Details of VAR-201102-0280

ID

VAR-201102-0280

CVE

CVE-2010-4476

TITLE

IBM WebSphere Application Server vulnerable to denial-of-service (DoS)

Trust: 0.8

sources: JVNDB: JVNDB-2011-000017

DESCRIPTION

The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. IBM WebSphere Application Server (WAS) contains a denial-of-service (DoS) vulnerability. IBM WebSphere Application Server contains a denial-of-service (DoS) vulnerability due to an issue in Java Runtime Environment (JRE). According to the developer: " For other IBM software products that contain an affected version of WAS, require an update. Specifically, WebSphere Process Server (WPS), WebSphere Enterprise Service Bus (WESB), WebSphere Virtual Enterprise (WVE), WebSphere Commerce and others are applicable. Also, IBM HTTP Server is not affected by this vulnerability."A remote attacker may cause a denial-of-service (DoS). plural Oracle Product Java Runtime Environment Components include Java language and APIs There are vulnerabilities that affect availability due to flaws in the handling of.Service disruption by a third party (DoS) An attack may be carried out. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201111-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Oracle JRE/JDK: Multiple vulnerabilities Date: November 05, 2011 Bugs: #340421, #354213, #370559, #387851 ID: 201111-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in the Oracle JRE/JDK, allowing attackers to cause unspecified impact. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-java/sun-jre-bin < 1.6.0.29 >= 1.6.0.29 * 2 app-emulation/emul-linux-x86-java < 1.6.0.29 >= 1.6.0.29 * 3 dev-java/sun-jdk < 1.6.0.29 >= 1.6.0.29 * ------------------------------------------------------------------- NOTE: Packages marked with asterisks require manual intervention! ------------------------------------------------------------------- 3 affected packages ------------------------------------------------------------------- Description =========== Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below and the associated Oracle Critical Patch Update Advisory for details. Impact ====== A remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code. Workaround ========== There is no known workaround at this time. Resolution ========== All Oracle JDK 1.6 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.6.0.29" All Oracle JRE 1.6 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.6.0.29" All users of the precompiled 32-bit Oracle JRE 1.6 should upgrade to the latest version: # emerge --sync # emerge -a -1 -v ">=app-emulation/emul-linux-x86-java-1.6.0.29" NOTE: As Oracle has revoked the DLJ license for its Java implementation, the packages can no longer be updated automatically. This limitation is not present on a non-fetch restricted implementation such as dev-java/icedtea-bin. References ========== [ 1 ] CVE-2010-3541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541 [ 2 ] CVE-2010-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548 [ 3 ] CVE-2010-3549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549 [ 4 ] CVE-2010-3550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3550 [ 5 ] CVE-2010-3551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551 [ 6 ] CVE-2010-3552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3552 [ 7 ] CVE-2010-3553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553 [ 8 ] CVE-2010-3554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554 [ 9 ] CVE-2010-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3555 [ 10 ] CVE-2010-3556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3556 [ 11 ] CVE-2010-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557 [ 12 ] CVE-2010-3558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3558 [ 13 ] CVE-2010-3559 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3559 [ 14 ] CVE-2010-3560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3560 [ 15 ] CVE-2010-3561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561 [ 16 ] CVE-2010-3562 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562 [ 17 ] CVE-2010-3563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3563 [ 18 ] CVE-2010-3565 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565 [ 19 ] CVE-2010-3566 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566 [ 20 ] CVE-2010-3567 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567 [ 21 ] CVE-2010-3568 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568 [ 22 ] CVE-2010-3569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569 [ 23 ] CVE-2010-3570 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3570 [ 24 ] CVE-2010-3571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3571 [ 25 ] CVE-2010-3572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3572 [ 26 ] CVE-2010-3573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573 [ 27 ] CVE-2010-3574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574 [ 28 ] CVE-2010-4422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4422 [ 29 ] CVE-2010-4447 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4447 [ 30 ] CVE-2010-4448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4448 [ 31 ] CVE-2010-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4450 [ 32 ] CVE-2010-4451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4451 [ 33 ] CVE-2010-4452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4452 [ 34 ] CVE-2010-4454 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4454 [ 35 ] CVE-2010-4462 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4462 [ 36 ] CVE-2010-4463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4463 [ 37 ] CVE-2010-4465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4465 [ 38 ] CVE-2010-4466 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4466 [ 39 ] CVE-2010-4467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4467 [ 40 ] CVE-2010-4468 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4468 [ 41 ] CVE-2010-4469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4469 [ 42 ] CVE-2010-4470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4470 [ 43 ] CVE-2010-4471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4471 [ 44 ] CVE-2010-4472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4472 [ 45 ] CVE-2010-4473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4473 [ 46 ] CVE-2010-4474 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4474 [ 47 ] CVE-2010-4475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4475 [ 48 ] CVE-2010-4476 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4476 [ 49 ] CVE-2011-0802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0802 [ 50 ] CVE-2011-0814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0814 [ 51 ] CVE-2011-0815 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0815 [ 52 ] CVE-2011-0862 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0862 [ 53 ] CVE-2011-0863 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0863 [ 54 ] CVE-2011-0864 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0864 [ 55 ] CVE-2011-0865 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0865 [ 56 ] CVE-2011-0867 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0867 [ 57 ] CVE-2011-0868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0868 [ 58 ] CVE-2011-0869 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0869 [ 59 ] CVE-2011-0871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0871 [ 60 ] CVE-2011-0872 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0872 [ 61 ] CVE-2011-0873 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0873 [ 62 ] CVE-2011-3389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389 [ 63 ] CVE-2011-3516 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3516 [ 64 ] CVE-2011-3521 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521 [ 65 ] CVE-2011-3544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544 [ 66 ] CVE-2011-3545 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3545 [ 67 ] CVE-2011-3546 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3546 [ 68 ] CVE-2011-3547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547 [ 69 ] CVE-2011-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548 [ 70 ] CVE-2011-3549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3549 [ 71 ] CVE-2011-3550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3550 [ 72 ] CVE-2011-3551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551 [ 73 ] CVE-2011-3552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552 [ 74 ] CVE-2011-3553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553 [ 75 ] CVE-2011-3554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554 [ 76 ] CVE-2011-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3555 [ 77 ] CVE-2011-3556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556 [ 78 ] CVE-2011-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557 [ 79 ] CVE-2011-3558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558 [ 80 ] CVE-2011-3560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560 [ 81 ] CVE-2011-3561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3561 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201111-02.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2011-0013 Synopsis: VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX Issue date: 2011-10-27 Updated on: 2011-10-27 (initial release of advisory) CVE numbers: --- openssl --- CVE-2008-7270 CVE-2010-4180 --- libuser --- CVE-2011-0002 --- nss, nspr --- CVE-2010-3170 CVE-2010-3173 --- Oracle (Sun) JRE 1.6.0 --- CVE-2010-1321 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3550 CVE-2010-3551 CVE-2010-3552 CVE-2010-3553 CVE-2010-3554 CVE-2010-3555 CVE-2010-3556 CVE-2010-3557 CVE-2010-3558 CVE-2010-3559 CVE-2010-3560 CVE-2010-3561 CVE-2010-3562 CVE-2010-3563 CVE-2010-3565 CVE-2010-3566 CVE-2010-3567 CVE-2010-3568 CVE-2010-3569 CVE-2010-3570 CVE-2010-3571 CVE-2010-3572 CVE-2010-3573 CVE-2010-3574 CVE-2010-4422 CVE-2010-4447 CVE-2010-4448 CVE-2010-4450 CVE-2010-4451 CVE-2010-4452 CVE-2010-4454 CVE-2010-4462 CVE-2010-4463 CVE-2010-4465 CVE-2010-4466 CVE-2010-4467 CVE-2010-4468 CVE-2010-4469 CVE-2010-4470 CVE-2010-4471 CVE-2010-4472 CVE-2010-4473 CVE-2010-4474 CVE-2010-4475 CVE-2010-4476 --- Oracle (Sun) JRE 1.5.0 --- CVE-2010-4447 CVE-2010-4448 CVE-2010-4450 CVE-2010-4454 CVE-2010-4462 CVE-2010-4465 CVE-2010-4466 CVE-2010-4468 CVE-2010-4469 CVE-2010-4473 CVE-2010-4475 CVE-2010-4476 CVE-2011-0862 CVE-2011-0873 CVE-2011-0815 CVE-2011-0864 CVE-2011-0802 CVE-2011-0814 CVE-2011-0871 CVE-2011-0867 CVE-2011-0865 --- SFCB --- CVE-2010-2054 - ------------------------------------------------------------------------ 1. Summary Update 2 for vCenter Server 4.1, vCenter Update Manager 4.1, vSphere Hypervisor (ESXi) 4.1 and ESX 4.1 addresses several security issues. 2. Relevant releases vCenter Server 4.1 without Update 2 vCenter Update Manager 4.1 without Update 2 ESXi 4.1 without patch ESX410-201110201-SG. ESX 4.1 without patches ESX410-201110201-SG, ESX410-201110204-SG, ESX410-201110206-SG,ESX410-201110214-SG. 3. Problem Description a. ESX third party update for Service Console openssl RPM The Service Console openssl RPM is updated to openssl-0.9.8e.12.el5_5.7 resolving two security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-7270 and CVE-2010-4180 to these issues. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ========= ======== ======= ================= vCenter any Windows not affected hosted* any any not affected ESXi any any not affected ESX 4.1 ESX ESX410-201110204-SG ESX 4.0 ESX patch pending ESX 3.5 ESX not applicable ESX 3.0.3 ESX not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. b. ESX third party update for Service Console libuser RPM The Service Console libuser RPM is updated to version 0.54.7-2.1.el5_5.2 to resolve a security issue. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2011-0002 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ========= ======== ======= ================= vCenter any Windows not affected hosted* any any not affected ESXi any ESXi not affected ESX 4.1 ESX ESX410-201110206-SG ESX 4.0 ESX patch pending ESX 3.5 ESX not applicable ESX 3.0.3 ESX not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. c. ESX third party update for Service Console nss and nspr RPMs The Service Console Network Security Services (NSS) and Netscape Portable Runtime (NSPR) libraries are updated to nspr-4.8.6-1 and nss-3.12.8-4 resolving multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-3170 and CVE-2010-3173 to these issues. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ========= ======== ======= ================= vCenter any Windows not affected hosted* any any not affected ESXi any ESXi not affected ESX 4.1 ESX ESX410-201110214-SG ESX 4.0 ESX patch pending ESX 3.5 ESX not applicable ESX 3.0.3 ESX not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. d. vCenter Server and ESX, Oracle (Sun) JRE update 1.6.0_24 Oracle (Sun) JRE is updated to version 1.6.0_24, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.6.0_24: CVE-2010-4422, CVE-2010-4447, CVE-2010-4448, CVE-2010-4450, CVE-2010-4451, CVE-2010-4452, CVE-2010-4454, CVE-2010-4462, CVE-2010-4463, CVE-2010-4465, CVE-2010-4466, CVE-2010-4467, CVE-2010-4468, CVE-2010-4469, CVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2010-4473, CVE-2010-4474, CVE-2010-4475 and CVE-2010-4476. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.6.0_22: CVE-2010-1321, CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3552, CVE-2010-3553, CVE-2010-3554, CVE-2010-3555, CVE-2010-3556, CVE-2010-3557, CVE-2010-3558, CVE-2010-3559, CVE-2010-3560, CVE-2010-3561, CVE-2010-3562, CVE-2010-3563, CVE-2010-3565, CVE-2010-3566, CVE-2010-3567, CVE-2010-3568, CVE-2010-3569, CVE-2010-3570, CVE-2010-3571, CVE-2010-3572, CVE-2010-3573 and CVE-2010-3574. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter 5.0 Windows not affected vCenter 4.1 Windows Update 2 vCenter 4.0 Windows not applicable ** VirtualCenter 2.5 Windows not applicable ** Update Manager 5.0 Windows not affected Update Manager 4.1 Windows not applicable ** Update Manager 4.0 Windows not applicable ** hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX ESX410-201110201-SG ESX 4.0 ESX not applicable ** ESX 3.5 ESX not applicable ** ESX 3.0.3 ESX not applicable ** * hosted products are VMware Workstation, Player, ACE, Fusion. ** this product uses the Oracle (Sun) JRE 1.5.0 family e. vCenter Update Manager Oracle (Sun) JRE update 1.5.0_30 Oracle (Sun) JRE is updated to version 1.5.0_30, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Oracle (Sun) JRE 1.5.0_30: CVE-2011-0862, CVE-2011-0873, CVE-2011-0815, CVE-2011-0864, CVE-2011-0802, CVE-2011-0814, CVE-2011-0871, CVE-2011-0867 and CVE-2011-0865. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Oracle (Sun) JRE 1.5.0_28: CVE-2010-4447, CVE-2010-4448, CVE-2010-4450, CVE-2010-4454, CVE-2010-4462, CVE-2010-4465, CVE-2010-4466, CVE-2010-4468, CVE-2010-4469, CVE-2010-4473, CVE-2010-4475, CVE-2010-4476. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter 5.0 Windows not applicable ** vCenter 4.1 Windows not applicable ** vCenter 4.0 Windows patch pending VirtualCenter 2.5 Windows patch pending Update Manager 5.0 Windows not applicable ** Update Manager 4.1 Windows Update 2 Update Manager 4.0 Windows patch pending hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX not applicable ** ESX 4.0 ESX patch pending ESX 3.5 ESX patch pending ESX 3.0.3 ESX affected, no patch planned * hosted products are VMware Workstation, Player, ACE, Fusion. ** this product uses the Oracle (Sun) JRE 1.6.0 family f. Integer overflow in VMware third party component sfcb This release resolves an integer overflow issue present in the third party library SFCB when the httpMaxContentLength has been changed from its default value to 0 in in /etc/sfcb/sfcb.cfg. The integer overflow could allow remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via a large integer in the Content-Length HTTP header. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-2054 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ========= ======== ======= ================= vCenter any Windows not affected hosted* any any not affected ESXi 5.0 ESXi not affected ESXi 4.1 ESXi ESXi410-201110201-SG ESXi 4.0 ESXi not affected ESXi 3.5 ESXi not affected ESX 4.1 ESX ESX410-201110201-SG ESX 4.0 ESX not affected ESX 3.5 ESX not affected ESX 3.0.3 ESX not affected * hosted products are VMware Workstation, Player, ACE, Fusion. 4. Solution Please review the patch/release notes for your product and version and verify the checksum of your downloaded file. VMware vCenter Server 4.1 ---------------------------------------------- vCenter Server 4.1 Update 2 The download for vCenter Server includes VMware Update Manager. Download link: http://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/4_1 Release Notes: http://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html https://www.vmware.com/support/pubs/vum_pubs.html File: VMware-VIMSetup-all-4.1.0-493063.iso md5sum: d132326846a85bfc9ebbc53defeee6e1 sha1sum: 192c3e5d2a10bbe53c025cc7eedb3133a23e0541 File: VMware-VIMSetup-all-4.1.0-493063.zip md5sum: 7fd7b09e501bd8fde52649b395491222 sha1sum: 46dd00e7c594ac672a5d7c3c27d15be2f5a5f1f1 File: VMware-viclient-all-4.1.0-491557.exe md5sum: dafd31619ae66da65115ac3900697e3a sha1sum: 98be4d349c9a655621c068d105593be4a8e542ef VMware ESXi 4.1 --------------- VMware ESXi 4.1 Update 2 Download link: http://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/4_1 Release Notes: https://www.vmware.com/support/pubs/vs_pages/vsp_pubs_esxi41_i_vc41.html File: VMware-VMvisor-Installer-4.1.0.update02-502767.x86_64.iso md5sum: 0aa78790a336c5fc6ba3d9807c98bfea sha1sum: 7eebd34ab5bdc81401ae20dcf59a8f8ae22086ce File: upgrade-from-esxi4.0-to-4.1-update02-502767.zip md5sum: 459d9142a885854ef0fa6edd8d6a5677 sha1sum: 75978b6f0fc3b0ccc63babe6a65cfde6ec420d33 File: upgrade-from-ESXi3.5-to-4.1_update02.502767.zip md5sum: 3047fac78a4aaa05cf9528d62fad9d73 sha1sum: dc99b6ff352ace77d5513b4c6d8a2cb7e766a09f File: VMware-tools-linux-8.3.12-493255.iso md5sum: 63028f2bf605d26798ac24525a0e6208 sha1sum: 95ca96eec7817da9d6e0c326ac44d8b050328932 File: VMware-viclient-all-4.1.0-491557.exe md5sum: dafd31619ae66da65115ac3900697e3a sha1sum: 98be4d349c9a655621c068d105593be4a8e542ef VMware ESXi 4.1 Update 2 contains ESXi410-201110201-SG. VMware ESX 4.1 -------------- VMware ESX 4.1 Update 2 Download link: http://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/4_1 Release Notes: http://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html File: ESX-4.1.0-update02-502767.iso md5sum: 9a2b524446cbd756f0f1c7d8d88077f8 sha1sum: 2824c0628c341357a180b3ab20eb2b7ef1bee61c File: pre-upgrade-from-esx4.0-to-4.1-502767.zip md5sum: 9060ad94d9d3bad7d4fa3e4af69a41cf sha1sum: 9b96ba630377946c42a8ce96f0b5745c56ca46b4 File: upgrade-from-esx4.0-to-4.1-update02-502767.zip md5sum: 4b60f36ee89db8cb7e1243aa02cdb549 sha1sum: 6b9168a1b01379dce7db9d79fd280509e16d013f File: VMware-tools-linux-8.3.12-493255.iso md5sum: 63028f2bf605d26798ac24525a0e6208 sha1sum: 95ca96eec7817da9d6e0c326ac44d8b050328932 File: VMware-viclient-all-4.1.0-491557.exe md5sum: dafd31619ae66da65115ac3900697e3a sha1sum: 98be4d349c9a655621c068d105593be4a8e542ef VMware ESX 4.1 Update 2 contains ESX410-201110204-SG, ESX410-201110206-SG, ESX410-201110201-SG and ESX410-201110214-SG. 5. References CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7270 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1321 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2054 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3170 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3173 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3541 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3548 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3549 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3550 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3551 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3552 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3553 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3554 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3555 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3556 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3557 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3558 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3559 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3560 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3561 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3562 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3563 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3565 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3566 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3567 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3568 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3570 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3573 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3574 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4180 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4422 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4447 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4447 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4448 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4448 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4450 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4450 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4451 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4452 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4454 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4454 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4462 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4462 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4463 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4465 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4465 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4466 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4466 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4467 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4468 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4468 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4469 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4469 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4470 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4471 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4472 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4473 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4473 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4474 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4475 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4475 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0002 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0802 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0814 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0815 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0862 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0864 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0865 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0867 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0871 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0873 - ------------------------------------------------------------------------ 6. Change log 2011-10-27 VMSA-2011-0013 Initial security advisory in conjunction with the release of Update 2 for vCenter Server 4.1, vCenter Update Manager 4.1, vSphere Hypervisor (ESXi) 4.1 and ESX 4.1 on 2011-10-27. - ------------------------------------------------------------------------ 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com * bugtraq at securityfocus.com * full-disclosure at lists.grok.org.uk E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Advisories http://www.vmware.com/security/advisories VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2011 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk6qRrIACgkQDEcm8Vbi9kPemwCeM4Q4S8aRp8X/8/LQ8NGVdU8l lJkAmweROyq5t0iWwM0EN2iP9ly6trbc =Dm8O -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02746026 Version: 2 HPSBMA02642 SSRT100415 rev.2 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows running Java, Remote Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2011-04-12 Last Updated: 2011-05-10 Potential Security Impact: Remote Denial of Service (DoS) Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential vulnerability has been identified with HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows running Java. The vulnerability could be remotely exploited to create a Denial of Service (DoS). References: CVE-2010-4476 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. Any version of Java running on HP Network Node Manager i (NNMi) v8.1x and v9.0x for HP-UX, Linux, Solaris, and Windows BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2010-4476 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has made patches available to resolve the vulnerability for NNMi 9.0x HP has made two methods available to resolve the vulnerability for 8.1x. Customers can request hotfixes or use the FPupdater tool. For NNMi 9.0x Operating System Patch HP-UX PHSS_41982 or subsequent Linux NNM900L_00004 or subsequent Solaris NNM900S_00004 or subsequent Windows NNM900W_00004 or subsequent For NNMi 8.1x Hotfixes Customers can request the following hotfixes by contacting the normal HP Services support channel. NNMi Version JDK Hotfix Number Operating System NNMi 8.1x JDK b QCCR1B87492 HP-UX, Linux, Solaris, Windows NNMi 8.1x JDK nnm (nms on Windows) QCCR1B87491 HP-UX, Linux, Solaris, Windows FPUpdater (Floating Point Updater) The FPupdater tool can be used instead of applying hotfixes. To download the FPUpdater tool, go to https://www.hp.com/go/java then click on the link for the FPUpdater tool Note: NNMi has two JDKs to be updated. Before running the FPUpdater tool set the shell environment variable JRE_HOME as follows: NNMi Version JDK JRE_HOME for HP-UX, Linux, Solaris JRE_HOME for Windows NNMi 8.1x JDK b /opt/OV/nonOV/jdk/b/jre {install_dir}\nonOV\jdk\b\jre NNMi 8.1x JDK nnm (nms on Windows) /opt/OV/nonOV/jdk/nnm/jre {install_dir}\nonOV\jdk\nms\jre MANUAL ACTIONS: Yes - Update For NNMi 8.1x, install the appropriate hotfix or update using FPUpdater PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS (for HP-UX) For HP-UX NNM v9.x HP-UX B.11.31 HP-UX B.11.23 (IA) ============= HPOvNNM.HPNMSJBOSS action: install PHSS_41982 or subsequent For HP-UX NNM 8.x HP-UX B.11.31 HP-UX B.11.23 (IA) ============= HPOvNNM.HPNMSJBOSS action: install the appropriate hotfix or update using FPUpdater END AFFECTED VERSIONS (for HP-UX) HISTORY Version:1 (rev.1) - 12 April 2011 Initial release Version:2 (rev.2) - 10 May 2011 Patches available for NNMi v9.0x Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." Copyright 2011 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Such input strings represent valid numbers and can be contained in data supplied by an attacker over the network, leading to a denial-of-service attack. For the old stable distribution (lenny), this problem has been fixed in version 6b18-1.8.3-2~lenny1. Note that this update introduces an OpenJDK package based on the IcedTea release 1.8.3 into the old stable distribution. This addresses several dozen security vulnerabilities, most of which are only exploitable by malicious mobile code. A notable exception is CVE-2009-3555, the TLS renegotiation vulnerability. This update implements the protocol extension described in RFC 5746, addressing this issue. This update also includes a new version of Hotspot, the Java virtual machine, which increases the default heap size on machines with several GB of RAM. If you run several JVMs on the same machine, you might have to reduce the heap size by specifying a suitable -Xmx argument in the invocation of the "java" command. We recommend that you upgrade your openjdk-6 packages. HP OpenVMS running J2SE 1.42 on Alpha platforms: v 1.42-9 and earlier. HP OpenVMS running J2SE 1.42 on I64 platforms: v 1.42-6 and earlier. HP OpenVMS running J2SE 5.0 on Alpha platforms: v 1.50-7 and earlier. HP OpenVMS running J2SE 5.0 on I64 platforms: v 1.50-6 and earlier. HP OpenVMS running Java SE 6 on Alpha and I64 platforms: v 6.0-2 and earlier. The FPUpdater tool (Floating Point Updater) must be run to update the Java Development Kit (JDK) and/or the Java Runtime Environment (JRE) for Java v 1.4-x, v 5.0-x, and v 6.0-x. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Apache Tomcat Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43198 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43198/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43198 RELEASE DATE: 2011-02-07 DISCUSS ADVISORY: http://secunia.com/advisories/43198/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43198/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43198 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Apache Tomcat, which can be exploited by malicious, local users to bypass certain security restrictions and by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service). 1) An error due to the "ServletContect" attribute improperly being restricted to read-only when running under a SecurityManager can be exploited by a malicious web application to use an arbitrary working directory with read-write privileges. 2) Certain input (e.g. display names) is not properly sanitised in the HTML Manager interface before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 3) An error within the JVM when accessing a page that calls "javax.servlet.ServletRequest.getLocale()" or "javax.servlet.ServletRequest.getLocales()" functions can be exploited to cause the process to hang via a web request containing specially crafted headers (e.g. "Accept-Language"). This vulnerability is reported in versions prior to 5.5.33. PROVIDED AND/OR DISCOVERED BY: 1, 2) Reported by the vendor. 3) Konstantin Preiber ORIGINAL ADVISORY: Apache Tomcat: http://tomcat.apache.org/security-5.html http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0075.html Konstantin Preiber: http://www.exploringbinary.com/why-volatile-fixes-the-2-2250738585072011e-308-bug/comment-page-1/#comment-4645 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . The updates are available from: http://www.hp.com/go/java These issues are addressed in the following versions of the HP Java: HP-UX B.11.11 / SDK and JRE v1.4.2.28 or subsequent HP-UX B.11.23 / SDK and JRE v1.4.2.28 or subsequent HP-UX B.11.31 / SDK and JRE v1.4.2.28 or subsequent MANUAL ACTIONS: Yes - Update For Java v1.4.2.27 and earlier, update to Java v1.4.2.28 or subsequent. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com

Trust: 3.06

sources: NVD: CVE-2010-4476 // JVNDB: JVNDB-2011-000017 // JVNDB: JVNDB-2011-001185 // VULMON: CVE-2010-4476 // PACKETSTORM: 106640 // PACKETSTORM: 106330 // PACKETSTORM: 101334 // PACKETSTORM: 98469 // PACKETSTORM: 101245 // PACKETSTORM: 98186 // PACKETSTORM: 112826

AFFECTED PRODUCTS

vendor:	sun	model:	jre	scope:	eq	version:	1.5.0	Trust: 1.6
vendor:	sun	model:	jre	scope:	eq	version:	1.4.2_25	Trust: 1.0
vendor:	sun	model:	sdk	scope:	lte	version:	1.4.2_29	Trust: 1.0
vendor:	sun	model:	sdk	scope:	eq	version:	1.4.2	Trust: 1.0
vendor:	sun	model:	jre	scope:	eq	version:	1.4.2_2	Trust: 1.0
vendor:	sun	model:	jre	scope:	eq	version:	1.4.2_3	Trust: 1.0
vendor:	sun	model:	jre	scope:	eq	version:	1.4.2_22	Trust: 1.0
vendor:	sun	model:	jre	scope:	eq	version:	1.4.2_23	Trust: 1.0
vendor:	sun	model:	jdk	scope:	eq	version:	1.5.0	Trust: 1.0
vendor:	sun	model:	jdk	scope:	lte	version:	1.6.0	Trust: 1.0
vendor:	sun	model:	sdk	scope:	eq	version:	1.4.2_5	Trust: 1.0
vendor:	sun	model:	sdk	scope:	eq	version:	1.4.2_24	Trust: 1.0
vendor:	sun	model:	jre	scope:	lte	version:	1.5.0	Trust: 1.0
vendor:	sun	model:	jre	scope:	eq	version:	1.4.2_13	Trust: 1.0
vendor:	sun	model:	jre	scope:	eq	version:	1.4.2_15	Trust: 1.0
vendor:	sun	model:	sdk	scope:	eq	version:	1.4.2_18	Trust: 1.0
vendor:	sun	model:	jre	scope:	eq	version:	1.4.2_10	Trust: 1.0
vendor:	sun	model:	sdk	scope:	eq	version:	1.4.2_1	Trust: 1.0
vendor:	sun	model:	sdk	scope:	eq	version:	1.4.2_8	Trust: 1.0
vendor:	sun	model:	jre	scope:	eq	version:	1.4.2_19	Trust: 1.0
vendor:	sun	model:	sdk	scope:	eq	version:	1.4.2_16	Trust: 1.0
vendor:	sun	model:	sdk	scope:	eq	version:	1.4.2_4	Trust: 1.0
vendor:	sun	model:	jre	scope:	eq	version:	1.4.2_6	Trust: 1.0
vendor:	sun	model:	jre	scope:	eq	version:	1.4.2_26	Trust: 1.0
vendor:	sun	model:	jre	scope:	eq	version:	1.4.2_21	Trust: 1.0
vendor:	sun	model:	sdk	scope:	eq	version:	1.4.2_7	Trust: 1.0
vendor:	sun	model:	sdk	scope:	eq	version:	1.4.2_17	Trust: 1.0
vendor:	sun	model:	sdk	scope:	eq	version:	1.4.2_25	Trust: 1.0
vendor:	sun	model:	sdk	scope:	eq	version:	1.4.2_3	Trust: 1.0
vendor:	sun	model:	sdk	scope:	eq	version:	1.4.2_11	Trust: 1.0
vendor:	sun	model:	sdk	scope:	eq	version:	1.4.2_12	Trust: 1.0
vendor:	sun	model:	sdk	scope:	eq	version:	1.4.2_22	Trust: 1.0
vendor:	sun	model:	jre	scope:	eq	version:	1.4.2_9	Trust: 1.0
vendor:	sun	model:	jre	scope:	eq	version:	1.4.2_27	Trust: 1.0
vendor:	sun	model:	jre	scope:	eq	version:	1.4.2_28	Trust: 1.0
vendor:	sun	model:	jdk	scope:	lte	version:	1.5.0	Trust: 1.0
vendor:	sun	model:	jre	scope:	eq	version:	1.6.0	Trust: 1.0
vendor:	sun	model:	sdk	scope:	eq	version:	1.4.2_23	Trust: 1.0
vendor:	sun	model:	jre	scope:	lte	version:	1.4.2_29	Trust: 1.0
vendor:	sun	model:	jre	scope:	eq	version:	1.4.2_14	Trust: 1.0
vendor:	sun	model:	sdk	scope:	eq	version:	1.4.2_13	Trust: 1.0
vendor:	sun	model:	sdk	scope:	eq	version:	1.4.2_10	Trust: 1.0
vendor:	sun	model:	sdk	scope:	eq	version:	1.4.2_15	Trust: 1.0
vendor:	sun	model:	jre	scope:	eq	version:	1.4.2	Trust: 1.0
vendor:	sun	model:	jre	scope:	eq	version:	1.4.2_8	Trust: 1.0
vendor:	sun	model:	jre	scope:	eq	version:	1.4.2_20	Trust: 1.0
vendor:	sun	model:	sdk	scope:	eq	version:	1.4.2_6	Trust: 1.0
vendor:	sun	model:	sdk	scope:	eq	version:	1.4.2_26	Trust: 1.0
vendor:	sun	model:	sdk	scope:	eq	version:	1.4.2_19	Trust: 1.0
vendor:	sun	model:	jdk	scope:	eq	version:	1.6.0	Trust: 1.0
vendor:	sun	model:	sdk	scope:	eq	version:	1.4.2_21	Trust: 1.0
vendor:	sun	model:	jre	scope:	eq	version:	1.4.2_5	Trust: 1.0
vendor:	sun	model:	jre	scope:	eq	version:	1.4.2_24	Trust: 1.0
vendor:	sun	model:	jre	scope:	lte	version:	1.6.0	Trust: 1.0
vendor:	sun	model:	sdk	scope:	eq	version:	1.4.2_9	Trust: 1.0
vendor:	sun	model:	sdk	scope:	eq	version:	1.4.2_02	Trust: 1.0
vendor:	sun	model:	sdk	scope:	eq	version:	1.4.2_27	Trust: 1.0
vendor:	sun	model:	jre	scope:	eq	version:	1.4.2_1	Trust: 1.0
vendor:	sun	model:	jre	scope:	eq	version:	1.4.2_16	Trust: 1.0
vendor:	sun	model:	jre	scope:	eq	version:	1.4.2_4	Trust: 1.0
vendor:	sun	model:	jre	scope:	eq	version:	1.4.2_18	Trust: 1.0
vendor:	sun	model:	sdk	scope:	eq	version:	1.4.2_28	Trust: 1.0
vendor:	sun	model:	sdk	scope:	eq	version:	1.4.2_14	Trust: 1.0
vendor:	sun	model:	jre	scope:	eq	version:	1.4.2_7	Trust: 1.0
vendor:	sun	model:	jre	scope:	eq	version:	1.4.2_12	Trust: 1.0
vendor:	sun	model:	jre	scope:	eq	version:	1.4.2_11	Trust: 1.0
vendor:	sun	model:	sdk	scope:	eq	version:	1.4.2_20	Trust: 1.0
vendor:	sun	model:	jre	scope:	eq	version:	1.4.2_17	Trust: 1.0
vendor:	hewlett packard l p	model:	hp systems insight manager	scope:	eq	version:	prior to v7.0	Trust: 0.8
vendor:	ibm	model:	websphere application server	scope:	eq	version:	to v6.0 to v6.0.2.43	Trust: 0.8
vendor:	ibm	model:	websphere application server	scope:	eq	version:	to v6.1 to v6.1.0.35	Trust: 0.8
vendor:	ibm	model:	websphere application server	scope:	eq	version:	to v7.0 to v7.0.0.13	Trust: 0.8
vendor:	ibm	model:	websphere application server	scope:	eq	version:	v6.0 to v6.0.2.43	Trust: 0.8
vendor:	ibm	model:	websphere application server	scope:	eq	version:	v6.1 to v6.1.0.35	Trust: 0.8
vendor:	ibm	model:	websphere application server	scope:	eq	version:	v7.0 to v7.0.0.13	Trust: 0.8
vendor:	vmware	model:	esx	scope:	eq	version:	3.0.3	Trust: 0.8
vendor:	vmware	model:	esx	scope:	eq	version:	3.5	Trust: 0.8
vendor:	vmware	model:	esx	scope:	eq	version:	4.0	Trust: 0.8
vendor:	vmware	model:	esx	scope:	eq	version:	4.1	Trust: 0.8
vendor:	vmware	model:	esxi	scope:	-	version:	-	Trust: 0.8
vendor:	vmware	model:	vcenter	scope:	eq	version:	4.0 (windows)	Trust: 0.8
vendor:	vmware	model:	vcenter	scope:	eq	version:	4.1 (windows)	Trust: 0.8
vendor:	vmware	model:	vcenter	scope:	eq	version:	5.0 (windows)	Trust: 0.8
vendor:	vmware	model:	virtualcenter	scope:	eq	version:	2.5 (windows)	Trust: 0.8
vendor:	vmware	model:	vsphere update manager	scope:	eq	version:	4.0 (windows)	Trust: 0.8
vendor:	vmware	model:	vsphere update manager	scope:	eq	version:	4.1 (windows)	Trust: 0.8
vendor:	vmware	model:	vsphere update manager	scope:	eq	version:	5.0 (windows)	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	v10.5.8	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	v10.6.6	Trust: 0.8
vendor:	apple	model:	mac os x server	scope:	eq	version:	v10.5.8	Trust: 0.8
vendor:	apple	model:	mac os x server	scope:	eq	version:	v10.6.6	Trust: 0.8
vendor:	oracle	model:	iplanet web server	scope:	eq	version:	6.1	Trust: 0.8
vendor:	oracle	model:	iplanet web server	scope:	eq	version:	7.0	Trust: 0.8
vendor:	cybertrust	model:	asianux server	scope:	eq	version:	3 (x86)	Trust: 0.8
vendor:	cybertrust	model:	asianux server	scope:	eq	version:	3 (x86-64)	Trust: 0.8
vendor:	sun microsystems	model:	jdk	scope:	lte	version:	5.0 update 27	Trust: 0.8
vendor:	sun microsystems	model:	jdk	scope:	lte	version:	6 update 23	Trust: 0.8
vendor:	sun microsystems	model:	jre	scope:	lte	version:	1.4.2_29	Trust: 0.8
vendor:	sun microsystems	model:	jre	scope:	lte	version:	5.0 update 27	Trust: 0.8
vendor:	sun microsystems	model:	jre	scope:	lte	version:	6 update 23	Trust: 0.8
vendor:	sun microsystems	model:	sdk	scope:	lte	version:	1.4.2_29	Trust: 0.8
vendor:	hewlett packard	model:	hp systems insight manager	scope:	lt	version:	7.0	Trust: 0.8
vendor:	hewlett packard	model:	hp tru64 unix	scope:	lte	version:	running j2se v 1.42-9	Trust: 0.8
vendor:	hewlett packard	model:	hp-ux	scope:	eq	version:	11.11	Trust: 0.8
vendor:	hewlett packard	model:	hp-ux	scope:	eq	version:	11.23	Trust: 0.8
vendor:	hewlett packard	model:	hp-ux	scope:	eq	version:	11.23 (ia)	Trust: 0.8
vendor:	hewlett packard	model:	hp-ux	scope:	eq	version:	11.23 (pa)	Trust: 0.8
vendor:	hewlett packard	model:	hp-ux	scope:	eq	version:	11.31	Trust: 0.8
vendor:	hewlett packard	model:	hp-ux tomcat-based servlet engine	scope:	eq	version:	5.5.30.04	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	5 (server)	Trust: 0.8
vendor:	red hat	model:	enterprise linux desktop	scope:	eq	version:	5.0 (client)	Trust: 0.8
vendor:	red hat	model:	enterprise linux desktop	scope:	eq	version:	6	Trust: 0.8
vendor:	red hat	model:	enterprise linux extras	scope:	eq	version:	4 extras	Trust: 0.8
vendor:	red hat	model:	enterprise linux extras	scope:	eq	version:	4.8.z extras	Trust: 0.8
vendor:	red hat	model:	enterprise linux hpc node	scope:	eq	version:	6	Trust: 0.8
vendor:	red hat	model:	enterprise linux hpc node supplementary	scope:	eq	version:	6	Trust: 0.8
vendor:	red hat	model:	enterprise linux server	scope:	eq	version:	6	Trust: 0.8
vendor:	red hat	model:	enterprise linux server supplementary	scope:	eq	version:	6	Trust: 0.8
vendor:	red hat	model:	enterprise linux workstation	scope:	eq	version:	6	Trust: 0.8
vendor:	red hat	model:	enterprise linux workstation supplementary	scope:	eq	version:	6	Trust: 0.8
vendor:	red hat	model:	rhel desktop supplementary	scope:	eq	version:	5 (client)	Trust: 0.8
vendor:	red hat	model:	rhel desktop supplementary	scope:	eq	version:	6	Trust: 0.8
vendor:	red hat	model:	rhel desktop workstation	scope:	eq	version:	5 (client)	Trust: 0.8
vendor:	red hat	model:	rhel supplementary	scope:	eq	version:	5 (server)	Trust: 0.8
vendor:	nec	model:	systemdirector enterprise	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	cosminexus application server	scope:	eq	version:	enterprise version 6	Trust: 0.8
vendor:	hitachi	model:	cosminexus application server	scope:	eq	version:	standard version 6	Trust: 0.8
vendor:	hitachi	model:	cosminexus application server	scope:	eq	version:	version 5	Trust: 0.8
vendor:	hitachi	model:	cosminexus client	scope:	eq	version:	version 6	Trust: 0.8
vendor:	hitachi	model:	cosminexus collaboration	scope:	eq	version:	- server	Trust: 0.8
vendor:	hitachi	model:	cosminexus developer	scope:	eq	version:	light version 6	Trust: 0.8
vendor:	hitachi	model:	cosminexus developer	scope:	eq	version:	professional version 6	Trust: 0.8
vendor:	hitachi	model:	cosminexus developer	scope:	eq	version:	standard version 6	Trust: 0.8
vendor:	hitachi	model:	cosminexus developer	scope:	eq	version:	version 5	Trust: 0.8
vendor:	hitachi	model:	cosminexus server	scope:	eq	version:	- standard edition version 4	Trust: 0.8
vendor:	hitachi	model:	cosminexus server	scope:	eq	version:	- web edition version 4	Trust: 0.8
vendor:	hitachi	model:	cosminexus studio	scope:	eq	version:	- standard edition version 4	Trust: 0.8
vendor:	hitachi	model:	cosminexus studio	scope:	eq	version:	- web edition version 4	Trust: 0.8
vendor:	hitachi	model:	cosminexus studio	scope:	eq	version:	version 5	Trust: 0.8
vendor:	hitachi	model:	groupmax collaboration	scope:	eq	version:	- server	Trust: 0.8
vendor:	hitachi	model:	hirdb realtime monitor	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	developer's kit for java	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	device manager	scope:	eq	version:	software	Trust: 0.8
vendor:	hitachi	model:	global link manager	scope:	eq	version:	software	Trust: 0.8
vendor:	hitachi	model:	it operations analyzer	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	it operations director	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	provisioning manager	scope:	eq	version:	software	Trust: 0.8
vendor:	hitachi	model:	replication manager	scope:	eq	version:	software	Trust: 0.8
vendor:	hitachi	model:	tiered storage manager	scope:	eq	version:	software	Trust: 0.8
vendor:	hitachi	model:	tuning manager	scope:	eq	version:	software	Trust: 0.8
vendor:	hitachi	model:	job management partner 1/automatic job management system 2	scope:	eq	version:	- web operation assistant( english edition )	Trust: 0.8
vendor:	hitachi	model:	job management partner 1/automatic job management system 2	scope:	eq	version:	- web operation assistant/ex( english edition )	Trust: 0.8
vendor:	hitachi	model:	job management partner 1/automatic job management system 3	scope:	eq	version:	- web operation assistant( english edition )	Trust: 0.8
vendor:	hitachi	model:	job management partner 1/performance management - web console	scope:	eq	version:	( overseas edition )	Trust: 0.8
vendor:	hitachi	model:	jp1/automatic job management system 2	scope:	eq	version:	- web operation assistant	Trust: 0.8
vendor:	hitachi	model:	jp1/automatic job management system 3	scope:	eq	version:	- web operation assistant	Trust: 0.8
vendor:	hitachi	model:	jp1/cm2/network node manager	scope:	eq	version:	none	Trust: 0.8
vendor:	hitachi	model:	jp1/cm2/network node manager	scope:	eq	version:	i	Trust: 0.8
vendor:	hitachi	model:	jp1/cm2/network node manager	scope:	eq	version:	i advanced	Trust: 0.8
vendor:	hitachi	model:	jp1/cm2/network node manager	scope:	eq	version:	starter edition 250	Trust: 0.8
vendor:	hitachi	model:	jp1/cm2/network node manager	scope:	eq	version:	starter edition enterprise	Trust: 0.8
vendor:	hitachi	model:	jp1/cm2/snmp system observer	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	jp1/hicommand device manager	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	jp1/hicommand global link availability manager	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	jp1/hicommand provisioning manager	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	jp1/hicommand replication monitor	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	jp1/hicommand tiered storage manager	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	jp1/hicommand tuning manager	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	jp1/integrated management	scope:	eq	version:	- service support	Trust: 0.8
vendor:	hitachi	model:	jp1/it resource management	scope:	eq	version:	- manager	Trust: 0.8
vendor:	hitachi	model:	jp1/performance management	scope:	eq	version:	- web console	Trust: 0.8
vendor:	hitachi	model:	jp1/performance management	scope:	eq	version:	- web console( overseas edition )	Trust: 0.8
vendor:	hitachi	model:	jp1/serverconductor/control manager	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	processing kit for xml	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	ucosminexus application server	scope:	eq	version:	enterprise	Trust: 0.8
vendor:	hitachi	model:	ucosminexus application server	scope:	eq	version:	standard	Trust: 0.8
vendor:	hitachi	model:	ucosminexus application server	scope:	eq	version:	standard-r	Trust: 0.8
vendor:	hitachi	model:	ucosminexus client	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	ucosminexus collaboration	scope:	eq	version:	- server	Trust: 0.8
vendor:	hitachi	model:	ucosminexus developer	scope:	eq	version:	light	Trust: 0.8
vendor:	hitachi	model:	ucosminexus developer	scope:	eq	version:	professional	Trust: 0.8
vendor:	hitachi	model:	ucosminexus developer	scope:	eq	version:	standard	Trust: 0.8
vendor:	hitachi	model:	ucosminexus navigation	scope:	eq	version:	developer	Trust: 0.8
vendor:	hitachi	model:	ucosminexus navigation	scope:	eq	version:	platform	Trust: 0.8
vendor:	hitachi	model:	ucosminexus navigation	scope:	eq	version:	platform - authoring license	Trust: 0.8
vendor:	hitachi	model:	ucosminexus navigation	scope:	eq	version:	platform - user license	Trust: 0.8
vendor:	hitachi	model:	ucosminexus operator	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	ucosminexus portal framework	scope:	eq	version:	entry set	Trust: 0.8
vendor:	hitachi	model:	ucosminexus reporting base	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	ucosminexus service	scope:	eq	version:	architect	Trust: 0.8
vendor:	hitachi	model:	ucosminexus service	scope:	eq	version:	platform	Trust: 0.8
vendor:	hitachi	model:	ucosminexus stream data platform	scope:	eq	version:	none	Trust: 0.8
vendor:	hitachi	model:	ucosminexus stream data platform	scope:	eq	version:	- application framework	Trust: 0.8
vendor:	hitachi	model:	electronic form workflow	scope:	eq	version:	standard set	Trust: 0.8
vendor:	hitachi	model:	electronic form workflow	scope:	eq	version:	set	Trust: 0.8
vendor:	hitachi	model:	electronic form workflow	scope:	eq	version:	developer client set	Trust: 0.8
vendor:	hitachi	model:	electronic form workflow	scope:	eq	version:	developer set	Trust: 0.8
vendor:	hitachi	model:	electronic form workflow	scope:	eq	version:	professional library set	Trust: 0.8
vendor:	fujitsu	model:	internet navigware server	scope:	-	version:	-	Trust: 0.8
vendor:	fujitsu	model:	interstage application development cycle manager	scope:	-	version:	-	Trust: 0.8
vendor:	fujitsu	model:	interstage application framework suite	scope:	-	version:	-	Trust: 0.8
vendor:	fujitsu	model:	interstage application server	scope:	-	version:	-	Trust: 0.8
vendor:	fujitsu	model:	interstage apworks	scope:	eq	version:	server operation package	Trust: 0.8
vendor:	fujitsu	model:	interstage business application server	scope:	-	version:	-	Trust: 0.8
vendor:	fujitsu	model:	interstage job workload server	scope:	-	version:	-	Trust: 0.8
vendor:	fujitsu	model:	interstage list works	scope:	-	version:	-	Trust: 0.8
vendor:	fujitsu	model:	interstage service integrator	scope:	-	version:	-	Trust: 0.8
vendor:	fujitsu	model:	interstage web server	scope:	-	version:	-	Trust: 0.8
vendor:	fujitsu	model:	interstage xml business activity recorder	scope:	-	version:	-	Trust: 0.8
vendor:	fujitsu	model:	systemwalker availability view	scope:	-	version:	-	Trust: 0.8
vendor:	fujitsu	model:	systemwalker centric manager	scope:	-	version:	-	Trust: 0.8
vendor:	fujitsu	model:	systemwalker it change manager	scope:	-	version:	-	Trust: 0.8
vendor:	fujitsu	model:	systemwalker it process master	scope:	-	version:	-	Trust: 0.8
vendor:	fujitsu	model:	systemwalker resource coordinator	scope:	-	version:	-	Trust: 0.8
vendor:	fujitsu	model:	systemwalker service quality coordinator	scope:	-	version:	-	Trust: 0.8

sources: CNNVD: CNNVD-201102-241 // JVNDB: JVNDB-2011-000017 // JVNDB: JVNDB-2011-001185 // NVD: CVE-2010-4476

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2010-4476
value:	MEDIUM
Trust: 1.0
IPA:	JVNDB-2011-000017
value:	MEDIUM
Trust: 0.8
NVD:	CVE-2010-4476
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201102-241
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2010-4476
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2010-4476
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
IPA:	JVNDB-2011-000017
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8

sources: VULMON: CVE-2010-4476 // CNNVD: CNNVD-201102-241 // JVNDB: JVNDB-2011-000017 // JVNDB: JVNDB-2011-001185 // NVD: CVE-2010-4476

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-189	Trust: 0.8
problemtype:	CWE-DesignError	Trust: 0.8

sources: JVNDB: JVNDB-2011-000017 // JVNDB: JVNDB-2011-001185 // NVD: CVE-2010-4476

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 112826 // CNNVD: CNNVD-201102-241

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201102-241

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-000017

EXPLOIT AVAILABILITY

sources: VULMON: CVE-2010-4476

PATCH

title:	HPSBMU02769 SSRT100846	url:	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03298151	Trust: 1.6
title:	1462019	url:	http://www-01.ibm.com/support/docview.wss?uid=swg21462019	Trust: 1.6
title:	NV18-002	url:	http://jpn.nec.com/security-info/secinfo/nv18-002.html	Trust: 1.6
title:	PM31983	url:	http://www-01.ibm.com/support/docview.wss?uid=swg1PM31983	Trust: 0.8
title:	IZ94423	url:	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ94423	Trust: 0.8
title:	security-5.html#Not_a_vulnerability_in_Tomcat	url:	http://tomcat.apache.org/security-5.html#Not_a_vulnerability_in_Tomcat	Trust: 0.8
title:	security-6.html#Not_a_vulnerability_in_Tomcat	url:	http://tomcat.apache.org/security-6.html#Not_a_vulnerability_in_Tomcat	Trust: 0.8
title:	security-7.html#Not_a_vulnerability_in_Tomcat	url:	http://tomcat.apache.org/security-7.html#Not_a_vulnerability_in_Tomcat	Trust: 0.8
title:	1066244	url:	http://svn.apache.org/viewvc?view=revision&revision=1066244	Trust: 0.8
title:	1066315	url:	http://svn.apache.org/viewvc?view=revision&revision=1066315	Trust: 0.8
title:	1066318	url:	http://svn.apache.org/viewvc?view=revision&revision=1066318	Trust: 0.8
title:	HT4562	url:	http://support.apple.com/kb/HT4562	Trust: 0.8
title:	HT4563	url:	http://support.apple.com/kb/HT4563	Trust: 0.8
title:	HT4562	url:	http://support.apple.com/kb/HT4562?viewlocale=ja_JP	Trust: 0.8
title:	HT4563	url:	http://support.apple.com/kb/HT4563?viewlocale=ja_JP	Trust: 0.8
title:	tomcat5-5.5.23-0jpp.17.0.1.AXS3	url:	https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=1382	Trust: 0.8
title:	HPUXWSATW233	url:	https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPUXWSATW233	Trust: 0.8
title:	HPUXWSATW315	url:	https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPUXWSATW315	Trust: 0.8
title:	HS11-008	url:	http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-008/index.html	Trust: 0.8
title:	HS11-009	url:	http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-009/index.html	Trust: 0.8
title:	HS11-010	url:	http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-010/index.html	Trust: 0.8
title:	HS11-003	url:	http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-003/index.html	Trust: 0.8
title:	HPSBUX02685	url:	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02775276	Trust: 0.8
title:	HPSBUX02642	url:	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02746026	Trust: 0.8
title:	HPSBUX02633	url:	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02729756	Trust: 0.8
title:	HPSBUX02641	url:	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02738573	Trust: 0.8
title:	HPSBUX02645	url:	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02752210	Trust: 0.8
title:	HPSBTU02684	url:	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02826781	Trust: 0.8
title:	1469482	url:	http://www-01.ibm.com/support/docview.wss?uid=swg21469482	Trust: 0.8
title:	1468197	url:	http://www-01.ibm.com/support/docview.wss?uid=swg21468197	Trust: 0.8
title:	javacpufeb2011-304611	url:	http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html	Trust: 0.8
title:	cpuapr2011-301950	url:	http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html	Trust: 0.8
title:	alert-cve-2010-4476-305811	url:	http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html	Trust: 0.8
title:	RHSA-2011:0336	url:	https://rhn.redhat.com/errata/RHSA-2011-0336.html	Trust: 0.8
title:	RHSA-2011:0214	url:	https://rhn.redhat.com/errata/RHSA-2011-0214.html	Trust: 0.8
title:	RHSA-2011:0282	url:	https://rhn.redhat.com/errata/RHSA-2011-0282.html	Trust: 0.8
title:	RHSA-2011:0335	url:	https://rhn.redhat.com/errata/RHSA-2011-0335.html	Trust: 0.8
title:	security_alert_for_cve-2010-44	url:	http://blogs.oracle.com/security/2011/02/security_alert_for_cve-2010-44.html	Trust: 0.8
title:	april_2011_critical_patch_upda	url:	http://blogs.oracle.com/security/2011/04/april_2011_critical_patch_upda.html	Trust: 0.8
title:	VMSA-2011-0013	url:	http://www.vmware.com/jp/support/support-resources/advisories/VMSA-2011-0013.html	Trust: 0.8
title:	HS11-008	url:	http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-008/index.html	Trust: 0.8
title:	HS11-009	url:	http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-009/index.html	Trust: 0.8
title:	HS11-010	url:	http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-010/index.html	Trust: 0.8
title:	HS11-003	url:	http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-003/index.html	Trust: 0.8
title:	interstage_as_201101	url:	http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_201101.html	Trust: 0.8
title:	Debian Security Advisories: DSA-2161-1 openjdk-6 -- denial of service	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=8a0fbd8ef02c50b965cd7461fe7f588d	Trust: 0.1
title:	Ubuntu Security Notice: openjdk-6b18 vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-1079-3	Trust: 0.1
title:	Ubuntu Security Notice: openjdk-6 vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-1079-1	Trust: 0.1
title:	Ubuntu Security Notice: openjdk-6b18 vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-1079-2	Trust: 0.1
title:	VMware Security Advisories: VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX	url:	https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories&qid=31eb28d4d81f5dda33b13bdc58dfe8fb	Trust: 0.1

sources: VULMON: CVE-2010-4476 // JVNDB: JVNDB-2011-000017 // JVNDB: JVNDB-2011-001185

EXTERNAL IDS

db:	NVD	id:	CVE-2010-4476	Trust: 3.9
db:	SECUNIA	id:	43304	Trust: 1.9
db:	SECUNIA	id:	43280	Trust: 1.9
db:	SECUNIA	id:	43295	Trust: 1.9
db:	SECTRACK	id:	1025062	Trust: 1.9
db:	JVN	id:	JVN26301278	Trust: 1.6
db:	SECUNIA	id:	43400	Trust: 1.1
db:	SECUNIA	id:	45022	Trust: 1.1
db:	SECUNIA	id:	43333	Trust: 1.1
db:	SECUNIA	id:	43048	Trust: 1.1
db:	SECUNIA	id:	44954	Trust: 1.1
db:	SECUNIA	id:	45555	Trust: 1.1
db:	SECUNIA	id:	43659	Trust: 1.1
db:	SECUNIA	id:	43378	Trust: 1.1
db:	SECUNIA	id:	49198	Trust: 1.1
db:	VUPEN	id:	ADV-2011-0605	Trust: 1.1
db:	VUPEN	id:	ADV-2011-0422	Trust: 1.1
db:	VUPEN	id:	ADV-2011-0434	Trust: 1.1
db:	VUPEN	id:	ADV-2011-0365	Trust: 1.1
db:	VUPEN	id:	ADV-2011-0377	Trust: 1.1
db:	VUPEN	id:	ADV-2011-0379	Trust: 1.1
db:	HITACHI	id:	HS11-003	Trust: 1.1
db:	BID	id:	46091	Trust: 0.9
db:	SECUNIA	id:	43198	Trust: 0.9
db:	JVNDB	id:	JVNDB-2011-000017	Trust: 0.8
db:	JVN	id:	JVN16308183	Trust: 0.8
db:	JVN	id:	JVN97334690	Trust: 0.8
db:	SECUNIA	id:	44303	Trust: 0.8
db:	SECUNIA	id:	43262	Trust: 0.8
db:	SECUNIA	id:	43194	Trust: 0.8
db:	VUPEN	id:	ADV-2011-0405	Trust: 0.8
db:	VUPEN	id:	ADV-2011-0339	Trust: 0.8
db:	VUPEN	id:	ADV-2011-1051	Trust: 0.8
db:	VUPEN	id:	ADV-2011-0294	Trust: 0.8
db:	JVNDB	id:	JVNDB-2011-001185	Trust: 0.8
db:	CNNVD	id:	CNNVD-201102-241	Trust: 0.6
db:	EXPLOIT-DB	id:	35304	Trust: 0.1
db:	VULMON	id:	CVE-2010-4476	Trust: 0.1
db:	PACKETSTORM	id:	106640	Trust: 0.1
db:	PACKETSTORM	id:	106330	Trust: 0.1
db:	PACKETSTORM	id:	101334	Trust: 0.1
db:	PACKETSTORM	id:	98469	Trust: 0.1
db:	PACKETSTORM	id:	101245	Trust: 0.1
db:	PACKETSTORM	id:	98186	Trust: 0.1
db:	PACKETSTORM	id:	112826	Trust: 0.1

sources: VULMON: CVE-2010-4476 // PACKETSTORM: 106640 // PACKETSTORM: 106330 // PACKETSTORM: 101334 // PACKETSTORM: 98469 // PACKETSTORM: 101245 // PACKETSTORM: 98186 // PACKETSTORM: 112826 // CNNVD: CNNVD-201102-241 // JVNDB: JVNDB-2011-000017 // JVNDB: JVNDB-2011-001185 // NVD: CVE-2010-4476

REFERENCES

url:	http://secunia.com/advisories/43280	Trust: 1.9
url:	http://secunia.com/advisories/43304	Trust: 1.9
url:	http://secunia.com/advisories/43295	Trust: 1.9
url:	http://www.securitytracker.com/id?1025062	Trust: 1.9
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4476	Trust: 1.7
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-4476	Trust: 1.6
url:	http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html	Trust: 1.1
url:	http://www.redhat.com/support/errata/rhsa-2011-0214.html	Trust: 1.1
url:	http://www-01.ibm.com/support/docview.wss?uid=swg1pm31983	Trust: 1.1
url:	http://lists.fedoraproject.org/pipermail/package-announce/2011-february/053926.html	Trust: 1.1
url:	http://www.debian.org/security/2011/dsa-2161	Trust: 1.1
url:	http://www.redhat.com/support/errata/rhsa-2011-0282.html	Trust: 1.1
url:	http://secunia.com/advisories/43400	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2011/0422	Trust: 1.1
url:	http://www.redhat.com/support/errata/rhsa-2011-0211.html	Trust: 1.1
url:	http://www-01.ibm.com/support/docview.wss?uid=swg1iz94423	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2011/0434	Trust: 1.1
url:	http://www.redhat.com/support/errata/rhsa-2011-0213.html	Trust: 1.1
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21468358	Trust: 1.1
url:	http://lists.fedoraproject.org/pipermail/package-announce/2011-february/053934.html	Trust: 1.1
url:	http://www13.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02720715&admit=109447627+1298159618320+28353475	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2011/0365	Trust: 1.1
url:	http://secunia.com/advisories/43378	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2011/0379	Trust: 1.1
url:	http://www.redhat.com/support/errata/rhsa-2011-0212.html	Trust: 1.1
url:	http://blogs.oracle.com/security/2011/02/security_alert_for_cve-2010-44.html	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2011/0377	Trust: 1.1
url:	http://www.redhat.com/support/errata/rhsa-2011-0210.html	Trust: 1.1
url:	http://blog.fortify.com/blog/2011/02/08/double-trouble	Trust: 1.1
url:	http://secunia.com/advisories/43048	Trust: 1.1
url:	http://secunia.com/advisories/43333	Trust: 1.1
url:	http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html	Trust: 1.1
url:	http://www.exploringbinary.com/java-hangs-when-converting-2-2250738585072012e-308/	Trust: 1.1
url:	http://www.redhat.com/support/errata/rhsa-2011-0334.html	Trust: 1.1
url:	http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html	Trust: 1.1
url:	http://www.redhat.com/support/errata/rhsa-2011-0333.html	Trust: 1.1
url:	http://secunia.com/advisories/45555	Trust: 1.1
url:	http://www.ibm.com/support/docview.wss?uid=swg24029498	Trust: 1.1
url:	http://www.ibm.com/support/docview.wss?uid=swg24029497	Trust: 1.1
url:	http://www.redhat.com/support/errata/rhsa-2011-0880.html	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=130514352726432&w=2	Trust: 1.1
url:	http://www.mandriva.com/security/advisories?name=mdvsa-2011:054	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=131041767210772&w=2	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2011/0605	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=129960314701922&w=2	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00004.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00010.html	Trust: 1.1
url:	http://secunia.com/advisories/43659	Trust: 1.1
url:	http://secunia.com/advisories/44954	Trust: 1.1
url:	http://secunia.com/advisories/45022	Trust: 1.1
url:	http://support.novell.com/docs/readmes/infodocument/patchbuilder/readme_5098550.html	Trust: 1.1
url:	http://secunia.com/advisories/49198	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=132215163318824&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=136485229118404&w=2	Trust: 1.1
url:	http://security.gentoo.org/glsa/glsa-201406-32.xml	Trust: 1.1
url:	http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs11-003/index.html	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=134254957702612&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=130270785502599&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=130497185606818&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=133469267822771&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=130497132406206&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=129899347607632&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=133728004526190&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=130168502603566&w=2	Trust: 1.1
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a19493	Trust: 1.1
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a14589	Trust: 1.1
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a14328	Trust: 1.1
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a12745	Trust: 1.1
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a12662	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=134254866602253&w=2	Trust: 1.1
url:	http://www.securityfocus.com/bid/46091	Trust: 0.9
url:	http://jvn.jp/en/jp/jvn26301278/index.html	Trust: 0.8
url:	http://jvn.jp/jp/jvn97334690/index.html	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu584356/index.html	Trust: 0.8
url:	http://jvn.jp/jp/jvn16308183/index.html	Trust: 0.8
url:	http://jvn.jp/jp/jvn26301278/index.html	Trust: 0.8
url:	http://jvn.jp/tr/jvntr-2011-02	Trust: 0.8
url:	http://secunia.com/advisories/43198	Trust: 0.8
url:	http://secunia.com/advisories/43262	Trust: 0.8
url:	http://secunia.com/advisories/44303	Trust: 0.8
url:	http://secunia.com/advisories/43194	Trust: 0.8
url:	http://www.vupen.com/english/advisories/2011/0294	Trust: 0.8
url:	http://www.vupen.com/english/advisories/2011/0339	Trust: 0.8
url:	http://www.vupen.com/english/advisories/2011/1051	Trust: 0.8
url:	http://www.vupen.com/english/advisories/2011/0405	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2010-4476	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3563	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3560	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3562	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3567	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3556	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3550	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3568	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3558	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3541	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3566	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3559	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3554	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3569	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3548	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3549	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3565	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3552	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3553	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3570	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3555	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3561	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3551	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3557	Trust: 0.2
url:	http://secunia.com/	Trust: 0.2
url:	http://lists.grok.org.uk/full-disclosure-charter.html	Trust: 0.2
url:	http://www.itrc.hp.com/service/cki/secbullarchive.do	Trust: 0.2
url:	http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na&langcode=useng&jumpid=in_sc-gen__driveritrc&topiccode=itrc	Trust: 0.2
url:	https://www.hp.com/go/swa	Trust: 0.2
url:	https://www.hp.com/go/java	Trust: 0.2
url:	http://h30046.www3.hp.com/subsignin.php	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://www.debian.org/security/./dsa-2161	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.exploit-db.com/exploits/35304/	Trust: 0.1
url:	https://usn.ubuntu.com/1079-3/	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=22468	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4474	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3574	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3548	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3565	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0814	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3570	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0864	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3553	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3555	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4451	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3516	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3557	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4450	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3550	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0865	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4471	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3550	Trust: 0.1
url:	http://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3557	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4447	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4476	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3549	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3554	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3563	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0862	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4466	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3561	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4467	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3567	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4465	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4472	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3556	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0863	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3568	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3548	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3549	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3562	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3555	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3556	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3573	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3552	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4462	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4469	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3572	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4448	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3521	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3571	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3546	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3569	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0871	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0815	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3571	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3561	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3558	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4475	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3559	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3573	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3541	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0872	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3554	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3574	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3552	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4470	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-4422	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0867	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4468	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3551	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4463	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3560	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3544	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3545	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3547	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3560	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0869	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3566	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4452	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0802	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3551	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4422	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3553	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4473	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3558	Trust: 0.1
url:	http://security.gentoo.org/glsa/glsa-201111-02.xml	Trust: 0.1
url:	http://security.gentoo.org/	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3572	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0873	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0868	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4454	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3389	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4473	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3556	Trust: 0.1
url:	https://www.vmware.com/support/pubs/vs_pages/vsp_pubs_esxi41_i_vc41.html	Trust: 0.1
url:	http://kb.vmware.com/kb/1055	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3571	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4472	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4474	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0862	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3554	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3562	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3170	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-1321	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3557	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3550	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3173	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3567	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4451	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3553	Trust: 0.1
url:	http://www.vmware.com/support/policies/eos_vi.html	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2054	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3555	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4465	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0864	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4469	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3561	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3541	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3559	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3565	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0802	Trust: 0.1
url:	http://www.vmware.com/support/policies/eos.html	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3574	Trust: 0.1
url:	http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4466	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3563	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4452	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3573	Trust: 0.1
url:	http://www.vmware.com/security/advisories	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4422	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2008-7270	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3549	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3548	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4180	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0873	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4450	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3568	Trust: 0.1
url:	http://www.vmware.com/support/policies/security_response.html	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4471	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1321	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3560	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3572	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4463	Trust: 0.1
url:	http://gpgtools.org	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0815	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4447	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3566	Trust: 0.1
url:	http://enigmail.mozdev.org/	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4467	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0865	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0867	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3558	Trust: 0.1
url:	http://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html	Trust: 0.1
url:	http://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/4_1	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0871	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3552	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4448	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-7270	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3570	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0002	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4475	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4454	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4470	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4462	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3173	Trust: 0.1
url:	https://www.vmware.com/support/pubs/vum_pubs.html	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3170	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-2054	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3569	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0814	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4468	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3551	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-3555	Trust: 0.1
url:	http://www.debian.org/security/faq	Trust: 0.1
url:	http://www.debian.org/security/	Trust: 0.1
url:	http://h18012.www1.hp.com/java/alpha/fpupdater_index.html	Trust: 0.1
url:	http://secunia.com/products/corporate/evm/	Trust: 0.1
url:	http://www.exploringbinary.com/why-volatile-fixes-the-2-2250738585072011e-308-bug/comment-page-1/#comment-4645	Trust: 0.1
url:	http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0075.html	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=43198	Trust: 0.1
url:	http://secunia.com/advisories/43198/#comments	Trust: 0.1
url:	http://secunia.com/products/corporate/vim/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/personal/	Trust: 0.1
url:	http://tomcat.apache.org/security-5.html	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/advisories/43198/	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-3549	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-0865	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-4469	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-3563	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-4448	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-0864	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-3545	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-3560	Trust: 0.1
url:	http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/	Trust: 0.1
url:	http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-4454	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-0815	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-3552	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-0499	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-3389	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-3556	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-4462	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-3557	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-0862	Trust: 0.1
url:	https://h20566.www2.hp.com/portal/site/hpsc/public/kb/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-3548	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-0867	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-4465	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-4475	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-0871	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-4473	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-4447	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-0802	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-3547	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-0814	Trust: 0.1

sources: VULMON: CVE-2010-4476 // PACKETSTORM: 106640 // PACKETSTORM: 106330 // PACKETSTORM: 101334 // PACKETSTORM: 98469 // PACKETSTORM: 101245 // PACKETSTORM: 98186 // PACKETSTORM: 112826 // JVNDB: JVNDB-2011-000017 // JVNDB: JVNDB-2011-001185 // NVD: CVE-2010-4476

CREDITS

Trust: 0.3

sources: PACKETSTORM: 101334 // PACKETSTORM: 101245 // PACKETSTORM: 112826

SOURCES

db:	VULMON	id:	CVE-2010-4476
db:	PACKETSTORM	id:	106640
db:	PACKETSTORM	id:	106330
db:	PACKETSTORM	id:	101334
db:	PACKETSTORM	id:	98469
db:	PACKETSTORM	id:	101245
db:	PACKETSTORM	id:	98186
db:	PACKETSTORM	id:	112826
db:	CNNVD	id:	CNNVD-201102-241
db:	JVNDB	id:	JVNDB-2011-000017
db:	JVNDB	id:	JVNDB-2011-001185
db:	NVD	id:	CVE-2010-4476

LAST UPDATE DATE

2026-02-05T15:52:29.743000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2010-4476	date:	2018-10-30T00:00:00
db:	CNNVD	id:	CNNVD-201102-241	date:	2011-02-24T00:00:00
db:	JVNDB	id:	JVNDB-2011-000017	date:	2018-02-07T00:00:00
db:	JVNDB	id:	JVNDB-2011-001185	date:	2018-02-07T00:00:00
db:	NVD	id:	CVE-2010-4476	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2010-4476	date:	2011-02-17T00:00:00
db:	PACKETSTORM	id:	106640	date:	2011-11-06T01:01:42
db:	PACKETSTORM	id:	106330	date:	2011-10-28T14:46:28
db:	PACKETSTORM	id:	101334	date:	2011-05-12T01:01:50
db:	PACKETSTORM	id:	98469	date:	2011-02-14T21:33:52
db:	PACKETSTORM	id:	101245	date:	2011-05-09T22:46:47
db:	PACKETSTORM	id:	98186	date:	2011-02-07T01:36:02
db:	PACKETSTORM	id:	112826	date:	2012-05-17T21:16:37
db:	CNNVD	id:	CNNVD-201102-241	date:	2011-02-15T00:00:00
db:	JVNDB	id:	JVNDB-2011-000017	date:	2011-03-04T00:00:00
db:	JVNDB	id:	JVNDB-2011-001185	date:	2011-03-08T00:00:00
db:	NVD	id:	CVE-2010-4476	date:	2011-02-17T19:00:01.900