Executive Summary

Summary
Title Hash table implementations vulnerable to algorithmic complexity attacks
Informations
Name VU#903934 First vendor Publication 2011-12-28
Vendor VU-CERT Last vendor Modification 2011-12-30
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score 7.8 Attack Range Network
Cvss Impact Score 6.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#903934

Hash table implementations vulnerable to algorithmic complexity attacks

Overview

Some programming language implementations do not sufficiently randomize their hash functions or provide means to limit key collision attacks, which can be leveraged by an unauthenticated attacker to cause a denial-of-service (DoS) condition.

I. Description

Many applications, including common web framework implementations, use hash tables to map key values to associated entries. If the hash table contains entries for different keys that map to the same hash value, a hash collision occurs and additional processing is required to determine which entry is appropriate for the key. If an attacker can generate many requests containing colliding key values, an application performing the hash table lookup may enter a denial of service condition.

Hash collision denial-of-service attacks were first detailed in 2003, but recent research details how these attacks apply to modern language hash table implementations.

II. Impact

An application can be forced into a denial-of-service condition. In the case of some web application servers, specially-crafted POST form data may result in a denial-of-service.

III. Solution

Apply an update

Please review the Vendor Information section of this document for vendor-specific patch and workaround details.

Limit CPU time

Limiting the processing time for a single request can help minimize the impact of malicious requests.

Limit maximum POST size

Limiting the maximum POST request size can reduce the number of possible predictable collisions, thus reducing the impact of an attack.

Limit maximum request parameters

Some servers offer the option to limit the number of parameters per request, which can also minimize impact.

Vendor Information

VendorStatusDate NotifiedDate Updated
AdobeUnknown2011-11-012011-11-01
Apache TomcatAffected2011-12-28
IBM CorporationUnknown2011-11-012011-11-01
Microsoft CorporationAffected2011-11-012011-12-29
Oracle CorporationUnknown2011-11-012011-11-01
RubyAffected2011-11-012011-12-28
The PHP GroupAffected2011-12-28

References

http://www.ocert.org/advisories/ocert-2011-003.html
http://www.nruns.com/_downloads/advisory28122011.pdf
http://www.cs.rice.edu/~scrosby/hash/CrosbyWallach_UsenixSec2003.pdf
http://technet.microsoft.com/en-us/security/bulletin/ms11-100.mspx

Credit

Thanks to Alexander Klink and Julian Wälde for reporting these vulnerabilities.

This document was written by Jared Allar and David Warren.

Other Information

Date Public:2011-12-28
Date First Published:2011-12-28
Date Last Updated:2011-12-30
CERT Advisory: 
CVE-ID(s):CVE-2011-4815CVE-2011-3414CVE-2011-4838CVE-2011-4885
NVD-ID(s):CVE-2011-4815CVE-2011-3414CVE-2011-4838CVE-2011-4885
US-CERT Technical Alerts: 
Severity Metric:10.80
Document Revision:34


This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify

Original Source

Url : http://www.kb.cert.org/vuls/id/903934

CWE : Common Weakness Enumeration

% Id Name
58 % CWE-20 Improper Input Validation
25 % CWE-310 Cryptographic Issues
17 % CWE-399 Resource Management Errors

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:14588
 
Oval ID: oval:org.mitre.oval:def:14588
Title: Collisions in HashTable May Cause DoS Vulnerability
Description: The CaseInsensitiveHashProvider.getHashCode function in the HashTable implementation in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka "Collisions in HashTable May Cause DoS Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-3414
Version: 11
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s): Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15163
 
Oval ID: oval:org.mitre.oval:def:15163
Title: USN-1377-1 -- Ruby vulnerabilities
Description: ruby1.8: Interpreter of object-oriented scripting language Ruby 1.8 Several security issues were fixed in ruby1.8.
Family: unix Class: patch
Reference(s): USN-1377-1
CVE-2010-0541
CVE-2011-0188
CVE-2011-1004
CVE-2011-1005
CVE-2011-2686
CVE-2011-2705
CVE-2011-4815
Version: 5
Platform(s): Ubuntu 11.04
Ubuntu 11.10
Ubuntu 10.04
Ubuntu 10.10
Product(s): Ruby
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16908
 
Oval ID: oval:org.mitre.oval:def:16908
Title: Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 9.2.4, 10.0.2, 10.3.5, 10.3.6 and 12.1.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server
Description: Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka Oracle security ticket S0104869.
Family: windows Class: vulnerability
Reference(s): CVE-2011-5035
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Oracle WebLogic Server
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17912
 
Oval ID: oval:org.mitre.oval:def:17912
Title: USN-1429-1 -- jetty vulnerability
Description: Jetty could be made to hang or crash if it received specially crafted network traffic.
Family: unix Class: patch
Reference(s): USN-1429-1
CVE-2011-4461
Version: 7
Platform(s): Ubuntu 11.04
Ubuntu 10.04
Product(s): jetty
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18886
 
Oval ID: oval:org.mitre.oval:def:18886
Title: HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities
Description: Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
Family: unix Class: vulnerability
Reference(s): CVE-2011-4858
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19408
 
Oval ID: oval:org.mitre.oval:def:19408
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka Oracle security ticket S0104869.
Family: unix Class: vulnerability
Reference(s): CVE-2011-5035
Version: 10
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19791
 
Oval ID: oval:org.mitre.oval:def:19791
Title: HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass
Description: PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
Family: unix Class: vulnerability
Reference(s): CVE-2011-4885
Version: 10
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21207
 
Oval ID: oval:org.mitre.oval:def:21207
Title: RHSA-2012:0069: ruby security update (Moderate)
Description: Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
Family: unix Class: patch
Reference(s): RHSA-2012:0069-01
CESA-2012:0069
CVE-2011-4815
Version: 4
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): ruby
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21332
 
Oval ID: oval:org.mitre.oval:def:21332
Title: RHSA-2012:0070: ruby security update (Moderate)
Description: Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
Family: unix Class: patch
Reference(s): RHSA-2012:0070-01
CESA-2012:0070
CVE-2011-3009
CVE-2011-4815
Version: 29
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): ruby
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21336
 
Oval ID: oval:org.mitre.oval:def:21336
Title: RHSA-2012:0019: php53 and php security update (Moderate)
Description: PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
Family: unix Class: patch
Reference(s): RHSA-2012:0019-01
CESA-2012:0019
CVE-2011-4566
CVE-2011-4885
Version: 29
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
CentOS Linux 5
CentOS Linux 6
Product(s): php53
php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21346
 
Oval ID: oval:org.mitre.oval:def:21346
Title: RHSA-2012:0033: php security update (Moderate)
Description: PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
Family: unix Class: patch
Reference(s): RHSA-2012:0033-01
CESA-2012:0033
CVE-2011-0708
CVE-2011-1148
CVE-2011-1466
CVE-2011-1469
CVE-2011-2202
CVE-2011-4566
CVE-2011-4885
Version: 94
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23205
 
Oval ID: oval:org.mitre.oval:def:23205
Title: DEPRECATED: ELSA-2012:0019: php53 and php security update (Moderate)
Description: PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
Family: unix Class: patch
Reference(s): ELSA-2012:0019-01
CVE-2011-4566
CVE-2011-4885
Version: 14
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): php53
php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23207
 
Oval ID: oval:org.mitre.oval:def:23207
Title: ELSA-2012:0033: php security update (Moderate)
Description: PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
Family: unix Class: patch
Reference(s): ELSA-2012:0033-01
CVE-2011-0708
CVE-2011-1148
CVE-2011-1466
CVE-2011-1469
CVE-2011-2202
CVE-2011-4566
CVE-2011-4885
Version: 33
Platform(s): Oracle Linux 5
Product(s): php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23372
 
Oval ID: oval:org.mitre.oval:def:23372
Title: ELSA-2012:0069: ruby security update (Moderate)
Description: Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
Family: unix Class: patch
Reference(s): ELSA-2012:0069-01
CVE-2011-4815
Version: 6
Platform(s): Oracle Linux 6
Product(s): ruby
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23425
 
Oval ID: oval:org.mitre.oval:def:23425
Title: ELSA-2012:0070: ruby security update (Moderate)
Description: Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
Family: unix Class: patch
Reference(s): ELSA-2012:0070-01
CVE-2011-3009
CVE-2011-4815
Version: 13
Platform(s): Oracle Linux 5
Product(s): ruby
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23589
 
Oval ID: oval:org.mitre.oval:def:23589
Title: ELSA-2012:0019: php53 and php security update (Moderate)
Description: PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
Family: unix Class: patch
Reference(s): ELSA-2012:0019-01
CVE-2011-4566
CVE-2011-4885
Version: 13
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): php53
php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27760
 
Oval ID: oval:org.mitre.oval:def:27760
Title: DEPRECATED: ELSA-2012-0019 -- php53 and php security update (moderate)
Description: [5.3.3-3.5] - remove extra php.ini-prod/devel files caused by %patch -b [5.3.3-3.4] - add security fixes for CVE-2011-4885, CVE-2011-4566 (#769754)
Family: unix Class: patch
Reference(s): ELSA-2012-0019
CVE-2011-4566
CVE-2011-4885
Version: 4
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): php53
php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27769
 
Oval ID: oval:org.mitre.oval:def:27769
Title: DEPRECATED: ELSA-2012-0069 -- ruby security update (moderate)
Description: [1.8.7.352-4] - Address CVE-2011-4815 'DoS (excessive CPU use) via hash meet-in-the-middle attacks (oCERT-2011-003)' * ruby-1.8.7-p352-CVE-2011-4815.patch - Resolves: rhbz#768831
Family: unix Class: patch
Reference(s): ELSA-2012-0069
CVE-2011-4815
Version: 4
Platform(s): Oracle Linux 6
Product(s): ruby
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 19
Application 59
Application 1
Application 56
Application 340
Application 10
Application 70
Application 68
Application 4
Application 1
Application 379
Application 68
Application 21
Application 864
Os 3
Os 1
Os 7
Os 2
Os 2

ExploitDB Exploits

id Description
2012-01-03 PHP Hash Table Collision Proof Of Concept
2012-01-01 PHP Hashtables Denial of Service

OpenVAS Exploits

Date Description
2012-12-13 Name : SuSE Update for update openSUSE-SU-2012:0426-1 (update)
File : nvt/gb_suse_2012_0426_1.nasl
2012-12-04 Name : Oracle Java SE Hash Collision DoS Vulnerability (Windows)
File : nvt/gb_oracle_java_se_hash_collision_dos_vuln_win.nasl
2012-10-19 Name : Fedora Update for java-1.6.0-openjdk FEDORA-2012-16351
File : nvt/gb_fedora_2012_16351_java-1.6.0-openjdk_fc16.nasl
2012-10-19 Name : Fedora Update for java-1.7.0-openjdk FEDORA-2012-16351
File : nvt/gb_fedora_2012_16351_java-1.7.0-openjdk_fc16.nasl
2012-10-16 Name : Fedora Update for ruby FEDORA-2012-15507
File : nvt/gb_fedora_2012_15507_ruby_fc16.nasl
2012-09-26 Name : Gentoo Security Advisory GLSA 201209-03 (php)
File : nvt/glsa_201209_03.nasl
2012-09-22 Name : Fedora Update for java-1.6.0-openjdk FEDORA-2012-13127
File : nvt/gb_fedora_2012_13127_java-1.6.0-openjdk_fc16.nasl
2012-09-04 Name : Fedora Update for java-1.7.0-openjdk FEDORA-2012-13138
File : nvt/gb_fedora_2012_13138_java-1.7.0-openjdk_fc16.nasl
2012-08-30 Name : Fedora Update for java-1.7.0-openjdk FEDORA-2012-2595
File : nvt/gb_fedora_2012_2595_java-1.7.0-openjdk_fc17.nasl
2012-08-10 Name : Gentoo Security Advisory GLSA 201207-06 (jruby)
File : nvt/glsa_201207_06.nasl
2012-08-10 Name : Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
File : nvt/glsa_201206_24.nasl
2012-08-03 Name : Mandriva Update for tomcat5 MDVSA-2012:085 (tomcat5)
File : nvt/gb_mandriva_MDVSA_2012_085.nasl
2012-08-03 Name : Mandriva Update for php MDVSA-2012:065 (php)
File : nvt/gb_mandriva_MDVSA_2012_065.nasl
2012-08-02 Name : SuSE Update for java-1_6_0-openjdk openSUSE-SU-2012:0309-1 (java-1_6_0-openjdk)
File : nvt/gb_suse_2012_0309_1.nasl
2012-07-30 Name : CentOS Update for php CESA-2012:0093 centos5
File : nvt/gb_CESA-2012_0093_php_centos5.nasl
2012-07-30 Name : CentOS Update for tomcat6 CESA-2012:0475 centos6
File : nvt/gb_CESA-2012_0475_tomcat6_centos6.nasl
2012-07-30 Name : CentOS Update for tomcat5 CESA-2012:0474 centos5
File : nvt/gb_CESA-2012_0474_tomcat5_centos5.nasl
2012-07-30 Name : CentOS Update for java CESA-2012:0135 centos6
File : nvt/gb_CESA-2012_0135_java_centos6.nasl
2012-07-30 Name : CentOS Update for php CESA-2012:0093 centos6
File : nvt/gb_CESA-2012_0093_php_centos6.nasl
2012-07-30 Name : CentOS Update for php CESA-2012:0093 centos4
File : nvt/gb_CESA-2012_0093_php_centos4.nasl
2012-07-30 Name : CentOS Update for php53 CESA-2012:0092 centos5
File : nvt/gb_CESA-2012_0092_php53_centos5.nasl
2012-07-30 Name : CentOS Update for php CESA-2012:0071 centos4
File : nvt/gb_CESA-2012_0071_php_centos4.nasl
2012-07-30 Name : CentOS Update for ruby CESA-2012:0070 centos5
File : nvt/gb_CESA-2012_0070_ruby_centos5.nasl
2012-07-30 Name : CentOS Update for irb CESA-2012:0070 centos4
File : nvt/gb_CESA-2012_0070_irb_centos4.nasl
2012-07-30 Name : CentOS Update for ruby CESA-2012:0069 centos6
File : nvt/gb_CESA-2012_0069_ruby_centos6.nasl
2012-07-30 Name : CentOS Update for php CESA-2012:0033 centos5
File : nvt/gb_CESA-2012_0033_php_centos5.nasl
2012-07-30 Name : CentOS Update for php CESA-2012:0019 centos6
File : nvt/gb_CESA-2012_0019_php_centos6.nasl
2012-07-30 Name : CentOS Update for php53 CESA-2012:0019 centos5
File : nvt/gb_CESA-2012_0019_php53_centos5.nasl
2012-07-09 Name : RedHat Update for ruby RHSA-2012:0069-01
File : nvt/gb_RHSA-2012_0069-01_ruby.nasl
2012-07-09 Name : RedHat Update for java-1.6.0-openjdk RHSA-2012:0135-01
File : nvt/gb_RHSA-2012_0135-01_java-1.6.0-openjdk.nasl
2012-07-09 Name : RedHat Update for tomcat6 RHSA-2012:0475-01
File : nvt/gb_RHSA-2012_0475-01_tomcat6.nasl
2012-06-19 Name : Fedora Update for java-1.6.0-openjdk FEDORA-2012-9545
File : nvt/gb_fedora_2012_9545_java-1.6.0-openjdk_fc16.nasl
2012-06-19 Name : Fedora Update for java-1.7.0-openjdk FEDORA-2012-9593
File : nvt/gb_fedora_2012_9593_java-1.7.0-openjdk_fc16.nasl
2012-06-14 Name : PHP versoin < 5.3.9
File : nvt/nopsec_php_5_3_9.nasl
2012-05-18 Name : Mac OS X Multiple Vulnerabilities (2012-002)
File : nvt/gb_macosx_su12-002.nasl
2012-04-30 Name : Ubuntu Update for jetty USN-1429-1
File : nvt/gb_ubuntu_USN_1429_1.nasl
2012-04-13 Name : RedHat Update for tomcat5 RHSA-2012:0474-01
File : nvt/gb_RHSA-2012_0474-01_tomcat5.nasl
2012-04-09 Name : Java Runtime Environment Multiple Vulnerabilities (MAC OS X)
File : nvt/gb_jre_mult_vuln_macosx.nasl
2012-04-02 Name : Fedora Update for ruby FEDORA-2011-17542
File : nvt/gb_fedora_2011_17542_ruby_fc16.nasl
2012-04-02 Name : Fedora Update for java-1.6.0-openjdk FEDORA-2012-1711
File : nvt/gb_fedora_2012_1711_java-1.6.0-openjdk_fc16.nasl
2012-04-02 Name : Fedora Update for java-1.7.0-openjdk FEDORA-2012-1690
File : nvt/gb_fedora_2012_1690_java-1.7.0-openjdk_fc16.nasl
2012-04-02 Name : Fedora Update for php FEDORA-2012-1262
File : nvt/gb_fedora_2012_1262_php_fc16.nasl
2012-04-02 Name : Fedora Update for maniadrive FEDORA-2012-1262
File : nvt/gb_fedora_2012_1262_maniadrive_fc16.nasl
2012-04-02 Name : Fedora Update for maniadrive FEDORA-2012-0504
File : nvt/gb_fedora_2012_0504_maniadrive_fc16.nasl
2012-04-02 Name : Fedora Update for php FEDORA-2012-0504
File : nvt/gb_fedora_2012_0504_php_fc16.nasl
2012-03-26 Name : Fedora Update for jetty FEDORA-2012-0730
File : nvt/gb_fedora_2012_0730_jetty_fc16.nasl
2012-03-26 Name : Fedora Update for jetty FEDORA-2012-0752
File : nvt/gb_fedora_2012_0752_jetty_fc15.nasl
2012-03-19 Name : Fedora Update for php-eaccelerator FEDORA-2012-0504
File : nvt/gb_fedora_2012_0504_php-eaccelerator_fc16.nasl
2012-03-19 Name : Fedora Update for php-eaccelerator FEDORA-2012-1262
File : nvt/gb_fedora_2012_1262_php-eaccelerator_fc16.nasl
2012-03-19 Name : Fedora Update for rubygem-rack FEDORA-2012-0166
File : nvt/gb_fedora_2012_0166_rubygem-rack_fc16.nasl
2012-03-12 Name : Debian Security Advisory DSA 2420-1 (openjdk-6)
File : nvt/deb_2420_1.nasl
2012-03-12 Name : Gentoo Security Advisory GLSA 201203-05 (rack)
File : nvt/glsa_201203_05.nasl
2012-03-09 Name : Fedora Update for java-1.6.0-openjdk FEDORA-2012-1721
File : nvt/gb_fedora_2012_1721_java-1.6.0-openjdk_fc15.nasl
2012-03-09 Name : Ubuntu Update for openjdk-6 USN-1373-1
File : nvt/gb_ubuntu_USN_1373_1.nasl
2012-03-07 Name : Ubuntu Update for openjdk-6b18 USN-1373-2
File : nvt/gb_ubuntu_USN_1373_2.nasl
2012-03-07 Name : Ubuntu Update for ruby1.8 USN-1377-1
File : nvt/gb_ubuntu_USN_1377_1.nasl
2012-03-07 Name : Mandriva Update for ruby MDVSA-2012:024 (ruby)
File : nvt/gb_mandriva_MDVSA_2012_024.nasl
2012-02-27 Name : RedHat Update for java-1.6.0-openjdk RHSA-2012:0322-01
File : nvt/gb_RHSA-2012_0322-01_java-1.6.0-openjdk.nasl
2012-02-21 Name : Fedora Update for php FEDORA-2012-1301
File : nvt/gb_fedora_2012_1301_php_fc15.nasl
2012-02-21 Name : Mandriva Update for java-1.6.0-openjdk MDVSA-2012:021 (java-1.6.0-openjdk)
File : nvt/gb_mandriva_MDVSA_2012_021.nasl
2012-02-21 Name : Ubuntu Update for tomcat6 USN-1359-1
File : nvt/gb_ubuntu_USN_1359_1.nasl
2012-02-21 Name : Fedora Update for php-eaccelerator FEDORA-2012-1301
File : nvt/gb_fedora_2012_1301_php-eaccelerator_fc15.nasl
2012-02-21 Name : Fedora Update for maniadrive FEDORA-2012-1301
File : nvt/gb_fedora_2012_1301_maniadrive_fc15.nasl
2012-02-21 Name : Ubuntu Update for php5 USN-1358-2
File : nvt/gb_ubuntu_USN_1358_2.nasl
2012-02-13 Name : Ubuntu Update for php5 USN-1358-1
File : nvt/gb_ubuntu_USN_1358_1.nasl
2012-02-12 Name : Debian Security Advisory DSA 2399-2 (php5)
File : nvt/deb_2399_2.nasl
2012-02-12 Name : Debian Security Advisory DSA 2399-1 (php5)
File : nvt/deb_2399_1.nasl
2012-02-12 Name : FreeBSD Ports: jruby
File : nvt/freebsd_jruby.nasl
2012-02-12 Name : FreeBSD Ports: php5
File : nvt/freebsd_php514.nasl
2012-02-12 Name : FreeBSD Ports: php5, php5-exif
File : nvt/freebsd_php515.nasl
2012-02-12 Name : FreeBSD Ports: tomcat
File : nvt/freebsd_tomcat0.nasl
2012-02-12 Name : Debian Security Advisory DSA 2401-1 (tomcat6)
File : nvt/deb_2401_1.nasl
2012-02-03 Name : RedHat Update for php RHSA-2012:0093-01
File : nvt/gb_RHSA-2012_0093-01_php.nasl
2012-02-03 Name : RedHat Update for php53 RHSA-2012:0092-01
File : nvt/gb_RHSA-2012_0092-01_php53.nasl
2012-02-01 Name : RedHat Update for php RHSA-2012:0071-01
File : nvt/gb_RHSA-2012_0071-01_php.nasl
2012-02-01 Name : RedHat Update for ruby RHSA-2012:0070-01
File : nvt/gb_RHSA-2012_0070-01_ruby.nasl
2012-02-01 Name : Fedora Update for maniadrive FEDORA-2012-0420
File : nvt/gb_fedora_2012_0420_maniadrive_fc15.nasl
2012-02-01 Name : Fedora Update for php-eaccelerator FEDORA-2012-0420
File : nvt/gb_fedora_2012_0420_php-eaccelerator_fc15.nasl
2012-02-01 Name : Fedora Update for php FEDORA-2012-0420
File : nvt/gb_fedora_2012_0420_php_fc15.nasl
2012-01-20 Name : Fedora Update for rubygem-rack FEDORA-2012-0233
File : nvt/gb_fedora_2012_0233_rubygem-rack_fc15.nasl
2012-01-20 Name : RedHat Update for php RHSA-2012:0033-01
File : nvt/gb_RHSA-2012_0033-01_php.nasl
2012-01-13 Name : Fedora Update for ruby FEDORA-2011-17551
File : nvt/gb_fedora_2011_17551_ruby_fc15.nasl
2012-01-13 Name : RedHat Update for php53 and php RHSA-2012:0019-01
File : nvt/gb_RHSA-2012_0019-01_php53_and_php.nasl
2012-01-12 Name : Apache Tomcat Hash Collision Denial Of Service Vulnerability
File : nvt/gb_apache_tomcat_hash_collision_dos_vuln_win.nasl
2012-01-05 Name : Oracle GlassFish Server Hash Collision Denial of Service Vulnerability
File : nvt/gb_glassfish_hash_collision_dos_vuln.nasl
2012-01-03 Name : PHP Web Form Hash Collision Denial of Service Vulnerability (Win)
File : nvt/gb_php_web_form_hash_collision_dos_vuln_win.nasl
2012-01-02 Name : Mandriva Update for php MDVSA-2011:197 (php)
File : nvt/gb_mandriva_MDVSA_2011_197.nasl
2011-12-30 Name : Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2638420)
File : nvt/secpod_ms11-100.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
78483 Hitachi Cosminexus Multiple Product Hash Collission Form Parameter Parsing Re...

Multiple Hitachi Cosminexus products contain a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends multiple crafted parameters which trigger hash collisions, and will result in loss of availability for the program via CPU consumption.
78121 Rack Hash Collission Form Parameter Parsing Remote DoS

Rack contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends multiple crafted parameters which trigger hash collisions, and will result in loss of availability for the program via CPU consumption.
78120 Plone Hash Collission Form Parameter Parsing Remote DoS

Plone contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends multiple crafted parameters which trigger hash collisions, and will result in loss of availability for the program via CPU consumption.
78118 Ruby Hash Collission Form Parameter Parsing Remote DoS

Ruby contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends multiple crafted parameters which trigger hash collisions, and will result in loss of availability for the program via CPU consumption.
78117 Jetty Hash Collission Form Parameter Parsing Remote DoS

Jetty contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends multiple crafted parameters which trigger hash collisions, and will result in loss of availability for the program via CPU consumption.
78116 JRuby Hash Collission Form Parameter Parsing Remote DoS

JRuby contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends multiple crafted parameters which trigger hash collisions, and will result in loss of availability for the program via CPU consumption.
78115 PHP Hash Collission Form Parameter Parsing Remote DoS

PHP contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends multiple crafted parameters which trigger hash collisions, and will result in loss of availability for the program via CPU consumption.
78114 Oracle GlassFish Server Hash Collission Form Parameter Parsing Remote DoS

Oracle GlassFish Server contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends multiple crafted parameters which trigger hash collisions, and will result in loss of availability for the program via CPU consumption.
78113 Apache Tomcat Hash Collission Form Parameter Parsing Remote DoS

Apache Tomcat contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends multiple crafted parameters which trigger hash collisions, and will result in loss of availability for the program via CPU consumption.
78112 Apache Geronimo Hash Collission Form Parameter Parsing Remote DoS

Apache Geronimo contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends multiple crafted parameters which trigger hash collisions, and will result in loss of availability for the program via CPU consumption.
78111 Google V8 Hash Collission Form Parameter Parsing Remote DoS

Google V8 contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends multiple crafted parameters which trigger hash collisions, and will result in loss of availability for the program via CPU consumption.
78057 Microsoft .NET Framework ASP.NET Hash Collision Web Form Post Parsing Remote DoS

Information Assurance Vulnerability Management (IAVM)

Date Description
2012-09-13 IAVM : 2012-A-0147 - Multiple Vulnerabilities in VMware vCenter Server 4.1
Severity : Category I - VMSKEY : V0033793
2012-09-13 IAVM : 2012-A-0148 - Multiple Vulnerabilities in VMware ESXi 4.1 and ESX 4.1
Severity : Category I - VMSKEY : V0033794
2012-01-05 IAVM : 2012-A-0001 - Multiple Vulnerabilities in Microsoft .NET Framework
Severity : Category I - VMSKEY : V0030927

Snort® IPS/IDS

Date Description
2014-01-10 generic web server hashing collision attack
RuleID : 20825 - Revision : 11 - Type : SERVER-WEBAPP
2014-01-10 generic web server hashing collision attack
RuleID : 20824 - Revision : 13 - Type : OS-WINDOWS
2014-01-10 generic web server hashing collision attack
RuleID : 20823 - Revision : 4 - Type : DOS

Nessus® Vulnerability Scanner

Date Description
2015-07-02 Name : The remote Debian host is missing a security update.
File : debian_DLA-263.nasl - Type : ACT_GATHER_INFO
2015-04-30 Name : The remote Debian host is missing a security update.
File : debian_DLA-209.nasl - Type : ACT_GATHER_INFO
2015-03-26 Name : The remote Debian host is missing a security update.
File : debian_DLA-88.nasl - Type : ACT_GATHER_INFO
2015-01-26 Name : The remote host has an enterprise management application installed that is af...
File : oracle_enterprise_manager_jan_2015_cpu.nasl - Type : ACT_GATHER_INFO
2015-01-19 Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_ruby_20120417.nasl - Type : ACT_GATHER_INFO
2015-01-19 Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_tomcat_20120405.nasl - Type : ACT_GATHER_INFO
2014-12-15 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201412-27.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0680.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0682.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1455.nasl - Type : ACT_GATHER_INFO
2014-10-10 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL13519.nasl - Type : ACT_GATHER_INFO
2014-10-10 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL13588.nasl - Type : ACT_GATHER_INFO
2014-07-22 Name : The remote Windows host contains a programming platform that is affected by m...
File : oracle_jrockit_cpu_apr_2012.nasl - Type : ACT_GATHER_INFO
2014-06-30 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201406-32.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-107.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-128.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-129.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-136.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-182.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_tomcat6-120109.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_java-1_6_0-openjdk-120222.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_jetty5-120215.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_ruby-120117.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_tomcat6-120109.nasl - Type : ACT_GATHER_INFO
2014-01-27 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201401-30.nasl - Type : ACT_GATHER_INFO
2013-10-22 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2783.nasl - Type : ACT_GATHER_INFO
2013-09-04 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2012-35.nasl - Type : ACT_GATHER_INFO
2013-09-04 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2012-37.nasl - Type : ACT_GATHER_INFO
2013-09-04 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2012-41.nasl - Type : ACT_GATHER_INFO
2013-09-04 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2012-43.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0019.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0033.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0069.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0070.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0071.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0092.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0093.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0135.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0322.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0474.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0475.nasl - Type : ACT_GATHER_INFO
2013-06-29 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0071.nasl - Type : ACT_GATHER_INFO
2013-06-05 Name : The remote host has a virtualization management application installed that is...
File : vmware_vcenter_vmsa-2012-0013.nasl - Type : ACT_GATHER_INFO
2013-02-22 Name : The remote Unix host contains a programming platform that is affected by mult...
File : oracle_java_cpu_feb_2012_unix.nasl - Type : ACT_GATHER_INFO
2013-01-25 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_6_0-ibm-120427.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0074.nasl - Type : ACT_GATHER_INFO
2012-09-24 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201209-03.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120111_php53_and_php_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120118_php_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120130_php_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120130_ruby_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120130_ruby_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120202_php53_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120202_php_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120214_java_1_6_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120216_java_1_6_0_sun_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120221_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120411_tomcat5_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120411_tomcat6_on_SL6.nasl - Type : ACT_GATHER_INFO
2012-07-17 Name : The remote device has a denial of service vulnerability.
File : juniper_psn-2012-07-650.nasl - Type : ACT_GATHER_INFO
2012-07-10 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201207-06.nasl - Type : ACT_GATHER_INFO
2012-07-05 Name : The remote web server is affected by multiple vulnerabilities.
File : hpsmh_7_1_1_1.nasl - Type : ACT_GATHER_INFO
2012-06-25 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201206-24.nasl - Type : ACT_GATHER_INFO
2012-05-31 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2012-085.nasl - Type : ACT_GATHER_INFO
2012-05-10 Name : The remote host is missing a Mac OS X update that fixes several security issues.
File : macosx_10_7_4.nasl - Type : ACT_GATHER_INFO
2012-05-10 Name : The remote host is missing a Mac OS X update that fixes multiple security vul...
File : macosx_SecUpd2012-002.nasl - Type : ACT_GATHER_INFO
2012-04-27 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2012-065.nasl - Type : ACT_GATHER_INFO
2012-04-27 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1429-1.nasl - Type : ACT_GATHER_INFO
2012-04-25 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0514.nasl - Type : ACT_GATHER_INFO
2012-04-16 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0475.nasl - Type : ACT_GATHER_INFO
2012-04-13 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_apache2-mod_php5-120309.nasl - Type : ACT_GATHER_INFO
2012-04-12 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0474.nasl - Type : ACT_GATHER_INFO
2012-04-12 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0474.nasl - Type : ACT_GATHER_INFO
2012-04-12 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0475.nasl - Type : ACT_GATHER_INFO
2012-04-05 Name : The remote host has a version of Java that is affected by multiple vulnerabil...
File : macosx_java_10_6_update7.nasl - Type : ACT_GATHER_INFO
2012-04-05 Name : The remote host has a version of Java that is affected by multiple vulnerabil...
File : macosx_java_10_7_2012-001.nasl - Type : ACT_GATHER_INFO
2012-03-26 Name : The remote Fedora host is missing a security update.
File : fedora_2012-0730.nasl - Type : ACT_GATHER_INFO
2012-03-26 Name : The remote Fedora host is missing a security update.
File : fedora_2012-0752.nasl - Type : ACT_GATHER_INFO
2012-03-26 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_apache2-mod_php5-8009.nasl - Type : ACT_GATHER_INFO
2012-03-19 Name : A web-based application running on the remote Windows host is affected by a d...
File : coldfusion_win_apsb12-06.nasl - Type : ACT_GATHER_INFO
2012-03-16 Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2012-0005.nasl - Type : ACT_GATHER_INFO
2012-03-06 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201203-05.nasl - Type : ACT_GATHER_INFO
2012-03-01 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1373-2.nasl - Type : ACT_GATHER_INFO
2012-02-29 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2420.nasl - Type : ACT_GATHER_INFO
2012-02-29 Name : The remote Fedora host is missing a security update.
File : fedora_2012-2595.nasl - Type : ACT_GATHER_INFO
2012-02-29 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2012-024.nasl - Type : ACT_GATHER_INFO
2012-02-28 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_6_0-openjdk-120220.nasl - Type : ACT_GATHER_INFO
2012-02-28 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1377-1.nasl - Type : ACT_GATHER_INFO
2012-02-27 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1373-1.nasl - Type : ACT_GATHER_INFO
2012-02-22 Name : The remote Fedora host is missing a security update.
File : fedora_2012-1721.nasl - Type : ACT_GATHER_INFO
2012-02-22 Name : The remote web server is affected by a denial of service vulnerability.
File : glassfish_cve-2011-5035.nasl - Type : ACT_GATHER_INFO
2012-02-22 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0322.nasl - Type : ACT_GATHER_INFO
2012-02-20 Name : The remote Fedora host is missing a security update.
File : fedora_2012-1711.nasl - Type : ACT_GATHER_INFO
2012-02-20 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2012-021.nasl - Type : ACT_GATHER_INFO
2012-02-20 Name : The remote web server uses a version of PHP that is affected by a code execut...
File : php_5_3_9_ace.nasl - Type : ACT_ATTACK
2012-02-17 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0139.nasl - Type : ACT_GATHER_INFO
2012-02-16 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0135.nasl - Type : ACT_GATHER_INFO
2012-02-16 Name : The remote Fedora host is missing a security update.
File : fedora_2012-1690.nasl - Type : ACT_GATHER_INFO
2012-02-15 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2012-1301.nasl - Type : ACT_GATHER_INFO
2012-02-15 Name : The remote Windows host contains a programming platform that is affected by m...
File : oracle_java_cpu_feb_2012.nasl - Type : ACT_GATHER_INFO
2012-02-15 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0135.nasl - Type : ACT_GATHER_INFO
2012-02-14 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1358-2.nasl - Type : ACT_GATHER_INFO
2012-02-14 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1359-1.nasl - Type : ACT_GATHER_INFO
2012-02-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1358-1.nasl - Type : ACT_GATHER_INFO
2012-02-09 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2012-1262.nasl - Type : ACT_GATHER_INFO
2012-02-06 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_ruby-187p357-120126.nasl - Type : ACT_GATHER_INFO
2012-02-06 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_ruby-187p357-120127.nasl - Type : ACT_GATHER_INFO
2012-02-06 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_tomcat5-7933.nasl - Type : ACT_GATHER_INFO
2012-02-03 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0092.nasl - Type : ACT_GATHER_INFO
2012-02-03 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0093.nasl - Type : ACT_GATHER_INFO
2012-02-03 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2401.nasl - Type : ACT_GATHER_INFO
2012-02-03 Name : The remote web server uses a version of PHP that is affected by a code execut...
File : php_5_3_10.nasl - Type : ACT_GATHER_INFO
2012-02-03 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0092.nasl - Type : ACT_GATHER_INFO
2012-02-03 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0093.nasl - Type : ACT_GATHER_INFO
2012-02-01 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2399.nasl - Type : ACT_GATHER_INFO
2012-01-31 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0069.nasl - Type : ACT_GATHER_INFO
2012-01-31 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0070.nasl - Type : ACT_GATHER_INFO
2012-01-31 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0069.nasl - Type : ACT_GATHER_INFO
2012-01-31 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0070.nasl - Type : ACT_GATHER_INFO
2012-01-31 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0071.nasl - Type : ACT_GATHER_INFO
2012-01-27 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2012-0420.nasl - Type : ACT_GATHER_INFO
2012-01-24 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0033.nasl - Type : ACT_GATHER_INFO
2012-01-20 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2012-0504.nasl - Type : ACT_GATHER_INFO
2012-01-19 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0033.nasl - Type : ACT_GATHER_INFO
2012-01-17 Name : The remote Fedora host is missing a security update.
File : fedora_2012-0166.nasl - Type : ACT_GATHER_INFO
2012-01-17 Name : The remote Fedora host is missing a security update.
File : fedora_2012-0233.nasl - Type : ACT_GATHER_INFO
2012-01-16 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_91be81e73fea11e1afc72c4138874f7d.nasl - Type : ACT_GATHER_INFO
2012-01-13 Name : The remote web server uses a version of PHP that is affected by multiple flaws.
File : php_5_3_9.nasl - Type : ACT_GATHER_INFO
2012-01-13 Name : The remote web server is affected by a denial of service vulnerability
File : tomcat_5_5_35.nasl - Type : ACT_GATHER_INFO
2012-01-13 Name : The remote web server is affected by a denial of service vulnerability.
File : tomcat_7_0_23.nasl - Type : ACT_GATHER_INFO
2012-01-12 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0019.nasl - Type : ACT_GATHER_INFO
2012-01-12 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_d39218103c8011e197e800215c6a37bb.nasl - Type : ACT_GATHER_INFO
2012-01-12 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0019.nasl - Type : ACT_GATHER_INFO
2012-01-11 Name : The remote Fedora host is missing a security update.
File : fedora_2011-17542.nasl - Type : ACT_GATHER_INFO
2012-01-11 Name : The remote Fedora host is missing a security update.
File : fedora_2011-17551.nasl - Type : ACT_GATHER_INFO
2012-01-03 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-197.nasl - Type : ACT_GATHER_INFO
2011-12-29 Name : The version of ASP.NET Framework installed on the remote host is affected by ...
File : smb_nt_ms11-100.nasl - Type : ACT_GATHER_INFO
2011-12-12 Name : The remote web server is affected by multiple vulnerabilities.
File : tomcat_6_0_35.nasl - Type : ACT_GATHER_INFO
2009-01-19 Name : The remote host is missing Sun Security Patch number 128640-30
File : solaris10_128640.nasl - Type : ACT_GATHER_INFO
2009-01-19 Name : The remote host is missing Sun Security Patch number 128641-30
File : solaris10_x86_128641.nasl - Type : ACT_GATHER_INFO
2009-01-19 Name : The remote host is missing Sun Security Patch number 128640-30
File : solaris9_128640.nasl - Type : ACT_GATHER_INFO
2009-01-19 Name : The remote host is missing Sun Security Patch number 128641-30
File : solaris9_x86_128641.nasl - Type : ACT_GATHER_INFO
2007-10-18 Name : The remote host is missing Sun Security Patch number 124672-20
File : solaris8_124672.nasl - Type : ACT_GATHER_INFO
2007-10-17 Name : The remote host is missing Sun Security Patch number 124672-20
File : solaris10_124672.nasl - Type : ACT_GATHER_INFO
2007-10-17 Name : The remote host is missing Sun Security Patch number 124673-20
File : solaris10_x86_124673.nasl - Type : ACT_GATHER_INFO
2007-10-17 Name : The remote host is missing Sun Security Patch number 124672-20
File : solaris9_124672.nasl - Type : ACT_GATHER_INFO
2007-10-17 Name : The remote host is missing Sun Security Patch number 124673-20
File : solaris9_x86_124673.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2014-02-17 12:08:16
  • Multiple Updates
2012-11-28 17:20:39
  • Multiple Updates