Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary | |
---|---|
Title | Sun Alert 261688 A Security Vulnerability in OpenSSO Enterprise and Sun Java System Access Manager May Cause Denial of Service (DoS) |
Informations | |||
---|---|---|---|
Name | SUN-261688 | First vendor Publication | 2009-08-05 |
Vendor | Sun | Last vendor Modification | 2009-08-06 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Product: OpenSSO Enterprise 8.0 Sun Java System Access Manager 7.1 Sun Java System Access Manager 7 2005Q4 Sun Java System Access Manager 6 2005Q1 A security vulnerability in OpenSSO Enterprise 8.0 or Sun Java System Access Manager may allow a local or remote user to hang or cause memory corruption in the server process by sending specially crafted XML documents, resulting in a Denial of Service (DOS). This issue is related to the vulnerabilities described in the following documents: CVE-2008-3529 http://www.security-database.com/detail.php?cve=CVE-2008-3529 CVE-2008-4225 http://www.security-database.com/detail.php?cve=CVE-2008-4225 CVE-2008-4226 http://www.security-database.com/detail.php?cve=CVE-2008-4226 State: Resolved First released: 05-Aug-2009 |
Original Source
Url : http://blogs.sun.com/security/entry/sun_alert_261688_a_security |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
33 % | CWE-399 | Resource Management Errors |
33 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
33 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10025 | |||
Oval ID: | oval:org.mitre.oval:def:10025 | ||
Title: | Integer overflow in the xmlBufferResize function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (infinite loop) via a large XML document. | ||
Description: | Integer overflow in the xmlBufferResize function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (infinite loop) via a large XML document. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-4225 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11760 | |||
Oval ID: | oval:org.mitre.oval:def:11760 | ||
Title: | Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name. | ||
Description: | Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-3529 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13882 | |||
Oval ID: | oval:org.mitre.oval:def:13882 | ||
Title: | USN-815-1 -- libxml2 vulnerabilities | ||
Description: | It was discovered that libxml2 did not correctly handle root XML document element DTD definitions. If a user were tricked into processing a specially crafted XML document, a remote attacker could cause the application linked against libxml2 to crash, leading to a denial of service. It was discovered that libxml2 did not correctly parse Notation and Enumeration attribute types. If a user were tricked into processing a specially crafted XML document, a remote attacker could cause the application linked against libxml2 to crash, leading to a denial of service. USN-644-1 fixed a vulnerability in libxml2. This advisory provides the corresponding update for Ubuntu 9.04. Original advisory details: It was discovered that libxml2 did not correctly handle long entity names. If a user were tricked into processing a specially crafted XML document, a remote attacker could execute arbitrary code with user privileges or cause the application linked against libxml2 to crash, leading to a denial of service | ||
Family: | unix | Class: | patch |
Reference(s): | USN-815-1 CVE-2009-2414 CVE-2009-2416 CVE-2008-3529 | Version: | 5 |
Platform(s): | Ubuntu 8.04 Ubuntu 9.04 Ubuntu 6.06 Ubuntu 8.10 | Product(s): | libxml2 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17828 | |||
Oval ID: | oval:org.mitre.oval:def:17828 | ||
Title: | USN-673-1 -- libxml2 vulnerabilities | ||
Description: | Drew Yao discovered that libxml2 did not correctly handle certain corrupt XML documents. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-673-1 CVE-2008-4225 CVE-2008-4226 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 7.10 Ubuntu 8.04 Ubuntu 8.10 | Product(s): | libxml2 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18412 | |||
Oval ID: | oval:org.mitre.oval:def:18412 | ||
Title: | DSA-1666-1 libxml2 - several vulnerabilities | ||
Description: | Several vulnerabilities have been discovered in the GNOME XML library. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1666-1 CVE-2008-4225 CVE-2008-4226 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | libxml2 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:18505 | |||
Oval ID: | oval:org.mitre.oval:def:18505 | ||
Title: | DSA-1654-1 libxml2 - execution of arbitrary code | ||
Description: | It was discovered that libxml2, the GNOME XML library, didn't correctly handle long entity names. This could allow the execution of arbitrary code via a malicious XML file. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1654-1 CVE-2008-3529 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | libxml2 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:21739 | |||
Oval ID: | oval:org.mitre.oval:def:21739 | ||
Title: | ELSA-2008:0884: libxml2 security update (Important) | ||
Description: | Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2008:0884-01 CVE-2008-3529 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | libxml2 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22735 | |||
Oval ID: | oval:org.mitre.oval:def:22735 | ||
Title: | ELSA-2008:0988: libxml2 security update (Important) | ||
Description: | Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large XML document. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2008:0988-01 CVE-2008-4225 CVE-2008-4226 | Version: | 13 |
Platform(s): | Oracle Linux 5 | Product(s): | libxml2 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:29030 | |||
Oval ID: | oval:org.mitre.oval:def:29030 | ||
Title: | RHSA-2008:0884 -- libxml2 security update (Important) | ||
Description: | Updated libxml2 packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The libxml2 packages provide a library that allows you to manipulate XML files. It includes support to read, modify, and write XML and HTML files. A heap-based buffer overflow flaw was found in the way libxml2 handled long XML entity names. If an application linked against libxml2 processed untrusted malformed XML content, it could cause the application to crash or, possibly, execute arbitrary code. (CVE-2008-3529) All users of libxml2 are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2008:0884 CESA-2008:0884-CentOS 3 CESA-2008:0884-CentOS 5 CVE-2008-3529 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 3 CentOS Linux 5 | Product(s): | libxml2 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:29306 | |||
Oval ID: | oval:org.mitre.oval:def:29306 | ||
Title: | RHSA-2008:0988 -- libxml2 security update (Important) | ||
Description: | Updated libxml2 packages that fix security issues are now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. libxml2 is a library for parsing and manipulating XML files. It includes support for reading, modifying, and writing XML and HTML files. An integer overflow flaw causing a heap-based buffer overflow was found in the libxml2 XML parser. If an application linked against libxml2 processed untrusted, malformed XML content, it could cause the application to crash or, possibly, execute arbitrary code. (CVE-2008-4226) A denial of service flaw was discovered in the libxml2 XML parser. If an application linked against libxml2 processed untrusted, malformed XML content, it could cause the application to enter an infinite loop. (CVE-2008-4225) Red Hat would like to thank Drew Yao of the Apple Product Security team for reporting these issues. Users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2008:0988 CESA-2008:0988-CentOS 5 CESA-2008:0988-CentOS 3 CESA-2008:0988-CentOS 2 CVE-2008-4225 CVE-2008-4226 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 5 CentOS Linux 3 CentOS Linux 2 | Product(s): | libxml2 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6103 | |||
Oval ID: | oval:org.mitre.oval:def:6103 | ||
Title: | Libxml2 Heap Overflow in xmlParseAttValueComplex() Lets Remote Users Execute Arbitrary Code | ||
Description: | Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-3529 | Version: | 3 |
Platform(s): | VMWare ESX Server 3 VMWare ESX Server 3.5 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6219 | |||
Oval ID: | oval:org.mitre.oval:def:6219 | ||
Title: | Security Vulnerabilities in the libxml2 Library Routines xmlSAX2Characters() May Lead to Arbitrary Code Execution or Denial of Service (DoS) | ||
Description: | Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large XML document. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-4226 | Version: | 1 |
Platform(s): | Sun Solaris 9 Sun Solaris 10 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6234 | |||
Oval ID: | oval:org.mitre.oval:def:6234 | ||
Title: | Security Vulnerabilities in the libxml2 Library Routines xmlBufferResize() May Lead to Denial of Service (DoS) | ||
Description: | Integer overflow in the xmlBufferResize function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (infinite loop) via a large XML document. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-4225 | Version: | 1 |
Platform(s): | Sun Solaris 9 Sun Solaris 10 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6360 | |||
Oval ID: | oval:org.mitre.oval:def:6360 | ||
Title: | Libxml2 Integer Overflow in xmlSAX2Characters() May Let Remote Users Execute Arbitrary Code | ||
Description: | Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large XML document. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-4226 | Version: | 3 |
Platform(s): | VMWare ESX Server 3 VMWare ESX Server 3.5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6415 | |||
Oval ID: | oval:org.mitre.oval:def:6415 | ||
Title: | Libxml2 Integer Overflow in xmlBufferResize() Lets Remote Users Deny Service | ||
Description: | Integer overflow in the xmlBufferResize function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (infinite loop) via a large XML document. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-4225 | Version: | 3 |
Platform(s): | VMWare ESX Server 3 VMWare ESX Server 3.5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7803 | |||
Oval ID: | oval:org.mitre.oval:def:7803 | ||
Title: | DSA-1666 libxml2 -- several vulnerabilities | ||
Description: | Several vulnerabilities have been discovered in the GNOME XML library. The Common Vulnerabilities and Exposures project identifies the following problems: Drew Yao discovered that missing input sanitising in the xmlBufferResize() function may lead to an infinite loop, resulting in denial of service. Drew Yao discovered that an integer overflow in the xmlSAX2Characters() function may lead to denial of service or the execution of arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1666 CVE-2008-4225 CVE-2008-4226 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | libxml2 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8076 | |||
Oval ID: | oval:org.mitre.oval:def:8076 | ||
Title: | DSA-1654 libxml2 -- buffer overflow | ||
Description: | It was discovered that libxml2, the GNOME XML library, didn't correctly handle long entity names. This could allow the execution of arbitrary code via a malicious XML file. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1654 CVE-2008-3529 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | libxml2 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9888 | |||
Oval ID: | oval:org.mitre.oval:def:9888 | ||
Title: | Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large XML document. | ||
Description: | Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large XML document. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-4226 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2009-05-26 | Safari RSS feed:// Buffer Overflow via libxml2 Exploit PoC |
OpenVAS Exploits
Date | Description |
---|---|
2010-05-12 | Name : Mac OS X 10.5.7 Update / Mac OS X Security Update 2009-002 File : nvt/macosx_upd_10_5_7_secupd_2009-002.nasl |
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-10-13 | Name : Solaris Update for libxml, libxslt and Freeware man pages 114014-24 File : nvt/gb_solaris_114014_24.nasl |
2009-10-13 | Name : Solaris Update for libxml, libxslt and Freeware man pages 114015-24 File : nvt/gb_solaris_114015_24.nasl |
2009-10-13 | Name : Solaris Update for XML and XSLT libraries 125731-05 File : nvt/gb_solaris_125731_05.nasl |
2009-10-13 | Name : Solaris Update for XML and XSLT libraries 125732-05 File : nvt/gb_solaris_125732_05.nasl |
2009-10-13 | Name : SLES10: Security update for libxml2 File : nvt/sles10_libxml2.nasl |
2009-10-13 | Name : SLES10: Security update for libxml2 File : nvt/sles10_libxml21.nasl |
2009-10-13 | Name : SLES10: Security update for libxml2 File : nvt/sles10_libxml23.nasl |
2009-10-10 | Name : SLES9: Security update for libxml2 File : nvt/sles9p5035440.nasl |
2009-10-10 | Name : SLES9: Security update for libxml2 File : nvt/sles9p5038083.nasl |
2009-10-10 | Name : SLES9: Security update for libxml2 File : nvt/sles9p5040640.nasl |
2009-08-17 | Name : Fedora Core 10 FEDORA-2009-8491 (libxml2) File : nvt/fcore_2009_8491.nasl |
2009-08-17 | Name : Ubuntu USN-815-1 (libxml2) File : nvt/ubuntu_815_1.nasl |
2009-06-03 | Name : Solaris Update for XML and XSLT libraries 125732-04 File : nvt/gb_solaris_125732_04.nasl |
2009-06-03 | Name : Solaris Update for XML and XSLT libraries 125731-04 File : nvt/gb_solaris_125731_04.nasl |
2009-06-03 | Name : Solaris Update for libxml, libxslt and Freeware man pages 114015-22 File : nvt/gb_solaris_114015_22.nasl |
2009-06-03 | Name : Solaris Update for libxml, libxslt and Freeware man pages 114014-22 File : nvt/gb_solaris_114014_22.nasl |
2009-04-09 | Name : Mandriva Update for libxml2 MDVSA-2008:192 (libxml2) File : nvt/gb_mandriva_MDVSA_2008_192.nasl |
2009-04-09 | Name : Mandriva Update for libxml2 MDVSA-2008:231 (libxml2) File : nvt/gb_mandriva_MDVSA_2008_231.nasl |
2009-03-23 | Name : Ubuntu Update for libxml2 vulnerabilities USN-644-1 File : nvt/gb_ubuntu_USN_644_1.nasl |
2009-03-23 | Name : Ubuntu Update for libxml2 vulnerabilities USN-673-1 File : nvt/gb_ubuntu_USN_673_1.nasl |
2009-03-06 | Name : RedHat Update for libxml2 RHSA-2008:0988-01 File : nvt/gb_RHSA-2008_0988-01_libxml2.nasl |
2009-03-06 | Name : RedHat Update for libxml2 RHSA-2008:0886-01 File : nvt/gb_RHSA-2008_0886-01_libxml2.nasl |
2009-03-06 | Name : RedHat Update for libxml2 RHSA-2008:0884-01 File : nvt/gb_RHSA-2008_0884-01_libxml2.nasl |
2009-02-27 | Name : CentOS Update for libxml2 CESA-2008:0884 centos3 i386 File : nvt/gb_CESA-2008_0884_libxml2_centos3_i386.nasl |
2009-02-27 | Name : CentOS Update for libxml2 CESA-2008:0884 centos3 x86_64 File : nvt/gb_CESA-2008_0884_libxml2_centos3_x86_64.nasl |
2009-02-27 | Name : CentOS Update for libxml2 CESA-2008:0886-01 centos2 i386 File : nvt/gb_CESA-2008_0886-01_libxml2_centos2_i386.nasl |
2009-02-27 | Name : CentOS Update for libxml2 CESA-2008:0988 centos4 x86_64 File : nvt/gb_CESA-2008_0988_libxml2_centos4_x86_64.nasl |
2009-02-27 | Name : CentOS Update for libxml2 CESA-2008:0988 centos4 i386 File : nvt/gb_CESA-2008_0988_libxml2_centos4_i386.nasl |
2009-02-27 | Name : CentOS Update for libxml2 CESA-2008:0988 centos3 x86_64 File : nvt/gb_CESA-2008_0988_libxml2_centos3_x86_64.nasl |
2009-02-27 | Name : CentOS Update for libxml2 CESA-2008:0988-01 centos2 i386 File : nvt/gb_CESA-2008_0988-01_libxml2_centos2_i386.nasl |
2009-02-27 | Name : CentOS Update for libxml2 CESA-2008:0988 centos3 i386 File : nvt/gb_CESA-2008_0988_libxml2_centos3_i386.nasl |
2009-02-17 | Name : Fedora Update for libxml2 FEDORA-2008-9773 File : nvt/gb_fedora_2008_9773_libxml2_fc9.nasl |
2009-02-17 | Name : Fedora Update for libxml2 FEDORA-2008-9729 File : nvt/gb_fedora_2008_9729_libxml2_fc8.nasl |
2009-02-16 | Name : Fedora Update for libxml2 FEDORA-2008-10000 File : nvt/gb_fedora_2008_10000_libxml2_fc10.nasl |
2009-01-20 | Name : SuSE Security Summary SUSE-SR:2009:001 (OpenSuSE 11.1) File : nvt/suse_sr_2009_001.nasl |
2009-01-20 | Name : SuSE Security Summary SUSE-SR:2009:001 (OpenSuSE 11.0) File : nvt/suse_sr_2009_001a.nasl |
2009-01-20 | Name : SuSE Security Summary SUSE-SR:2009:001 (OpenSuSE 10.3) File : nvt/suse_sr_2009_001b.nasl |
2008-12-03 | Name : Gentoo Security Advisory GLSA 200812-06 (libxml2) File : nvt/glsa_200812_06.nasl |
2008-11-24 | Name : FreeBSD Ports: libxml2 File : nvt/freebsd_libxml21.nasl |
2008-11-24 | Name : Debian Security Advisory DSA 1666-1 (libxml2) File : nvt/deb_1666_1.nasl |
2008-11-01 | Name : Debian Security Advisory DSA 1654-1 (libxml2) File : nvt/deb_1654_1.nasl |
2008-11-01 | Name : FreeBSD Ports: libxml2 File : nvt/freebsd_libxml20.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2008-324-01 libxml2 File : nvt/esoft_slk_ssa_2008_324_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
49993 | libxml2 xmlSAX2Characters() Function XML File Parsing Overflow |
49992 | libxml2 xmlBufferResize() Function XML File Parsing DoS |
48158 | libxml2 parser.c xmlParseAttValueComplex Function XML Entity Name Handling DoS |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2009-02-05 | IAVM : 2009-B-0006 - Multiple Vulnerabilities in VMware Severity : Category I - VMSKEY : V0018295 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | libxml2 file processing long entity overflow attempt RuleID : 15866 - Revision : 16 - Type : FILE-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-11-26 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2009-0018.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0988.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0884.nasl - Type : ACT_GATHER_INFO |
2013-07-03 | Name : The remote host is missing Sun Security Patch number 123922-11 File : solaris9_x86_123922.nasl - Type : ACT_GATHER_INFO |
2013-07-03 | Name : The remote host is missing Sun Security Patch number 123924-11 File : solaris10_x86_123924.nasl - Type : ACT_GATHER_INFO |
2013-07-03 | Name : The remote host is missing Sun Security Patch number 127681-07 File : solaris9_127681.nasl - Type : ACT_GATHER_INFO |
2013-07-03 | Name : The remote host is missing Sun Security Patch number 127682-07 File : solaris9_x86_127682.nasl - Type : ACT_GATHER_INFO |
2013-07-03 | Name : The remote host is missing Sun Security Patch number 127680-07 File : solaris8_127680.nasl - Type : ACT_GATHER_INFO |
2012-09-24 | Name : The remote Fedora host is missing a security update. File : fedora_2008-10038.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20081117_libxml2_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080911_libxml2_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2010-04-27 | Name : The remote web server has multiple vulnerabilities. File : hpsmh_6_0_0_95.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12237.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12286.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12301.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libxml2-5755.nasl - Type : ACT_GATHER_INFO |
2009-08-12 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-815-1.nasl - Type : ACT_GATHER_INFO |
2009-07-27 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2008-0017.nasl - Type : ACT_GATHER_INFO |
2009-07-27 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2009-0001.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_libxml2-080905.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_libxml2-081107.nasl - Type : ACT_GATHER_INFO |
2009-06-09 | Name : The remote host contains a web browser that is affected by several vulnerabil... File : macosx_Safari4_0.nasl - Type : ACT_GATHER_INFO |
2009-06-09 | Name : The remote host contains a web browser that is affected by several vulnerabil... File : safari_4.0.nasl - Type : ACT_GATHER_INFO |
2009-05-13 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2009-002.nasl - Type : ACT_GATHER_INFO |
2009-05-13 | Name : The remote host contains a web browser that is affected by several vulnerabil... File : safari_3_2_3.nasl - Type : ACT_GATHER_INFO |
2009-05-13 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_5_7.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote host is missing Sun Security Patch number 120954-12 File : solaris8_120954.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote host is missing Sun Security Patch number 123923-12 File : solaris10_123923.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-644-1.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote host is missing Sun Security Patch number 123920-12 File : solaris8_123920.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote host is missing Sun Security Patch number 120954-12 File : solaris9_120954.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote host is missing Sun Security Patch number 123921-12 File : solaris9_123921.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote host is missing Sun Security Patch number 120955-12 File : solaris9_x86_120955.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote host is missing Sun Security Patch number 120955-12 File : solaris10_x86_120955.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-673-1.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote host is missing Sun Security Patch number 120954-12 File : solaris10_120954.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-231.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-192.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0988.nasl - Type : ACT_GATHER_INFO |
2009-01-08 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libxml2-5802.nasl - Type : ACT_GATHER_INFO |
2008-12-03 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200812-06.nasl - Type : ACT_GATHER_INFO |
2008-12-01 | Name : The remote openSUSE host is missing a security update. File : suse_libxml2-5799.nasl - Type : ACT_GATHER_INFO |
2008-11-21 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-324-01.nasl - Type : ACT_GATHER_INFO |
2008-11-21 | Name : The remote openSUSE host is missing a security update. File : suse_libxml2-5754.nasl - Type : ACT_GATHER_INFO |
2008-11-21 | Name : The remote Fedora host is missing a security update. File : fedora_2008-9729.nasl - Type : ACT_GATHER_INFO |
2008-11-21 | Name : The remote Fedora host is missing a security update. File : fedora_2008-9773.nasl - Type : ACT_GATHER_INFO |
2008-11-21 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_f1e0164eb67b11dda55e00163e000016.nasl - Type : ACT_GATHER_INFO |
2008-11-21 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libxml2-5756.nasl - Type : ACT_GATHER_INFO |
2008-11-18 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1666.nasl - Type : ACT_GATHER_INFO |
2008-11-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0988.nasl - Type : ACT_GATHER_INFO |
2008-10-15 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_d71da2369a9411dd8f42001c2514716c.nasl - Type : ACT_GATHER_INFO |
2008-10-15 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1654.nasl - Type : ACT_GATHER_INFO |
2008-09-15 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libxml2-5583.nasl - Type : ACT_GATHER_INFO |
2008-09-15 | Name : The remote openSUSE host is missing a security update. File : suse_libxml2-5586.nasl - Type : ACT_GATHER_INFO |
2008-09-12 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0884.nasl - Type : ACT_GATHER_INFO |
2008-09-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0886.nasl - Type : ACT_GATHER_INFO |
2008-09-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0884.nasl - Type : ACT_GATHER_INFO |
2008-02-05 | Name : The remote host is missing Sun Security Patch number 125732-13 File : solaris10_x86_125732.nasl - Type : ACT_GATHER_INFO |
2008-02-05 | Name : The remote host is missing Sun Security Patch number 125731-13 File : solaris10_125731.nasl - Type : ACT_GATHER_INFO |
2007-06-04 | Name : The remote host is missing Sun Security Patch number 119467-17 File : solaris10_x86_119467.nasl - Type : ACT_GATHER_INFO |
2006-11-20 | Name : The remote host is missing Sun Security Patch number 123919-12 File : solaris7_123919.nasl - Type : ACT_GATHER_INFO |
2006-11-06 | Name : The remote host is missing Sun Security Patch number 119467-17 File : solaris9_x86_119467.nasl - Type : ACT_GATHER_INFO |
2004-07-12 | Name : The remote host is missing Sun Security Patch number 114015-28 File : solaris9_x86_114015.nasl - Type : ACT_GATHER_INFO |
2004-07-12 | Name : The remote host is missing Sun Security Patch number 114014-28 File : solaris9_114014.nasl - Type : ACT_GATHER_INFO |