ID

VAR-200808-0011


CVE

CVE-2008-2370


TITLE

Multiple PHP XML-RPC implementations vulnerable to code injection

Trust: 0.8

sources: CERT/CC: VU#442845

DESCRIPTION

Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter. A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system. Apache Tomcat is prone to a remote information-disclosure vulnerability. Remote attackers can exploit this issue to obtain the contents of sensitive files stored on the server. Information obtained may lead to further attacks. The following versions are affected: Tomcat 4.1.0 through 4.1.37 Tomcat 5.5.0 through 5.5.26 Tomcat 6.0.0 through 6.0.16 Tomcat 3.x, 4.0.x, and 5.0.x may also be affected. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2008-2370: Apache Tomcat information disclosure vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Tomcat 4.1.0 to 4.1.37 Tomcat 5.5.0 to 5.5.26 Tomcat 6.0.0 to 6.0.16 The unsupported Tomcat 3.x, 4.0.x and 5.0.x versions may be also affected Description: When using a RequestDispatcher the target path was normalised before the query string was removed. A request that included a specially crafted request parameter could be used to access content that would otherwise be protected by a security constraint or by locating it in under the WEB-INF directory. Mitigation: 6.0.x users should upgrade to 6.0.18 5.5.x users should obtain the latest source from svn or apply this patch which will be included from 5.5.27 http://svn.apache.org/viewvc?rev=680949&view=rev 4.1.x users should obtain the latest source from svn or apply this patch which will be included from 4.1.38 http://svn.apache.org/viewvc?rev=680950&view=rev Example: For a page that contains: <% pageContext.forward("/page2.jsp?somepar=someval&par="+request.getParameter("blah")); %> an attacker can use: http://host/page.jsp?blah=/../WEB-INF/web.xml Credit: This issue was discovered by Stefano Di Paola of Minded Security Research Labs. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01650939 Version: 1 HPSBUX02401 SSRT090005 rev.1 - HP-UX Running Apache Web Server Suite, Remote Denial of Service (DoS), Cross-site Scripting (XSS), Execution of Arbitrary Code, Cross-Site Request Forgery (CSRF) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2009-02-02 Last Updated: 2009-02-02 Potential Security Impact: Remote Denial of Service (DoS), cross-site scripting (XSS), execution of arbitrary code, cross-site request forgery (CSRF) Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX running Apache-based Web Server or Tomcat-based Servelet Engine. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS), cross-site scripting (XSS), execution of arbitrary code, or cross-site request forgery (CSRF). Apache-based Web Server and Tomcat-based Servelet Engine are contained in the Apache Web Server Suite. References: CVE-2007-6420, CVE-2008-1232, CVE-2008-1947, CVE-2008-2364, CVE-2008-2370, CVE-2008-2938, CVE-2008-2939, CVE-2008-3658 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.23 and B.11.31 running Apache-based Web Server v2.2.8.01.01 or earlier or Tomcat-based Servelet Engine v5.5.27.01.01 or earlier HP-UX B.11.11 running Apache-based Web Server v2.2.8.01.01 or earlier BACKGROUND CVSS 2.0 Base Metrics =============================================== Reference Base Vector Base Score CVE-2007-6420 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-1232 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-1947 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-2364 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 5.0 CVE-2008-2370 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 5.0 CVE-2008-2938 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-2939 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-3658 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 7.5 =============================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002. RESOLUTION HP has provided the following upgrades to resolve these vulnerabilities. The upgrades are available from the following location: URL: http://software.hp.com Note: HP-UX Web Server Suite v.3.02 contains HP-UX Apache-based Web Server v.2.2.8.01.02 and HP-UX Tomcat-based Servlet Engine 5.5.27.01.01 HP-UX Release - B.11.23 and B.11.31 PA-32 Apache Depot name - HPUXWSATW-B302-32.depot HP-UX Release - B.11.23 and B.11.31 IA-64 Apache Depot name - HPUXWSATW-B302-64.depot HP-UX Release - B.11.11 PA-32 Apache Depot name - HPUXWSATW-B222-1111.depot MANUAL ACTIONS: Yes - Update Install Apache-based Web Server or Tomcat-based Servelet Engine from the Apache Web Server Suite v3.02 or subsequent PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS HP-UX B.11.11 ================== hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY hpuxwsTOMCAT.TOMCAT hpuxwsWEBMIN.WEBMIN action: install revision B.2.2.8.01.02 or subsequent URL: http://software.hp.com HP-UX B.11.23 ================== hpuxws22APCH32.APACHE hpuxws22APCH32.APACHE2 hpuxws22APCH32.AUTH_LDAP hpuxws22APCH32.AUTH_LDAP2 hpuxws22APCH32.MOD_JK hpuxws22APCH32.MOD_JK2 hpuxws22APCH32.MOD_PERL hpuxws22APCH32.MOD_PERL2 hpuxws22APCH32.PHP hpuxws22APCH32.PHP2 hpuxws22APCH32.WEBPROXY hpuxws22APCH32.WEBPROXY2 hpuxws22TOMCAT.TOMCAT hpuxws22WEBMIN.WEBMIN action: install revision B.2.2.8.01.02 or subsequent URL: http://software.hp.com HP-UX B.11.31 ================== hpuxws22APACHE.APACHE hpuxws22APACHE.APACHE2 hpuxws22APACHE.AUTH_LDAP hpuxws22APACHE.AUTH_LDAP2 hpuxws22APACHE.MOD_JK hpuxws22APACHE.MOD_JK2 hpuxws22APACHE.MOD_PERL hpuxws22APACHE.MOD_PERL2 hpuxws22APACHE.PHP hpuxws22APACHE.PHP2 hpuxws22APACHE.WEBPROXY hpuxws22APACHE.WEBPROXY2 hpuxws22TOMCAT.TOMCAT hpuxws22WEBMIN.WEBMIN action: install revision B.2.2.8.01.02 or subsequent URL: http://software.hp.com END AFFECTED VERSIONS HISTORY Version:1 (rev.1) 2 February 2009 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." \xa9Copyright 2009 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ----------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2009-0016 Synopsis: VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components Issue date: 2009-11-20 Updated on: 2009-11-20 (initial release of advisory) CVE numbers: --- JRE --- CVE-2009-1093 CVE-2009-1094 CVE-2009-1095 CVE-2009-1096 CVE-2009-1097 CVE-2009-1098 CVE-2009-1099 CVE-2009-1100 CVE-2009-1101 CVE-2009-1102 CVE-2009-1103 CVE-2009-1104 CVE-2009-1105 CVE-2009-1106 CVE-2009-1107 CVE-2009-2625 CVE-2009-2670 CVE-2009-2671 CVE-2009-2672 CVE-2009-2673 CVE-2009-2675 CVE-2009-2676 CVE-2009-2716 CVE-2009-2718 CVE-2009-2719 CVE-2009-2720 CVE-2009-2721 CVE-2009-2722 CVE-2009-2723 CVE-2009-2724 --- Tomcat --- CVE-2008-5515 CVE-2009-0033 CVE-2009-0580 CVE-2009-0781 CVE-2009-0783 CVE-2008-1232 CVE-2008-1947 CVE-2008-2370 CVE-2007-5333 CVE-2007-5342 CVE-2007-5461 CVE-2007-6286 CVE-2008-0002 --- ntp --- CVE-2009-1252 CVE-2009-0159 --- kernel --- CVE-2008-3528 CVE-2008-5700 CVE-2009-0028 CVE-2009-0269 CVE-2009-0322 CVE-2009-0675 CVE-2009-0676 CVE-2009-0778 CVE-2008-4307 CVE-2009-0834 CVE-2009-1337 CVE-2009-0787 CVE-2009-1336 CVE-2009-1439 CVE-2009-1633 CVE-2009-1072 CVE-2009-1630 CVE-2009-1192 CVE-2007-5966 CVE-2009-1385 CVE-2009-1388 CVE-2009-1389 CVE-2009-1895 CVE-2009-2406 CVE-2009-2407 CVE-2009-2692 CVE-2009-2698 CVE-2009-0745 CVE-2009-0746 CVE-2009-0747 CVE-2009-0748 CVE-2009-2847 CVE-2009-2848 --- python --- CVE-2007-2052 CVE-2007-4965 CVE-2008-1721 CVE-2008-1887 CVE-2008-2315 CVE-2008-3142 CVE-2008-3143 CVE-2008-3144 CVE-2008-4864 CVE-2008-5031 --- bind --- CVE-2009-0696 --- libxml and libxml2 --- CVE-2009-2414 CVE-2009-2416 --- curl -- CVE-2009-2417 --- gnutil --- CVE-2007-2052 - ----------------------------------------------------------------------- 1. Summary Updated Java JRE packages and Tomcat packages address several security issues. Updates for the ESX Service Console and vMA include kernel, ntp, Python, bind libxml, libxml2, curl and gnutil packages. ntp is also updated for ESXi userworlds. 2. Relevant releases vCenter Server 4.0 before Update 1 ESXi 4.0 without patch ESXi400-200911201-UG ESX 4.0 without patches ESX400-200911201-UG, ESX400-200911223-UG, ESX400-200911232-SG, ESX400-200911233-SG, ESX400-200911234-SG, ESX400-200911235-SG, ESX400-200911237-SG, ESX400-200911238-SG vMA 4.0 before patch 02 3. Problem Description a. JRE Security Update JRE update to version 1.5.0_20, which addresses multiple security issues that existed in earlier releases of JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_20: CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676, CVE-2009-2716, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720, CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter 4.0 Windows Update 1 VirtualCenter 2.5 Windows affected, patch pending VirtualCenter 2.0.2 Windows affected, patch pending Workstation any any not affected Player any any not affected Server 2.0 any affected, patch pending Server 1.0 any not affected ACE any any not affected Fusion any any not affected ESXi any ESXi not affected ESX 4.0 ESX ESX400-200911223-UG ESX 3.5 ESX affected, patch pending ESX 3.0.3 ESX affected, patch pending ESX 2.5.5 ESX not affected vMA 4.0 RHEL5 Patch 2 * * vMA JRE is updated to version JRE 1.5.0_21 Notes: These vulnerabilities can be exploited remotely only if the attacker has access to the Service Console network. Security best practices provided by VMware recommend that the Service Console be isolated from the VM network. Please see http://www.vmware.com/resources/techresources/726 for more information on VMware security best practices. The currently installed version of JRE depends on your patch deployment history. b. Update Apache Tomcat version to 6.0.20 Update for VirtualCenter and ESX patch update the Tomcat package to version 6.0.20 which addresses multiple security issues that existed in the previous version of Apache Tomcat. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.20: CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.18: CVE-2008-1232, CVE-2008-1947, CVE-2008-2370. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.16: CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-6286, CVE-2008-0002. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ======== ======== ======= ======================= vCenter 4.0 Windows Update 1 VirtualCenter 2.5 Windows affected, patch pending VirtualCenter 2.0.2 Windows affected, patch pending Workstation any any not affected Player any any not affected ACE any Windows not affected Server 2.x any affected, patch pending Server 1.x any not affected Fusion any Mac OS/X not affected ESXi any ESXi not affected ESX 4.0 ESX ESX400-200911223-UG ESX 3.5 ESX affected, patch pending ESX 3.0.3 ESX affected, patch pending ESX 2.5.5 ESX not affected vMA 4.0 RHEL5 not affected Notes: These vulnerabilities can be exploited remotely only if the attacker has access to the Service Console network. Security best practices provided by VMware recommend that the Service Console be isolated from the VM network. Please see http://www.vmware.com/resources/techresources/726 for more information on VMware security best practices. The currently installed version of Tomcat depends on your patch deployment history. c. Third party library update for ntp. The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source. ESXi 3.5 and ESXi 4.0 have a ntp client that is affected by the following security issue. Note that the same security issue is present in the ESX Service Console as described in section d. of this advisory. A buffer overflow flaw was discovered in the ntpd daemon's NTPv4 authentication code. If ntpd was configured to use public key cryptography for NTP packet authentication, a remote attacker could use this flaw to send a specially-crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the "ntp" user. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-1252 to this issue. The NTP security issue identified by CVE-2009-0159 is not relevant for ESXi 3.5 and ESXi 4.0. The following table lists what action remediates the vulnerability in this component (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi 4.0 ESXi ESXi400-200911201-UG ESXi 3.5 ESXi affected, patch pending ESX 4.0 ESX not affected ESX 3.5 ESX not affected ESX 3.0.3 ESX not affected ESX 2.5.5 ESX not affected vMA 4.0 RHEL5 not affected * hosted products are VMware Workstation, Player, ACE, Server, Fusion. d. Service Console update for ntp Service Console package ntp updated to version ntp-4.2.2pl-9.el5_3.2 The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source. The Service Console present in ESX is affected by the following security issues. A buffer overflow flaw was discovered in the ntpd daemon's NTPv4 authentication code. If ntpd was configured to use public key cryptography for NTP packet authentication, a remote attacker could use this flaw to send a specially-crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the "ntp" user. NTP authentication is not enabled by default on the Service Console. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-1252 to this issue. A buffer overflow flaw was found in the ntpq diagnostic command. A malicious, remote server could send a specially-crafted reply to an ntpq request that could crash ntpq or, potentially, execute arbitrary code with the privileges of the user running the ntpq command. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-0159 to this issue. The following table lists what action remediates the vulnerability in the Service Console (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.0 ESX ESX400-200911238-SG ESX 3.5 ESX affected, patch pending ** ESX 3.0.3 ESX affected, patch pending ** ESX 2.5.5 ESX affected, patch pending ** vMA 4.0 RHEL5 Patch 2 * hosted products are VMware Workstation, Player, ACE, Server, Fusion. ** The service consoles of ESX 2.5.5, ESX 3.0.3 and ESX 3.5 are not affected by CVE-2009-1252. The security issue identified by CVE-2009-0159 has a low impact on the service console of ESX 2.5.5, ESX 3.0.3 and ESX 3.5. e. Updated Service Console package kernel Updated Service Console package kernel addresses the security issues below. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-3528, CVE-2008-5700, CVE-2009-0028, CVE-2009-0269, CVE-2009-0322, CVE-2009-0675, CVE-2009-0676, CVE-2009-0778 to the security issues fixed in kernel 2.6.18-128.1.6. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-4307, CVE-2009-0834, CVE-2009-1337, CVE-2009-0787, CVE-2009-1336 to the security issues fixed in kernel 2.6.18-128.1.10. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-1439, CVE-2009-1633, CVE-2009-1072, CVE-2009-1630, CVE-2009-1192 to the security issues fixed in kernel 2.6.18-128.1.14. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-5966, CVE-2009-1385, CVE-2009-1388, CVE-2009-1389, CVE-2009-1895, CVE-2009-2406, CVE-2009-2407 to the security issues fixed in kernel 2.6.18-128.4.1. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-2692, CVE-2009-2698 to the security issues fixed in kernel 2.6.18-128.7.1. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-0745, CVE-2009-0746, CVE-2009-0747, CVE-2009-0748, CVE-2009-2847, CVE-2009-2848 to the security issues fixed in kernel 2.6.18-164. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not applicable hosted * any any not applicable ESXi any ESXi not applicable ESX 4.0 ESX ESX400-200911201-UG ESX 3.5 ESX not applicable ESX 3.0.3 ESX not applicable ESX 2.5.5 ESX not applicable vMA 4.0 RHEL5 Patch 2 ** * hosted products are VMware Workstation, Player, ACE, Server, Fusion. ** vMA is updated to kernel version 2.6.18-164. f. Updated Service Console package python Service Console package Python update to version 2.4.3-24.el5. When the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter's privileges. Multiple buffer and integer overflow flaws were found in the Python Unicode string processing and in the Python Unicode and string object implementations. An attacker could use these flaws to cause a denial of service. Multiple integer overflow flaws were found in the Python imageop module. If a Python application used the imageop module to process untrusted images, it could cause the application to disclose sensitive information, crash or, potentially, execute arbitrary code with the Python interpreter's privileges. Multiple integer underflow and overflow flaws were found in the Python snprintf() wrapper implementation. An attacker could use these flaws to cause a denial of service (memory corruption). Multiple integer overflow flaws were found in various Python modules. An attacker could use these flaws to cause a denial of service. An integer signedness error, leading to a buffer overflow, was found in the Python zlib extension module. If a Python application requested the negative byte count be flushed for a decompression stream, it could cause the application to crash or, potentially, execute arbitrary code with the Python interpreter's privileges. A flaw was discovered in the strxfrm() function of the Python locale module. Strings generated by this function were not properly NULL-terminated, which could possibly cause disclosure of data stored in the memory of a Python application using this function. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-2052 CVE-2007-4965 CVE-2008-1721 CVE-2008-1887 CVE-2008-2315 CVE-2008-3142 CVE-2008-3143 CVE-2008-3144 CVE-2008-4864 CVE-2008-5031 to these issues. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not applicable hosted * any any not applicable ESXi any ESXi not applicable ESX 4.0 ESX ESX400-200911235-SG ESX 3.5 ESX affected, patch pending ESX 3.0.3 ESX affected, patch pending ESX 2.5.5 ESX affected, patch pending vMA 4.0 RHEL5 Patch 2 * hosted products are VMware Workstation, Player, ACE, Server, Fusion. g. Updated Service Console package bind Service Console package bind updated to version 9.3.6-4.P1.el5 The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handles dynamic update message packets containing the "ANY" record type. A remote attacker could use this flaw to send a specially-crafted dynamic update packet that could cause named to exit with an assertion failure. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-0696 to this issue. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not applicable hosted * any any not applicable ESXi any ESXi not applicable ESX 4.0 ESX ESX400-200911237-SG ESX 3.5 ESX affected, patch pending ESX 3.0.3 ESX affected, patch pending ESX 2.5.5 ESX affected, patch pending vMA 4.0 RHEL5 Patch 2 * hosted products are VMware Workstation, Player, ACE, Server, Fusion. h. Updated Service Console package libxml2 Service Console package libxml2 updated to version 2.6.26-2.1.2.8. libxml is a library for parsing and manipulating XML files. A Document Type Definition (DTD) defines the legal syntax (and also which elements can be used) for certain types of files, such as XML files. A stack overflow flaw was found in the way libxml processes the root XML document element definition in a DTD. A remote attacker could provide a specially-crafted XML file, which once opened by a local, unsuspecting user, would lead to denial of service. Multiple use-after-free flaws were found in the way libxml parses the Notation and Enumeration attribute types. A remote attacker could provide a specially-crafted XML file, which once opened by a local, unsuspecting user, would lead to denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-2414 and CVE-2009-2416 to these issues. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not applicable hosted * any any not applicable ESXi any ESXi not applicable ESX 4.0 ESX ESX400-200911234-SG ESX 3.5 ESX affected, patch pending ESX 3.0.3 ESX affected, patch pending ESX 2.5.5 ESX affected, patch pending vMA 4.0 RHEL5 Patch 2 * hosted products are VMware Workstation, Player, ACE, Server, Fusion. i. Updated Service Console package curl Service Console package curl updated to version 7.15.5-2.1.el5_3.5 A cURL is affected by the previously published "null prefix attack", caused by incorrect handling of NULL characters in X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a trusted Certificate Authority, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse cURL into accepting it by mistake. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-2417 to this issue The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not applicable hosted * any any not applicable ESXi any ESXi not applicable ESX 4.0 ESX ESX400-200911232-SG ESX 3.5 ESX not affected ESX 3.0.3 ESX not affected ESX 2.5.5 ESX not affected vMA 4.0 RHEL5 Patch 2 * hosted products are VMware Workstation, Player, ACE, Server, Fusion. j. Updated Service Console package gnutls Service Console package gnutil updated to version 1.4.1-3.el5_3.5 A flaw was discovered in the way GnuTLS handles NULL characters in certain fields of X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a Certificate Authority trusted by an application using GnuTLS, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse the application into accepting it by mistake. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-2730 to this issue The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not applicable hosted * any any not applicable ESXi any ESXi not applicable ESX 4.0 ESX ESX400-200911233-SG ESX 3.5 ESX not affected ESX 3.0.3 ESX not affected ESX 2.5.5 ESX not affected vMA 4.0 RHEL5 Patch 2 * hosted products are VMware Workstation, Player, ACE, Server, Fusion. 4. Solution Please review the patch/release notes for your product and version and verify the md5sum of your downloaded file. VMware vCenter Server 4 Update 1 -------------------------------- Version 4.0 Update 1 Build Number 208156 Release Date 2009/11/19 Type Product Binaries http://downloads.vmware.com/download/download.do?downloadGroup=VC40U1 VMware vCenter Server 4 and modules File size: 1.8 GB File type: .iso MD5SUM: 057d55b32eb27fe5f3e01bc8d3df3bc5 SHA1SUM: c90134418c2e4d3d6637d8bee44261300ad95ec1 VMware vCenter Server 4 and modules File size: 1.5 GB File type: .zip MD5SUM: f843d9c19795eb3bc5a77f5c545468a8 SHA1SUM: 9a7abd8e70bd983151e2ee40e1b3931525c4480c VMware vSphere Client and Host Update Utility File size: 113.8 MB File type: .exe MD5SUM: 6cc6b2c958e7e9529c284e48dfae22a9 SHA1SUM: f4c19c63a75d93cffc57b170066358160788c959 VMware vCenter Converter BootCD File size: 98.8 MB File type: .zip MD5SUM: 3df94eb0e93de76b0389132ada2a3799 SHA1SUM: 5d7c04e4f9f8ae25adc8de5963fefd8a4c92464c VMware vCenter Converter CLI (Linux) File size: 36.9 MB File type: .tar.gz MD5SUM: 3766097563936ba5e03e87e898f6bd48 SHA1SUM: 36d485bdb5eb279296ce8c8523df04bfb12a2cb4 ESXi 4.0 Update 1 ----------------- ESXi400-200911201-UG https://hostupdate.vmware.com/software/VUM/OFFLINE/release-155-20091116-013169/ESXi-4.0.0-update01.zip md5sum:c6fdd6722d9e5cacb280bdcc2cca0627 sha1sum:de9d4875f86b6493f9da991a8cff37784215db2e http://kb.vmware.com/kb/1014886 NOTE: The three ESXi patches for Firmware, VMware Tools, and the VI Client "C" are contained in a single download file. ESX 4.0 Update 1 ---------------- https://hostupdate.vmware.com/software/VUM/OFFLINE/release-158-20091118-187517/ESX-4.0.0-update01.zip md5sum: 68934321105c34dcda4cbeeab36a2b8f sha1sum: 0d8ae58cf9143d5c7113af9692dea11ed2dd864b http://kb.vmware.com/kb/1014842 To install an individual bulletin use esxupdate with the -b option. esxupdate --bundle=ESX-4.0.0-update01.zip -b ESX400-200911223-UG -b ESX400-200911238-SG -b ESX400-200911201-UG -b ESX400-200911235-SG -b ESX400-200911237-SG -b ESX400-200911234-SG -b ESX400-200911232-SG -b ESX400-200911233-SG update 5. References CVE numbers --- JRE --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1093 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1094 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1095 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1096 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1097 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1098 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1099 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1100 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1101 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1102 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1103 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1104 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1105 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1106 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1107 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2625 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2670 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2671 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2672 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2673 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2675 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2676 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2716 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2718 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2719 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2720 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2721 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2722 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2723 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2724 --- Tomcat --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5515 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0033 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0580 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0781 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0783 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6286 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0002 --- ntp --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1252 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0159 --- kernel --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3528 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5700 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0028 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0269 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0322 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0675 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0676 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0778 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4307 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0834 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1337 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0787 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1336 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1439 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1633 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1072 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1630 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1192 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5966 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1385 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1388 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1895 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2406 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2407 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2692 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2698 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0745 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0746 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0747 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0748 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2847 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2848 --- python --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2052 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4965 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1721 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1887 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2315 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3142 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3143 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3144 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4864 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5031 --- bind --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0696 --- libxml and libxml2 --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2414 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2416 --- curl -- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2417 --- gnutil --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2052 - ------------------------------------------------------------------------ 6. Change log 2009-11-20 VMSA-2009-0016 Initial security advisory after release of vCenter 4.0 Update 1 and ESX 4.0 Update 1 on 2009-11-19 and release of vMA Patch 2 on 2009-11-23. - ----------------------------------------------------------------------- 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com * bugtraq at securityfocus.com * full-disclosure at lists.grok.org.uk E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Center http://www.vmware.com/security VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/lifecycle/ Copyright 2009 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksHAooACgkQS2KysvBH1xmQMACfTEcnuPanvucXPmgJCTT054o+ dtoAniXz+9xLskrkPr3oUzAcDeV729WG =wSRz -----END PGP SIGNATURE----- . Affected Products ================= The WiKID Strong Authentication Server - Enterprise Edition The WiKID Strong Authentication Server - Community Edition References ========== http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6286 Mitigation ========== Commercial users may download the most recent RPMs from the website: http://www.wikidsystems.com/downloads/ Users of the open source community version may download packages from Sourceforge: https://sourceforge.net/project/showfiles.php?group_id=144774 - -- Nick Owen WiKID Systems, Inc. 404-962-8983 (desk) http://www.wikidsystems.com Two-factor authentication, without the hassle factor. References Tomcat release notes tomcat.apache.org/security-5.html CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370 - - ------------------------------------------------------------------------ 6. A cross-site scripting vulnerability was found in the HttpServletResponse.sendError() method which could allow a remote attacker to inject arbitrary web script or HTML via forged HTTP headers (CVE-2008-1232). A cross-site scripting vulnerability was found in the host manager application that could allow a remote attacker to inject arbitrary web script or HTML via the hostname parameter (CVE-2008-1947). A traversal vulnerability was found when the 'allowLinking' and 'URIencoding' settings were actived which could allow a remote attacker to use a UTF-8-encoded request to extend their privileges and obtain local files accessible to the Tomcat process (CVE-2008-2938). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 56ca5eb3e331c6675634a5e3f3c5afd7 2008.0/i586/tomcat5-5.5.23-9.2.10.2mdv2008.0.i586.rpm a1c688654decf045f80fb6d8978c73fa 2008.0/i586/tomcat5-admin-webapps-5.5.23-9.2.10.2mdv2008.0.i586.rpm 2b7a97313ece05bbd5596045853cfca0 2008.0/i586/tomcat5-common-lib-5.5.23-9.2.10.2mdv2008.0.i586.rpm e8384332efad0e2317a646241bece6ee 2008.0/i586/tomcat5-jasper-5.5.23-9.2.10.2mdv2008.0.i586.rpm a30cc8061f55f2613c517574263cdd21 2008.0/i586/tomcat5-jasper-javadoc-5.5.23-9.2.10.2mdv2008.0.i586.rpm 4f4a12c8479f27c7f9ed877f5821afa3 2008.0/i586/tomcat5-jsp-2.0-api-5.5.23-9.2.10.2mdv2008.0.i586.rpm ced904c459478c1123ed5da41dddbd7f 2008.0/i586/tomcat5-jsp-2.0-api-javadoc-5.5.23-9.2.10.2mdv2008.0.i586.rpm 183e045a9b44747c7a4adaec5c860441 2008.0/i586/tomcat5-server-lib-5.5.23-9.2.10.2mdv2008.0.i586.rpm 78af5a5788ac359a99a24f03a39c7b94 2008.0/i586/tomcat5-servlet-2.4-api-5.5.23-9.2.10.2mdv2008.0.i586.rpm 8e8569bfab5abef912299b9b751e49e9 2008.0/i586/tomcat5-servlet-2.4-api-javadoc-5.5.23-9.2.10.2mdv2008.0.i586.rpm 6899c327906423cdd02b930221c2496e 2008.0/i586/tomcat5-webapps-5.5.23-9.2.10.2mdv2008.0.i586.rpm 39fd3985d73f2f20efe4ed97c2a5e7c7 2008.0/SRPMS/tomcat5-5.5.23-9.2.10.2mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: c4d1c4471c29d8cd34adb9f2002ef294 2008.0/x86_64/tomcat5-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm 2caf09173a64a378636496196d99756f 2008.0/x86_64/tomcat5-admin-webapps-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm d6a9a290638267a1117a55041986d31a 2008.0/x86_64/tomcat5-common-lib-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm 2eead87d72af58ddc9e934b55e49a1aa 2008.0/x86_64/tomcat5-jasper-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm 0fab26f89e83c882c5948a430bf82c8b 2008.0/x86_64/tomcat5-jasper-javadoc-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm 833334424b555a77e2a9951b71ed8fa3 2008.0/x86_64/tomcat5-jsp-2.0-api-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm 115561d6233c3890cf3b85a7599ed03b 2008.0/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm eccf76ede6fb9256a2b52c861a9b0bb3 2008.0/x86_64/tomcat5-server-lib-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm cd9df1a8a1a5cb3216221bdefdfe8476 2008.0/x86_64/tomcat5-servlet-2.4-api-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm f7440a4111ec2fd30fa32e4bd74a0a20 2008.0/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm 1464eb297888c4df98d8b7eabe7f0197 2008.0/x86_64/tomcat5-webapps-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm 39fd3985d73f2f20efe4ed97c2a5e7c7 2008.0/SRPMS/tomcat5-5.5.23-9.2.10.2mdv2008.0.src.rpm Mandriva Linux 2008.1: 594abdc70bc430657eb831520926c73f 2008.1/i586/tomcat5-5.5.25-1.2.1.1mdv2008.1.i586.rpm bdec2b83b4fdb4d10a01a65fbdac512d 2008.1/i586/tomcat5-admin-webapps-5.5.25-1.2.1.1mdv2008.1.i586.rpm 3dbc007722996d1c36f31642f80b5c2a 2008.1/i586/tomcat5-common-lib-5.5.25-1.2.1.1mdv2008.1.i586.rpm 04b23d162d13f84d1d8707646ea9148c 2008.1/i586/tomcat5-jasper-5.5.25-1.2.1.1mdv2008.1.i586.rpm 602bf7d4ff261e8af20d50b9e76634bb 2008.1/i586/tomcat5-jasper-eclipse-5.5.25-1.2.1.1mdv2008.1.i586.rpm 0066e7519a2d3478f0a3e70bd95a7e5b 2008.1/i586/tomcat5-jasper-javadoc-5.5.25-1.2.1.1mdv2008.1.i586.rpm 1ba4743762cfa4594a27f0393de47823 2008.1/i586/tomcat5-jsp-2.0-api-5.5.25-1.2.1.1mdv2008.1.i586.rpm 262f2a39b800562cef36d724ce3efa35 2008.1/i586/tomcat5-jsp-2.0-api-javadoc-5.5.25-1.2.1.1mdv2008.1.i586.rpm b9f2af35a734d0e3a2d9bfe292aaced1 2008.1/i586/tomcat5-server-lib-5.5.25-1.2.1.1mdv2008.1.i586.rpm 8307ef374c5b995feac394b6f27474d5 2008.1/i586/tomcat5-servlet-2.4-api-5.5.25-1.2.1.1mdv2008.1.i586.rpm 3f4692170c35f992defcb4111a8133cd 2008.1/i586/tomcat5-servlet-2.4-api-javadoc-5.5.25-1.2.1.1mdv2008.1.i586.rpm 02b9d28af879b825754eff6199bf1788 2008.1/i586/tomcat5-webapps-5.5.25-1.2.1.1mdv2008.1.i586.rpm 2621d41df35e895a1ed0ed471f93f211 2008.1/SRPMS/tomcat5-5.5.25-1.2.1.1mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: 6b1e03e5206eb262970198dccba7d0a3 2008.1/x86_64/tomcat5-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm 930cf38058a0f8902e2741c6512e0aa0 2008.1/x86_64/tomcat5-admin-webapps-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm c527521cb93bab31df3f91422faf02a6 2008.1/x86_64/tomcat5-common-lib-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm f8bef98047ef956c8e4c0f877155e1f1 2008.1/x86_64/tomcat5-jasper-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm 97a8a59178259d26838ce20c176c459a 2008.1/x86_64/tomcat5-jasper-eclipse-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm 3bb885debc8576bd305c9fa4c9d25bfb 2008.1/x86_64/tomcat5-jasper-javadoc-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm 66dcf08e163fdaaf81992a7d25d84a20 2008.1/x86_64/tomcat5-jsp-2.0-api-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm dd92aab81bf4c75ab30b9b82153b24c0 2008.1/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm 517ed776282d089dd84f81d47104f660 2008.1/x86_64/tomcat5-server-lib-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm 83d4bb973b7fec461e812d74541a5949 2008.1/x86_64/tomcat5-servlet-2.4-api-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm cbdd58e1c9e1e8f0089af055abbd85e0 2008.1/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm cbee0f1f720269f77a66e30709ecd7ae 2008.1/x86_64/tomcat5-webapps-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm 2621d41df35e895a1ed0ed471f93f211 2008.1/SRPMS/tomcat5-5.5.25-1.2.1.1mdv2008.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFIwYsKmqjQ0CJFipgRApJjAKCVZ1XtEGoADQcp8l/m1ECSRstnjACg4qE8 j+sCdAEJN0CXvurmFcjUvNU= =+kFf -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: Nucleus XML-RPC PHP Code Execution Vulnerability SECUNIA ADVISORY ID: SA15895 VERIFY ADVISORY: http://secunia.com/advisories/15895/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: Nucleus 3.x http://secunia.com/product/3699/ DESCRIPTION: A vulnerability has been reported in Nucleus, which can be exploited by malicious people to compromise a vulnerable system. http://sourceforge.net/project/showfiles.php?group_id=66479 OTHER REFERENCES: SA15852: http://secunia.com/advisories/15852/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . HP has updated the Apache Tomcat and Oracle database software to address vulnerabilities affecting confidentiality, availability, and integrity. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com

Trust: 3.51

sources: NVD: CVE-2008-2370 // CERT/CC: VU#442845 // JVNDB: JVNDB-2008-001606 // BID: 30494 // VULMON: CVE-2008-2370 // PACKETSTORM: 68743 // PACKETSTORM: 74633 // PACKETSTORM: 82837 // PACKETSTORM: 70055 // PACKETSTORM: 125556 // PACKETSTORM: 75161 // PACKETSTORM: 69700 // PACKETSTORM: 38388 // PACKETSTORM: 125436

AFFECTED PRODUCTS

vendor:apachemodel:tomcatscope:eqversion:6.0.14

Trust: 1.9

vendor:apachemodel:tomcatscope:eqversion:6.0.13

Trust: 1.9

vendor:apachemodel:tomcatscope:eqversion:6.0.12

Trust: 1.9

vendor:apachemodel:tomcatscope:eqversion:6.0.11

Trust: 1.9

vendor:apachemodel:tomcatscope:eqversion:6.0.10

Trust: 1.9

vendor:apachemodel:tomcatscope:eqversion:6.0.9

Trust: 1.9

vendor:apachemodel:tomcatscope:eqversion:6.0.8

Trust: 1.9

vendor:apachemodel:tomcatscope:eqversion:6.0.7

Trust: 1.9

vendor:apachemodel:tomcatscope:eqversion:6.0.6

Trust: 1.9

vendor:apachemodel:tomcatscope:eqversion:6.0.5

Trust: 1.9

vendor:apachemodel:tomcatscope:eqversion:6.0.16

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:6.0.15

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:6.0.4

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:6.0.3

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:6.0.2

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:6.0.1

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:5.5.26

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:5.5.25

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:5.5.24

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:5.5.23

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:5.5.22

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:5.5.21

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:5.5.20

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:5.5.19

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:5.5.18

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:5.5.17

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:5.5.16

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:5.5.15

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:5.5.14

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:5.5.13

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:5.5.12

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:5.5.11

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:5.5.10

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:5.5.9

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:5.5.8

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:5.5.7

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:5.5.6

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:5.5.5

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:5.5.4

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:5.5.3

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:5.5.2

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:5.5.1

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:4.1.37

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:4.1.36

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:4.1.34

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:4.1.32

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:4.1.31

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:4.1.30

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:4.1.29

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:4.1.28

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:4.1.24

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:4.1.12

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:4.1.10

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:4.1.3

Trust: 1.3

vendor:vmwaremodel:virtualcenterscope:eqversion:2.0.2

Trust: 1.1

vendor:vmwaremodel:virtualcenterscope:eqversion:2.5

Trust: 1.1

vendor:vmwaremodel:vcenterscope:eqversion:4.0

Trust: 1.1

vendor:apachemodel:tomcatscope:eqversion:4.1.7

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:4.1.14

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:4.1.18

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:6.0.0

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:4.1.23

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:4.1.22

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:4.1.33

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:4.1.8

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:4.1.5

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:4.1.26

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:4.1.4

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:4.1.6

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:4.1.13

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:4.1.0

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:4.1.27

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:4.1.20

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:4.1.9

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:4.1.15

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:5.5.0

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:4.1.35

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:4.1.21

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:4.1.11

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:4.1.17

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:4.1.19

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:4.1.25

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:4.1.2

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:4.1.16

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:4.1.1

Trust: 1.0

vendor:drupalmodel: - scope: - version: -

Trust: 0.8

vendor:gentoo linuxmodel: - scope: - version: -

Trust: 0.8

vendor:mandrivamodel: - scope: - version: -

Trust: 0.8

vendor:pear xml rpcmodel: - scope: - version: -

Trust: 0.8

vendor:phpxmlrpcmodel: - scope: - version: -

Trust: 0.8

vendor:postnukemodel: - scope: - version: -

Trust: 0.8

vendor:red hatmodel: - scope: - version: -

Trust: 0.8

vendor:serendipitymodel: - scope: - version: -

Trust: 0.8

vendor:trustix secure linuxmodel: - scope: - version: -

Trust: 0.8

vendor:ubuntu linuxmodel: - scope: - version: -

Trust: 0.8

vendor:wordpressmodel: - scope: - version: -

Trust: 0.8

vendor:xoopsmodel: - scope: - version: -

Trust: 0.8

vendor:phpmyfaqmodel: - scope: - version: -

Trust: 0.8

vendor:apachemodel:tomcatscope:eqversion:4.1.0 to 4.1.37 version

Trust: 0.8

vendor:apachemodel:tomcatscope:eqversion:5.5.0 to 5.5.26 version

Trust: 0.8

vendor:apachemodel:tomcatscope:eqversion:6.0.0 to 6.0.16 version

Trust: 0.8

vendor:vmwaremodel:esxscope:eqversion:3.0.3

Trust: 0.8

vendor:vmwaremodel:esxscope:eqversion:3.5

Trust: 0.8

vendor:vmwaremodel:esxscope:eqversion:4.0

Trust: 0.8

vendor:vmwaremodel:serverscope:eqversion:2.x

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.5.5

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:2.0

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:2.1

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:3 (x86)

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:3 (x86-64)

Trust: 0.8

vendor:sun microsystemsmodel:opensolarisscope:eqversion:(sparc)

Trust: 0.8

vendor:sun microsystemsmodel:opensolarisscope:eqversion:(x86)

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:10 (sparc)

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:10 (x86)

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:9 (sparc)

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:9 (x86)

Trust: 0.8

vendor:hewlett packardmodel:hp xp p9000 performance advisor softwarescope:ltversion:5.4.1

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:5 (server)

Trust: 0.8

vendor:red hatmodel:enterprise linux desktopscope:eqversion:5.0 (client)

Trust: 0.8

vendor:red hatmodel:rhel desktop workstationscope:eqversion:5 (client)

Trust: 0.8

vendor:necmodel:webotx application serverscope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstage application framework suitescope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstage application serverscope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstage apworksscope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstage business application serverscope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstage job workload serverscope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstage studioscope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstage web serverscope: - version: -

Trust: 0.8

vendor:wikidmodel:systems wikid serverscope:eqversion:3.0.4

Trust: 0.3

vendor:vmwaremodel:virtualcenter 2.5.update buildscope:eqversion:31

Trust: 0.3

vendor:vmwaremodel:virtualcenter updatescope:eqversion:2.55

Trust: 0.3

vendor:vmwaremodel:virtualcenter updatescope:eqversion:2.52

Trust: 0.3

vendor:vmwaremodel:virtualcenter updatescope:eqversion:2.51

Trust: 0.3

vendor:vmwaremodel:virtualcenter updatescope:eqversion:2.0.25

Trust: 0.3

vendor:vmwaremodel:virtualcenter updatescope:eqversion:2.0.24

Trust: 0.3

vendor:vmwaremodel:virtualcenter updatescope:eqversion:2.0.23

Trust: 0.3

vendor:vmwaremodel:virtualcenter updatescope:eqversion:2.0.22

Trust: 0.3

vendor:vmwaremodel:virtualcenter updatescope:eqversion:2.0.21

Trust: 0.3

vendor:vmwaremodel:serverscope:eqversion:2.0.2

Trust: 0.3

vendor:vmwaremodel:serverscope:eqversion:2.0.1

Trust: 0.3

vendor:vmwaremodel:serverscope:eqversion:2.0

Trust: 0.3

vendor:vmwaremodel:esx serverscope:eqversion:3.0.3

Trust: 0.3

vendor:vmwaremodel:esx serverscope:eqversion:3.0.2

Trust: 0.3

vendor:vmwaremodel:esx serverscope:eqversion:3.0.1

Trust: 0.3

vendor:vmwaremodel:esx serverscope:eqversion:3.0

Trust: 0.3

vendor:vmwaremodel:esx serverscope:eqversion:4.0

Trust: 0.3

vendor:vmwaremodel:esx serverscope:eqversion:3.5

Trust: 0.3

vendor:susemodel:linux enterprise server sp2scope:eqversion:10

Trust: 0.3

vendor:sunmodel:solaris 9 x86scope: - version: -

Trust: 0.3

vendor:sunmodel:solaris 9 sparcscope: - version: -

Trust: 0.3

vendor:sunmodel:solaris 10 x86scope: - version: -

Trust: 0.3

vendor:sunmodel:solaris 10 sparcscope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 99scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 96scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 95scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 92scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 91scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 90scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 89scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 88scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 87scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 86scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 85scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 84scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 83scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 82scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 81scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 80scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 78scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 77scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 76scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 68scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 67scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 64scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 61scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 59scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 57scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 50scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 39scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 36scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 29scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 22scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 19scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 13scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 100scope: - version: -

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:11.0

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:10.3

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:10.2

Trust: 0.3

vendor:redhatmodel:red hat network satellite serverscope:eqversion:5.0.1

Trust: 0.3

vendor:redhatmodel:red hat network satellite serverscope:eqversion:5.0

Trust: 0.3

vendor:redhatmodel:red hat network satellite (for rhelscope:eqversion:4)5.1

Trust: 0.3

vendor:redhatmodel:jboss enterprise application platform el5scope:eqversion:4.2

Trust: 0.3

vendor:redhatmodel:jboss enterprise application platform el4scope:eqversion:4.2

Trust: 0.3

vendor:redhatmodel:jboss enterprise application platform .cp03scope:eqversion:4.2

Trust: 0.3

vendor:redhatmodel:jboss enterprise application platformscope:eqversion:4.2

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop workstation clientscope:eqversion:5

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop clientscope:eqversion:5

Trust: 0.3

vendor:redhatmodel:enterprise linux serverscope:eqversion:5

Trust: 0.3

vendor:redhatmodel:developer suite as4scope:eqversion:3

Trust: 0.3

vendor:redhatmodel:certificate serverscope:eqversion:7.3

Trust: 0.3

vendor:redhatmodel:application server ws4scope:eqversion:2

Trust: 0.3

vendor:redhatmodel:application server es4scope:eqversion:2

Trust: 0.3

vendor:redhatmodel:application server as4scope:eqversion:2

Trust: 0.3

vendor:pardusmodel:linuxscope:eqversion:20080

Trust: 0.3

vendor:novellmodel:zenworks linux managementscope:eqversion:7.3

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2008.1

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2008.1

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2008.0

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2008.0

Trust: 0.3

vendor:hpmodel:xp p9000 performance advisorscope:eqversion:5.4.1

Trust: 0.3

vendor:hpmodel:hp-ux b.11.31scope: - version: -

Trust: 0.3

vendor:hpmodel:hp-ux b.11.11scope: - version: -

Trust: 0.3

vendor:fujitsumodel:interstage studio standard-j editionscope:eqversion:9.0

Trust: 0.3

vendor:fujitsumodel:interstage studio standard-j editionscope:eqversion:8.0.1

Trust: 0.3

vendor:fujitsumodel:interstage studio enterprise editionscope:eqversion:9.0

Trust: 0.3

vendor:fujitsumodel:interstage studio enterprise editionscope:eqversion:8.0.1

Trust: 0.3

vendor:fujitsumodel:interstage business application server enterprisescope:eqversion:8.0.0

Trust: 0.3

vendor:fujitsumodel:interstage apworks modelers-j editionscope:eqversion:7.0

Trust: 0.3

vendor:fujitsumodel:interstage apworks modelers-j edition 6.0ascope: - version: -

Trust: 0.3

vendor:fujitsumodel:interstage apworks modelers-j editionscope:eqversion:6.0

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:9.1

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j edition ascope:eqversion:9.0

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:9.0

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:8.0.2

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:8.0.1

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:8.0

Trust: 0.3

vendor:fujitsumodel:interstage application server plus developerscope:eqversion:7.0

Trust: 0.3

vendor:fujitsumodel:interstage application server plus developerscope:eqversion:6.0

Trust: 0.3

vendor:fujitsumodel:interstage application server plusscope:eqversion:7.0.1

Trust: 0.3

vendor:fujitsumodel:interstage application server plusscope:eqversion:7.0

Trust: 0.3

vendor:fujitsumodel:interstage application server plusscope:eqversion:6.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:9.1

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition ascope:eqversion:9.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:9.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:8.0.2

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:8.0.1

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:8.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:7.0.1

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:7.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:meeting exchange enterprise editionscope:eqversion: -

Trust: 0.3

vendor:avayamodel:meeting exchangescope:eqversion:5.0.0.52

Trust: 0.3

vendor:avayamodel:meeting exchangescope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:4.2.1

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:4.0.1

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:3.1.6

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:3.1.5

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:3.1.4

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:3.1.3

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:4.2

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:4.1

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:4.0

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:3.1

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:3.0

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.5

Trust: 0.3

vendor:apachemodel:tomcatscope:eqversion:6.0

Trust: 0.3

vendor:apachemodel:tomcatscope:eqversion:5.5

Trust: 0.3

vendor:apachemodel:tomcat betascope:eqversion:4.1.9

Trust: 0.3

vendor:apachemodel:tomcat betascope:eqversion:4.1.3

Trust: 0.3

vendor:apachemodel:tomcatscope:eqversion:4.1

Trust: 0.3

vendor:apachemodel:odescope:eqversion:1.3.2

Trust: 0.3

vendor:apachemodel:odescope:eqversion:1.0

Trust: 0.3

vendor:wikidmodel:systems wikid serverscope:neversion:3.0.5

Trust: 0.3

vendor:vmwaremodel:virtualcenter updatescope:neversion:2.56

Trust: 0.3

vendor:vmwaremodel:vcenter updatescope:neversion:4.01

Trust: 0.3

vendor:sunmodel:opensolaris build snv 101scope:neversion: -

Trust: 0.3

vendor:redhatmodel:jboss enterprise application platform .cp04scope:neversion:4.2

Trust: 0.3

vendor:hpmodel:xp p9000 performance advisorscope:neversion:5.5.1

Trust: 0.3

vendor:apachemodel:tomcatscope:neversion:6.0.18

Trust: 0.3

vendor:apachemodel:tomcatscope:neversion:5.5.27

Trust: 0.3

vendor:apachemodel:tomcatscope:neversion:4.1.38

Trust: 0.3

vendor:apachemodel:odescope:neversion:1.3.3

Trust: 0.3

sources: CERT/CC: VU#442845 // BID: 30494 // JVNDB: JVNDB-2008-001606 // CNNVD: CNNVD-200808-030 // NVD: CVE-2008-2370

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2008-2370
value: MEDIUM

Trust: 1.0

CARNEGIE MELLON: VU#442845
value: 20.75

Trust: 0.8

NVD: CVE-2008-2370
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200808-030
value: MEDIUM

Trust: 0.6

VULMON: CVE-2008-2370
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2008-2370
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

sources: CERT/CC: VU#442845 // VULMON: CVE-2008-2370 // JVNDB: JVNDB-2008-001606 // CNNVD: CNNVD-200808-030 // NVD: CVE-2008-2370

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.8

sources: JVNDB: JVNDB-2008-001606 // NVD: CVE-2008-2370

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200808-030

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-200808-030

CONFIGURATIONS

sources: JVNDB: JVNDB-2008-001606

EXPLOIT AVAILABILITY

sources: VULMON: CVE-2008-2370

PATCH

title:Fixed in Apache Tomcat 5.5.SVNurl:http://tomcat.apache.org/security-5.html

Trust: 0.8

title:Fixed in Apache Tomcat 6.0.18url:http://tomcat.apache.org/security-6.html

Trust: 0.8

title:Fixed in Apache Tomcat 4.1.SVNurl:http://tomcat.apache.org/security-4.html

Trust: 0.8

title:APPLE-SA-2008-10-09 Security Update 2008-007url:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html

Trust: 0.8

title:HT3216url:http://support.apple.com/en-us/HT3216

Trust: 0.8

title:HT3216url:http://support.apple.com/ja-jp/HT3216

Trust: 0.8

title:tomcat5-5.5.23-0jpp.7.1.1AXS3url:https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=156

Trust: 0.8

title:ASA-2008-401url:http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm

Trust: 0.8

title:HPSBUX02401 SSRT090005url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01650939

Trust: 0.8

title:HPSBST02955 SSRT101157url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04047415

Trust: 0.8

title:1381url:http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=1381

Trust: 0.8

title:NV09-012url:http://www.nec.co.jp/security-info/secinfo/nv09-012.html

Trust: 0.8

title:RHSA-2008:0648url:https://rhn.redhat.com/errata/RHSA-2008-0648.html

Trust: 0.8

title:RHSA-2008:0862url:https://rhn.redhat.com/errata/RHSA-2008-0862.html

Trust: 0.8

title:Multiple vulnerabilities in Oracle Java Web Consoleurl:https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_oracle_java1

Trust: 0.8

title:251986url:http://sunsolve.sun.com/search/document.do?assetkey=1-66-251986-1

Trust: 0.8

title:VMSA-2009-0002url:http://www.vmware.com/security/advisories/VMSA-2009-0002.html

Trust: 0.8

title:VMSA-2009-0016url:http://www.vmware.com/security/advisories/VMSA-2009-0016.html

Trust: 0.8

title:interstage_as_200902url:http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_200902.html

Trust: 0.8

title:Red Hat: Important: jbossweb security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20080877 - Security Advisory

Trust: 0.1

title:Red Hat: Important: tomcat security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20080864 - Security Advisory

Trust: 0.1

title:Red Hat: Important: tomcat security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20080862 - Security Advisory

Trust: 0.1

title:Red Hat: Low: tomcat security update for Red Hat Network Satellite Serverurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20081007 - Security Advisory

Trust: 0.1

title:VMware Security Advisories: VirtualCenter Update 4 and ESX patch update Tomcat to version 5.5.27url:https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories&qid=73a787a1c84c97013ffa2f87f6d2e4ba

Trust: 0.1

title:VMware Security Advisories: VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.url:https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories&qid=4675848a694e2124743f676a2c827ef7

Trust: 0.1

sources: VULMON: CVE-2008-2370 // JVNDB: JVNDB-2008-001606

EXTERNAL IDS

db:NVDid:CVE-2008-2370

Trust: 3.6

db:BIDid:30494

Trust: 2.8

db:SECUNIAid:31381

Trust: 2.5

db:SECUNIAid:31379

Trust: 2.5

db:SECTRACKid:1020623

Trust: 2.5

db:SECUNIAid:33797

Trust: 1.7

db:SECUNIAid:31639

Trust: 1.7

db:SECUNIAid:36249

Trust: 1.7

db:SECUNIAid:37460

Trust: 1.7

db:SECUNIAid:31982

Trust: 1.7

db:SECUNIAid:32120

Trust: 1.7

db:SECUNIAid:35393

Trust: 1.7

db:SECUNIAid:32266

Trust: 1.7

db:SECUNIAid:32222

Trust: 1.7

db:SECUNIAid:33999

Trust: 1.7

db:SECUNIAid:31865

Trust: 1.7

db:SECUNIAid:57126

Trust: 1.7

db:SECUNIAid:31891

Trust: 1.7

db:SECUNIAid:34013

Trust: 1.7

db:VUPENid:ADV-2009-1535

Trust: 1.7

db:VUPENid:ADV-2009-0503

Trust: 1.7

db:VUPENid:ADV-2008-2823

Trust: 1.7

db:VUPENid:ADV-2008-2780

Trust: 1.7

db:VUPENid:ADV-2009-3316

Trust: 1.7

db:VUPENid:ADV-2009-0320

Trust: 1.7

db:VUPENid:ADV-2009-2215

Trust: 1.7

db:VUPENid:ADV-2008-2305

Trust: 1.7

db:BIDid:31681

Trust: 1.7

db:SREASONid:4099

Trust: 1.7

db:SECUNIAid:15895

Trust: 0.9

db:SECUNIAid:15810

Trust: 0.8

db:SECUNIAid:15922

Trust: 0.8

db:SECUNIAid:15852

Trust: 0.8

db:SECUNIAid:15855

Trust: 0.8

db:SECUNIAid:15861

Trust: 0.8

db:SECUNIAid:15862

Trust: 0.8

db:SECUNIAid:15872

Trust: 0.8

db:SECUNIAid:15883

Trust: 0.8

db:SECUNIAid:15884

Trust: 0.8

db:BIDid:14088

Trust: 0.8

db:SECTRACKid:1014327

Trust: 0.8

db:CERT/CCid:VU#442845

Trust: 0.8

db:XFid:44156

Trust: 0.8

db:JVNDBid:JVNDB-2008-001606

Trust: 0.8

db:CNNVDid:CNNVD-200808-030

Trust: 0.6

db:EXPLOIT-DBid:32137

Trust: 0.1

db:VULMONid:CVE-2008-2370

Trust: 0.1

db:PACKETSTORMid:68743

Trust: 0.1

db:PACKETSTORMid:74633

Trust: 0.1

db:PACKETSTORMid:82837

Trust: 0.1

db:PACKETSTORMid:70055

Trust: 0.1

db:PACKETSTORMid:125556

Trust: 0.1

db:PACKETSTORMid:75161

Trust: 0.1

db:PACKETSTORMid:69700

Trust: 0.1

db:PACKETSTORMid:38388

Trust: 0.1

db:PACKETSTORMid:125436

Trust: 0.1

sources: CERT/CC: VU#442845 // VULMON: CVE-2008-2370 // BID: 30494 // JVNDB: JVNDB-2008-001606 // PACKETSTORM: 68743 // PACKETSTORM: 74633 // PACKETSTORM: 82837 // PACKETSTORM: 70055 // PACKETSTORM: 125556 // PACKETSTORM: 75161 // PACKETSTORM: 69700 // PACKETSTORM: 38388 // PACKETSTORM: 125436 // CNNVD: CNNVD-200808-030 // NVD: CVE-2008-2370

REFERENCES

url:http://www.securityfocus.com/bid/30494

Trust: 3.2

url:http://www.securitytracker.com/id?1020623

Trust: 2.5

url:http://secunia.com/advisories/31379

Trust: 2.5

url:http://secunia.com/advisories/31381

Trust: 2.5

url:http://www.vmware.com/security/advisories/vmsa-2009-0002.html

Trust: 2.4

url:http://www.securityfocus.com/bid/31681

Trust: 2.3

url:http://www.vmware.com/security/advisories/vmsa-2009-0016.html

Trust: 2.3

url:http://tomcat.apache.org/security-4.html

Trust: 2.0

url:http://tomcat.apache.org/security-5.html

Trust: 2.0

url:http://tomcat.apache.org/security-6.html

Trust: 2.0

url:http://support.avaya.com/elmodocs2/security/asa-2008-401.htm

Trust: 2.0

url:http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html

Trust: 2.0

url:http://secunia.com/advisories/31639

Trust: 1.7

url:http://www.redhat.com/support/errata/rhsa-2008-0648.html

Trust: 1.7

url:http://www.mandriva.com/security/advisories?name=mdvsa-2008:188

Trust: 1.7

url:https://www.redhat.com/archives/fedora-package-announce/2008-september/msg00889.html

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html

Trust: 1.7

url:https://www.redhat.com/archives/fedora-package-announce/2008-september/msg00859.html

Trust: 1.7

url:http://secunia.com/advisories/31891

Trust: 1.7

url:https://www.redhat.com/archives/fedora-package-announce/2008-september/msg00712.html

Trust: 1.7

url:http://secunia.com/advisories/31865

Trust: 1.7

url:http://www.redhat.com/support/errata/rhsa-2008-0862.html

Trust: 1.7

url:http://www.redhat.com/support/errata/rhsa-2008-0864.html

Trust: 1.7

url:http://lists.apple.com/archives/security-announce/2008/oct/msg00001.html

Trust: 1.7

url:http://support.apple.com/kb/ht3216

Trust: 1.7

url:http://secunia.com/advisories/32222

Trust: 1.7

url:http://securityreason.com/securityalert/4099

Trust: 1.7

url:http://secunia.com/advisories/31982

Trust: 1.7

url:http://marc.info/?l=bugtraq&m=123376588623823&w=2

Trust: 1.7

url:http://secunia.com/advisories/33797

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

Trust: 1.7

url:http://secunia.com/advisories/32120

Trust: 1.7

url:http://secunia.com/advisories/32266

Trust: 1.7

url:http://www.vupen.com/english/advisories/2009/0503

Trust: 1.7

url:http://secunia.com/advisories/33999

Trust: 1.7

url:http://secunia.com/advisories/34013

Trust: 1.7

url:http://secunia.com/advisories/35393

Trust: 1.7

url:http://www.vupen.com/english/advisories/2009/1535

Trust: 1.7

url:http://www.vupen.com/english/advisories/2009/2215

Trust: 1.7

url:http://secunia.com/advisories/36249

Trust: 1.7

url:http://secunia.com/advisories/37460

Trust: 1.7

url:http://www.vupen.com/english/advisories/2009/3316

Trust: 1.7

url:http://www.vupen.com/english/advisories/2008/2780

Trust: 1.7

url:http://www.vupen.com/english/advisories/2009/0320

Trust: 1.7

url:http://www.vupen.com/english/advisories/2008/2823

Trust: 1.7

url:http://www.vupen.com/english/advisories/2008/2305

Trust: 1.7

url:http://marc.info/?l=bugtraq&m=139344343412337&w=2

Trust: 1.7

url:http://secunia.com/advisories/57126

Trust: 1.7

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/44156

Trust: 1.7

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a5876

Trust: 1.7

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10577

Trust: 1.7

url:http://www.securityfocus.com/archive/1/507985/100/0/threaded

Trust: 1.7

url:http://www.securityfocus.com/archive/1/495022/100/0/threaded

Trust: 1.7

url:https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3cdev.tomcat.apache.org%3e

Trust: 1.6

url:https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3cdev.tomcat.apache.org%3e

Trust: 1.6

url:https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3cdev.tomcat.apache.org%3e

Trust: 1.6

url:https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3cdev.tomcat.apache.org%3e

Trust: 1.6

url:https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3cdev.tomcat.apache.org%3e

Trust: 1.6

url:https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3cdev.tomcat.apache.org%3e

Trust: 1.6

url:https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3cdev.tomcat.apache.org%3e

Trust: 1.6

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2370

Trust: 1.2

url:http://secunia.com/advisories/15895/

Trust: 0.9

url:http://secunia.com/advisories/15852/

Trust: 0.9

url:http://www.hardened-php.net/advisory-022005.php

Trust: 0.8

url:http://secunia.com/advisories/15861/

Trust: 0.8

url:http://secunia.com/advisories/15862/

Trust: 0.8

url:http://secunia.com/advisories/15884/

Trust: 0.8

url:http://secunia.com/advisories/15883/

Trust: 0.8

url:http://news.postnuke.com/modules.php?op=modload&name=news&file=article&sid=2699

Trust: 0.8

url:http://secunia.com/advisories/15855/

Trust: 0.8

url:http://secunia.com/advisories/15810/

Trust: 0.8

url:http://secunia.com/advisories/15872/

Trust: 0.8

url:http://secunia.com/advisories/15922/

Trust: 0.8

url:http://securitytracker.com/alerts/2005/jun/1014327.html

Trust: 0.8

url:http://www.gulftech.org/?node=research&article_id=00088-07022005

Trust: 0.8

url:http://www.gulftech.org/?node=research&article_id=00087-07012005

Trust: 0.8

url:http://www.securityfocus.com/bid/14088

Trust: 0.8

url:http://www.frsirt.com/english/advisories/2008/2305

Trust: 0.8

url:http://xforce.iss.net/xforce/xfdb/44156

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-2370

Trust: 0.8

url:https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3cdev.tomcat.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3cdev.tomcat.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3cdev.tomcat.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3cdev.tomcat.apache.org%3e

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2008-2370

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2008-1947

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2008-1232

Trust: 0.6

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1232

Trust: 0.4

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1947

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2007-5342

Trust: 0.4

url:http://lists.vmware.com/pipermail/security-announce/2009/000068.html

Trust: 0.3

url:http://tomcat.apache.org/

Trust: 0.3

url:http://www.redhat.com/docs/en-us/jboss_enterprise_application_platform/4.2.0.cp04/html-single/readme/index.html

Trust: 0.3

url:https://sourceforge.net/project/shownotes.php?release_id=626903&group_id=144774

Trust: 0.3

url:http://sunsolve.sun.com/search/document.do?assetkey=1-66-251986-1

Trust: 0.3

url:http://download.novell.com/download?buildid=n5vszfht1vs

Trust: 0.3

url:/archive/1/495022

Trust: 0.3

url:/archive/1/507985

Trust: 0.3

url:http://mail-archives.apache.org/mod_mbox/ode-user/200908.mbox/%3cfbdc6a970908072141w20a7a9d9ka1f896ad8073dffb@mail.gmail.com%3e

Trust: 0.3

url:http://rhn.redhat.com/errata/rhsa-2008-0648.html

Trust: 0.3

url:http://www.novell.com/support/viewcontent.do?externalid=7006398

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2008-2938

Trust: 0.3

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5342

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2007-6286

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2007-5333

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2007-5461

Trust: 0.3

url:http://enigmail.mozdev.org

Trust: 0.2

url:http://kb.vmware.com/kb/1055

Trust: 0.2

url:http://www.vmware.com/security

Trust: 0.2

url:http://www.vmware.com/support/policies/eos.html

Trust: 0.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5461

Trust: 0.2

url:http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

Trust: 0.2

url:http://www.vmware.com/resources/techresources/726

Trust: 0.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6286

Trust: 0.2

url:http://www.vmware.com/support/policies/security_response.html

Trust: 0.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5333

Trust: 0.2

url:http://secunia.com/

Trust: 0.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2938

Trust: 0.2

url:http://lists.grok.org.uk/full-disclosure-charter.html

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-2204

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2008-0002

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2009-3548

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-2526

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2009-2902

Trust: 0.2

url:http://www.hp.com

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-0534

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-5035

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2010-3718

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-3190

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2009-2693

Trust: 0.2

url:http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2010-2227

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-5063

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-1184

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-5064

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2010-4172

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-2481

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-5062

Trust: 0.2

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/

Trust: 0.2

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-0013

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2010-1157

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-2729

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2009-2901

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/22.html

Trust: 0.1

url:https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3cdev.tomcat.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3cdev.tomcat.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3cdev.tomcat.apache.org%3e

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2008:0877

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.exploit-db.com/exploits/32137/

Trust: 0.1

url:http://tomcat.apache.org/security.html

Trust: 0.1

url:http://svn.apache.org/viewvc?rev=680949&view=rev

Trust: 0.1

url:http://host/page.jsp?blah=/../web-inf/web.xml

Trust: 0.1

url:http://svn.apache.org/viewvc?rev=680950&view=rev

Trust: 0.1

url:http://software.hp.com

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2008-2364

Trust: 0.1

url:http://www.itrc.hp.com/service/cki/secbullarchive.do

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2007-6420

Trust: 0.1

url:http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na&langcode=useng&jumpid=in_sc-gen__driveritrc&topiccode=itrc

Trust: 0.1

url:https://www.hp.com/go/swa

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2008-2939

Trust: 0.1

url:http://h30046.www3.hp.com/subsignin.php

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2008-3658

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1630

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1102

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-1099

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1098

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0745

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-5515

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2671

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0675

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-2671

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0033

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1096

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2052

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2315

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2416

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1093

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1095

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2718

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-1101

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-1094

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1099

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2724

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-5031

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0159

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3143

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1439

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2716

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-4864

Trust: 0.1

url:http://downloads.vmware.com/download/download.do?downloadgroup=vc40u1

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1895

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3142

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3144

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-1093

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2407

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2692

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2673

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1887

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2723

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0778

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2676

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-1096

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1721

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2675

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1103

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1097

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0746

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-1103

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1385

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-2670

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1633

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0747

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1106

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-1102

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2414

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4965

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0748

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0834

Trust: 0.1

url:http://kb.vmware.com/kb/1014842

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2847

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-4307

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-1097

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1105

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3528

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2406

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2720

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-2625

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2417

Trust: 0.1

url:http://www.vmware.com/support/policies/lifecycle/

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2670

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-1106

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1337

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2722

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1094

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0781

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2698

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0783

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1107

Trust: 0.1

url:https://hostupdate.vmware.com/software/vum/offline/release-155-20091116-013169/esxi-4.0.0-update01.zip

Trust: 0.1

url:https://hostupdate.vmware.com/software/vum/offline/release-158-20091118-187517/esx-4.0.0-update01.zip

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1101

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1104

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1252

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-1100

Trust: 0.1

url:http://enigmail.mozdev.org/

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0676

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0028

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0696

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1072

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1336

Trust: 0.1

url:http://kb.vmware.com/kb/1014886

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-1104

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2721

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0269

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-1098

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1388

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-1107

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1192

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1100

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0002

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-5700

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1389

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5966

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0580

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0322

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2672

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-1095

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2719

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2625

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0787

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-1105

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2848

Trust: 0.1

url:http://www.wikidsystems.com

Trust: 0.1

url:https://sourceforge.net/project/showfiles.php?group_id=144774

Trust: 0.1

url:http://www.wikidsystems.com/downloads/

Trust: 0.1

url:http://www.vmware.com/download/download.do?downloadgroup=vc250u4

Trust: 0.1

url:http://www.vmware.com/support/policies/eos_vi.html

Trust: 0.1

url:http://www.vmware.com/support/vi3/doc/vi3_vc25u4_rel_notes.html

Trust: 0.1

url:http://www.mandriva.com/security/

Trust: 0.1

url:http://www.mandriva.com/security/advisories

Trust: 0.1

url:http://secunia.com/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/product/3699/

Trust: 0.1

url:http://sourceforge.net/project/showfiles.php?group_id=66479

Trust: 0.1

url:http://secunia.com/secunia_vacancies/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/about_secunia_advisories/

Trust: 0.1

sources: CERT/CC: VU#442845 // VULMON: CVE-2008-2370 // BID: 30494 // JVNDB: JVNDB-2008-001606 // PACKETSTORM: 68743 // PACKETSTORM: 74633 // PACKETSTORM: 82837 // PACKETSTORM: 70055 // PACKETSTORM: 125556 // PACKETSTORM: 75161 // PACKETSTORM: 69700 // PACKETSTORM: 38388 // PACKETSTORM: 125436 // CNNVD: CNNVD-200808-030 // NVD: CVE-2008-2370

CREDITS

&#65279;Stefano Di Paola

Trust: 0.6

sources: CNNVD: CNNVD-200808-030

SOURCES

db:CERT/CCid:VU#442845
db:VULMONid:CVE-2008-2370
db:BIDid:30494
db:JVNDBid:JVNDB-2008-001606
db:PACKETSTORMid:68743
db:PACKETSTORMid:74633
db:PACKETSTORMid:82837
db:PACKETSTORMid:70055
db:PACKETSTORMid:125556
db:PACKETSTORMid:75161
db:PACKETSTORMid:69700
db:PACKETSTORMid:38388
db:PACKETSTORMid:125436
db:CNNVDid:CNNVD-200808-030
db:NVDid:CVE-2008-2370

LAST UPDATE DATE

2024-12-21T22:47:55.520000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#442845date:2007-03-09T00:00:00
db:VULMONid:CVE-2008-2370date:2019-03-25T00:00:00
db:BIDid:30494date:2015-05-07T17:17:00
db:JVNDBid:JVNDB-2008-001606date:2015-03-26T00:00:00
db:CNNVDid:CNNVD-200808-030date:2023-02-14T00:00:00
db:NVDid:CVE-2008-2370date:2024-11-21T00:46:43.897

SOURCES RELEASE DATE

db:CERT/CCid:VU#442845date:2005-07-06T00:00:00
db:VULMONid:CVE-2008-2370date:2008-08-04T00:00:00
db:BIDid:30494date:2008-08-01T00:00:00
db:JVNDBid:JVNDB-2008-001606date:2008-09-03T00:00:00
db:PACKETSTORMid:68743date:2008-08-01T20:26:42
db:PACKETSTORMid:74633date:2009-02-04T18:45:10
db:PACKETSTORMid:82837date:2009-11-20T22:21:26
db:PACKETSTORMid:70055date:2008-09-17T15:13:40
db:PACKETSTORMid:125556date:2014-03-06T02:39:08
db:PACKETSTORMid:75161date:2009-02-25T00:58:34
db:PACKETSTORMid:69700date:2008-09-06T00:23:13
db:PACKETSTORMid:38388date:2005-07-01T23:31:00
db:PACKETSTORMid:125436date:2014-02-26T22:39:24
db:CNNVDid:CNNVD-200808-030date:2007-05-16T00:00:00
db:NVDid:CVE-2008-2370date:2008-08-04T01:41:00