ID

VAR-201105-0121


CVE

CVE-2011-0419


TITLE

Apache APR 'apr_fnmatch()' Denial of Service Vulnerability

Trust: 0.3

sources: BID: 47820

DESCRIPTION

Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd. Apache APR is prone to a vulnerability that may allow attackers to cause a denial-of-service condition. Apache APR versions prior to 1.4.4 are vulnerable. The purpose of APR (Apache portable Run-time libraries, Apache portable runtime library) is the same as its name. It mainly provides an underlying support interface library for upper-level applications that can be used across multiple operating system platforms. NetBSD is a free and open source Unix-like operating system developed by the NetBSD Foundation. This update fixes this problem (CVE-2011-1928). For reference, the description of the original DSA, which fixed CVE-2011-0419: A flaw was found in the APR library, which could be exploited through Apache HTTPD's mod_autoindex. If a directory indexed by mod_autoindex contained files with sufficiently long names, a remote attacker could send a carefully crafted request which would cause excessive CPU usage. This could be used in a denial of service attack. For the oldstable distribution (lenny), this problem has been fixed in version 1.2.12-5+lenny4. For the stable distribution (squeeze), this problem has been fixed in version 1.4.2-6+squeeze2. For the testing distribution (wheezy), this problem will be fixed in version 1.4.5-1. For the unstable distribution (sid), this problem will be fixed in version 1.4.5-1. We recommend that you upgrade your apr packages and restart the apache2 server. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFN13A7bxelr8HyTqQRAvzpAJ9UKzrunYOHUwdLJTgCn8FpBVFRwwCghXmu QKovjSgHsOiO+ihaTmtsAFI= =mU7B -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02997184 Version: 4 HPSBUX02702 SSRT100606 rev.4 - HP-UX Apache Web Server, Remote Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2011-09-08 Last Updated: 2011-09-23 ----------------------------------------------------------------------------- Potential Security Impact: Remote Denial of Service (DoS) Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX Apache Web Server. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS). References: CVE-2011-3192, CVE-2011-0419 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.23, B.11.31 running HP-UX Apache Web Server Suite v3.17 containing Apache v2.2.15.07 or earlier HP-UX B.11.11 running HP-UX Apache Web Server Suite v2.33 containing Apache v2.0.64.01 or earlier BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2011-3192 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2011-0419 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION This bulletin will be revised when additional information becomes available. HP has provided the following software updates to resolve these vulnerabilities. HP-UX Web Server Suite (WSS) v3.18 containing Apache v2.2.15.08 The WSS v3.18 update is available for download from the following location https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPUXWSATW318 HP-UX 11i Releases / Apache Depot name B.11.23 & B.11.31 (32-bit) / HPUXWS22ATW-B318-32.depot B.11.23 & B.11.31 (64-bit) / HPUXWS22ATW-B318-64.depot HP-UX Web Server Suite (WSS) v2.33 containing Apache v2.0.64.01 and earlier The WSS v2.33 preliminary update is available for download from the following location ftp://srt10606:P2xg=AD5@ftp.usa.hp.com or https://ftp.usa.hp.com/hprc/home with username srt10606 and password P2xg=AD5 NOTE: CVE-2011-0419 is not resolved in the WSS v2.33 depot below. HP-UX 11i Release / Apache Depot name B.11.11 / Apache-2.0-CVE-2011-3192-Fix-11.11.depot B.11.23 (32 & 64-bit) / No longer supported. Upgrade to WSS v 3.18 B.11.31 (32 & 64-bit) / No longer supported. Upgrade to WSS v 3.18 Alternatives to Installing the WSS v2.33 Preliminary Patch The Apache Software Foundation has documented a work around. For customers not wanting to install the WSS v2.33 preliminary patch, the following are recommended. 1) Use SetEnvIf or mod_rewrite to detect a large number of ranges and then either ignore the Range: header or reject the request. 2) Limit the size of the request field to a few hundred bytes. 3) Use mod_headers to completely disallow the use of Range headers. Please refer to the Apache advisory for details. http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3c20110826103531.998348F82@minotaur.apache.org%3e MANUAL ACTIONS: Yes - Update For B.11.23 and B.11.31 install HP-UX Web Server Suite v3.18 or subsequent. For B.11.11 install HP-UX Web Server Suite v2.33 or subsequent. PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS HP-UX Web Server Suite v3.18 HP-UX B.11.23 HP-UX B.11.31 ================== hpuxws22APCH32.APACHE hpuxws22APCH32.APACHE2 hpuxws22APCH32.AUTH_LDAP hpuxws22APCH32.AUTH_LDAP2 hpuxws22APCH32.MOD_JK hpuxws22APCH32.MOD_JK2 hpuxws22APCH32.MOD_PERL hpuxws22APCH32.MOD_PERL2 hpuxws22APCH32.PHP hpuxws22APCH32.PHP2 hpuxws22APCH32.WEBPROXY hpuxws22APCH32.WEBPROXY2 hpuxws22APACHE.APACHE hpuxws22APACHE.APACHE2 hpuxws22APACHE.AUTH_LDAP hpuxws22APACHE.AUTH_LDAP2 hpuxws22APACHE.MOD_JK hpuxws22APACHE.MOD_JK2 hpuxws22APACHE.MOD_PERL hpuxws22APACHE.MOD_PERL2 hpuxws22APACHE.PHP hpuxws22APACHE.PHP2 hpuxws22APACHE.WEBPROXY hpuxws22APACHE.WEBPROXY2 action: install revision B.2.2.15.08 or subsequent HP-UX Web Server Suite v2.33 HP-UX B.11.11 ================== hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY action: install revision B.2.0.64.01 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) - 8 September 2011 Initial release Version:2 (rev.2) - 8 September 2011 Updated affectivity, recommendations, typos Version:3 (rev.3) - 22 September 2011 New source for depots Version:4 (rev.4) - 23 September 2011 Apache WSS 2.33 depot for B.11.11 available Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2011 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk6BAtkACgkQ4B86/C0qfVkSawCgo1Kh0PqJsgb9du7mlIChfMAb l84AniniivdPKtMblybUY1mLV942e+1n =v0q9 -----END PGP SIGNATURE----- . An attacker could use this flaw to cause an application using this function, which also accepted untrusted input as a pattern for matching (such as an httpd server using the mod_autoindex module), to exhaust all stack memory or use an excessive amount of CPU time when performing matching (CVE-2011-0419). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0419 _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.0: be64584ff33e8b302b98371cc2250737 2009.0/i586/libapr1-1.3.3-2.2mdv2009.0.i586.rpm f7dc54c6193e0ca7f3a24606e9d7a418 2009.0/i586/libapr-devel-1.3.3-2.2mdv2009.0.i586.rpm 1b7160e3c2178a302c07a6e23d59c82d 2009.0/SRPMS/apr-1.3.3-2.2mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 8d7329923bb5e81dbca4ea1d355e2846 2009.0/x86_64/lib64apr1-1.3.3-2.2mdv2009.0.x86_64.rpm 7838341b9612ac1ab78606a8c2143306 2009.0/x86_64/lib64apr-devel-1.3.3-2.2mdv2009.0.x86_64.rpm 1b7160e3c2178a302c07a6e23d59c82d 2009.0/SRPMS/apr-1.3.3-2.2mdv2009.0.src.rpm Mandriva Linux 2010.0: 50d349a278f9fb9ddae7fe78b9c7cfb5 2010.0/i586/libapr1-1.3.9-1.1mdv2010.0.i586.rpm a2ab8bacb929689515885f8f6b55e20b 2010.0/i586/libapr-devel-1.3.9-1.1mdv2010.0.i586.rpm 09656854ddec250000ae8ec2a54db5ac 2010.0/SRPMS/apr-1.3.9-1.1mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: d1d1660e4427134fd94eb61c6bf50573 2010.0/x86_64/lib64apr1-1.3.9-1.1mdv2010.0.x86_64.rpm 0c26aa24bf82e860353f5d279f1d7c3d 2010.0/x86_64/lib64apr-devel-1.3.9-1.1mdv2010.0.x86_64.rpm 09656854ddec250000ae8ec2a54db5ac 2010.0/SRPMS/apr-1.3.9-1.1mdv2010.0.src.rpm Mandriva Linux 2010.1: 6bcbd128393e66f857a0237858b8296c 2010.1/i586/libapr1-1.4.2-1.1mdv2010.2.i586.rpm 711375d83f3e8ba475f5e50e9cd72c58 2010.1/i586/libapr-devel-1.4.2-1.1mdv2010.2.i586.rpm 1e79b3cbed82fe6a72a5e363ee6de1ac 2010.1/SRPMS/apr-1.4.2-1.1mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: 10e549216a50287a8b00ceabc989f582 2010.1/x86_64/lib64apr1-1.4.2-1.1mdv2010.2.x86_64.rpm dcb20d2f8c1698ad7da97d8cfad775bc 2010.1/x86_64/lib64apr-devel-1.4.2-1.1mdv2010.2.x86_64.rpm 1e79b3cbed82fe6a72a5e363ee6de1ac 2010.1/SRPMS/apr-1.4.2-1.1mdv2010.2.src.rpm Corporate 4.0: 14e8e64d57936ac0d07614bd67446f03 corporate/4.0/i586/libapr1-1.2.7-1.2.20060mlcs4.i586.rpm ce54af727421b84a6b44e1e93c026d2e corporate/4.0/i586/libapr1-devel-1.2.7-1.2.20060mlcs4.i586.rpm b32595e78258a491a42ca109d6bceba2 corporate/4.0/SRPMS/apr-1.2.7-1.2.20060mlcs4.src.rpm Corporate 4.0/X86_64: 8d384c32df7462ea43898d5747a8896e corporate/4.0/x86_64/lib64apr1-1.2.7-1.2.20060mlcs4.x86_64.rpm ceb813bb8fbcd8047c4bb8938bdef32b corporate/4.0/x86_64/lib64apr1-devel-1.2.7-1.2.20060mlcs4.x86_64.rpm b32595e78258a491a42ca109d6bceba2 corporate/4.0/SRPMS/apr-1.2.7-1.2.20060mlcs4.src.rpm Mandriva Enterprise Server 5: 7e3ca3eb765d21b1366f55c9b9b56027 mes5/i586/libapr1-1.3.3-2.2mdvmes5.2.i586.rpm fbf9421168cb26090b5ff021a2bb823a mes5/i586/libapr-devel-1.3.3-2.2mdvmes5.2.i586.rpm f7afcb8a3dd0ecca2998a32df747afc9 mes5/SRPMS/apr-1.3.3-2.2mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: 418475e740da85914275f648045dbacb mes5/x86_64/lib64apr1-1.3.3-2.2mdvmes5.2.x86_64.rpm bc4a3e5372735992d633f5933b540891 mes5/x86_64/lib64apr-devel-1.3.3-2.2mdvmes5.2.x86_64.rpm f7afcb8a3dd0ecca2998a32df747afc9 mes5/SRPMS/apr-1.3.3-2.2mdvmes5.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. HP Secure Web Server (SWS) for OpenVMS V2.2 and earlier. Update: Packages for Mandriva Linux 2010.0 were missing with the MDVSA-2011:095 advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-10-12-3 OS X Lion v10.7.2 and Security Update 2011-006 OS X Lion v10.7.2 and Security Update 2011-006 is now available and addresses the following: Apache Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Multiple vulnerabilities in Apache Description: Apache is updated to version 2.2.20 to address several vulnerabilities, the most serious of which may lead to a denial of service. CVE-2011-0419 does not affect OS X Lion systems. Further information is available via the Apache web site at http://httpd.apache.org/ CVE-ID CVE-2011-0419 CVE-2011-3192 Application Firewall Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Executing a binary with a maliciously crafted name may lead to arbitrary code execution with elevated privileges Description: A format string vulnerability existed in Application Firewall's debug logging. CVE-ID CVE-2011-0185 : an anonymous reporter ATS Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution Description: A signedness issue existed in ATS' handling of Type 1 fonts. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3437 ATS Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution Description: An out of bounds memory access issue existed in ATS' handling of Type 1 fonts. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-0229 : Will Dormann of the CERT/CC ATS Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Applications which use the ATSFontDeactivate API may be vulnerable to an unexpected application termination or arbitrary code execution Description: A buffer overflow issue existed in the ATSFontDeactivate API. CVE-ID CVE-2011-0230 : Steven Michaud of Mozilla BIND Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Multiple vulnerabilities in BIND 9.7.3 Description: Multiple denial of service issues existed in BIND 9.7.3. These issues are addressed by updating BIND to version 9.7.3-P3. CVE-ID CVE-2011-1910 CVE-2011-2464 BIND Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Multiple vulnerabilities in BIND Description: Multiple denial of service issues existed in BIND. These issues are addressed by updating BIND to version 9.6-ESV-R4-P3. CVE-ID CVE-2009-4022 CVE-2010-0097 CVE-2010-3613 CVE-2010-3614 CVE-2011-1910 CVE-2011-2464 Certificate Trust Policy Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1. Impact: Root certificates have been updated Description: Several trusted certificates were added to the list of system roots. Several existing certificates were updated to their most recent version. The complete list of recognized system roots may be viewed via the Keychain Access application. CFNetwork Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Safari may store cookies it is not configured to accept Description: A synchronization issue existed in CFNetwork's handling of cookie policies. Safari's cookie preferences may not be honored, allowing websites to set cookies that would be blocked were the preference enforced. This update addresses the issue through improved handling of cookie storage. CVE-ID CVE-2011-0231 : Martin Tessarek, Steve Riggins of Geeks R Us, Justin C. Walker, and Stephen Creswell CFNetwork Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information Description: An issue existed in CFNetwork's handling of HTTP cookies. When accessing a maliciously crafted HTTP or HTTPS URL, CFNetwork could incorrectly send the cookies for a domain to a server outside that domain. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3246 : Erling Ellingsen of Facebook CoreFoundation Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Viewing a maliciously crafted website or e-mail message may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in CoreFoundation's handling of string tokenization. This issue does not affect OS X Lion systems. This update addresses the issue through improved bounds checking. CVE-ID CVE-2011-0259 : Apple CoreMedia Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Visiting a maliciously crafted website may lead to the disclosure of video data from another site Description: A cross-origin issue existed in CoreMedia's handling of cross-site redirects. This issue is addressed through improved origin tracking. CVE-ID CVE-2011-0187 : Nirankush Panchbhai and Microsoft Vulnerability Research (MSVR) CoreMedia Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in the handling of QuickTime movie files. These issues do not affect OS X Lion systems. CVE-ID CVE-2011-0224 : Apple CoreProcesses Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: A person with physical access to a system may partially bypass the screen lock Description: A system window, such as a VPN password prompt, that appeared while the screen was locked may have accepted keystrokes while the screen was locked. This issue is addressed by preventing system windows from requesting keystrokes while the screen is locked. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-0260 : Clint Tseng of the University of Washington, Michael Kobb, and Adam Kemp CoreStorage Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Converting to FileVault does not erase all existing data Description: After enabling FileVault, approximately 250MB at the start of the volume was left unencrypted on the disk in an unused area. Only data which was present on the volume before FileVault was enabled was left unencrypted. This issue is addressed by erasing this area when enabling FileVault, and on the first use of an encrypted volume affected by this issue. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3212 : Judson Powers of ATC-NY File Systems Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: An attacker in a privileged network position may manipulate HTTPS server certificates, leading to the disclosure of sensitive information Description: An issue existed in the handling of WebDAV volumes on HTTPS servers. If the server presented a certificate chain that could not be automatically verified, a warning was displayed and the connection was closed. If the user clicked the "Continue" button in the warning dialog, any certificate was accepted on the following connection to that server. An attacker in a privileged network position may have manipulated the connection to obtain sensitive information or take action on the server on the user's behalf. This update addresses the issue by validating that the certificate received on the second connection is the same certificate originally presented to the user. CVE-ID CVE-2011-3213 : Apple IOGraphics Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: A person with physical access may be able to bypass the screen lock Description: An issue existed with the screen lock when used with Apple Cinema Displays. When a password is required to wake from sleep, a person with physical access may be able to access the system without entering a password if the system is in display sleep mode. This update addresses the issue by ensuring that the lock screen is correctly activated in display sleep mode. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-3214 : Apple iChat Server Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: A remote attacker may cause the Jabber server to consume system resources disproportionately Description: An issue existed in the handling of XML external entities in jabberd2, a server for the Extensible Messaging and Presence Protocol (XMPP). jabberd2 expands external entities in incoming requests. This allows an attacker to consume system resources very quickly, denying service to legitimate users of the server. This update addresses the issue by disabling entity expansion in incoming requests. CVE-ID CVE-2011-1755 Kernel Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: A person with physical access may be able to access the user's password Description: A logic error in the kernel's DMA protection permitted firewire DMA at loginwindow, boot, and shutdown, although not at screen lock. This update addresses the issue by preventing firewire DMA at all states where the user is not logged in. CVE-ID CVE-2011-3215 : Passware, Inc. Kernel Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: An unprivileged user may be able to delete another user's files in a shared directory Description: A logic error existed in the kernel's handling of file deletions in directories with the sticky bit. CVE-ID CVE-2011-3216 : Gordon Davisson of Crywolf, Linc Davis, R. Dormer, and Allan Schmid and Oliver Jeckel of brainworks Training libsecurity Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Viewing a maliciously crafted website or e-mail message may lead to an unexpected application termination or arbitrary code execution Description: An error handling issue existed when parsing a nonstandard certificate revocation list extension. CVE-ID CVE-2011-3227 : Richard Godbee of Virginia Tech Mailman Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Multiple vulnerabilities in Mailman 2.1.14 Description: Multiple cross-site scripting issues existed in Mailman 2.1.14. These issues are addressed by improved encoding of characters in HTML output. Further information is available via the Mailman site at http://mail.python.org/pipermail/mailman- announce/2011-February/000158.html This issue does not affect OS X Lion systems. CVE-ID CVE-2011-0707 MediaKit Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Opening a maliciously crafted disk image may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in the handling of disk images. These issues do not affect OS X Lion systems. CVE-ID CVE-2011-3217 : Apple Open Directory Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Any user may read another local user's password data Description: An access control issue existed in Open Directory. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3435 : Arek Dreyer of Dreyer Network Consultants, Inc, and Patrick Dunstan at defenseindepth.net Open Directory Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: An authenticated user may change that account's password without providing the current password Description: An access control issue existed in Open Directory. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3436 : Patrick Dunstan at defenceindepth.net Open Directory Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: A user may be able to log in without a password Description: When Open Directory is bound to an LDAPv3 server using RFC2307 or custom mappings, such that there is no AuthenticationAuthority attribute for a user, an LDAP user may be allowed to log in without a password. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3226 : Jeffry Strunk of The University of Texas at Austin, Steven Eppler of Colorado Mesa University, Hugh Cole-Baker, and Frederic Metoz of Institut de Biologie Structurale PHP Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A signedness issue existed in FreeType's handling of Type 1 fonts. This issue is addressed by updating FreeType to version 2.4.6. This issue does not affect systems prior to OS X Lion. Further information is available via the FreeType site at http://www.freetype.org/ CVE-ID CVE-2011-0226 PHP Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Multiple vulnerabilities in libpng 1.4.3 Description: libpng is updated to version 1.5.4 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html CVE-ID CVE-2011-2690 CVE-2011-2691 CVE-2011-2692 PHP Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Multiple vulnerabilities in PHP 5.3.4 Description: PHP is updated to version 5.3.6 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. This issues do not affect OS X Lion systems. Further information is available via the PHP website at http://www.php.net/ CVE-ID CVE-2010-3436 CVE-2010-4645 CVE-2011-0420 CVE-2011-0421 CVE-2011-0708 CVE-2011-1092 CVE-2011-1153 CVE-2011-1466 CVE-2011-1467 CVE-2011-1468 CVE-2011-1469 CVE-2011-1470 CVE-2011-1471 postfix Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: An attacker in a privileged network position may manipulate mail sessions, resulting in the disclosure of sensitive information Description: A logic issue existed in Postfix in the handling of the STARTTLS command. After receiving a STARTTLS command, Postfix may process other plain-text commands. An attacker in a privileged network position may manipulate the mail session to obtain sensitive information from the encrypted traffic. This update addresses the issue by clearing the command queue after processing a STARTTLS command. This issue does not affect OS X Lion systems. Further information is available via the Postfix site at http://www.postfix.org/announcements/postfix-2.7.3.html CVE-ID CVE-2011-0411 python Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Multiple vulnerabilities in python Description: Multiple vulnerabilities existed in python, the most serious of which may lead to arbitrary code execution. This update addresses the issues by applying patches from the python project. Further information is available via the python site at http://www.python.org/download/releases/ CVE-ID CVE-2010-1634 CVE-2010-2089 CVE-2011-1521 QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in QuickTime's handling of movie files. CVE-ID CVE-2011-3228 : Apple QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in the handling of STSC atoms in QuickTime movie files. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-0249 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in the handling of STSS atoms in QuickTime movie files. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-0250 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in the handling of STSZ atoms in QuickTime movie files. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-0251 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in the handling of STTS atoms in QuickTime movie files. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-0252 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: An attacker in a privileged network position may inject script in the local domain when viewing template HTML Description: A cross-site scripting issue existed in QuickTime Player's "Save for Web" export. The template HTML files generated by this feature referenced a script file from a non-encrypted origin. An attacker in a privileged network position may be able to inject malicious scripts in the local domain if the user views a template file locally. This issue is resolved by removing the reference to an online script. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-3218 : Aaron Sigel of vtty.com QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in QuickTime's handling of H.264 encoded movie files. CVE-ID CVE-2011-3219 : Damian Put working with TippingPoint's Zero Day Initiative QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Viewing a maliciously crafted movie file may lead to the disclosure of memory contents Description: An uninitialized memory access issue existed in QuickTime's handling of URL data handlers within movie files. CVE-ID CVE-2011-3220 : Luigi Auriemma working with TippingPoint's Zero Day Initiative QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An implementation issue existed in QuickTime's handling of the atom hierarchy within a movie file. CVE-ID CVE-2011-3221 : an anonymous researcher working with TippingPoint's Zero Day Initiative QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Viewing a maliciously crafted FlashPix file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in QuickTime's handling of FlashPix files. CVE-ID CVE-2011-3222 : Damian Put working with TippingPoint's Zero Day Initiative QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in QuickTime's handling of FLIC files. CVE-ID CVE-2011-3223 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative SMB File Server Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: A guest user may browse shared folders Description: An access control issue existed in the SMB File Server. Disallowing guest access to the share point record for a folder prevented the '_unknown' user from browsing the share point but not guests (user 'nobody'). This issue is addressed by applying the access control to the guest user. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3225 Tomcat Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Multiple vulnerabilities in Tomcat 6.0.24 Description: Tomcat is updated to version 6.0.32 to address multiple vulnerabilities, the most serious of which may lead to a cross site scripting attack. Tomcat is only provided on Mac OS X Server systems. This issue does not affect OS X Lion systems. Further information is available via the Tomcat site at http://tomcat.apache.org/ CVE-ID CVE-2010-1157 CVE-2010-2227 CVE-2010-3718 CVE-2010-4172 CVE-2011-0013 CVE-2011-0534 User Documentation Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: An attacker in a privileged network position may manipulate App Store help content, leading to arbitrary code execution Description: App Store help content was updated over HTTP. This update addresses the issue by updating App Store help content over HTTPS. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-3224 : Aaron Sigel of vtty.com Web Server Available for: Mac OS X Server v10.6.8 Impact: Clients may be unable to access web services that require digest authentication Description: An issue in the handling of HTTP Digest authentication was addressed. Users may be denied access to the server's resources, when the server configuration should have allowed the access. This issue does not represent a security risk, and was addressed to facilitate the use of stronger authentication mechanisms. Systems running OS X Lion Server are not affected by this issue. X11 Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Multiple vulnerabilities in libpng Description: Multiple vulnerabilities existed in libpng, the most serious of which may lead to arbitrary code execution. These issues are addressed by updating libpng to version 1.5.4 on OS Lion systems, and to 1.2.46 on Mac OS X v10.6 systems. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html CVE-ID CVE-2011-2690 CVE-2011-2691 CVE-2011-2692 OS X Lion v10.7.2 also includes Safari 5.1.1. For information on the security content of Safari 5.1.1, please visit: http://support.apple.com/kb/HT5000 OS X Lion v10.7.2 and Security Update 2011-006 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ The Software Update utility will present the update that applies to your system configuration. Only one is needed, either Security Update 2011-006 or OS X v10.7.2. For OS X Lion v10.7.1 The download file is named: MacOSXUpd10.7.2.dmg Its SHA-1 digest is: 37f784e08d4461e83a891a7f8b8af24c2ceb8229 For OS X Lion v10.7 The download file is named: MacOSXUpdCombo10.7.2.dmg Its SHA-1 digest is: accd06d610af57df24f62ce7af261395944620eb For OS X Lion Server v10.7.1 The download file is named: MacOSXServerUpd10.7.2.dmg Its SHA-1 digest is: e4084bf1dfa295a42f619224d149e515317955da For OS X Lion Server v10.7 The download file is named: MacOSXServerUpdCombo10.7.2.dmg Its SHA-1 digest is: 25e86f5cf97b6644c7a025230431b1992962ec4a For Mac OS X v10.6.8 The download file is named: SecUpd2011-006Snow.dmg Its SHA-1 digest is: 0f9c29610a06370d0c85a4c92dc278a48ba17a84 For Mac OS X Server v10.6.8 The download file is named: SecUpdSrvr2011-006.dmg Its SHA-1 digest is: 12de3732710bb03059f93527189d221c97ef8a06 Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) iQEcBAEBAgAGBQJOlc/zAAoJEGnF2JsdZQeeWFcH/RDHS+dCP8T4a92uYRIbs9T3 TFbT7hnOoTB0H+2eN3oziLNime2N4mO921heHobiAKSXv/luU41ZPHxVd6rE77Md /BHDqLv65RA0XFTIPmrTcfpLhI5UgXDLfOLrsmdwTm52l5zQZkoxufYFf3mB3h7U ZJUD1s081Pjy45/Cbao097+JrDwS7ahhgkvTmpmSvJK/wWRz4JtZkvIYcQ2uQFR4 sTg4l6pmi3d8sJJ4wzrEaxDpclRjvjURI4DiBMYwGAXeCMRgYi0y03tYtkjXoaSG 69h2yD8EXQBuJkDyouak7/M/eMwUfb2S6o1HyXTldjdvFBFvvwvl+Y3xp8YmDzU= =gsvn -----END PGP SIGNATURE----- . HP OpenView Network Node Manager (OV NNM) v7.53 running on HP-UX, Linux, and Solaris. Apache-2.2.21.tar.gz is available using ftp. Host Account Password ftp.usa.hp.com sb02704 Secure12 After downloading Apache-2.2.21.tar.gz optionally verify the SHA1 check sum: SHA1(Apache-2.2.21.tar)= 642721cac9a7c4d1e8e6033a5198071bbdd54840 SHA1(Apache-2.2.21.tar.gz)= 87d0c04be6dd06b52f1b9c7c645ce39fad117a08 The Apache-2.2.21.tar archive contains a README.txt file with installation instructions

Trust: 2.34

sources: NVD: CVE-2011-0419 // BID: 47820 // VULHUB: VHN-48364 // VULMON: CVE-2011-0419 // PACKETSTORM: 101599 // PACKETSTORM: 104936 // PACKETSTORM: 112043 // PACKETSTORM: 105356 // PACKETSTORM: 101408 // PACKETSTORM: 117251 // PACKETSTORM: 106415 // PACKETSTORM: 101611 // PACKETSTORM: 106416 // PACKETSTORM: 105738 // PACKETSTORM: 106557

AFFECTED PRODUCTS

vendor:debianmodel:linuxscope:eqversion:5.0

Trust: 1.3

vendor:apachemodel:portable runtimescope:ltversion:1.4.3

Trust: 1.0

vendor:freebsdmodel:freebsdscope:eqversion:*

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:6.0

Trust: 1.0

vendor:openbsdmodel:openbsdscope:eqversion:4.8

Trust: 1.0

vendor:susemodel:linux enterprise serverscope:eqversion:10

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.6.0

Trust: 1.0

vendor:oraclemodel:solarisscope:eqversion:10

Trust: 1.0

vendor:apachemodel:http serverscope:lteversion:2.2.18

Trust: 1.0

vendor:netbsdmodel:netbsdscope:eqversion:5.1

Trust: 1.0

vendor:apachemodel:http serverscope:lteversion:2.0.65

Trust: 1.0

vendor:apachemodel:http serverscope:gteversion:2.2.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:7.0

Trust: 1.0

vendor:googlemodel:androidscope:eqversion:*

Trust: 1.0

vendor:apachemodel:http serverscope:gteversion:2.0.0

Trust: 1.0

vendor:fujitsumodel:interstage studio enterprise editionscope:eqversion:8.0.1

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.2

Trust: 0.3

vendor:fujitsumodel:interstage application server plusscope:eqversion:6.0.2

Trust: 0.3

vendor:debianmodel:linux hppascope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:5.0

Trust: 0.3

vendor:fujitsumodel:interstage apworks modelers-j editionscope:eqversion:6.0

Trust: 0.3

vendor:redmodel:hat jboss enterprise web server for rhel asscope:eqversion:41.0

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:9.0

Trust: 0.3

vendor:redmodel:hat jboss enterprise web server for rhelscope:eqversion:61.0

Trust: 0.3

vendor:netbsdmodel:netbsdscope:eqversion:4.0

Trust: 0.3

vendor:fujitsumodel:interstage studio standard-j editionscope:eqversion:9.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition 6.0ascope: - version: -

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:7.0.11

Trust: 0.3

vendor:avayamodel:voice portal sp1scope:eqversion:4.1

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:meeting exchange sp1scope:eqversion:5.1

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:9.0.1

Trust: 0.3

vendor:avayamodel:voice portal sp2scope:eqversion:4.1

Trust: 0.3

vendor:fujitsumodel:interstage application server web-j edition l10scope:eqversion:5.0

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:10.04

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:1.1

Trust: 0.3

vendor:netbsdmodel:netbsdscope:eqversion:4.0.2

Trust: 0.3

vendor:fujitsumodel:interstage application server plus l10ascope:eqversion:6.0

Trust: 0.3

vendor:sunmodel:solaris expressscope:eqversion:10

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:3.0.0-68

Trust: 0.3

vendor:apachemodel:software foundation aprscope:neversion:1.4.4

Trust: 0.3

vendor:redmodel:hat enterprise linux hpc nodescope:eqversion:6

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition l20ascope:eqversion:5.0

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.2.10

Trust: 0.3

vendor:sunmodel:solaris expressscope:eqversion:11

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:10.04

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:6.0

Trust: 0.3

vendor:oraclemodel:http serverscope:eqversion:9.2.0

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:3.0.2-77

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:6.06

Trust: 0.3

vendor:fujitsumodel:interstage business application server enterprisescope:eqversion:8.0.0

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:5.2.8

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:6.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:9.1

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:7.0.0.5

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition l10bscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura system platform sp2scope:eqversion:6.0

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:3.0.2.77

Trust: 0.3

vendor:fujitsumodel:interstage application server plus l10cscope:eqversion:6.0

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:10.10

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:5.1

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:6.1.15

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.2.27

Trust: 0.3

vendor:oraclemodel:http server roll upscope:eqversion:1.0.2.22

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:6.1

Trust: 0.3

vendor:fujitsumodel:interstage apworks modelers-j editionscope:eqversion:7.0

Trust: 0.3

vendor:fujitsumodel:interstage application server standard edition l20ascope:eqversion:5.0

Trust: 0.3

vendor:ubuntumodel:linux sparcscope:eqversion:10.04

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2010.1

Trust: 0.3

vendor:apachemodel:software foundation apache 2.2.6-devscope: - version: -

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.0.96

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.1.2

Trust: 0.3

vendor:avayamodel:message networkingscope:eqversion:3.1

Trust: 0.3

vendor:avayamodel:meeting exchange sp2scope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:meeting exchangescope:eqversion:5.0.0.52

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.2.17

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:5.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:6.0.1

Trust: 0.3

vendor:apachemodel:software foundation apache 2.2.15-devscope: - version: -

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition 9.1.0ascope: - version: -

Trust: 0.3

vendor:sunmodel:secure global desktopscope:eqversion:4.2

Trust: 0.3

vendor:avayamodel:irscope:eqversion:4.0

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.1.2

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:5.2

Trust: 0.3

vendor:fujitsumodel:interstage application server web-j edition l20ascope:eqversion:5.0

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2010.0

Trust: 0.3

vendor:redmodel:hat jboss enterprise web server for rhelscope:neversion:61.0.2

Trust: 0.3

vendor:oraclemodel:http serverscope:eqversion:1.0.2.0

Trust: 0.3

vendor:redmodel:hat enterprise linux desktop optionalscope:eqversion:6

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2009.0

Trust: 0.3

vendor:xeroxmodel:freeflow print server 73.c0.41scope: - version: -

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:6.1.0.13

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:3.0.68

Trust: 0.3

vendor:hpmodel:openvms secure web serverscope:eqversion:2.2

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.1.0.102

Trust: 0.3

vendor:avayamodel:meeting exchange sp1scope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux armelscope:eqversion:5.0

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:8.0

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:6.1.0

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:6.1.31

Trust: 0.3

vendor:fujitsumodel:interstage application server plus l11scope:eqversion:6.0

Trust: 0.3

vendor:fujitsumodel:interstage application server plus l10scope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:voice portal sp1scope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.1

Trust: 0.3

vendor:mandrakesoftmodel:corporate server x86 64scope:eqversion:4.0

Trust: 0.3

vendor:fujitsumodel:interstage studio standard-j editionscope:eqversion:9.2

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:5.1

Trust: 0.3

vendor:sunmodel:solaris 9 x86 updatescope:eqversion:5

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.1.0-103

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:12.2

Trust: 0.3

vendor:oraclemodel:http serverscope:eqversion:11.1.1.4

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.0.0.95

Trust: 0.3

vendor:avayamodel:voice portal sp2scope:eqversion:5.0

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.2.8

Trust: 0.3

vendor:apachemodel:software foundation apache 2.2.5-devscope: - version: -

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:7.0.0.15

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.0.0-95

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:10.10

Trust: 0.3

vendor:hpmodel:system management homepagescope:neversion:7.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:8.0.2

Trust: 0.3

vendor:avayamodel:meeting exchange sp2scope:eqversion:5.2

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j edition bscope:eqversion:9.0

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:5.0

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:6.06

Trust: 0.3

vendor:avayamodel:aura session manager sp1scope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:5.2

Trust: 0.3

vendor:redhatmodel:enterprise linux wsscope:eqversion:4

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:8.0.3

Trust: 0.3

vendor:redhatmodel:enterprise linux esscope:eqversion:4

Trust: 0.3

vendor:ubuntumodel:linux lts sparcscope:eqversion:8.04

Trust: 0.3

vendor:fujitsumodel:interstage application server standard edition l10scope:eqversion:5.0

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.2.5

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.1

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.7.2

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:8.04

Trust: 0.3

vendor:fujitsumodel:interstage application server web-j edition l10ascope:eqversion:5.0

Trust: 0.3

vendor:fujitsumodel:interstage application server standard editionscope:eqversion:5.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:messaging storage server sp2scope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:messaging storage server sp1scope:eqversion:5.1

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.7.2

Trust: 0.3

vendor:oraclemodel:http serverscope:eqversion:11.1.1.3

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:7.0.0.17

Trust: 0.3

vendor:fujitsumodel:interstage application server standard edition l20scope:eqversion:5.0

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j edition 9.1.0bscope: - version: -

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:12.1

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:3.0.1-73

Trust: 0.3

vendor:xeroxmodel:freeflow print server 73.b3.61scope: - version: -

Trust: 0.3

vendor:redmodel:hat jboss enterprise web server for rhel serverscope:eqversion:51.0

Trust: 0.3

vendor:fujitsumodel:interstage application server plus l10scope:eqversion:7.0

Trust: 0.3

vendor:mandrakesoftmodel:corporate serverscope:eqversion:4.0

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:6.1.27

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:5.1

Trust: 0.3

vendor:ibmmodel:http serverscope:neversion:8.0.0.1

Trust: 0.3

vendor:avayamodel:meeting exchangescope:eqversion:5.0

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop versionscope:eqversion:4

Trust: 0.3

vendor:sunmodel:solaris 10 sparcscope: - version: -

Trust: 0.3

vendor:avayamodel:voice portal sp1scope:eqversion:5.1

Trust: 0.3

vendor:oraclemodel:http serverscope:eqversion:9.0.1

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition l11scope:eqversion:7.0

Trust: 0.3

vendor:fujitsumodel:interstage application server plusscope:eqversion:6.0

Trust: 0.3

vendor:fujitsumodel:interstage application server web-j editionscope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux alphascope:eqversion:5.0

Trust: 0.3

vendor:redmodel:hat jboss enterprise web server for solarisscope:neversion:1.0.2

Trust: 0.3

vendor:avayamodel:meeting exchange sp1scope:eqversion:5.2

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:10.04

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:11.04

Trust: 0.3

vendor:sunmodel:secure global desktopscope:eqversion:4.3

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:7.0.0.13

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition l10cscope:eqversion:6.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition bscope:eqversion:9.0

Trust: 0.3

vendor:hpmodel:system management homepage bscope:eqversion:3.0.2.77

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:4.0

Trust: 0.3

vendor:oraclemodel:http serverscope:eqversion:9.0.2

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:9.2

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:5.2.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6

Trust: 0.3

vendor:oraclemodel:http serverscope:eqversion:9.1

Trust: 0.3

vendor:fujitsumodel:interstage application server web-j edition l11scope:eqversion:5.0

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.2.3

Trust: 0.3

vendor:avayamodel:message networking sp1scope:eqversion:5.2

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition l10scope:eqversion:6.0

Trust: 0.3

vendor:oraclemodel:http serverscope:eqversion:8.1.7

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:3.0.64

Trust: 0.3

vendor:fujitsumodel:interstage studio enterprise editionscope:eqversion:9.1

Trust: 0.3

vendor:fujitsumodel:interstage application server standard edition l10ascope:eqversion:5.0

Trust: 0.3

vendor:fujitsumodel:interstage apworks modelers-j edition l10ascope:eqversion:6.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:7.0

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:6.1.25

Trust: 0.3

vendor:fujitsumodel:interstage application server standard edition l11scope:eqversion:5.0

Trust: 0.3

vendor:hpmodel:hp-ux web server suitescope:eqversion:2.33

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:6.0

Trust: 0.3

vendor:oraclemodel:http serverscope:eqversion:10.1.3.5

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:messaging storage server sp3scope:eqversion:5.2

Trust: 0.3

vendor:mandrakesoftmodel:enterprise server x86 64scope:eqversion:5

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:0

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:5.2

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition l10ascope:eqversion:5.0

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.2.14

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:8.0.1

Trust: 0.3

vendor:fujitsumodel:interstage studio standard-j editionscope:eqversion:8.0.1

Trust: 0.3

vendor:avayamodel:message networkingscope:eqversion:5.2

Trust: 0.3

vendor:slackwaremodel:linux x86 64 -currentscope: - version: -

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2010.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.3

Trust: 0.3

vendor:redmodel:hat jboss enterprise web server for rhel esscope:neversion:41.0.2

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:meeting exchangescope:eqversion:5.1

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:9.0

Trust: 0.3

vendor:redmodel:hat jboss enterprise web server for windowsscope:neversion:1.0.2

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:5.0.1

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:5.0

Trust: 0.3

vendor:fujitsumodel:interstage application server plusscope:eqversion:7.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition l11scope:eqversion:5.0

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.6

Trust: 0.3

vendor:hpmodel:hp-ux web server suitescope:eqversion:3.17

Trust: 0.3

vendor:netbsdmodel:netbsdscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.8

Trust: 0.3

vendor:fujitsumodel:interstage application server plusscope:eqversion:6.0.1

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2.3

Trust: 0.3

vendor:mandrakesoftmodel:enterprise serverscope:eqversion:5

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.2.15

Trust: 0.3

vendor:avayamodel:meeting exchangescope:eqversion:5.2

Trust: 0.3

vendor:fujitsumodel:interstage studio enterprise editionscope:eqversion:9.0

Trust: 0.3

vendor:avayamodel:aura communication manager utility servicesscope:eqversion:6.1

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.2.9

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.5

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition l10scope:eqversion:7.0

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:6.1.0.1

Trust: 0.3

vendor:avayamodel:call management system rscope:eqversion:15.0

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:6.1.0.35

Trust: 0.3

vendor:redmodel:hat enterprise linux desktop clientscope:eqversion:5

Trust: 0.3

vendor:fujitsumodel:interstage application server standard editionscope:eqversion:8.0.3

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition l20scope:eqversion:5.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:5.0

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:11.04

Trust: 0.3

vendor:avayamodel:message networkingscope:eqversion:5.2.2

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:9.0.1

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2010.0

Trust: 0.3

vendor:oraclemodel:http serverscope:eqversion:9.2.8

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:10.10

Trust: 0.3

vendor:sunmodel:solarisscope:eqversion:9

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2009.0

Trust: 0.3

vendor:redmodel:hat enterprise linux hpc node optionalscope:eqversion:6

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:11.04

Trust: 0.3

vendor:avayamodel:message networkingscope:eqversion:5.2.1

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.1.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.3

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:13.37

Trust: 0.3

vendor:fujitsumodel:interstage application server standard edition l10bscope:eqversion:5.0

Trust: 0.3

vendor:redmodel:hat jboss enterprise web serverscope:eqversion:5.0

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:10.10

Trust: 0.3

vendor:oraclemodel:http serverscope:eqversion:1.0.2.2

Trust: 0.3

vendor:ubuntumodel:linux lts sparcscope:eqversion:6.06

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:9.1

Trust: 0.3

vendor:oraclemodel:http serverscope:eqversion:9.0.2.3

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition l10bscope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:interactive responsescope:eqversion:4.0

Trust: 0.3

vendor:oraclemodel:http serverscope:eqversion:9.0.3.1

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:1.1

Trust: 0.3

vendor:ubuntumodel:linux lts lpiascope:eqversion:8.04

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition l10scope:eqversion:5.0

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.0

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.4

Trust: 0.3

vendor:sunmodel:secure global desktopscope:neversion:4.62

Trust: 0.3

vendor:oraclemodel:http serverscope:eqversion:1.0.2.1

Trust: 0.3

vendor:fujitsumodel:interstage application server plus l11scope:eqversion:7.0

Trust: 0.3

vendor:apachemodel:software foundation apache 2.2.7-devscope: - version: -

Trust: 0.3

vendor:apachemodel:software foundation apachescope:neversion:2.2.18

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:4.0

Trust: 0.3

vendor:hpmodel:hp-ux b.11.31scope: - version: -

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:6.0.2

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:6.1.19

Trust: 0.3

vendor:avayamodel:messaging storage server sp1scope:eqversion:5.2

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.3

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j edition ascope:eqversion:9.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:8.0

Trust: 0.3

vendor:redmodel:hat jboss enterprise web server for rhel asscope:neversion:41.0.2

Trust: 0.3

vendor:debianmodel:linux mipselscope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:aura session manager sp1scope:eqversion:6.0

Trust: 0.3

vendor:redmodel:hat enterprise linux desktopscope:eqversion:6

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.2.1

Trust: 0.3

vendor:redmodel:hat jboss enterprise web server for rhel serverscope:neversion:51.0.2

Trust: 0.3

vendor:apachemodel:software foundation aprscope:eqversion:1.4.3

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.2.0-12

Trust: 0.3

vendor:redmodel:hat enterprise linux asscope:eqversion:4

Trust: 0.3

vendor:slackwaremodel:linux x86 64scope:eqversion:13.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.1

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.2.13

Trust: 0.3

vendor:fujitsumodel:interstage job workload serverscope:eqversion:8.1

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.2

Trust: 0.3

vendor:avayamodel:aura session manager sp2scope:eqversion:6.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.7.1

Trust: 0.3

vendor:redmodel:hat jboss enterprise web server for windowsscope:eqversion:1.0

Trust: 0.3

vendor:fujitsumodel:interstage application server web-j edition l10bscope:eqversion:5.0

Trust: 0.3

vendor:slackwaremodel:linux x86 64scope:eqversion:13.0

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:12.0

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.7

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.2.11

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:6.1.17

Trust: 0.3

vendor:ibmmodel:http serverscope:neversion:6.1.0.39

Trust: 0.3

vendor:ubuntumodel:linux lts powerpcscope:eqversion:6.06

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:3.0.1.73

Trust: 0.3

vendor:hpmodel:hp-ux web server suitescope:eqversion:3.18

Trust: 0.3

vendor:fujitsumodel:interstage studio enterprise editionscope:eqversion:9.2

Trust: 0.3

vendor:netbsdmodel:netbsdscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.2

Trust: 0.3

vendor:fujitsumodel:interstage apworks modelers-j edition l10scope:eqversion:6.0

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.7

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:8.04

Trust: 0.3

vendor:redmodel:hat jboss enterprise web server for rhel esscope:eqversion:41.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:8.0.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.4

Trust: 0.3

vendor:ubuntumodel:linux lts powerpcscope:eqversion:8.04

Trust: 0.3

vendor:fujitsumodel:interstage application server standard editionscope:eqversion:8.0

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:11.0

Trust: 0.3

vendor:oraclemodel:http serverscope:eqversion:11.1.1.5

Trust: 0.3

vendor:slackwaremodel:linux x86 64scope:eqversion:13.37

Trust: 0.3

vendor:fujitsumodel:interstage application server web-j edition l20scope:eqversion:5.0

Trust: 0.3

vendor:fujitsumodel:interstage apworks modelers-j edition 6.0ascope: - version: -

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.1

Trust: 0.3

vendor:avayamodel:call management system rscope:eqversion:16.0

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:8.0.2

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.1.1

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.2.6

Trust: 0.3

vendor:apachemodel:software foundation aprscope:eqversion:1.4.2

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.2.16

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:5.1

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:4.0

Trust: 0.3

vendor:slackwaremodel:linux -currentscope: - version: -

Trust: 0.3

vendor:avayamodel:aura system platform sp3scope:eqversion:6.0

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.2.12

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:13.1

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:4.0

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2.2

Trust: 0.3

vendor:redmodel:hat enterprise linux serverscope:eqversion:5

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j edition bscope:eqversion:9.0.1

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:13.0

Trust: 0.3

vendor:avayamodel:message networkingscope: - version: -

Trust: 0.3

vendor:netbsdmodel:currentscope: - version: -

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:7.0

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2.1

Trust: 0.3

vendor:avayamodel:aura communication manager utility servicesscope:eqversion:6.0

Trust: 0.3

vendor:redmodel:hat enterprise linux workstationscope:eqversion:6

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:7.0

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:10.04

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:6.0.1

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop workstation clientscope:eqversion:5

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:6.0.1

Trust: 0.3

vendor:fujitsumodel:interstage apworks modelers-j edition l10scope:eqversion:7.0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.2

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.1.0.103

Trust: 0.3

vendor:sunmodel:solarisscope:eqversion:10

Trust: 0.3

vendor:oraclemodel:http serverscope:eqversion:10.1.2.3

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:4.1

Trust: 0.3

vendor:fujitsumodel:interstage studio enterprise edition bscope:eqversion:9.1.0

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:11.04

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:5.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:5.1.1

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:5.0.1

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:5.0

Trust: 0.3

vendor:fujitsumodel:interstage studio standard-j editionscope:eqversion:9.1

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition ascope:eqversion:9.0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.1

Trust: 0.3

vendor:sunmodel:solaris 10 x86scope: - version: -

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:6.0.2

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition 9.1.0bscope: - version: -

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:9.2

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:8.0.1

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.2.2

Trust: 0.3

vendor:redmodel:hat enterprise linux serverscope:eqversion:6

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:7.0.1

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition bscope:eqversion:9.0.1

Trust: 0.3

vendor:redmodel:hat jboss enterprise web server for solarisscope:eqversion:1.0

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:5.2.2

Trust: 0.3

vendor:ibmmodel:http serverscope:neversion:7.0.0.19

Trust: 0.3

vendor:fujitsumodel:interstage application server plus l10bscope:eqversion:6.0

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.2.4

Trust: 0.3

vendor:redhatmodel:jboss enterprise web server el4scope:eqversion:0

Trust: 0.3

vendor:debianmodel:linux m68kscope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:messaging storage server sp2scope:eqversion:5.1

Trust: 0.3

vendor:fujitsumodel:interstage studio standard-j edition bscope:eqversion:9.1.0

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:5.0

Trust: 0.3

sources: BID: 47820 // NVD: CVE-2011-0419

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-0419
value: MEDIUM

Trust: 1.0

VULHUB: VHN-48364
value: MEDIUM

Trust: 0.1

VULMON: CVE-2011-0419
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2011-0419
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-48364
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-48364 // VULMON: CVE-2011-0419 // NVD: CVE-2011-0419

PROBLEMTYPE DATA

problemtype:CWE-770

Trust: 1.0

problemtype:CWE-399

Trust: 0.1

sources: VULHUB: VHN-48364 // NVD: CVE-2011-0419

THREAT TYPE

network

Trust: 0.3

sources: BID: 47820

TYPE

Design Error

Trust: 0.3

sources: BID: 47820

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-48364 // VULMON: CVE-2011-0419

PATCH

title:Debian CVElist Bug Report Logs: libapr1: last security update introduces a infinite loop conditionurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=f4d5d44f8e80720bcf4acb93ce19fa79

Trust: 0.1

title:Debian Security Advisories: DSA-2237-1 apr -- denial of serviceurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=6ecdb84f8bdfa0d557f7dc7af6c4d378

Trust: 0.1

title:Ubuntu Security Notice: apache2, apr vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-1134-1

Trust: 0.1

title: - url:https://github.com/Live-Hack-CVE/CVE-2011-0419

Trust: 0.1

title:Entity-Extraction-Using-Syntaxneturl:https://github.com/rameel12/Entity-Extraction-Using-Syntaxnet

Trust: 0.1

title:Entity-Extraction-Using-Syntaxneturl:https://github.com/rameel12/Entity-Extractor-Using-Syntaxnet

Trust: 0.1

title:Pentest-Cheetsheeturl:https://github.com/MrFrozenPepe/Pentest-Cheetsheet

Trust: 0.1

title:ReconScanurl:https://github.com/GiJ03/ReconScan

Trust: 0.1

title:ReconScanurl:https://github.com/RoliSoft/ReconScan

Trust: 0.1

title:testurl:https://github.com/issdp/test

Trust: 0.1

title:ReconScanurl:https://github.com/kira1111/ReconScan

Trust: 0.1

title: - url:https://github.com/SecureAxom/strike

Trust: 0.1

sources: VULMON: CVE-2011-0419

EXTERNAL IDS

db:NVDid:CVE-2011-0419

Trust: 2.6

db:SECUNIAid:44574

Trust: 1.2

db:SECUNIAid:44564

Trust: 1.2

db:SECUNIAid:44490

Trust: 1.2

db:SECUNIAid:48308

Trust: 1.2

db:SECTRACKid:1025527

Trust: 1.2

db:SREASONid:8246

Trust: 1.2

db:BIDid:47820

Trust: 0.5

db:JUNIPERid:JSA10642

Trust: 0.3

db:PACKETSTORMid:101408

Trust: 0.2

db:PACKETSTORMid:104936

Trust: 0.2

db:PACKETSTORMid:105356

Trust: 0.2

db:PACKETSTORMid:106557

Trust: 0.2

db:PACKETSTORMid:117251

Trust: 0.2

db:PACKETSTORMid:106416

Trust: 0.2

db:PACKETSTORMid:106415

Trust: 0.2

db:PACKETSTORMid:101611

Trust: 0.2

db:PACKETSTORMid:101599

Trust: 0.2

db:EXPLOIT-DBid:35738

Trust: 0.2

db:PACKETSTORMid:104969

Trust: 0.1

db:PACKETSTORMid:101435

Trust: 0.1

db:PACKETSTORMid:101383

Trust: 0.1

db:PACKETSTORMid:105422

Trust: 0.1

db:PACKETSTORMid:101667

Trust: 0.1

db:CNNVDid:CNNVD-201105-160

Trust: 0.1

db:VULHUBid:VHN-48364

Trust: 0.1

db:VULMONid:CVE-2011-0419

Trust: 0.1

db:PACKETSTORMid:112043

Trust: 0.1

db:PACKETSTORMid:105738

Trust: 0.1

sources: VULHUB: VHN-48364 // VULMON: CVE-2011-0419 // BID: 47820 // PACKETSTORM: 101599 // PACKETSTORM: 104936 // PACKETSTORM: 112043 // PACKETSTORM: 105356 // PACKETSTORM: 101408 // PACKETSTORM: 117251 // PACKETSTORM: 106415 // PACKETSTORM: 101611 // PACKETSTORM: 106416 // PACKETSTORM: 105738 // PACKETSTORM: 106557 // NVD: CVE-2011-0419

REFERENCES

url:http://httpd.apache.org/security/vulnerabilities_22.html

Trust: 1.5

url:http://www.apache.org/dist/apr/changes-apr-1.4

Trust: 1.5

url:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html

Trust: 1.5

url:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html

Trust: 1.5

url:http://securityreason.com/achievement_securityalert/98

Trust: 1.5

url:http://lists.apple.com/archives/security-announce/2011//oct/msg00003.html

Trust: 1.2

url:http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/fnmatch.c#rev1.22

Trust: 1.2

url:http://support.apple.com/kb/ht5002

Trust: 1.2

url:http://www.apache.org/dist/apr/announcement1.x.html

Trust: 1.2

url:http://www.apache.org/dist/httpd/announcement2.2.html

Trust: 1.2

url:http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/fnmatch.c#rev1.15

Trust: 1.2

url:https://bugzilla.redhat.com/show_bug.cgi?id=703390

Trust: 1.2

url:http://www.debian.org/security/2011/dsa-2237

Trust: 1.2

url:http://www.mandriva.com/security/advisories?name=mdvsa-2011:084

Trust: 1.2

url:http://www.mandriva.com/security/advisories?name=mdvsa-2013:150

Trust: 1.2

url:http://cxib.net/stuff/apache.fnmatch.phps

Trust: 1.2

url:http://cxib.net/stuff/apr_fnmatch.txts

Trust: 1.2

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a14638

Trust: 1.2

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a14804

Trust: 1.2

url:http://www.redhat.com/support/errata/rhsa-2011-0507.html

Trust: 1.2

url:http://www.redhat.com/support/errata/rhsa-2011-0896.html

Trust: 1.2

url:http://www.redhat.com/support/errata/rhsa-2011-0897.html

Trust: 1.2

url:http://securitytracker.com/id?1025527

Trust: 1.2

url:http://secunia.com/advisories/44490

Trust: 1.2

url:http://secunia.com/advisories/44564

Trust: 1.2

url:http://secunia.com/advisories/44574

Trust: 1.2

url:http://secunia.com/advisories/48308

Trust: 1.2

url:http://securityreason.com/securityalert/8246

Trust: 1.2

url:http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html

Trust: 1.2

url:http://svn.apache.org/viewvc?view=revision&revision=1098188

Trust: 1.1

url:http://svn.apache.org/viewvc/apr/apr/branches/1.4.x/strings/apr_fnmatch.c?r1=731029&r2=1098902

Trust: 1.1

url:http://svn.apache.org/viewvc?view=revision&revision=1098799

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=131551295528105&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=131731002122529&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=132033751509019&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=134987041210674&w=2

Trust: 1.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0419

Trust: 1.1

url:https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:http://www.mail-archive.com/dev%40apr.apache.org/msg23976.html

Trust: 1.0

url:https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r064df0985779b7ee044d3120d71ba59750427cf53f57ba3384e3773f%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:http://www.mail-archive.com/dev%40apr.apache.org/msg23960.html

Trust: 1.0

url:https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:http://www.mail-archive.com/dev%40apr.apache.org/msg23961.html

Trust: 1.0

url:https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2011-3192

Trust: 0.7

url:https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02964430

Trust: 0.6

url:https://www.hp.com/go/swa

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2011-1928

Trust: 0.4

url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10642&cat=sirt_1&actp=list

Trust: 0.3

url:http://apr.apache.org/

Trust: 0.3

url:https://blogs.oracle.com/sunsecurity/entry/cve_2011_0419_denial_of

Trust: 0.3

url:http://blogs.oracle.com/sunsecurity/entry/cve_2011_3192_and_cve

Trust: 0.3

url:http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/fnmatch.c.diff?r1=1.21&r2=1.22&f=h

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg27014506#70019

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg1pm38826

Trust: 0.3

url:/archive/1/520376

Trust: 0.3

url:http://support.avaya.com/css/p8/documents/100141102

Trust: 0.3

url:http://support.avaya.com/css/p8/documents/100150721

Trust: 0.3

url:http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03231301&ac.admitted=1332965374461.876444892.492883150

Trust: 0.3

url:https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c03517954&ac.admitted=1349807398574.876444892.199480143

Trust: 0.3

url:http://www.fujitsu.com/global/support/software/security/products-f/interstage-201104e.html

Trust: 0.3

url:http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_apache_portable

Trust: 0.3

url:https://downloads.avaya.com/css/p8/documents/100165695

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=nas2be723d486f51dd5386257895003ca15c

Trust: 0.3

url:http://www.xerox.com/download/security/security-bulletin/1284333-14afb-4baadb5bccb00/cert_xrx12-002_v1.1.pdf

Trust: 0.3

url:http://www.xerox.com/download/security/security-bulletin/12047-4e4eed8d42ca6/cert_xrx13-007_v1.0.pdf

Trust: 0.3

url:http://secunia.com/

Trust: 0.3

url:http://lists.grok.org.uk/full-disclosure-charter.html

Trust: 0.3

url:http://www.mail-archive.com/dev@apr.apache.org/msg23961.html

Trust: 0.2

url:http://www.mail-archive.com/dev@apr.apache.org/msg23960.html

Trust: 0.2

url:http://www.mail-archive.com/dev@apr.apache.org/msg23976.html

Trust: 0.2

url:https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3ccvs.httpd.apache.org%3e

Trust: 0.2

url:https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3ccvs.httpd.apache.org%3e

Trust: 0.2

url:https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3ccvs.httpd.apache.org%3e

Trust: 0.2

url:https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3ccvs.httpd.apache.org%3e

Trust: 0.2

url:https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3ccvs.httpd.apache.org%3e

Trust: 0.2

url:https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3ccvs.httpd.apache.org%3e

Trust: 0.2

url:https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3ccvs.httpd.apache.org%3e

Trust: 0.2

url:https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3ccvs.httpd.apache.org%3e

Trust: 0.2

url:https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs.httpd.apache.org%3e

Trust: 0.2

url:https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75@%3ccvs.httpd.apache.org%3e

Trust: 0.2

url:https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3ccvs.httpd.apache.org%3e

Trust: 0.2

url:https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3ccvs.httpd.apache.org%3e

Trust: 0.2

url:https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3ccvs.httpd.apache.org%3e

Trust: 0.2

url:https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3ccvs.httpd.apache.org%3e

Trust: 0.2

url:https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs.httpd.apache.org%3e

Trust: 0.2

url:https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15@%3ccvs.httpd.apache.org%3e

Trust: 0.2

url:https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d@%3ccvs.httpd.apache.org%3e

Trust: 0.2

url:https://lists.apache.org/thread.html/r064df0985779b7ee044d3120d71ba59750427cf53f57ba3384e3773f@%3ccvs.httpd.apache.org%3e

Trust: 0.2

url:https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3ccvs.httpd.apache.org%3e

Trust: 0.2

url:http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3c20110826103531.998348f82@minotaur.apache.org%3e

Trust: 0.2

url:https://ftp.usa.hp.com/hprc/home

Trust: 0.2

url:http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2010-4645

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2010-3436

Trust: 0.2

url:http://www.mandriva.com/security/

Trust: 0.2

url:http://store.mandriva.com/product_info.php?cpath=149&products_id=490

Trust: 0.2

url:http://www.mandriva.com/security/advisories

Trust: 0.2

url:https://h20392.www2.hp.com/portal/swdepot/try.do?productnumber=hpuxwsatw319

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-3348

Trust: 0.2

url:http://svn.apache.org/viewvc/apr/apr/branches/1.4.x/strings/apr_fnmatch.c?r1=731029&r2=1098902

Trust: 0.1

url:http://svn.apache.org/viewvc?view=revision&revision=1098188

Trust: 0.1

url:http://svn.apache.org/viewvc?view=revision&revision=1098799

Trust: 0.1

url:http://marc.info/?l=bugtraq&m=132033751509019&w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&m=134987041210674&w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&m=131551295528105&w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&m=131731002122529&w=2

Trust: 0.1

url:https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/770.html

Trust: 0.1

url:https://github.com/live-hack-cve/cve-2011-0419

Trust: 0.1

url:https://github.com/rameel12/entity-extraction-using-syntaxnet

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.exploit-db.com/exploits/35738/

Trust: 0.1

url:https://usn.ubuntu.com/1134-1/

Trust: 0.1

url:https://www.securityfocus.com/bid/47820

Trust: 0.1

url:http://tools.cisco.com/security/center/viewalert.x?alertid=23228

Trust: 0.1

url:http://www.debian.org/security/faq

Trust: 0.1

url:http://www.debian.org/security/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-1623

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-4409

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1468

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1148

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3182

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1467

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1471

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-1452

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-0734

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1470

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2202

Trust: 0.1

url:http://h18000.www1.hp.com/products/servers/management/agents/index.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1945

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-2068

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1938

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2483

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0014

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1464

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1153

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0195

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-0037

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2192

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-2791

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3189

Trust: 0.1

url:https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber=hpuxwsatw318

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0419

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3368

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-4317

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0031

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3607

Trust: 0.1

url:http://h71000.www7.hp.com/openvms/products/ips/apache/csws_patches.html

Trust: 0.1

url:https://h20566.www2.hp.com/portal/site/hpsc/public/kb/

Trust: 0.1

url:https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber=hpuxwsatw234

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1928

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0259

Trust: 0.1

url:http://tomcat.apache.org/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0185

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0411

Trust: 0.1

url:http://support.apple.com/kb/ht1222

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0187

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0230

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0226

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-3718

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-0097

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0231

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-4022

Trust: 0.1

url:http://support.apple.com/kb/ht5000

Trust: 0.1

url:http://www.apple.com/support/downloads/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-2089

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0229

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-2227

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0260

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0251

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-3613

Trust: 0.1

url:http://www.freetype.org/

Trust: 0.1

url:https://www.apple.com/support/security/pgp/

Trust: 0.1

url:http://httpd.apache.org/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-3614

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-1634

Trust: 0.1

url:http://www.libpng.org/pub/png/libpng.html

Trust: 0.1

url:http://www.php.net/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-4172

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0249

Trust: 0.1

url:http://mail.python.org/pipermail/mailman-

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0250

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0013

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-1157

Trust: 0.1

url:http://www.postfix.org/announcements/postfix-2.7.3.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0252

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0224

Trust: 0.1

url:http://www.python.org/download/releases/

Trust: 0.1

sources: VULHUB: VHN-48364 // VULMON: CVE-2011-0419 // BID: 47820 // PACKETSTORM: 101599 // PACKETSTORM: 104936 // PACKETSTORM: 112043 // PACKETSTORM: 105356 // PACKETSTORM: 101408 // PACKETSTORM: 117251 // PACKETSTORM: 106415 // PACKETSTORM: 101611 // PACKETSTORM: 106416 // PACKETSTORM: 105738 // PACKETSTORM: 106557 // NVD: CVE-2011-0419

CREDITS

HP

Trust: 0.7

sources: PACKETSTORM: 104936 // PACKETSTORM: 112043 // PACKETSTORM: 105356 // PACKETSTORM: 117251 // PACKETSTORM: 106415 // PACKETSTORM: 106416 // PACKETSTORM: 106557

SOURCES

db:VULHUBid:VHN-48364
db:VULMONid:CVE-2011-0419
db:BIDid:47820
db:PACKETSTORMid:101599
db:PACKETSTORMid:104936
db:PACKETSTORMid:112043
db:PACKETSTORMid:105356
db:PACKETSTORMid:101408
db:PACKETSTORMid:117251
db:PACKETSTORMid:106415
db:PACKETSTORMid:101611
db:PACKETSTORMid:106416
db:PACKETSTORMid:105738
db:PACKETSTORMid:106557
db:NVDid:CVE-2011-0419

LAST UPDATE DATE

2024-12-22T19:43:59.338000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-48364date:2018-01-06T00:00:00
db:VULMONid:CVE-2011-0419date:2022-09-19T00:00:00
db:BIDid:47820date:2015-05-07T17:06:00
db:NVDid:CVE-2011-0419date:2024-11-21T01:23:55.693

SOURCES RELEASE DATE

db:VULHUBid:VHN-48364date:2011-05-16T00:00:00
db:VULMONid:CVE-2011-0419date:2011-05-16T00:00:00
db:BIDid:47820date:2011-05-12T00:00:00
db:PACKETSTORMid:101599date:2011-05-21T14:45:49
db:PACKETSTORMid:104936date:2011-09-09T05:23:01
db:PACKETSTORMid:112043date:2012-04-20T20:15:33
db:PACKETSTORMid:105356date:2011-09-28T18:18:28
db:PACKETSTORMid:101408date:2011-05-14T01:46:17
db:PACKETSTORMid:117251date:2012-10-10T02:28:54
db:PACKETSTORMid:106415date:2011-10-29T12:12:00
db:PACKETSTORMid:101611date:2011-05-23T14:26:23
db:PACKETSTORMid:106416date:2011-10-29T12:14:00
db:PACKETSTORMid:105738date:2011-10-13T02:35:35
db:PACKETSTORMid:106557date:2011-11-03T22:08:17
db:NVDid:CVE-2011-0419date:2011-05-16T17:55:02.387