10 - SUN-248586

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Summary
Title	Sun Alert 248586 Multiple Security Vulnerabilities in the Flash Player Plugin for Solaris

Informations
Name	SUN-248586	First vendor Publication	2009-01-06
Vendor	Sun	Last vendor Modification	2009-01-12
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	10	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Product: Solaris 10 Operating System OpenSolaris

Multiple security vulnerabilities in the Flash Player plugin distributed with Solaris may allow a remote unprivileged user the ability to execute arbitrary code with the privileges of a local user on the system while loading a malicious SWF file with the affected plugin. In addition, the Flash Player plugin may allow a remote user to bypass the Security Sandbox Model, modify the clipboard with a URL, allow cross-site scripting attacks, inject arbitrary web script or HTML, obtain sensitive data, conduct DNS rebinding and hijack the camera or microphone while loading a malicious SWF file with the affected plugin.

Additional information regarding these issues are available at:

ABSP08-22 at: http://www.adobe.com/support/security/bulletins/apsb08-22.html
APSB08-20 at: http://www.adobe.com/support/security/bulletins/apsb08-20.html
APSB08-18 at: http://www.adobe.com/support/security/bulletins/apsb08-18.html
APSA08-08 at: http://www.adobe.com/support/security/advisories/apsa08-08.html
CVE-2008-4818 at: http://www.security-database.com/detail.php?cve=CVE-2008-4818
CVE-2008-4819 at: http://www.security-database.com/detail.php?cve=CVE-2008-4819
CVE-2008-4820 at: http://www.security-database.com/detail.php?cve=CVE-2008-4820
CVE-2008-4821 at: http://www.security-database.com/detail.php?cve=CVE-2008-4821
CVE-2008-4822 at: http://www.security-database.com/detail.php?cve=CVE-2008-4822
CVE-2008-4823 at: http://www.security-database.com/detail.php?cve=CVE-2008-4823
CVE-2008-4824 at: http://www.security-database.com/detail.php?cve=CVE-2008-4824
CVE-2007-6243 at: http://www.security-database.com/detail.php?cve=CVE-2007-6243
CVE-2008-3873 at: http://www.security-database.com/detail.php?cve=CVE-2008-3873
CVE-2007-4324 at: http://www.security-database.com/detail.php?cve=CVE-2007-4324
CVE-2008-4401 at: http://www.security-database.com/detail.php?cve=CVE-2008-4401
CVE-2008-4503 at: http://www.security-database.com/detail.php?cve=CVE-2008-4503
CVE-2008-5361 at: http://www.security-database.com/detail.php?cve=CVE-2008-5361
CVE-2008-5362 at: http://www.security-database.com/detail.php?cve=CVE-2008-5362
CVE-2008-5363 at: http://www.security-database.com/detail.php?cve=CVE-2008-5363

State: Resolved

First released: 06-Jan-2009

Sun Alert Link:http://sunsolve.sun.com/search/document.do?assetkey=1-66-248586-1

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_248586_multiple_security

CWE : Common Weakness Enumeration

%	Id	Name
31 %	CWE-264	Permissions, Privileges, and Access Controls
23 %	CWE-20	Improper Input Validation
15 %	CWE-399	Resource Management Errors
15 %	CWE-200	Information Exposure
15 %	CWE-79	Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10987

Oval ID:	oval:org.mitre.oval:def:10987
Title:	PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
Description:	PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2007-1349	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section mod_perl-devel is earlier than 0:1.99_09-12.ent AND mod_perl is earlier than 0:1.99_09-12.ent OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section mod_perl-devel is earlier than 0:1.99_16-4.5 AND mod_perl is earlier than 0:1.99_16-4.5 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section mod_perl-devel is earlier than 0:2.0.2-6.3.el5 AND mod_perl is earlier than 0:2.0.2-6.3.el5

Definition Id: oval:org.mitre.oval:def:11069

Oval ID:	oval:org.mitre.oval:def:11069
Title:	Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct cross-domain and cross-site scripting (XSS) attacks.
Description:	Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct cross-domain and cross-site scripting (XSS) attacks.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2007-6243	Version:	3
Platform(s):	Red Hat Enterprise Linux Extras 3 Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5	Product(s):
Definition Synopsis:
IF redhat-release is version 3 AND flash-plugin is earlier than 0:9.0.124.0-1.el3.with.oss OR redhat-release is version 4 AND flash-plugin is earlier than 0:9.0.124.0-1.el4 OR redhat-release is version 5 AND flash-plugin is earlier than 0:9.0.124.0-1.el5

Definition Id: oval:org.mitre.oval:def:11874

Oval ID:	oval:org.mitre.oval:def:11874
Title:	ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0, and other versions and other 9.0.124.0 and earlier versions, allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts via a Flash (SWF) movie that specifies a connection to make, then uses timing discrepancies from the SecurityErrorEvent error to determine whether a port is open or not. NOTE: 9.0.115.0 introduces support for a workaround, but does not fix the vulnerability.
Description:	ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0, and other versions and other 9.0.124.0 and earlier versions, allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts via a Flash (SWF) movie that specifies a connection to make, then uses timing discrepancies from the SecurityErrorEvent error to determine whether a port is open or not. NOTE: 9.0.115.0 introduces support for a workaround, but does not fix the vulnerability.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2007-4324	Version:	3
Platform(s):	Red Hat Enterprise Linux Extras 3 Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5	Product(s):
Definition Synopsis:
IF redhat-release is version 3 AND flash-plugin is earlier than 0:9.0.115.0-1.el3.with.oss OR redhat-release is version 4 AND flash-plugin is earlier than 0:9.0.115.0-1.el4 OR redhat-release is version 5 AND flash-plugin is earlier than 0:9.0.115.0-1.el5

Definition Id: oval:org.mitre.oval:def:21702

Oval ID:	oval:org.mitre.oval:def:21702
Title:	ELSA-2007:0395: mod_perl security update (Low)
Description:	PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
Family:	unix	Class:	patch
Reference(s):	ELSA-2007:0395-02 CVE-2007-1349	Version:	6
Platform(s):	Oracle Linux 5	Product(s):	mod_perl
Definition Synopsis:
Oracle Linux 5.x rpm test mod_perl-devel is earlier than 0:2.0.2-6.3.el5 AND mod_perl is earlier than 0:2.0.2-6.3.el5

Definition Id: oval:org.mitre.oval:def:22730

Oval ID:	oval:org.mitre.oval:def:22730
Title:	ELSA-2008:0945: flash-plugin security update (Critical)
Description:	The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, does not validate character elements during retrieval from the dictionary data structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF file.
Family:	unix	Class:	patch
Reference(s):	ELSA-2008:0945-02 CVE-2007-4324 CVE-2007-6243 CVE-2008-3873 CVE-2008-4401 CVE-2008-4503 CVE-2008-4818 CVE-2008-4819 CVE-2008-4821 CVE-2008-4822 CVE-2008-4823 CVE-2008-4824 CVE-2008-5361 CVE-2008-5362 CVE-2008-5363	Version:	61
Platform(s):	Oracle Linux 5	Product(s):	flash-plugin
Definition Synopsis:
Oracle Linux 5.x AND flash-plugin is earlier than 0:10.0.12.36-2.el5

Definition Id: oval:org.mitre.oval:def:24854

Oval ID:	oval:org.mitre.oval:def:24854
Title:	ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0, and other versions and other 9.0.124.0 and earlier versions, allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts via a Flash (SWF) movie that specifies a connection to make, then uses timing discrepancies from the SecurityErrorEvent error to determine whether a port is open or not
Description:	ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0, and other versions and other 9.0.124.0 and earlier versions, allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts via a Flash (SWF) movie that specifies a connection to make, then uses timing discrepancies from the SecurityErrorEvent error to determine whether a port is open or not. NOTE: 9.0.115.0 introduces support for a workaround, but does not fix the vulnerability.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2007-4324	Version:	10
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2	Product(s):	Adobe Flash Player
Definition Synopsis:
Adobe Flash Player section Adobe Flash Player 9 is installed AND Adobe Flash Player version is less than or equal 9.0.124.0 OR Flash.ocx section ActiveX Control is installed AND Determine if the version of Flash.ocx is less than or equal 9.0.124.0 AND Determine if the version of Flash.ocx is greater than or equal 9.0

Definition Id: oval:org.mitre.oval:def:24909

Oval ID:	oval:org.mitre.oval:def:24909
Title:	Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct cross-domain and cross-site scripting (XSS) attacks.
Description:	Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct cross-domain and cross-site scripting (XSS) attacks.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2007-6243	Version:	7
Platform(s):	Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2	Product(s):	Adobe Flash Player
Definition Synopsis:
Adobe Flash Player section Adobe Flash Player 9 is installed AND Adobe Flash Player version is less than or equal 9.0.48.0 OR Flash.ocx section ActiveX Control is installed AND Determine if the version of Flash.ocx is less than or equal 9.0.48.0 AND Determine if the version of Flash.ocx is greater than or equal 9.0

Definition Id: oval:org.mitre.oval:def:8349

Oval ID:	oval:org.mitre.oval:def:8349
Title:	Security Vulnerabilities in the Apache 2 "mod_perl2" Module Components "PerlRun.pm" May Lead to Denial of Service (DoS) or Unauthorized Access to Data
Description:	PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2007-1349	Version:	2
Platform(s):	Sun Solaris 10	Product(s):
Definition Synopsis:
Software Section Solaris 10 (SPARC) meets Sun Alert 272230 Solaris 10 (SPARC) is installed AND NOT Patch 120543-15 or later installed OR Solaris 10 (x86) meets Sun Alert 272230 Solaris 10 (x86) is installed AND NOT Patch 120544-15 or later installed AND Configuration Section Solaris 10 bundled Apache 2.0 web server service is enable AND PerlRun.pm component is used

CPE : Common Platform Enumeration

Type	Description	Count
Application	Adobe Air cpe:2.3:a:adobe:air:1.1:::::::* cpe:2.3:a:adobe:air:1.01:::::::* cpe:2.3:a:adobe:air:1.0:::::::* cpe:2.3:a:adobe:air::::::::	4
Application	Adobe Flash Player cpe:2.3:a:adobe:flash_player:10.0.2.54:::::::* cpe:2.3:a:adobe:flash_player:10.0.12.10:::::::* cpe:2.3:a:adobe:flash_player:10.0.0.584:::::::* cpe:2.3:a:adobe:flash_player:10:::::::* cpe:2.3:a:adobe:flash_player:9.125.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.9.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.8.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.48.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.47.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.45.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.31.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.31:::::::* cpe:2.3:a:adobe:flash_player:9.0.283.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.280:::::::* cpe:2.3:a:adobe:flash_player:9.0.28.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.28.0::mac_os_x::::: cpe:2.3:a:adobe:flash_player:9.0.28:::::::* cpe:2.3:a:adobe:flash_player:9.0.277.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.262.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.260.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.246.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.20.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.20:::::::* cpe:2.3:a:adobe:flash_player:9.0.18d60:::::::* cpe:2.3:a:adobe:flash_player:9.0.16.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.16:::::::* cpe:2.3:a:adobe:flash_player:9.0.16::windows::::: cpe:2.3:a:adobe:flash_player:9.0.159.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.155.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.152.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.151.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.125.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.124.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.115.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.114.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.112.0:::::::* cpe:2.3:a:adobe:flash_player:9.0:::::::* cpe:2.3:a:adobe:flash_player:8.0.42.0:::::::* cpe:2.3:a:adobe:flash_player:8.0.39.0:::::::* cpe:2.3:a:adobe:flash_player:8.0.35.0:::::::* cpe:2.3:a:adobe:flash_player:8.0.34.0:::::::* cpe:2.3:a:adobe:flash_player:8.0.33.0:::::::* cpe:2.3:a:adobe:flash_player:8.0.24.0:::::::* cpe:2.3:a:adobe:flash_player:8.0.22.0:::::::* cpe:2.3:a:adobe:flash_player:8.0:::::::* cpe:2.3:a:adobe:flash_player:8.0::pro::::: cpe:2.3:a:adobe:flash_player:8.0::basic::::: cpe:2.3:a:adobe:flash_player:8::professional::::: cpe:2.3:a:adobe:flash_player:8::pro::::: cpe:2.3:a:adobe:flash_player:7.2:::::::* cpe:2.3:a:adobe:flash_player:7.1.1:::::::* cpe:2.3:a:adobe:flash_player:7.1:::::::* cpe:2.3:a:adobe:flash_player:7.0.73.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.70.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.69.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.68.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.67.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.66.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.63:::::::* cpe:2.3:a:adobe:flash_player:7.0.63::linux::::: cpe:2.3:a:adobe:flash_player:7.0.61.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.60.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.53.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.25:::::::* cpe:2.3:a:adobe:flash_player:7.0.24.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.19.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.14.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.1:::::::* cpe:2.3:a:adobe:flash_player:7.0_r67::solaris::::: cpe:2.3:a:adobe:flash_player:7.0_r67:::::::* cpe:2.3:a:adobe:flash_player:7.0:::::::* cpe:2.3:a:adobe:flash_player:6.0.79:::::::* cpe:2.3:a:adobe:flash_player:6.0.21.0:::::::* cpe:2.3:a:adobe:flash_player:6:::::::* cpe:2.3:a:adobe:flash_player:5:::::::* cpe:2.3:a:adobe:flash_player:4:::::::* cpe:2.3:a:adobe:flash_player:3:::::::* cpe:2.3:a:adobe:flash_player:2:::::::* cpe:2.3:a:adobe:flash_player:mx_2004:::::::* cpe:2.3:a:adobe:flash_player:cs4::pro::::: cpe:2.3:a:adobe:flash_player:cs3::pro::::: cpe:2.3:a:adobe:flash_player:cs3::professional::::: cpe:2.3:a:adobe:flash_player:::::::: cpe:2.3:a:adobe:flash_player:::basic:::::* cpe:2.3:a:adobe:flash_player:::pro:::::* cpe:2.3:a:adobe:flash_player::::::edge::* cpe:2.3:a:adobe:flash_player::::::internet_explorer_11::* cpe:2.3:a:adobe:flash_player::::::chrome::* cpe:2.3:a:adobe:flash_player:-:::::::*	89
Application	Apache Mod Perl cpe:2.3:a:apache:mod_perl:2:::::::* cpe:2.3:a:apache:mod_perl:1:::::::* cpe:2.3:a:apache:mod_perl::::::::	3
Application	Redhat Satellite cpe:2.3:a:redhat:satellite:5.1:::::::*	1
Os	Canonical Ubuntu Linux cpe:2.3:o:canonical:ubuntu_linux:7.04:::::::* cpe:2.3:o:canonical:ubuntu_linux:6.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:6.06:::::::*	3
Os	Redhat Enterprise Linux Desktop cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::* cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:::::::* cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:::::::*	3
Os	Redhat Enterprise Linux Eus cpe:2.3:o:redhat:enterprise_linux_eus:4.5:::::::*	1
Os	Redhat Enterprise Linux Server cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::* cpe:2.3:o:redhat:enterprise_linux_server:4.0:::::::* cpe:2.3:o:redhat:enterprise_linux_server:3.0:::::::*	3
Os	Redhat Enterprise Linux Workstation cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::* cpe:2.3:o:redhat:enterprise_linux_workstation:4.0:::::::* cpe:2.3:o:redhat:enterprise_linux_workstation:3.0:::::::*	3

OpenVAS Exploits

Date	Description
2010-05-12	Name : Mac OS X 10.5.3 Update / Mac OS X Security Update 2008-003 File : nvt/macosx_upd_10_5_3_secupd_2008-003.nasl
2009-11-17	Name : Mac OS X Version File : nvt/macosx_version.nasl
2009-10-10	Name : SLES9: Security update for mod_perl File : nvt/sles9p5019089.nasl
2009-04-24	Name : Mod_Perl Path_Info Remote Denial Of Service Vulnerability File : nvt/modperl_cve_2007_1349.nasl
2009-04-09	Name : Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl) File : nvt/gb_mandriva_MDKSA_2007_083.nasl
2009-03-23	Name : Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1 File : nvt/gb_ubuntu_USN_488_1.nasl
2009-03-13	Name : Gentoo Security Advisory GLSA 200903-23 (netscape-flash) File : nvt/glsa_200903_23.nasl
2009-02-27	Name : Fedora Update for mod_perl FEDORA-2007-0316 File : nvt/gb_fedora_2007_0316_mod_perl_fc7.nasl
2009-02-27	Name : Fedora Update for mod_perl FEDORA-2007-576 File : nvt/gb_fedora_2007_576_mod_perl_fc5.nasl
2009-02-27	Name : Fedora Update for mod_perl FEDORA-2007-577 File : nvt/gb_fedora_2007_577_mod_perl_fc6.nasl
2009-01-28	Name : SuSE Update for flash-player SUSE-SA:2007:069 File : nvt/gb_suse_2007_069.nasl
2009-01-23	Name : SuSE Update for flash-player SUSE-SA:2008:022 File : nvt/gb_suse_2008_022.nasl
2008-11-12	Name : Adobe Flash Player Multiple Vulnerabilities - Nov08 (Linux) File : nvt/gb_adobe_flash_player_mult_vuln_nov08_lin.nasl
2008-11-12	Name : Adobe Flash Player Multiple Vulnerabilities - Nov08 (Win) File : nvt/gb_adobe_flash_player_mult_vuln_nov08_win.nasl
2008-11-01	Name : FreeBSD Ports: linux-flashplugin File : nvt/freebsd_linux-flashplugin4.nasl
2008-10-16	Name : Adobe Flash Player Multiple Security Bypass Vulnerabilities (Win) File : nvt/gb_adobe_flash_player_sec_bypass_vuln_win.nasl
2008-10-16	Name : Adobe Flash Player Multiple Security Bypass Vulnerabilities (Linux) File : nvt/gb_adobe_flash_player_sec_bypass_vuln_lin.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200705-04 (mod_perl) File : nvt/glsa_200705_04.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200801-07 (netscape-flash) File : nvt/glsa_200801_07.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200804-21 (netscape-flash) File : nvt/glsa_200804_21.nasl
2008-09-04	Name : FreeBSD Ports: linux-flashplugin File : nvt/freebsd_linux-flashplugin2.nasl
2008-09-04	Name : FreeBSD Ports: mod_perl File : nvt/freebsd_mod_perl.nasl
2008-09-03	Name : Adobe Flash Player 9.0.115.0 and earlier vulnerability (Lin) File : nvt/flash_player_CB-A08-0059.nasl
2008-09-03	Name : Adobe Flash Player 9.0.115.0 and earlier vulnerability (Win) File : nvt/smbcl_flash_player_CB-A08-0059.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
53097	Adobe Multiple Product ActionScript 2 VM Dictionary Data Structure Character ...
52917	Adobe Flash Player ActionScript 2 VM DefineConstantPool Action Crafted PDF Fi...
51567	Adobe Flash Cross-domain Policy Canonicalization Weakness
51491	Adobe Flash Player ActionScript 2 VM Crafted PDF File Handling Multiple Actio...
50127	Adobe Flash Player Actionscript FileReference download API FileReference.down...
50126	Adobe Flash Player Actionscript FileReference upload API FileReference.browse...
49958	Adobe Flash Player Multiple Unspecified Arbitrary Remote Code Execution
49790	Adobe Flash Player ActionScript Attribute Interpretation Unspecified XSS
49785	Adobe Flash Player Policy File Interpretation Remote Non-root Domain Policy B...
49783	Adobe Flash Player on Mozilla jar: URL Unspecified Information Disclosure
49781	Adobe Flash Player on Windows ActiveX Unspecified Information Disclosure
49780	Adobe Flash Player Unspecified Remote DNS Rebinding Weakness
49753	Adobe Flash Player HTTP Response Header XSS
48944	Adobe Flash Player Access Control Dialog Remote Security Bypass (ClickJacking)
48049	Adobe Flash Player System.setClipboard Method Remote Clipboard Hijack
41487	Adobe Flash Player Cross-domain Policy Unspecified Weakness
41475	Adobe Flash Player ActionScript 3 (AS3) Crafted SWF Arbitrary Host Portscan
34541	mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remot... The mod_perl module for Apache HTTP Server contains a flaw that may allow a remote attacker to cause a denial of service. The issue is due to the RegistryCooker.pm script not properly escaping the PATH_INFO variable before use in a regular expression. With specially crafted requests, an attacker can exhaust resources and cause the server to stop responding.
34540	mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS The mod_perl module for Apache HTTP Server contains a flaw that may allow a remote attacker to cause a denial of service. The issue is due to the PerlRun.pm script not properly escaping the PATH_INFO variable before use in a regular expression. With specially crafted requests, an attacker can exhaust resources and cause the server to stop responding.

Nessus® Vulnerability Scanner

Date	Description
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0395.nasl - Type : ACT_GATHER_INFO
2013-01-24	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2008-0980.nasl - Type : ACT_GATHER_INFO
2013-01-24	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2008-0945.nasl - Type : ACT_GATHER_INFO
2013-01-24	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2008-0627.nasl - Type : ACT_GATHER_INFO
2013-01-24	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0523.nasl - Type : ACT_GATHER_INFO
2013-01-24	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0263.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20070614_mod_perl_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2010-01-10	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0630.nasl - Type : ACT_GATHER_INFO
2010-01-10	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0524.nasl - Type : ACT_GATHER_INFO
2010-01-10	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0261.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_11496.nasl - Type : ACT_GATHER_INFO
2009-08-24	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2008-0221.nasl - Type : ACT_GATHER_INFO
2009-08-24	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2007-1126.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_0_flash-player-081107.nasl - Type : ACT_GATHER_INFO
2009-03-11	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200903-23.nasl - Type : ACT_GATHER_INFO
2008-12-16	Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-008.nasl - Type : ACT_GATHER_INFO
2008-12-16	Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_5_6.nasl - Type : ACT_GATHER_INFO
2008-11-18	Name : The remote Windows host contains a runtime environment that is affected by mu... File : adobe_air_apsb08-23.nasl - Type : ACT_GATHER_INFO
2008-11-12	Name : The remote openSUSE host is missing a security update. File : suse_flash-player-5747.nasl - Type : ACT_GATHER_INFO
2008-11-12	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_flash-player-5757.nasl - Type : ACT_GATHER_INFO
2008-11-11	Name : The remote Windows host contains a browser plugin that is affected by multipl... File : flash_player_apsb08-20.nasl - Type : ACT_GATHER_INFO
2008-10-20	Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_78f456fd9c8711dda55e00163e000016.nasl - Type : ACT_GATHER_INFO
2008-04-22	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200804-21.nasl - Type : ACT_GATHER_INFO
2008-04-17	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_flash-player-5159.nasl - Type : ACT_GATHER_INFO
2008-04-17	Name : The remote openSUSE host is missing a security update. File : suse_flash-player-5161.nasl - Type : ACT_GATHER_INFO
2008-04-10	Name : The remote Windows host contains a browser plugin that is affected by multipl... File : flash_player_apsb08-11.nasl - Type : ACT_GATHER_INFO
2008-01-21	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200801-07.nasl - Type : ACT_GATHER_INFO
2008-01-04	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_562cf6c4b9f111dca302000102cc8983.nasl - Type : ACT_GATHER_INFO
2007-12-24	Name : The remote openSUSE host is missing a security update. File : suse_flash-player-4855.nasl - Type : ACT_GATHER_INFO
2007-12-24	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_flash-player-4856.nasl - Type : ACT_GATHER_INFO
2007-12-19	Name : The remote Windows host contains a browser plugin that is affected by multipl... File : flash_player_apsb07-20.nasl - Type : ACT_GATHER_INFO
2007-11-10	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-488-1.nasl - Type : ACT_GATHER_INFO
2007-11-06	Name : The remote Fedora host is missing a security update. File : fedora_2007-0316.nasl - Type : ACT_GATHER_INFO
2007-06-18	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2007-0486.nasl - Type : ACT_GATHER_INFO
2007-06-18	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0395.nasl - Type : ACT_GATHER_INFO
2007-06-14	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0395.nasl - Type : ACT_GATHER_INFO
2007-06-12	Name : The remote Fedora Core host is missing a security update. File : fedora_2007-577.nasl - Type : ACT_GATHER_INFO
2007-06-12	Name : The remote Fedora Core host is missing a security update. File : fedora_2007-576.nasl - Type : ACT_GATHER_INFO
2007-05-03	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200705-04.nasl - Type : ACT_GATHER_INFO
2007-04-30	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_ef2ffb03f2b011dbad250010b5a0a860.nasl - Type : ACT_GATHER_INFO
2007-04-12	Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-083.nasl - Type : ACT_GATHER_INFO
2006-07-18	Name : The remote host is missing Sun Security Patch number 122911-37 File : solaris10_122911.nasl - Type : ACT_GATHER_INFO
2006-07-18	Name : The remote host is missing Sun Security Patch number 122912-37 File : solaris10_x86_122912.nasl - Type : ACT_GATHER_INFO
2004-10-17	Name : The remote host is missing Sun Security Patch number 116973-07 File : solaris8_116973.nasl - Type : ACT_GATHER_INFO
2004-10-17	Name : The remote host is missing Sun Security Patch number 116974-07 File : solaris8_x86_116974.nasl - Type : ACT_GATHER_INFO
2004-07-12	Name : The remote host is missing Sun Security Patch number 113146-13 File : solaris9_113146.nasl - Type : ACT_GATHER_INFO
2004-07-12	Name : The remote host is missing Sun Security Patch number 114145-12 File : solaris9_x86_114145.nasl - Type : ACT_GATHER_INFO

Global Informations

Type	Count
CWE ID(s)	13
Oval ID(s)	8
CPE ID(s)	110
osvdb(s)	19
Openvas Exploit(s)	24
Nessus® Exploit(s)	47

	Related
10	CVE-2008-4401
9.3	CVE-2008-4824
9.3	CVE-2007-6243
7.1	CVE-2008-4820
6.8	CVE-2008-4822
6.8	CVE-2008-4819
6.8	CVE-2008-4503
5	CVE-2007-4324
5	CVE-2007-1349
4.3	CVE-2008-5363
4.3	CVE-2008-5362
4.3	CVE-2008-5361
4.3	CVE-2008-4823
4.3	CVE-2008-4821
4.3	CVE-2008-4818
4.3	CVE-2008-3873
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 16 more Alert(s)