CVE-2012-1734
CVE-2012-2749
CVE-2012-3150
CVE-2012-3158
CVE-2012-3160
CVE-2012-3163
CVE-2012-3166
CVE-2012-3167
CVE-2012-3173
CVE-2012-3177
CVE-2012-3180
CVE-2012-3197
Version: 69
Platform(s): Oracle Linux 6
Product(s): mysql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27464
 
Oval ID: oval:org.mitre.oval:def:27464
Title: DEPRECATED: ELSA-2012-1462 -- mysql security update (important)
Description: [5.1.66-1] - Update to 5.1.66, for assorted upstream bugfixes including CVEs announced in July and October 2012 Resolves: #871813
Family: unix Class: patch
Reference(s): ELSA-2012-1462
CVE-2012-0540
CVE-2012-1688
CVE-2012-1689
CVE-2012-1690
CVE-2012-1703
CVE-2012-1734
CVE-2012-2749
CVE-2012-3150
CVE-2012-3158
CVE-2012-3160
CVE-2012-3163
CVE-2012-3166
CVE-2012-3167
CVE-2012-3173
CVE-2012-3177
CVE-2012-3180
CVE-2012-3197
Version: 4
Platform(s): Oracle Linux 6
Product(s): mysql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19408
 
Oval ID: oval:org.mitre.oval:def:19408
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka Oracle security ticket S0104869.
Family: unix Class: vulnerability
Reference(s): CVE-2011-5035
Version: 10
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16908
 
Oval ID: oval:org.mitre.oval:def:16908
Title: Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 9.2.4, 10.0.2, 10.3.5, 10.3.6 and 12.1.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server
Description: Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka Oracle security ticket S0104869.
Family: windows Class: vulnerability
Reference(s): CVE-2011-5035
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Oracle WebLogic Server
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14882
 
Oval ID: oval:org.mitre.oval:def:14882
Title: Oracle Outside In contains multiple exploitable vulnerabilities - V
Description: Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.
Family: windows Class: vulnerability
Reference(s): CVE-2012-1770
Version: 5
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Product(s): Microsoft Exchange Server 2007
Microsoft Exchange Server 2010
Microsoft FAST Search Server 2010 for SharePoint
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17268
 
Oval ID: oval:org.mitre.oval:def:17268
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Optimizer). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server
Description: Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
Family: windows Class: vulnerability
Reference(s): CVE-2012-1705
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): MySQL Server 5.1
MySQL Server 5.5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18802
 
Oval ID: oval:org.mitre.oval:def:18802
Title: CRITICAL PATCH UPDATE JULY 2012
Description: Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect availability, related to SCTP.
Family: unix Class: vulnerability
Reference(s): CVE-2012-3127
Version: 3
Platform(s): Sun Solaris 10
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19765
 
Oval ID: oval:org.mitre.oval:def:19765
Title: CRITICAL PATCH UPDATE OCTOBER 2012
Description: Unspecified vulnerability in Oracle Sun Solaris 9, 10, and 11 allows local users to affect availability via unknown vectors related to Kernel.
Family: unix Class: vulnerability
Reference(s): CVE-2012-3207
Version: 3
Platform(s): Sun Solaris 10
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9935
 
Oval ID: oval:org.mitre.oval:def:9935
Title: The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
Description: The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
Family: unix Class: vulnerability
Reference(s): CVE-2010-0408
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8619
 
Oval ID: oval:org.mitre.oval:def:8619
Title: Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
Description: The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
Family: windows Class: vulnerability
Reference(s): CVE-2010-0408
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows 7
Product(s): Apache
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16251
 
Oval ID: oval:org.mitre.oval:def:16251
Title: Vulnerability in Microsoft Exchange Server Could Allow Remote Code Execution - CVE-2013-0418 - MS13-012
Description: Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2013-0393. NOTE: the previous information was obtained from the January 2013 CPU. Oracle has not commented on claims from an independent researcher that this is a heap-based buffer overflow in the Paradox database stream filter (vspdx.dll) that can be triggered using a table header with a crafted "number of fields" value.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0418
Version: 4
Platform(s): Microsoft Windows Server 2008
Microsoft Windows Server 2003
Microsoft Windows Server 2008 R2
Product(s): Microsoft Exchange Server 2007
Microsoft Exchange Server 2010
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18929
 
Oval ID: oval:org.mitre.oval:def:18929
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier, when running on Solaris, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Networking.
Family: unix Class: vulnerability
Reference(s): CVE-2012-1720
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16581
 
Oval ID: oval:org.mitre.oval:def:16581
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Networking) 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier, when running on Solaris, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Networking.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier, when running on Solaris, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Networking.
Family: windows Class: vulnerability
Reference(s): CVE-2012-1720
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19550
 
Oval ID: oval:org.mitre.oval:def:19550
Title: HP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the default java.rmi.server.useCodebaseOnly setting of false, which allows remote attackers to perform "dynamic class downloading" and execute arbitrary code.
Family: unix Class: vulnerability
Reference(s): CVE-2013-1537
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19385
 
Oval ID: oval:org.mitre.oval:def:19385
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the default java.rmi.server.useCodebaseOnly setting of false, which allows remote attackers to perform "dynamic class downloading" and execute arbitrary code.
Family: unix Class: vulnerability
Reference(s): CVE-2013-1537
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16578
 
Oval ID: oval:org.mitre.oval:def:16578
Title: Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before, 5.0 Update 41 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the default java.rmi.server.useCodebaseOnly setting of false, which allows remote attackers to perform "dynamic class downloading" and execute arbitrary code.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1537
Version: 9
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19808
 
Oval ID: oval:org.mitre.oval:def:19808
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Family: unix Class: vulnerability
Reference(s): CVE-2012-0498
Version: 10
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15075
 
Oval ID: oval:org.mitre.oval:def:15075
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Family: windows Class: vulnerability
Reference(s): CVE-2012-0498
Version: 9
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19287
 
Oval ID: oval:org.mitre.oval:def:19287
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE 7 update 4 and earlier and 6 update 32 and earlier, and the GlassFish Enterprise Server component in Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Web Container or Deployment.
Family: unix Class: vulnerability
Reference(s): CVE-2012-0551
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16707
 
Oval ID: oval:org.mitre.oval:def:16707
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Deployment) 7 update 4 and earlier and 6 update 32 and earlier, and the GlassFish Enterprise Server component in Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Web Container or Deployment.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE 7 update 4 and earlier and 6 update 32 and earlier, and the GlassFish Enterprise Server component in Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Web Container or Deployment.
Family: windows Class: vulnerability
Reference(s): CVE-2012-0551
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21189
 
Oval ID: oval:org.mitre.oval:def:21189
Title: RHSA-2012:0323: httpd security update (Moderate)
Description: protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
Family: unix Class: patch
Reference(s): RHSA-2012:0323-01
CVE-2011-3607
CVE-2011-3639
CVE-2012-0031
CVE-2012-0053
Version: 55
Platform(s): Red Hat Enterprise Linux 5
Product(s): httpd
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20843
 
Oval ID: oval:org.mitre.oval:def:20843
Title: RHSA-2012:0128: httpd security update (Moderate)
Description: protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
Family: unix Class: patch
Reference(s): RHSA-2012:0128-01
CESA-2012:0128
CVE-2011-3607
CVE-2011-3639
CVE-2011-4317
CVE-2012-0031
CVE-2012-0053
Version: 68
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): httpd
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19191
 
Oval ID: oval:org.mitre.oval:def:19191
Title: HP-UX Running Apache, Remote Denial of Service (DoS), Local Increase of Privilege
Description: protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
Family: unix Class: vulnerability
Reference(s): CVE-2012-0053
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15373
 
Oval ID: oval:org.mitre.oval:def:15373
Title: DSA-2405-1 apache2 -- multiple issues
Description: Several vulnerabilities have been found in the Apache HTTPD Server: CVE-2011-3607: An integer overflow in ap_pregsub could allow local attackers to execute arbitrary code at elevated privileges via crafted .htaccess files. CVE-2011-3368 CVE-2011-3639 CVE-2011-4317: The Apache HTTP Server did not properly validate the request URI for proxied requests. In certain reverse proxy configurations using the ProxyPassMatch directive or using the RewriteRule directive with the [P] flag, a remote attacker could make the proxy connect to an arbitrary server. The could allow the attacker to access internal servers that are not otherwise accessible from the outside. The three CVE ids denote slightly different variants of the same issue. Note that, even with this issue fixed, it is the responsibility of the administrator to ensure that the regular expression replacement pattern for the target URI does not allow a client to append arbitrary strings to the host or port parts of the target URI. This is a violation of the privilege separation between the apache2 processes and could potentially be used to worsen the impact of other vulnerabilities. CVE-2012-0053: The response message for error code 400 could be used to expose &quot;httpOnly&quot; cookies. This could allow a remote attacker using cross site scripting to steal authentication cookies. For the oldstable distribution, these problems have been fixed in version apache2 2.2.9-10+lenny12. For the stable distribution, these problems have been fixed in version apache2 2.2.16-6+squeeze6 For the testing distribution, these problems will be fixed in version 2.2.22-1. For the unstable distribution, these problems have been fixed in version 2.2.22-1. We recommend that you upgrade your apache2 packages. This update also contains updated apache2-mpm-itk packages which have been recompiled against the updated apache2 packages. The new version number
Family: unix Class: patch
Reference(s): DSA-2405-1
CVE-2011-3607
CVE-2011-3368
CVE-2011-3639
CVE-2011-4317
CVE-2012-0031
CVE-2012-0053
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): apache2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15282
 
Oval ID: oval:org.mitre.oval:def:15282
Title: USN-1368-1 -- Apache HTTP Server vulnerabilities
Description: apache2: Apache HTTP server Several security issues were fixed in the Apache HTTP Server.
Family: unix Class: patch
Reference(s): USN-1368-1
CVE-2011-3607
CVE-2011-4317
CVE-2012-0021
CVE-2012-0031
CVE-2012-0053
Version: 5
Platform(s): Ubuntu 11.04
Ubuntu 11.10
Ubuntu 8.04
Ubuntu 10.04
Ubuntu 10.10
Product(s): Apache
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23836
 
Oval ID: oval:org.mitre.oval:def:23836
Title: ELSA-2012:0128: httpd security update (Moderate)
Description: protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
Family: unix Class: patch
Reference(s): ELSA-2012:0128-01
CVE-2011-3607
CVE-2011-3639
CVE-2011-4317
CVE-2012-0031
CVE-2012-0053
Version: 25
Platform(s): Oracle Linux 6
Product(s): httpd
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22998
 
Oval ID: oval:org.mitre.oval:def:22998
Title: ELSA-2012:0323: httpd security update (Moderate)
Description: protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
Family: unix Class: patch
Reference(s): ELSA-2012:0323-01
CVE-2011-3607
CVE-2011-3639
CVE-2012-0031
CVE-2012-0053
Version: 21
Platform(s): Oracle Linux 5
Product(s): httpd
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27894
 
Oval ID: oval:org.mitre.oval:def:27894
Title: DEPRECATED: ELSA-2012-0128 -- httpd security update (moderate)
Description: [2.2.15-15.0.1.el6_2.1] - replace index.html with Oracle's index page oracle_index.html update vstring in specfile [2.2.15-15.1] - add security fixes for CVE-2011-4317, CVE-2012-0053, CVE-2012-0031, CVE-2011-3607 (#787598) - obviates fix for CVE-2011-3638, patch removed
Family: unix Class: patch
Reference(s): ELSA-2012-0128
CVE-2011-3607
CVE-2011-3639
CVE-2011-4317
CVE-2012-0031
CVE-2012-0053
Version: 4
Platform(s): Oracle Linux 6
Product(s): httpd
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27320
 
Oval ID: oval:org.mitre.oval:def:27320
Title: DEPRECATED: ELSA-2012-0323 -- httpd security update (moderate)
Description: [2.2.3-63.0.1.el5_8.1] - Fix mod_ssl always performing full renegotiation (orabug 12423387) - replace index.html with Oracle's index page oracle_index.html - update vstring and distro in specfile [2.2.3-63.1] - add security fixes for CVE-2012-0053, CVE-2012-0031, CVE-2011-3607 (#787596) - remove patch for CVE-2011-3638, obviated by fix for CVE-2011-3639
Family: unix Class: patch
Reference(s): ELSA-2012-0323
CVE-2011-3607
CVE-2011-3639
CVE-2012-0031
CVE-2012-0053
Version: 4
Platform(s): Oracle Linux 5
Product(s): httpd
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16080
 
Oval ID: oval:org.mitre.oval:def:16080
Title: Oracle Outside In Contains Multiple Exploitable Vulnerability - CVE-2012-3217 (MS13-013)
Description: Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7.0 allows context-dependent attackers to affect availability, related to Outside In HTML Export SDK.
Family: windows Class: vulnerability
Reference(s): CVE-2012-3217
Version: 3
Platform(s): Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Product(s): Microsoft FAST Search Server 2010 for SharePoint
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15911
 
Oval ID: oval:org.mitre.oval:def:15911
Title: Oracle Outside In Contains Multiple Exploitable Vulnerabilities-II MS12-080
Description: Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7.0 allows context-dependent attackers to affect availability, related to Outside In HTML Export SDK.
Family: windows Class: vulnerability
Reference(s): CVE-2012-3217
Version: 3
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Product(s): Microsoft Exchange Server 2007
Microsoft Exchange Server 2010
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19890
 
Oval ID: oval:org.mitre.oval:def:19890
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows local users to affect confidentiality via unknown vectors related to printing on Solaris or Linux.
Family: unix Class: vulnerability
Reference(s): CVE-2012-1717
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16508
 
Oval ID: oval:org.mitre.oval:def:16508
Title: DEPRECATED: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Java Runtime Environment) 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows local users to affect confidentiality via unknown vectors related to printing on Solaris or Linux.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows local users to affect confidentiality via unknown vectors related to printing on Solaris or Linux.
Family: windows Class: vulnerability
Reference(s): CVE-2012-1717
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19659
 
Oval ID: oval:org.mitre.oval:def:19659
Title: CRITICAL PATCH UPDATE APRIL 2012
Description: Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to (1) bsmconv and (2) bsmunconv.
Family: unix Class: vulnerability
Reference(s): CVE-2012-0539
Version: 3
Platform(s): Sun Solaris 10
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16758
 
Oval ID: oval:org.mitre.oval:def:16758
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Locking). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server
Description: Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote attackers to affect availability via unknown vectors related to Server Locking.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0383
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): MySQL Server 5.1
MySQL Server 5.5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19228
 
Oval ID: oval:org.mitre.oval:def:19228
Title: CRITICAL PATCH UPDATE JANUARY 2013
Description: Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Utility/Umount.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0399
Version: 3
Platform(s): Sun Solaris 10
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15648
 
Oval ID: oval:org.mitre.oval:def:15648
Title: Oracle Outside In contains multiple exploitable vulnerabilities - X
Description: Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.
Family: windows Class: vulnerability
Reference(s): CVE-2012-3107
Version: 5
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Product(s): Microsoft Exchange Server 2007
Microsoft Exchange Server 2010
Microsoft FAST Search Server 2010 for SharePoint
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19817
 
Oval ID: oval:org.mitre.oval:def:19817
Title: HP-UX Running Apache, Remote Denial of Service (DoS), Local Increase of Privilege
Description: The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
Family: unix Class: vulnerability
Reference(s): CVE-2012-0021
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26047
 
Oval ID: oval:org.mitre.oval:def:26047
Title: SUSE-SU-2013:0469-1 -- Security update for apache2
Description: This Apache2 LTSS roll-up update for SUSE Linux Enterprise 10 SP3 LTSS fixes some security issues and bugs.
Family: unix Class: patch
Reference(s): SUSE-SU-2013:0469-1
CVE-2012-4557
CVE-2012-0883
CVE-2012-2687
CVE-2012-0031
CVE-2012-0053
CVE-2007-6750
CVE-2011-3639
CVE-2011-3368
CVE-2011-4317
CVE-2011-1473
CVE-2011-3607
CVE-2012-0021
Version: 3
Platform(s): SUSE Linux Enterprise Server 10
Product(s): apache2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25561
 
Oval ID: oval:org.mitre.oval:def:25561
Title: SUSE-SU-2013:0389-1 -- Security update for Apache
Description: This update fixes the following issues: * CVE-2012-4557: Denial of Service via special requests in mod_proxy_ajp * CVE-2012-0883: improper LD_LIBRARY_PATH handling * CVE-2012-2687: filename escaping problem
Family: unix Class: patch
Reference(s): SUSE-SU-2013:0389-1
CVE-2012-4557
CVE-2012-0883
CVE-2012-2687
CVE-2011-3368
CVE-2011-4317
CVE-2012-0021
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
Product(s): Apache
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25484
 
Oval ID: oval:org.mitre.oval:def:25484
Title: SUSE-SU-2013:0830-1 -- Security update for Apache
Description: Apache2 has been updated to fix multiple security issues.
Family: unix Class: patch
Reference(s): SUSE-SU-2013:0830-1
CVE-2012-4557
CVE-2012-0883
CVE-2012-2687
CVE-2012-4558
CVE-2012-3499
CVE-2011-3368
CVE-2011-4317
CVE-2012-0021
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
Product(s): Apache
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19621
 
Oval ID: oval:org.mitre.oval:def:19621
Title: CRITICAL PATCH UPDATE APRIL 2012
Description: Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality and integrity, related to libsasl.
Family: unix Class: vulnerability
Reference(s): CVE-2012-1694
Version: 3
Platform(s): Sun Solaris 10
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17255
 
Oval ID: oval:org.mitre.oval:def:17255
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server
Description: Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0368
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): MySQL Server 5.5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21000
 
Oval ID: oval:org.mitre.oval:def:21000
Title: RHSA-2013:0219: mysql security update (Moderate)
Description: Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
Family: unix Class: patch
Reference(s): RHSA-2013:0219-02
CESA-2013:0219
CVE-2012-0572
CVE-2012-0574
CVE-2012-1702
CVE-2012-1705
CVE-2013-0375
CVE-2013-0383
CVE-2013-0384
CVE-2013-0385
CVE-2013-0389
Version: 129
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): mysql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18161
 
Oval ID: oval:org.mitre.oval:def:18161
Title: USN-1703-1 -- mysql-5.1, mysql-5.5, mysql-dfsg-5.1 vulnerabilities
Description: Several security issues were fixed in MySQL.
Family: unix Class: patch
Reference(s): USN-1703-1
CVE-2012-0572
CVE-2012-0574
CVE-2012-0578
CVE-2012-1702
CVE-2012-1705
CVE-2012-5060
CVE-2012-5096
CVE-2012-5611
CVE-2012-5612
CVE-2013-0367
CVE-2013-0368
CVE-2013-0371
CVE-2013-0375
CVE-2013-0383
CVE-2013-0384
CVE-2013-0385
CVE-2013-0386
CVE-2013-0389
Version: 7
Platform(s): Ubuntu 12.10
Ubuntu 12.04
Ubuntu 11.10
Ubuntu 10.04
Product(s): mysql-5.5
mysql-5.1
mysql-dfsg-5.1
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16825
 
Oval ID: oval:org.mitre.oval:def:16825
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Optimizer). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS)
Description: Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0389
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): MySQL Server 5.1
MySQL Server 5.5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23738
 
Oval ID: oval:org.mitre.oval:def:23738
Title: ELSA-2013:0219: mysql security update (Moderate)
Description: Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
Family: unix Class: patch
Reference(s): ELSA-2013:0219-02
CVE-2012-0572
CVE-2012-0574
CVE-2012-1702
CVE-2012-1705
CVE-2013-0375
CVE-2013-0383
CVE-2013-0384
CVE-2013-0385
CVE-2013-0389
Version: 41
Platform(s): Oracle Linux 6
Product(s): mysql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27382
 
Oval ID: oval:org.mitre.oval:def:27382
Title: DEPRECATED: ELSA-2013-0219 -- mysql security update (moderate)
Description: [5.1.67-1] - Update to 5.1.67, for assorted upstream bugfixes including CVEs announced in January 2013 Resolves: #901380
Family: unix Class: patch
Reference(s): ELSA-2013-0219
CVE-2012-0572
CVE-2012-0574
CVE-2012-1702
CVE-2012-1705
CVE-2013-0375
CVE-2013-0383
CVE-2013-0384
CVE-2013-0385
CVE-2013-0389
Version: 4
Platform(s): Oracle Linux 6
Product(s): mysql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19868
 
Oval ID: oval:org.mitre.oval:def:19868
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, 1.4.2_37 and earlier, and JavaFX 2.1 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Family: unix Class: vulnerability
Reference(s): CVE-2012-1713
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16502
 
Oval ID: oval:org.mitre.oval:def:16502
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: 2D) 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, 1.4.2_37 and earlier, and JavaFX 2.1 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, 1.4.2_37 and earlier, and JavaFX 2.1 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Family: windows Class: vulnerability
Reference(s): CVE-2012-1713
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
JavaFX
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15721
 
Oval ID: oval:org.mitre.oval:def:15721
Title: Oracle Outside In contains multiple exploitable vulnerabilities - IV
Description: Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.
Family: windows Class: vulnerability
Reference(s): CVE-2012-1769
Version: 5
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Product(s): Microsoft Exchange Server 2007
Microsoft Exchange Server 2010
Microsoft FAST Search Server 2010 for SharePoint
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22047
 
Oval ID: oval:org.mitre.oval:def:22047
Title: The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to obtain the session key and salt for arbitrary users, which leaks information about the cryptographic hash and makes it easier to conduct brute force password guessing attacks, aka "stealth password cracking vulnerability."
Description: The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to obtain the session key and salt for arbitrary users, which leaks information about the cryptographic hash and makes it easier to conduct brute force password guessing attacks, aka "stealth password cracking vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2012-3137
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Oracle Database Server
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19635
 
Oval ID: oval:org.mitre.oval:def:19635
Title: CRITICAL PATCH UPDATE JULY 2012
Description: Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect integrity via unknown vectors related to Branded Zone.
Family: unix Class: vulnerability
Reference(s): CVE-2012-1765
Version: 3
Platform(s): Sun Solaris 10
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19763
 
Oval ID: oval:org.mitre.oval:def:19763
Title: CRITICAL PATCH UPDATE JULY 2012
Description: Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows remote attackers to affect availability via unknown vectors related to in.tnamed and NameServer.
Family: unix Class: vulnerability
Reference(s): CVE-2012-3121
Version: 3
Platform(s): Sun Solaris 10
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19917
 
Oval ID: oval:org.mitre.oval:def:19917
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, 1.4.2_38 and earlier, and JavaFX 2.2 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Family: unix Class: vulnerability
Reference(s): CVE-2012-5083
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16544
 
Oval ID: oval:org.mitre.oval:def:16544
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, 1.4.2_38 and earlier, and JavaFX 2.2 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, 1.4.2_38 and earlier, and JavaFX 2.2 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Family: windows Class: vulnerability
Reference(s): CVE-2012-5083
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
JavaFX
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22123
 
Oval ID: oval:org.mitre.oval:def:22123
Title: RHSA-2011:1392: httpd security and bug fix update (Moderate)
Description: The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
Family: unix Class: patch
Reference(s): RHSA-2011:1392-01
CESA-2011:1392
CVE-2011-3368
Version: 4
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): httpd
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21452
 
Oval ID: oval:org.mitre.oval:def:21452
Title: RHSA-2011:1391: httpd security and bug fix update (Moderate)
Description: The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
Family: unix Class: patch
Reference(s): RHSA-2011:1391-01
CVE-2011-3348
CVE-2011-3368
Version: 29
Platform(s): Red Hat Enterprise Linux 6
Product(s): httpd
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23761
 
Oval ID: oval:org.mitre.oval:def:23761
Title: ELSA-2011:1391: httpd security and bug fix update (Moderate)
Description: The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
Family: unix Class: patch
Reference(s): ELSA-2011:1391-01
CVE-2011-3348
CVE-2011-3368
Version: 13
Platform(s): Oracle Linux 6
Product(s): httpd
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23276
 
Oval ID: oval:org.mitre.oval:def:23276
Title: ELSA-2011:1392: httpd security and bug fix update (Moderate)
Description: The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
Family: unix Class: patch
Reference(s): ELSA-2011:1392-01
CVE-2011-3368
Version: 6
Platform(s): Oracle Linux 5
Product(s): httpd
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28122
 
Oval ID: oval:org.mitre.oval:def:28122
Title: DEPRECATED: ELSA-2011-1391 -- httpd security and bug fix update (moderate)
Description: [2.2.15-9.0.1.el6_1.3] - replace index.html with Oracle's index page - update vstring in specfile [2.2.15-9.3] - add security fixes for CVE-2011-3347, CVE-2011-3368 (#743901) - fix regressions in CVE-2011-3192 patch (#736592)
Family: unix Class: patch
Reference(s): ELSA-2011-1391
CVE-2011-3348
CVE-2011-3368
Version: 4
Platform(s): Oracle Linux 6
Product(s): httpd
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19443
 
Oval ID: oval:org.mitre.oval:def:19443
Title: CRITICAL PATCH UPDATE APRIL 2012
Description: Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Kernel/sockfs.
Family: unix Class: vulnerability
Reference(s): CVE-2012-1681
Version: 3
Platform(s): Sun Solaris 10
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19777
 
Oval ID: oval:org.mitre.oval:def:19777
Title: CRITICAL PATCH UPDATE OCTOBER 2012
Description: Unspecified vulnerability in Oracle Sun Solaris 10 and 11, when running on SPARC, allows local users to affect integrity and availability via unknown vectors related to Logical Domain (LDOM).
Family: unix Class: vulnerability
Reference(s): CVE-2012-3209
Version: 3
Platform(s): Sun Solaris 10
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19164
 
Oval ID: oval:org.mitre.oval:def:19164
Title: CRITICAL PATCH UPDATE APRIL 2013
Description: Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Kernel/IO, a different vulnerability than CVE-2013-1498.
Family: unix Class: vulnerability
Reference(s): CVE-2013-1496
Version: 3
Platform(s): Sun Solaris 10
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9403
 
Oval ID: oval:org.mitre.oval:def:9403
Title: The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
Description: The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1890
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8616
 
Oval ID: oval:org.mitre.oval:def:8616
Title: Apache 'mod_proxy' Remote Denial Of Service Vulnerability
Description: The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1890
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows 7
Product(s): Apache
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13643
 
Oval ID: oval:org.mitre.oval:def:13643
Title: USN-802-2 -- apache2 regression
Description: USN-802-1 fixed vulnerabilities in Apache. The upstream fix for CVE-2009-1891 introduced a regression that would cause Apache children to occasionally segfault when mod_deflate is used. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that mod_proxy_http did not properly handle a large amount of streamed data when used as a reverse proxy. A remote attacker could exploit this and cause a denial of service via memory resource consumption. This issue affected Ubuntu 8.04 LTS, 8.10 and 9.04. It was discovered that mod_deflate did not abort compressing large files when the connection was closed. A remote attacker could exploit this and cause a denial of service via CPU resource consumption
Family: unix Class: patch
Reference(s): USN-802-2
CVE-2009-1891
CVE-2009-1890
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 9.04
Ubuntu 6.06
Ubuntu 8.10
Product(s): apache2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12330
 
Oval ID: oval:org.mitre.oval:def:12330
Title: HP-UX Apache-based Web Server, Local Information Disclosure, Increase of Privilege, Remote Denial of Service (DoS)
Description: The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1890
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17175
 
Oval ID: oval:org.mitre.oval:def:17175
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Replication). Supported versions that are affected are 5.1.66 and earlier and 5.1.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all MySQL Server accessible data as well as read access to all MySQL Server accessible data
Description: Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.1.28 and earlier, allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0375
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): MySQL Server 5.1
MySQL Server 5.5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19557
 
Oval ID: oval:org.mitre.oval:def:19557
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Family: unix Class: vulnerability
Reference(s): CVE-2012-0497
Version: 10
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14772
 
Oval ID: oval:org.mitre.oval:def:14772
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Family: windows Class: vulnerability
Reference(s): CVE-2012-0497
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6931
 
Oval ID: oval:org.mitre.oval:def:6931
Title: Apache 'mod_proxy_http' Timeout Detection Vulnerability
Description: mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
Family: windows Class: vulnerability
Reference(s): CVE-2010-2068
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows 7
Product(s): Apache
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11491
 
Oval ID: oval:org.mitre.oval:def:11491
Title: DEPRECATED: Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
Description: mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
Family: windows Class: vulnerability
Reference(s): CVE-2010-2068
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows 7
Product(s): Apache
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19303
 
Oval ID: oval:org.mitre.oval:def:19303
Title: CRITICAL PATCH UPDATE OCTOBER 2012
Description: Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel.
Family: unix Class: vulnerability
Reference(s): CVE-2012-3187
Version: 3
Platform(s): Sun Solaris 10
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22627
 
Oval ID: oval:org.mitre.oval:def:22627
Title: Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to affect availability via unknown vectors.
Description: Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to affect availability via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1554
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Oracle Database Server
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17186
 
Oval ID: oval:org.mitre.oval:def:17186
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server
Description: Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote attackers to affect availability via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2012-1702
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): MySQL Server 5.1
MySQL Server 5.5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22615
 
Oval ID: oval:org.mitre.oval:def:22615
Title: Unspecified vulnerability in the Workload Manager component in Oracle Database Server 11.2.0.2 and 11.2.0.3, when used in RAC configurations, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Description: Unspecified vulnerability in the Workload Manager component in Oracle Database Server 11.2.0.2 and 11.2.0.3, when used in RAC configurations, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1534
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Oracle Database Server
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8194
 
Oval ID: oval:org.mitre.oval:def:8194
Title: DSA-1812 apr-util -- denial of service
Description: Apr-util, the Apache Portable Runtime Utility library, is used by Apache 2.x, Subversion, and other applications. Two denial of service vulnerabilities have been found in apr-util: "kcope" discovered a flaw in the handling of internal XML entities in the apr_xml_* interface that can be exploited to use all available memory. This denial of service can be triggered remotely in the Apache mod_dav and mod_dav_svn modules. (No CVE id yet) Matthew Palmer discovered an underflow flaw in the apr_strmatch_precompile function that can be exploited to cause a daemon crash. The vulnerability can be triggered (1) remotely in mod_dav_svn for Apache if the "SVNMasterURI" directive is in use, (2) remotely in mod_apreq2 for Apache or other applications using libapreq2, or (3) locally in Apache by a crafted ".htaccess" file. Other exploit paths in other applications using apr-util may exist. If you use Apache, or if you use svnserver in standalone mode, you need to restart the services after you upgraded the libaprutil1 package. The oldstable distribution (etch), these problems have been fixed in version 1.2.7+dfsg-2+etch2.
Family: unix Class: patch
Reference(s): DSA-1812
CVE-2009-0023
Version: 3
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): apr-util
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13171
 
Oval ID: oval:org.mitre.oval:def:13171
Title: DSA-1812-1 apr-util -- denial of service
Description: Apr-util, the Apache Portable Runtime Utility library, is used by Apache 2.x, Subversion, and other applications. Two denial of service vulnerabilities have been found in apr-util: &quot;kcope&quot; discovered a flaw in the handling of internal XML entities in the apr_xml_* interface that can be exploited to use all available memory. This denial of service can be triggered remotely in the Apache mod_dav and mod_dav_svn modules. Matthew Palmer discovered an underflow flaw in the apr_strmatch_precompile function that can be exploited to cause a daemon crash. The vulnerability can be triggered remotely in mod_dav_svn for Apache if the &quot;SVNMasterURI&quot;directive is in use, remotely in mod_apreq2 for Apache or other applications using libapreq2, or locally in Apache by a crafted &quot;.htaccess&quot; file. Other exploit paths in other applications using apr-util may exist. If you use Apache, or if you use svnserve in standalone mode, you need to restart the services after you upgraded the libaprutil1 package. For the stable distribution, these problems have been fixed in version 1.2.12+dfsg-8+lenny2. The oldstable distribution, these problems have been fixed in version 1.2.7+dfsg-2+etch2. For the testing distribution and the unstable distribution, these problems will be fixed soon. We recommend that you upgrade your apr-util packages.
Family: unix Class: patch
Reference(s): DSA-1812-1
CVE-2009-0023
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): apr-util
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12321
 
Oval ID: oval:org.mitre.oval:def:12321
Title: HP-UX Apache-based Web Server, Local Information Disclosure, Increase of Privilege, Remote Denial of Service (DoS)
Description: The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0023
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10968
 
Oval ID: oval:org.mitre.oval:def:10968
Title: The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
Description: The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0023
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15608
 
Oval ID: oval:org.mitre.oval:def:15608
Title: Oracle Outside In contains multiple exploitable vulnerabilities - IX
Description: Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.
Family: windows Class: vulnerability
Reference(s): CVE-2012-3106
Version: 5
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Product(s): Microsoft Exchange Server 2007
Microsoft Exchange Server 2010
Microsoft FAST Search Server 2010 for SharePoint
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19651
 
Oval ID: oval:org.mitre.oval:def:19651
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect availability via unknown vectors related to Security.
Family: unix Class: vulnerability
Reference(s): CVE-2012-1718
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15923
 
Oval ID: oval:org.mitre.oval:def:15923
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Security) 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect availability via unknown vectors related to Security.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect availability via unknown vectors related to Security.
Family: windows Class: vulnerability
Reference(s): CVE-2012-1718
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19716
 
Oval ID: oval:org.mitre.oval:def:19716
Title: CRITICAL PATCH UPDATE APRIL 2012
Description: Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability, related to SCTP.
Family: unix Class: vulnerability
Reference(s): CVE-2012-1692
Version: 3
Platform(s): Sun Solaris 10
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17077
 
Oval ID: oval:org.mitre.oval:def:17077
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Partition). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server
Description: Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Partition.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0367
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): MySQL Server 5.5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22002
 
Oval ID: oval:org.mitre.oval:def:22002
Title: RHSA-2011:1245: httpd security update (Important)
Description: The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
Family: unix Class: patch
Reference(s): RHSA-2011:1245-01
CVE-2011-3192
Version: 4
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Product(s): httpd
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18827
 
Oval ID: oval:org.mitre.oval:def:18827
Title: Apache HTTP vulnerability 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 in VisualSVN Server (CVE-2011-3192)
Description: The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
Family: windows Class: vulnerability
Reference(s): CVE-2011-3192
Version: 5
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): VisualSVN Server
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15347
 
Oval ID: oval:org.mitre.oval:def:15347
Title: USN-1199-1 -- Apache vulnerability
Description: apache2: Apache HTTP server A remote attacker could send crafted input to Apache and cause it to crash.
Family: unix Class: patch
Reference(s): USN-1199-1
CVE-2011-3192
Version: 5
Platform(s): Ubuntu 11.04
Ubuntu 8.04
Ubuntu 10.04
Ubuntu 10.10
Product(s): Apache
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15145
 
Oval ID: oval:org.mitre.oval:def:15145
Title: DSA-2298-1 apache2 -- denial of service
Description: Two issues have been found in the Apache HTTPD web server: CVE-2011-3192 A vulnerability has been found in the way the multiple overlapping ranges are handled by the Apache HTTPD server. This vulnerability allows an attacker to cause Apache HTTPD to use an excessive amount of memory, causing a denial of service. CVE-2010-1452 A vulnerability has been found in mod_dav that allows an attacker to cause a daemon crash, causing a denial of service. This issue only affects the Debian 5.0 oldstable/lenny distribution. For the oldstable distribution, these problems have been fixed in version 2.2.9-10+lenny10. For the stable distribution, this problem has been fixed in version 2.2.16-6+squeeze2. For the testing distribution, this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 2.2.19-2. We recommend that you upgrade your apache2 packages. This update also contains updated apache2-mpm-itk packages which have been recompiled against the updated apache2 packages. The new version number
Family: unix Class: patch
Reference(s): DSA-2298-1
CVE-2010-1452
CVE-2011-3192
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): apache2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15135
 
Oval ID: oval:org.mitre.oval:def:15135
Title: DSA-2298-2 apache2 -- denial of service
Description: The apache2 Upgrade from DSA-2298-1 has caused a regression that prevented some video players from seeking in video files served by Apache HTTPD. This update fixes this bug. The text of the original advisory is reproduced for reference: Two issues have been found in the Apache HTTPD web server: CVE-2011-3192 A vulnerability has been found in the way the multiple overlapping ranges are handled by the Apache HTTPD server. This vulnerability allows an attacker to cause Apache HTTPD to use an excessive amount of memory, causing a denial of service. CVE-2010-1452 A vulnerability has been found in mod_dav that allows an attacker to cause a daemon crash, causing a denial of service. This issue only affects the Debian 5.0 oldstable/lenny distribution. The regression has been fixed in the following packages: For the oldstable distribution, this problem has been fixed in version 2.2.9-10+lenny11. For the stable distribution, this problem has been fixed in version 2.2.16-6+squeeze3. For the testing distribution, this problem will be fixed in version 2.2.20-1. For the unstable distribution, this problem has been fixed in version 2.2.20-1. We recommend that you upgrade your apache2 packages. This update also contains updated apache2-mpm-itk packages which have been recompiled against the updated apache2 packages. The new version number
Family: unix Class: patch
Reference(s): DSA-2298-2
CVE-2010-1452
CVE-2011-3192
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): apache2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14824
 
Oval ID: oval:org.mitre.oval:def:14824
Title: HP-UX Apache Web Server, Remote Denial of Service (DoS)
Description: The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
Family: unix Class: vulnerability
Reference(s): CVE-2011-3192
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14762
 
Oval ID: oval:org.mitre.oval:def:14762
Title: HP-UX Apache Web Server, Remote Denial of Service (DoS)
Description: The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
Family: unix Class: vulnerability
Reference(s): CVE-2011-3192
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23476
 
Oval ID: oval:org.mitre.oval:def:23476
Title: ELSA-2011:1245: httpd security update (Important)
Description: The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
Family: unix Class: patch
Reference(s): ELSA-2011:1245-01
CVE-2011-3192
Version: 6
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): httpd
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22855
 
Oval ID: oval:org.mitre.oval:def:22855
Title: DEPRECATED: ELSA-2011:1245: httpd security update (Important)
Description: The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
Family: unix Class: patch
Reference(s): ELSA-2011:1245-01
CVE-2011-3192
Version: 7
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): httpd
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19409
 
Oval ID: oval:org.mitre.oval:def:19409
Title: CRITICAL PATCH UPDATE APRIL 2013
Description: Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Remote Execution Service.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0413
Version: 3
Platform(s): Sun Solaris 10
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19597
 
Oval ID: oval:org.mitre.oval:def:19597
Title: CRITICAL PATCH UPDATE OCTOBER 2012
Description: Unspecified vulnerability in Oracle Sun Solaris 10 and 11, when running on SPARC, allows local users to affect confidentiality via unknown vectors related to Kernel.
Family: unix Class: vulnerability
Reference(s): CVE-2012-3215
Version: 3
Platform(s): Sun Solaris 10
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19800
 
Oval ID: oval:org.mitre.oval:def:19800
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier; and JavaFX 2.0.2 and earlier; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Family: unix Class: vulnerability
Reference(s): CVE-2012-0499
Version: 10
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14878
 
Oval ID: oval:org.mitre.oval:def:14878
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier; and JavaFX 2.0.2 and earlier; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier; and JavaFX 2.0.2 and earlier; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Family: windows Class: vulnerability
Reference(s): CVE-2012-0499
Version: 9
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19599
 
Oval ID: oval:org.mitre.oval:def:19599
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect availability via unknown vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2012-0501
Version: 10
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15069
 
Oval ID: oval:org.mitre.oval:def:15069
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect availability via unknown vectors.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect availability via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2012-0501
Version: 9
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19370
 
Oval ID: oval:org.mitre.oval:def:19370
Title: CRITICAL PATCH UPDATE JANUARY 2013
Description: Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the Bind/Postinstall script for Bind package.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0415
Version: 3
Platform(s): Sun Solaris 10
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18818
 
Oval ID: oval:org.mitre.oval:def:18818
Title: CRITICAL PATCH UPDATE APRIL 2013
Description: Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect integrity and availability via unknown vectors related to Utility/pax.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0412
Version: 3
Platform(s): Sun Solaris 10
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19400
 
Oval ID: oval:org.mitre.oval:def:19400
Title: CRITICAL PATCH UPDATE JANUARY 2013
Description: Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Kernel/DTrace Framework.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0407
Version: 3
Platform(s): Sun Solaris 10
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15804
 
Oval ID: oval:org.mitre.oval:def:15804
Title: Oracle Outside In contains multiple exploitable vulnerabilities - XI
Description: Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.
Family: windows Class: vulnerability
Reference(s): CVE-2012-3108
Version: 5
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Product(s): Microsoft Exchange Server 2007
Microsoft Exchange Server 2010
Microsoft FAST Search Server 2010 for SharePoint
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19359
 
Oval ID: oval:org.mitre.oval:def:19359
Title: CRITICAL PATCH UPDATE JANUARY 2013
Description: Unspecified vulnerability Oracle Sun Solaris 10 allows local users to affect confidentiality and integrity via unknown vectors related to Install/smpatch.
Family: unix Class: vulnerability
Reference(s): CVE-2012-0569
Version: 3
Platform(s): Sun Solaris 10
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19585
 
Oval ID: oval:org.mitre.oval:def:19585
Title: CRITICAL PATCH UPDATE JULY 2012
Description: Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect integrity via unknown vectors related to Solaris Management Console.
Family: unix Class: vulnerability
Reference(s): CVE-2012-3112
Version: 3
Platform(s): Sun Solaris 10
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19224
 
Oval ID: oval:org.mitre.oval:def:19224
Title: CRITICAL PATCH UPDATE APRIL 2013
Description: Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect integrity via unknown vectors via vectors related to Kernel/IPsec.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0406
Version: 3
Platform(s): Sun Solaris 10
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19581
 
Oval ID: oval:org.mitre.oval:def:19581
Title: CRITICAL PATCH UPDATE OCTOBER 2012
Description: Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability, related to Kernel/RCTL.
Family: unix Class: vulnerability
Reference(s): CVE-2012-3208
Version: 3
Platform(s): Sun Solaris 10
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19675
 
Oval ID: oval:org.mitre.oval:def:19675
Title: CRITICAL PATCH UPDATE APRIL 2012
Description: Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Password Policy.
Family: unix Class: vulnerability
Reference(s): CVE-2012-1684
Version: 3
Platform(s): Sun Solaris 10
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19546
 
Oval ID: oval:org.mitre.oval:def:19546
Title: CRITICAL PATCH UPDATE APRIL 2012
Description: Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to gssd.
Family: unix Class: vulnerability
Reference(s): CVE-2012-1683
Version: 3
Platform(s): Sun Solaris 10
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19142
 
Oval ID: oval:org.mitre.oval:def:19142
Title: CRITICAL PATCH UPDATE OCTOBER 2012
Description: Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Kernel/System Call.
Family: unix Class: vulnerability
Reference(s): CVE-2012-3211
Version: 3
Platform(s): Sun Solaris 10
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13813
 
Oval ID: oval:org.mitre.oval:def:13813
Title: USN-787-1 -- apache2 vulnerabilities
Description: Matthew Palmer discovered an underflow flaw in apr-util as included in Apache. An attacker could cause a denial of service via application crash in Apache using a crafted SVNMasterURI directive, .htaccess file, or when using mod_apreq2. This issue only affected Ubuntu 6.06 LTS. Sander de Boer discovered that mod_proxy_ajp would reuse connections when a client closed a connection without sending a request body. A remote attacker could exploit this to obtain sensitive response data. This issue only affected Ubuntu 9.04. Jonathan Peatfield discovered that Apache did not process Includes options correctly. With certain configurations of Options and AllowOverride, a local attacker could use an .htaccess file to override intended restrictions and execute arbitrary code via a Server-Side-Include file. This issue affected Ubuntu 8.04 LTS, 8.10 and 9.04. It was discovered that the XML parser did not properly handle entity expansion. A remote attacker could cause a denial of service via memory resource consumption by sending a crafted request to an Apache server configured to use mod_dav or mod_dav_svn. This issue only affected Ubuntu 6.06 LTS. C. Michael Pilato discovered an off-by-one buffer overflow in apr-util when formatting certain strings. For big-endian machines, a remote attacker could cause a denial of service or information disclosure leak. All other architectures for Ubuntu are not considered to be at risk. This issue only affected Ubuntu 6.06 LTS
Family: unix Class: patch
Reference(s): USN-787-1
CVE-2009-0023
CVE-2009-1191
CVE-2009-1195
CVE-2009-1955
CVE-2009-1956
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 9.04
Ubuntu 6.06
Ubuntu 8.10
Product(s): apache2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13719
 
Oval ID: oval:org.mitre.oval:def:13719
Title: USN-786-1 -- apr-util vulnerabilities
Description: Matthew Palmer discovered an underflow flaw in apr-util. An attacker could cause a denial of service via application crash in Apache using a crafted SVNMasterURI directive, .htaccess file, or when using mod_apreq2. Applications using libapreq2 are also affected. It was discovered that the XML parser did not properly handle entity expansion. A remote attacker could cause a denial of service via memory resource consumption by sending a crafted request to an Apache server configured to use mod_dav or mod_dav_svn. C. Michael Pilato discovered an off-by-one buffer overflo