ID

VAR-201105-0121


CVE

CVE-2011-0419


TITLE

Apache Portable Runtime Used in products such as libraries apr_fnmatch.c and fnmatch.c Service disruption in (CPU And memory consumption ) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2011-001638

DESCRIPTION

Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd. Apache APR is prone to a vulnerability that may allow attackers to cause a denial-of-service condition. Apache APR versions prior to 1.4.4 are vulnerable. It mainly provides an underlying support interface library for upper-level applications that can be used across multiple operating system platforms. NetBSD is a free and open source Unix-like operating system developed by the NetBSD Foundation. The vulnerability is due to the fact that the implementation of the "fnmatch()" function does not properly limit its recursive calls, and a remote attacker can use the *? sequence in the first parameter to cause a denial of service (CPU and memory consumption). HP System Management Homepage (SMH) before v7.0 running on Linux and Windows. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Content-Type: multipart/alternative; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201405-24 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: Apache Portable Runtime, APR Utility Library: Denial of Service Date: May 18, 2014 Bugs: #339527, #366903, #368651, #399089 ID: 201405-24 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Memory consumption errors in Apache Portable Runtime and APR Utility Library could result in Denial of Service. Background ========== The Apache Portable Runtime (aka APR) provides a set of APIs for creating platform-independent applications. The Apache Portable Runtime Utility Library (aka APR-Util) provides an interface to functionality such as XML parsing, string matching and database connections. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/apr < 1.4.8-r1 >= 1.4.8-r1 2 dev-libs/apr-util < 1.3.10 >= 1.3.10 ------------------------------------------------------------------- 2 affected packages Description =========== Multiple vulnerabilities have been discovered in Apache Portable Runtime and APR Utility Library. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Apache Portable Runtime users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/apr-1.4.8-r1" All users of the APR Utility Library should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/apr-util-1.3.10" Packages which depend on these libraries may need to be recompiled. Tools such as revdep-rebuild may assist in identifying some of these packages. References ========== [ 1 ] CVE-2010-1623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1623 [ 2 ] CVE-2011-0419 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0419 [ 3 ] CVE-2011-1928 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1928 [ 4 ] CVE-2012-0840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0840 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201405-24.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . This update fixes this problem (CVE-2011-1928). For reference, the description of the original DSA, which fixed CVE-2011-0419: A flaw was found in the APR library, which could be exploited through Apache HTTPD's mod_autoindex. If a directory indexed by mod_autoindex contained files with sufficiently long names, a remote attacker could send a carefully crafted request which would cause excessive CPU usage. For the oldstable distribution (lenny), this problem has been fixed in version 1.2.12-5+lenny4. For the stable distribution (squeeze), this problem has been fixed in version 1.4.2-6+squeeze2. For the testing distribution (wheezy), this problem will be fixed in version 1.4.5-1. For the unstable distribution (sid), this problem will be fixed in version 1.4.5-1. We recommend that you upgrade your apr packages and restart the apache2 server. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFN13A7bxelr8HyTqQRAvzpAJ9UKzrunYOHUwdLJTgCn8FpBVFRwwCghXmu QKovjSgHsOiO+ihaTmtsAFI= =mU7B -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02997184 Version: 4 HPSBUX02702 SSRT100606 rev.4 - HP-UX Apache Web Server, Remote Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2011-09-08 Last Updated: 2011-09-23 ----------------------------------------------------------------------------- Potential Security Impact: Remote Denial of Service (DoS) Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX Apache Web Server. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS). References: CVE-2011-3192, CVE-2011-0419 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.23, B.11.31 running HP-UX Apache Web Server Suite v3.17 containing Apache v2.2.15.07 or earlier HP-UX B.11.11 running HP-UX Apache Web Server Suite v2.33 containing Apache v2.0.64.01 or earlier BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2011-3192 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2011-0419 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION This bulletin will be revised when additional information becomes available. HP has provided the following software updates to resolve these vulnerabilities. HP-UX Web Server Suite (WSS) v3.18 containing Apache v2.2.15.08 The WSS v3.18 update is available for download from the following location https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPUXWSATW318 HP-UX 11i Releases / Apache Depot name B.11.23 & B.11.31 (32-bit) / HPUXWS22ATW-B318-32.depot B.11.23 & B.11.31 (64-bit) / HPUXWS22ATW-B318-64.depot HP-UX Web Server Suite (WSS) v2.33 containing Apache v2.0.64.01 and earlier The WSS v2.33 preliminary update is available for download from the following location ftp://srt10606:P2xg=AD5@ftp.usa.hp.com or https://ftp.usa.hp.com/hprc/home with username srt10606 and password P2xg=AD5 NOTE: CVE-2011-0419 is not resolved in the WSS v2.33 depot below. HP-UX 11i Release / Apache Depot name B.11.11 / Apache-2.0-CVE-2011-3192-Fix-11.11.depot B.11.23 (32 & 64-bit) / No longer supported. Upgrade to WSS v 3.18 B.11.31 (32 & 64-bit) / No longer supported. Upgrade to WSS v 3.18 Alternatives to Installing the WSS v2.33 Preliminary Patch The Apache Software Foundation has documented a work around. For customers not wanting to install the WSS v2.33 preliminary patch, the following are recommended. 1) Use SetEnvIf or mod_rewrite to detect a large number of ranges and then either ignore the Range: header or reject the request. 2) Limit the size of the request field to a few hundred bytes. 3) Use mod_headers to completely disallow the use of Range headers. Please refer to the Apache advisory for details. http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3c20110826103531.998348F82@minotaur.apache.org%3e MANUAL ACTIONS: Yes - Update For B.11.23 and B.11.31 install HP-UX Web Server Suite v3.18 or subsequent. For B.11.11 install HP-UX Web Server Suite v2.33 or subsequent. PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS HP-UX Web Server Suite v3.18 HP-UX B.11.23 HP-UX B.11.31 ================== hpuxws22APCH32.APACHE hpuxws22APCH32.APACHE2 hpuxws22APCH32.AUTH_LDAP hpuxws22APCH32.AUTH_LDAP2 hpuxws22APCH32.MOD_JK hpuxws22APCH32.MOD_JK2 hpuxws22APCH32.MOD_PERL hpuxws22APCH32.MOD_PERL2 hpuxws22APCH32.PHP hpuxws22APCH32.PHP2 hpuxws22APCH32.WEBPROXY hpuxws22APCH32.WEBPROXY2 hpuxws22APACHE.APACHE hpuxws22APACHE.APACHE2 hpuxws22APACHE.AUTH_LDAP hpuxws22APACHE.AUTH_LDAP2 hpuxws22APACHE.MOD_JK hpuxws22APACHE.MOD_JK2 hpuxws22APACHE.MOD_PERL hpuxws22APACHE.MOD_PERL2 hpuxws22APACHE.PHP hpuxws22APACHE.PHP2 hpuxws22APACHE.WEBPROXY hpuxws22APACHE.WEBPROXY2 action: install revision B.2.2.15.08 or subsequent HP-UX Web Server Suite v2.33 HP-UX B.11.11 ================== hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY action: install revision B.2.0.64.01 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) - 8 September 2011 Initial release Version:2 (rev.2) - 8 September 2011 Updated affectivity, recommendations, typos Version:3 (rev.3) - 22 September 2011 New source for depots Version:4 (rev.4) - 23 September 2011 Apache WSS 2.33 depot for B.11.11 available Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2011 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk6BAtkACgkQ4B86/C0qfVkSawCgo1Kh0PqJsgb9du7mlIChfMAb l84AniniivdPKtMblybUY1mLV942e+1n =v0q9 -----END PGP SIGNATURE----- . HP Secure Web Server (SWS) for OpenVMS V2.2 and earlier. Packages for 2010.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&amp;products_id=490 The updated packages have been patched to correct this issue. Update: Packages for Mandriva Linux 2010.0 were missing with the MDVSA-2011:095 advisory. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1928 _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.0: a77fb6f726a2997fc98cd429dd287c76 2010.0/i586/libapr1-1.3.9-1.2mdv2010.0.i586.rpm 2cb83dae47a2044539133deed81a48b0 2010.0/i586/libapr-devel-1.3.9-1.2mdv2010.0.i586.rpm a5edcd45a4ad1e4ff2aff2b9b9ce709e 2010.0/SRPMS/apr-1.3.9-1.2mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: 1bc50f60858c9773b546304bff84787a 2010.0/x86_64/lib64apr1-1.3.9-1.2mdv2010.0.x86_64.rpm 7ec09ad50ab59cbbd77f402797df67bc 2010.0/x86_64/lib64apr-devel-1.3.9-1.2mdv2010.0.x86_64.rpm a5edcd45a4ad1e4ff2aff2b9b9ce709e 2010.0/SRPMS/apr-1.3.9-1.2mdv2010.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-10-12-3 OS X Lion v10.7.2 and Security Update 2011-006 OS X Lion v10.7.2 and Security Update 2011-006 is now available and addresses the following: Apache Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Multiple vulnerabilities in Apache Description: Apache is updated to version 2.2.20 to address several vulnerabilities, the most serious of which may lead to a denial of service. CVE-2011-0419 does not affect OS X Lion systems. Further information is available via the Apache web site at http://httpd.apache.org/ CVE-ID CVE-2011-0419 CVE-2011-3192 Application Firewall Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Executing a binary with a maliciously crafted name may lead to arbitrary code execution with elevated privileges Description: A format string vulnerability existed in Application Firewall's debug logging. CVE-ID CVE-2011-0185 : an anonymous reporter ATS Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution Description: A signedness issue existed in ATS' handling of Type 1 fonts. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3437 ATS Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution Description: An out of bounds memory access issue existed in ATS' handling of Type 1 fonts. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-0229 : Will Dormann of the CERT/CC ATS Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Applications which use the ATSFontDeactivate API may be vulnerable to an unexpected application termination or arbitrary code execution Description: A buffer overflow issue existed in the ATSFontDeactivate API. CVE-ID CVE-2011-0230 : Steven Michaud of Mozilla BIND Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Multiple vulnerabilities in BIND 9.7.3 Description: Multiple denial of service issues existed in BIND 9.7.3. These issues are addressed by updating BIND to version 9.7.3-P3. CVE-ID CVE-2011-1910 CVE-2011-2464 BIND Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Multiple vulnerabilities in BIND Description: Multiple denial of service issues existed in BIND. These issues are addressed by updating BIND to version 9.6-ESV-R4-P3. CVE-ID CVE-2009-4022 CVE-2010-0097 CVE-2010-3613 CVE-2010-3614 CVE-2011-1910 CVE-2011-2464 Certificate Trust Policy Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1. Impact: Root certificates have been updated Description: Several trusted certificates were added to the list of system roots. Several existing certificates were updated to their most recent version. The complete list of recognized system roots may be viewed via the Keychain Access application. CFNetwork Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Safari may store cookies it is not configured to accept Description: A synchronization issue existed in CFNetwork's handling of cookie policies. Safari's cookie preferences may not be honored, allowing websites to set cookies that would be blocked were the preference enforced. This update addresses the issue through improved handling of cookie storage. CVE-ID CVE-2011-0231 : Martin Tessarek, Steve Riggins of Geeks R Us, Justin C. Walker, and Stephen Creswell CFNetwork Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information Description: An issue existed in CFNetwork's handling of HTTP cookies. When accessing a maliciously crafted HTTP or HTTPS URL, CFNetwork could incorrectly send the cookies for a domain to a server outside that domain. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3246 : Erling Ellingsen of Facebook CoreFoundation Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Viewing a maliciously crafted website or e-mail message may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in CoreFoundation's handling of string tokenization. This issue does not affect OS X Lion systems. This update addresses the issue through improved bounds checking. CVE-ID CVE-2011-0259 : Apple CoreMedia Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Visiting a maliciously crafted website may lead to the disclosure of video data from another site Description: A cross-origin issue existed in CoreMedia's handling of cross-site redirects. This issue is addressed through improved origin tracking. CVE-ID CVE-2011-0187 : Nirankush Panchbhai and Microsoft Vulnerability Research (MSVR) CoreMedia Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in the handling of QuickTime movie files. These issues do not affect OS X Lion systems. CVE-ID CVE-2011-0224 : Apple CoreProcesses Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: A person with physical access to a system may partially bypass the screen lock Description: A system window, such as a VPN password prompt, that appeared while the screen was locked may have accepted keystrokes while the screen was locked. This issue is addressed by preventing system windows from requesting keystrokes while the screen is locked. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-0260 : Clint Tseng of the University of Washington, Michael Kobb, and Adam Kemp CoreStorage Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Converting to FileVault does not erase all existing data Description: After enabling FileVault, approximately 250MB at the start of the volume was left unencrypted on the disk in an unused area. Only data which was present on the volume before FileVault was enabled was left unencrypted. This issue is addressed by erasing this area when enabling FileVault, and on the first use of an encrypted volume affected by this issue. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3212 : Judson Powers of ATC-NY File Systems Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: An attacker in a privileged network position may manipulate HTTPS server certificates, leading to the disclosure of sensitive information Description: An issue existed in the handling of WebDAV volumes on HTTPS servers. If the server presented a certificate chain that could not be automatically verified, a warning was displayed and the connection was closed. If the user clicked the "Continue" button in the warning dialog, any certificate was accepted on the following connection to that server. An attacker in a privileged network position may have manipulated the connection to obtain sensitive information or take action on the server on the user's behalf. This update addresses the issue by validating that the certificate received on the second connection is the same certificate originally presented to the user. CVE-ID CVE-2011-3213 : Apple IOGraphics Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: A person with physical access may be able to bypass the screen lock Description: An issue existed with the screen lock when used with Apple Cinema Displays. When a password is required to wake from sleep, a person with physical access may be able to access the system without entering a password if the system is in display sleep mode. This update addresses the issue by ensuring that the lock screen is correctly activated in display sleep mode. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-3214 : Apple iChat Server Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: A remote attacker may cause the Jabber server to consume system resources disproportionately Description: An issue existed in the handling of XML external entities in jabberd2, a server for the Extensible Messaging and Presence Protocol (XMPP). jabberd2 expands external entities in incoming requests. This allows an attacker to consume system resources very quickly, denying service to legitimate users of the server. This update addresses the issue by disabling entity expansion in incoming requests. CVE-ID CVE-2011-1755 Kernel Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: A person with physical access may be able to access the user's password Description: A logic error in the kernel's DMA protection permitted firewire DMA at loginwindow, boot, and shutdown, although not at screen lock. This update addresses the issue by preventing firewire DMA at all states where the user is not logged in. CVE-ID CVE-2011-3215 : Passware, Inc. Kernel Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: An unprivileged user may be able to delete another user's files in a shared directory Description: A logic error existed in the kernel's handling of file deletions in directories with the sticky bit. CVE-ID CVE-2011-3216 : Gordon Davisson of Crywolf, Linc Davis, R. Dormer, and Allan Schmid and Oliver Jeckel of brainworks Training libsecurity Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Viewing a maliciously crafted website or e-mail message may lead to an unexpected application termination or arbitrary code execution Description: An error handling issue existed when parsing a nonstandard certificate revocation list extension. CVE-ID CVE-2011-3227 : Richard Godbee of Virginia Tech Mailman Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Multiple vulnerabilities in Mailman 2.1.14 Description: Multiple cross-site scripting issues existed in Mailman 2.1.14. These issues are addressed by improved encoding of characters in HTML output. Further information is available via the Mailman site at http://mail.python.org/pipermail/mailman- announce/2011-February/000158.html This issue does not affect OS X Lion systems. CVE-ID CVE-2011-0707 MediaKit Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Opening a maliciously crafted disk image may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in the handling of disk images. These issues do not affect OS X Lion systems. CVE-ID CVE-2011-3217 : Apple Open Directory Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Any user may read another local user's password data Description: An access control issue existed in Open Directory. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3435 : Arek Dreyer of Dreyer Network Consultants, Inc, and Patrick Dunstan at defenseindepth.net Open Directory Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: An authenticated user may change that account's password without providing the current password Description: An access control issue existed in Open Directory. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3436 : Patrick Dunstan at defenceindepth.net Open Directory Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: A user may be able to log in without a password Description: When Open Directory is bound to an LDAPv3 server using RFC2307 or custom mappings, such that there is no AuthenticationAuthority attribute for a user, an LDAP user may be allowed to log in without a password. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3226 : Jeffry Strunk of The University of Texas at Austin, Steven Eppler of Colorado Mesa University, Hugh Cole-Baker, and Frederic Metoz of Institut de Biologie Structurale PHP Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A signedness issue existed in FreeType's handling of Type 1 fonts. This issue is addressed by updating FreeType to version 2.4.6. This issue does not affect systems prior to OS X Lion. Further information is available via the FreeType site at http://www.freetype.org/ CVE-ID CVE-2011-0226 PHP Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Multiple vulnerabilities in libpng 1.4.3 Description: libpng is updated to version 1.5.4 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html CVE-ID CVE-2011-2690 CVE-2011-2691 CVE-2011-2692 PHP Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Multiple vulnerabilities in PHP 5.3.4 Description: PHP is updated to version 5.3.6 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. This issues do not affect OS X Lion systems. Further information is available via the PHP website at http://www.php.net/ CVE-ID CVE-2010-3436 CVE-2010-4645 CVE-2011-0420 CVE-2011-0421 CVE-2011-0708 CVE-2011-1092 CVE-2011-1153 CVE-2011-1466 CVE-2011-1467 CVE-2011-1468 CVE-2011-1469 CVE-2011-1470 CVE-2011-1471 postfix Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: An attacker in a privileged network position may manipulate mail sessions, resulting in the disclosure of sensitive information Description: A logic issue existed in Postfix in the handling of the STARTTLS command. After receiving a STARTTLS command, Postfix may process other plain-text commands. An attacker in a privileged network position may manipulate the mail session to obtain sensitive information from the encrypted traffic. This update addresses the issue by clearing the command queue after processing a STARTTLS command. This issue does not affect OS X Lion systems. Further information is available via the Postfix site at http://www.postfix.org/announcements/postfix-2.7.3.html CVE-ID CVE-2011-0411 python Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Multiple vulnerabilities in python Description: Multiple vulnerabilities existed in python, the most serious of which may lead to arbitrary code execution. This update addresses the issues by applying patches from the python project. Further information is available via the python site at http://www.python.org/download/releases/ CVE-ID CVE-2010-1634 CVE-2010-2089 CVE-2011-1521 QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in QuickTime's handling of movie files. CVE-ID CVE-2011-3228 : Apple QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in the handling of STSC atoms in QuickTime movie files. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-0249 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in the handling of STSS atoms in QuickTime movie files. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-0250 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in the handling of STSZ atoms in QuickTime movie files. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-0251 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in the handling of STTS atoms in QuickTime movie files. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-0252 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: An attacker in a privileged network position may inject script in the local domain when viewing template HTML Description: A cross-site scripting issue existed in QuickTime Player's "Save for Web" export. The template HTML files generated by this feature referenced a script file from a non-encrypted origin. An attacker in a privileged network position may be able to inject malicious scripts in the local domain if the user views a template file locally. This issue is resolved by removing the reference to an online script. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-3218 : Aaron Sigel of vtty.com QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in QuickTime's handling of H.264 encoded movie files. CVE-ID CVE-2011-3219 : Damian Put working with TippingPoint's Zero Day Initiative QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Viewing a maliciously crafted movie file may lead to the disclosure of memory contents Description: An uninitialized memory access issue existed in QuickTime's handling of URL data handlers within movie files. CVE-ID CVE-2011-3220 : Luigi Auriemma working with TippingPoint's Zero Day Initiative QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An implementation issue existed in QuickTime's handling of the atom hierarchy within a movie file. CVE-ID CVE-2011-3221 : an anonymous researcher working with TippingPoint's Zero Day Initiative QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Viewing a maliciously crafted FlashPix file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in QuickTime's handling of FlashPix files. CVE-ID CVE-2011-3222 : Damian Put working with TippingPoint's Zero Day Initiative QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in QuickTime's handling of FLIC files. CVE-ID CVE-2011-3223 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative SMB File Server Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: A guest user may browse shared folders Description: An access control issue existed in the SMB File Server. Disallowing guest access to the share point record for a folder prevented the '_unknown' user from browsing the share point but not guests (user 'nobody'). This issue is addressed by applying the access control to the guest user. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3225 Tomcat Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Multiple vulnerabilities in Tomcat 6.0.24 Description: Tomcat is updated to version 6.0.32 to address multiple vulnerabilities, the most serious of which may lead to a cross site scripting attack. Tomcat is only provided on Mac OS X Server systems. This issue does not affect OS X Lion systems. Further information is available via the Tomcat site at http://tomcat.apache.org/ CVE-ID CVE-2010-1157 CVE-2010-2227 CVE-2010-3718 CVE-2010-4172 CVE-2011-0013 CVE-2011-0534 User Documentation Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: An attacker in a privileged network position may manipulate App Store help content, leading to arbitrary code execution Description: App Store help content was updated over HTTP. This update addresses the issue by updating App Store help content over HTTPS. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-3224 : Aaron Sigel of vtty.com Web Server Available for: Mac OS X Server v10.6.8 Impact: Clients may be unable to access web services that require digest authentication Description: An issue in the handling of HTTP Digest authentication was addressed. Users may be denied access to the server's resources, when the server configuration should have allowed the access. This issue does not represent a security risk, and was addressed to facilitate the use of stronger authentication mechanisms. Systems running OS X Lion Server are not affected by this issue. X11 Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Multiple vulnerabilities in libpng Description: Multiple vulnerabilities existed in libpng, the most serious of which may lead to arbitrary code execution. These issues are addressed by updating libpng to version 1.5.4 on OS Lion systems, and to 1.2.46 on Mac OS X v10.6 systems. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html CVE-ID CVE-2011-2690 CVE-2011-2691 CVE-2011-2692 OS X Lion v10.7.2 also includes Safari 5.1.1. For information on the security content of Safari 5.1.1, please visit: http://support.apple.com/kb/HT5000 OS X Lion v10.7.2 and Security Update 2011-006 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ The Software Update utility will present the update that applies to your system configuration. Only one is needed, either Security Update 2011-006 or OS X v10.7.2. For OS X Lion v10.7.1 The download file is named: MacOSXUpd10.7.2.dmg Its SHA-1 digest is: 37f784e08d4461e83a891a7f8b8af24c2ceb8229 For OS X Lion v10.7 The download file is named: MacOSXUpdCombo10.7.2.dmg Its SHA-1 digest is: accd06d610af57df24f62ce7af261395944620eb For OS X Lion Server v10.7.1 The download file is named: MacOSXServerUpd10.7.2.dmg Its SHA-1 digest is: e4084bf1dfa295a42f619224d149e515317955da For OS X Lion Server v10.7 The download file is named: MacOSXServerUpdCombo10.7.2.dmg Its SHA-1 digest is: 25e86f5cf97b6644c7a025230431b1992962ec4a For Mac OS X v10.6.8 The download file is named: SecUpd2011-006Snow.dmg Its SHA-1 digest is: 0f9c29610a06370d0c85a4c92dc278a48ba17a84 For Mac OS X Server v10.6.8 The download file is named: SecUpdSrvr2011-006.dmg Its SHA-1 digest is: 12de3732710bb03059f93527189d221c97ef8a06 Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) iQEcBAEBAgAGBQJOlc/zAAoJEGnF2JsdZQeeWFcH/RDHS+dCP8T4a92uYRIbs9T3 TFbT7hnOoTB0H+2eN3oziLNime2N4mO921heHobiAKSXv/luU41ZPHxVd6rE77Md /BHDqLv65RA0XFTIPmrTcfpLhI5UgXDLfOLrsmdwTm52l5zQZkoxufYFf3mB3h7U ZJUD1s081Pjy45/Cbao097+JrDwS7ahhgkvTmpmSvJK/wWRz4JtZkvIYcQ2uQFR4 sTg4l6pmi3d8sJJ4wzrEaxDpclRjvjURI4DiBMYwGAXeCMRgYi0y03tYtkjXoaSG 69h2yD8EXQBuJkDyouak7/M/eMwUfb2S6o1HyXTldjdvFBFvvwvl+Y3xp8YmDzU= =gsvn -----END PGP SIGNATURE-----

Trust: 2.79

sources: NVD: CVE-2011-0419 // JVNDB: JVNDB-2011-001638 // BID: 47820 // VULHUB: VHN-48364 // PACKETSTORM: 111915 // PACKETSTORM: 126689 // PACKETSTORM: 101599 // PACKETSTORM: 105356 // PACKETSTORM: 117251 // PACKETSTORM: 101435 // PACKETSTORM: 101611 // PACKETSTORM: 106416 // PACKETSTORM: 105738

AFFECTED PRODUCTS

vendor:netbsdmodel:netbsdscope:eqversion:5.1

Trust: 1.8

vendor:openbsdmodel:openbsdscope:eqversion:4.8

Trust: 1.8

vendor:oraclemodel:solarisscope:eqversion:10

Trust: 1.8

vendor:debianmodel:linuxscope:eqversion:5.0

Trust: 1.3

vendor:apachemodel:http serverscope:lteversion:2.0.65

Trust: 1.0

vendor:susemodel:linux enterprise serverscope:eqversion:10

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.6.0

Trust: 1.0

vendor:apachemodel:http serverscope:gteversion:2.2.0

Trust: 1.0

vendor:apachemodel:http serverscope:gteversion:2.0.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:7.0

Trust: 1.0

vendor:apachemodel:portable runtimescope:ltversion:1.4.3

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:6.0

Trust: 1.0

vendor:googlemodel:androidscope:eqversion:*

Trust: 1.0

vendor:freebsdmodel:freebsdscope:eqversion:*

Trust: 1.0

vendor:apachemodel:http serverscope:lteversion:2.2.18

Trust: 1.0

vendor:apachemodel:http serverscope:ltversion:2.2.18

Trust: 0.8

vendor:apachemodel:portable runtimescope:ltversion:1.4.4

Trust: 0.8

vendor:freebsdmodel:freebsdscope: - version: -

Trust: 0.8

vendor:googlemodel:androidscope: - version: -

Trust: 0.8

vendor:ibmmodel:http serverscope:ltversion:6.1.0.39

Trust: 0.8

vendor:ibmmodel:http serverscope:ltversion:7.0.0.19

Trust: 0.8

vendor:ibmmodel:http serverscope:ltversion:8.0.0.1

Trust: 0.8

vendor:applemodel:mac os xscope: - version: -

Trust: 0.8

vendor:oraclemodel:http serverscope: - version: -

Trust: 0.8

vendor:oraclemodel:solarisscope:eqversion:9

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:3 (x86)

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:3 (x86-64)

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:3.0

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:3.0 (x86-64)

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:4.0

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:4.0 (x86-64)

Trust: 0.8

vendor:turbo linuxmodel:turbolinux appliance serverscope:eqversion:2.0 ( extended maintenance )

Trust: 0.8

vendor:turbo linuxmodel:turbolinux appliance serverscope:eqversion:3.0

Trust: 0.8

vendor:turbo linuxmodel:turbolinux appliance serverscope:eqversion:3.0 (x64)

Trust: 0.8

vendor:turbo linuxmodel:turbolinux clientscope:eqversion:2008

Trust: 0.8

vendor:turbo linuxmodel:turbolinux fujiscope:eqversion:( extended maintenance )

Trust: 0.8

vendor:turbo linuxmodel:turbolinux serverscope:eqversion:10 ( extended maintenance )

Trust: 0.8

vendor:turbo linuxmodel:turbolinux serverscope:eqversion:10 (x64) ( extended maintenance )

Trust: 0.8

vendor:turbo linuxmodel:turbolinux serverscope:eqversion:11

Trust: 0.8

vendor:turbo linuxmodel:turbolinux serverscope:eqversion:11 (x64)

Trust: 0.8

vendor:hewlett packardmodel:hp secure web server for openvmsscope:lteversion:v2.2

Trust: 0.8

vendor:hewlett packardmodel:hp-uxscope:eqversion:11.23

Trust: 0.8

vendor:hewlett packardmodel:hp-uxscope:eqversion:11.31

Trust: 0.8

vendor:hewlett packardmodel:hp-ux web server suitescope:eqversion:v3.18

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:4 (as)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:4 (es)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:4 (ws)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:4.8 (as)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:4.8 (es)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:5 (server)

Trust: 0.8

vendor:red hatmodel:enterprise linux desktopscope:eqversion:4.0

Trust: 0.8

vendor:red hatmodel:enterprise linux desktopscope:eqversion:5.0 (client)

Trust: 0.8

vendor:red hatmodel:enterprise linux desktopscope:eqversion:6

Trust: 0.8

vendor:red hatmodel:enterprise linux eusscope:eqversion:5.6.z (server)

Trust: 0.8

vendor:red hatmodel:enterprise linux hpc nodescope:eqversion:6

Trust: 0.8

vendor:red hatmodel:enterprise linux long lifescope:eqversion:(v. 5.6 server)

Trust: 0.8

vendor:red hatmodel:enterprise linux serverscope:eqversion:6

Trust: 0.8

vendor:red hatmodel:enterprise linux server eusscope:eqversion:6.0.z

Trust: 0.8

vendor:red hatmodel:enterprise linux workstationscope:eqversion:6

Trust: 0.8

vendor:red hatmodel:rhel desktop workstationscope:eqversion:5 (client)

Trust: 0.8

vendor:hitachimodel:cosminexus http serverscope: - version: -

Trust: 0.8

vendor:hitachimodel:web serverscope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstage application serverscope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstage studioscope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstage web serverscope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstage studio enterprise editionscope:eqversion:8.0.1

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.2

Trust: 0.3

vendor:fujitsumodel:interstage application server plusscope:eqversion:6.0.2

Trust: 0.3

vendor:debianmodel:linux hppascope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:5.0

Trust: 0.3

vendor:fujitsumodel:interstage apworks modelers-j editionscope:eqversion:6.0

Trust: 0.3

vendor:redmodel:hat jboss enterprise web server for rhel asscope:eqversion:41.0

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:9.0

Trust: 0.3

vendor:redmodel:hat jboss enterprise web server for rhelscope:eqversion:61.0

Trust: 0.3

vendor:netbsdmodel:netbsdscope:eqversion:4.0

Trust: 0.3

vendor:fujitsumodel:interstage studio standard-j editionscope:eqversion:9.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition 6.0ascope: - version: -

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:7.0.11

Trust: 0.3

vendor:avayamodel:voice portal sp1scope:eqversion:4.1

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:meeting exchange sp1scope:eqversion:5.1

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:9.0.1

Trust: 0.3

vendor:avayamodel:voice portal sp2scope:eqversion:4.1

Trust: 0.3

vendor:fujitsumodel:interstage application server web-j edition l10scope:eqversion:5.0

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:10.04

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:1.1

Trust: 0.3

vendor:netbsdmodel:netbsdscope:eqversion:4.0.2

Trust: 0.3

vendor:fujitsumodel:interstage application server plus l10ascope:eqversion:6.0

Trust: 0.3

vendor:sunmodel:solaris expressscope:eqversion:10

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:3.0.0-68

Trust: 0.3

vendor:apachemodel:software foundation aprscope:neversion:1.4.4

Trust: 0.3

vendor:redmodel:hat enterprise linux hpc nodescope:eqversion:6

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition l20ascope:eqversion:5.0

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.2.10

Trust: 0.3

vendor:sunmodel:solaris expressscope:eqversion:11

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:10.04

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:6.0

Trust: 0.3

vendor:oraclemodel:http serverscope:eqversion:9.2.0

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:3.0.2-77

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:6.06

Trust: 0.3

vendor:fujitsumodel:interstage business application server enterprisescope:eqversion:8.0.0

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:5.2.8

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:6.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:9.1

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:7.0.0.5

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition l10bscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura system platform sp2scope:eqversion:6.0

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:3.0.2.77

Trust: 0.3

vendor:fujitsumodel:interstage application server plus l10cscope:eqversion:6.0

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:10.10

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:5.1

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:6.1.15

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.2.27

Trust: 0.3

vendor:oraclemodel:http server roll upscope:eqversion:1.0.2.22

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:6.1

Trust: 0.3

vendor:fujitsumodel:interstage apworks modelers-j editionscope:eqversion:7.0

Trust: 0.3

vendor:fujitsumodel:interstage application server standard edition l20ascope:eqversion:5.0

Trust: 0.3

vendor:ubuntumodel:linux sparcscope:eqversion:10.04

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2010.1

Trust: 0.3

vendor:apachemodel:software foundation apache 2.2.6-devscope: - version: -

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.0.96

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.1.2

Trust: 0.3

vendor:avayamodel:message networkingscope:eqversion:3.1

Trust: 0.3

vendor:avayamodel:meeting exchange sp2scope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:meeting exchangescope:eqversion:5.0.0.52

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.2.17

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:5.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:6.0.1

Trust: 0.3

vendor:apachemodel:software foundation apache 2.2.15-devscope: - version: -

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition 9.1.0ascope: - version: -

Trust: 0.3

vendor:sunmodel:secure global desktopscope:eqversion:4.2

Trust: 0.3

vendor:avayamodel:irscope:eqversion:4.0

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.1.2

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:5.2

Trust: 0.3

vendor:fujitsumodel:interstage application server web-j edition l20ascope:eqversion:5.0

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2010.0

Trust: 0.3

vendor:redmodel:hat jboss enterprise web server for rhelscope:neversion:61.0.2

Trust: 0.3

vendor:oraclemodel:http serverscope:eqversion:1.0.2.0

Trust: 0.3

vendor:redmodel:hat enterprise linux desktop optionalscope:eqversion:6

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2009.0

Trust: 0.3

vendor:xeroxmodel:freeflow print server 73.c0.41scope: - version: -

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:6.1.0.13

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:3.0.68

Trust: 0.3

vendor:hpmodel:openvms secure web serverscope:eqversion:2.2

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.1.0.102

Trust: 0.3

vendor:avayamodel:meeting exchange sp1scope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux armelscope:eqversion:5.0

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:8.0

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:6.1.0

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:6.1.31

Trust: 0.3

vendor:fujitsumodel:interstage application server plus l11scope:eqversion:6.0

Trust: 0.3

vendor:fujitsumodel:interstage application server plus l10scope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:voice portal sp1scope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.1

Trust: 0.3

vendor:mandrakesoftmodel:corporate server x86 64scope:eqversion:4.0

Trust: 0.3

vendor:fujitsumodel:interstage studio standard-j editionscope:eqversion:9.2

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:5.1

Trust: 0.3

vendor:sunmodel:solaris 9 x86 updatescope:eqversion:5

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.1.0-103

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:12.2

Trust: 0.3

vendor:oraclemodel:http serverscope:eqversion:11.1.1.4

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.0.0.95

Trust: 0.3

vendor:avayamodel:voice portal sp2scope:eqversion:5.0

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.2.8

Trust: 0.3

vendor:apachemodel:software foundation apache 2.2.5-devscope: - version: -

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:7.0.0.15

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.0.0-95

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:10.10

Trust: 0.3

vendor:hpmodel:system management homepagescope:neversion:7.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:8.0.2

Trust: 0.3

vendor:avayamodel:meeting exchange sp2scope:eqversion:5.2

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j edition bscope:eqversion:9.0

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:5.0

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:6.06

Trust: 0.3

vendor:avayamodel:aura session manager sp1scope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:5.2

Trust: 0.3

vendor:redhatmodel:enterprise linux wsscope:eqversion:4

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:8.0.3

Trust: 0.3

vendor:redhatmodel:enterprise linux esscope:eqversion:4

Trust: 0.3

vendor:ubuntumodel:linux lts sparcscope:eqversion:8.04

Trust: 0.3

vendor:fujitsumodel:interstage application server standard edition l10scope:eqversion:5.0

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.2.5

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.1

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.7.2

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:8.04

Trust: 0.3

vendor:fujitsumodel:interstage application server web-j edition l10ascope:eqversion:5.0

Trust: 0.3

vendor:fujitsumodel:interstage application server standard editionscope:eqversion:5.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:messaging storage server sp2scope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:messaging storage server sp1scope:eqversion:5.1

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.7.2

Trust: 0.3

vendor:oraclemodel:http serverscope:eqversion:11.1.1.3

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:7.0.0.17

Trust: 0.3

vendor:fujitsumodel:interstage application server standard edition l20scope:eqversion:5.0

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j edition 9.1.0bscope: - version: -

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:12.1

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:3.0.1-73

Trust: 0.3

vendor:xeroxmodel:freeflow print server 73.b3.61scope: - version: -

Trust: 0.3

vendor:redmodel:hat jboss enterprise web server for rhel serverscope:eqversion:51.0

Trust: 0.3

vendor:fujitsumodel:interstage application server plus l10scope:eqversion:7.0

Trust: 0.3

vendor:mandrakesoftmodel:corporate serverscope:eqversion:4.0

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:6.1.27

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:5.1

Trust: 0.3

vendor:ibmmodel:http serverscope:neversion:8.0.0.1

Trust: 0.3

vendor:avayamodel:meeting exchangescope:eqversion:5.0

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop versionscope:eqversion:4

Trust: 0.3

vendor:sunmodel:solaris 10 sparcscope: - version: -

Trust: 0.3

vendor:avayamodel:voice portal sp1scope:eqversion:5.1

Trust: 0.3

vendor:oraclemodel:http serverscope:eqversion:9.0.1

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition l11scope:eqversion:7.0

Trust: 0.3

vendor:fujitsumodel:interstage application server plusscope:eqversion:6.0

Trust: 0.3

vendor:fujitsumodel:interstage application server web-j editionscope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux alphascope:eqversion:5.0

Trust: 0.3

vendor:redmodel:hat jboss enterprise web server for solarisscope:neversion:1.0.2

Trust: 0.3

vendor:avayamodel:meeting exchange sp1scope:eqversion:5.2

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:10.04

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:11.04

Trust: 0.3

vendor:sunmodel:secure global desktopscope:eqversion:4.3

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:7.0.0.13

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition l10cscope:eqversion:6.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition bscope:eqversion:9.0

Trust: 0.3

vendor:hpmodel:system management homepage bscope:eqversion:3.0.2.77

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:4.0

Trust: 0.3

vendor:oraclemodel:http serverscope:eqversion:9.0.2

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:9.2

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:5.2.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6

Trust: 0.3

vendor:oraclemodel:http serverscope:eqversion:9.1

Trust: 0.3

vendor:fujitsumodel:interstage application server web-j edition l11scope:eqversion:5.0

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.2.3

Trust: 0.3

vendor:avayamodel:message networking sp1scope:eqversion:5.2

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition l10scope:eqversion:6.0

Trust: 0.3

vendor:oraclemodel:http serverscope:eqversion:8.1.7

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:3.0.64

Trust: 0.3

vendor:fujitsumodel:interstage studio enterprise editionscope:eqversion:9.1

Trust: 0.3

vendor:fujitsumodel:interstage application server standard edition l10ascope:eqversion:5.0

Trust: 0.3

vendor:fujitsumodel:interstage apworks modelers-j edition l10ascope:eqversion:6.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:7.0

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:6.1.25

Trust: 0.3

vendor:fujitsumodel:interstage application server standard edition l11scope:eqversion:5.0

Trust: 0.3

vendor:hpmodel:hp-ux web server suitescope:eqversion:2.33

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:6.0

Trust: 0.3

vendor:oraclemodel:http serverscope:eqversion:10.1.3.5

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:messaging storage server sp3scope:eqversion:5.2

Trust: 0.3

vendor:mandrakesoftmodel:enterprise server x86 64scope:eqversion:5

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:0

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:5.2

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition l10ascope:eqversion:5.0

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.2.14

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:8.0.1

Trust: 0.3

vendor:fujitsumodel:interstage studio standard-j editionscope:eqversion:8.0.1

Trust: 0.3

vendor:avayamodel:message networkingscope:eqversion:5.2

Trust: 0.3

vendor:slackwaremodel:linux x86 64 -currentscope: - version: -

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2010.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.3

Trust: 0.3

vendor:redmodel:hat jboss enterprise web server for rhel esscope:neversion:41.0.2

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:meeting exchangescope:eqversion:5.1

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:9.0

Trust: 0.3

vendor:redmodel:hat jboss enterprise web server for windowsscope:neversion:1.0.2

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:5.0.1

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:5.0

Trust: 0.3

vendor:fujitsumodel:interstage application server plusscope:eqversion:7.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition l11scope:eqversion:5.0

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.6

Trust: 0.3

vendor:hpmodel:hp-ux web server suitescope:eqversion:3.17

Trust: 0.3

vendor:netbsdmodel:netbsdscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.8

Trust: 0.3

vendor:fujitsumodel:interstage application server plusscope:eqversion:6.0.1

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2.3

Trust: 0.3

vendor:mandrakesoftmodel:enterprise serverscope:eqversion:5

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.2.15

Trust: 0.3

vendor:avayamodel:meeting exchangescope:eqversion:5.2

Trust: 0.3

vendor:fujitsumodel:interstage studio enterprise editionscope:eqversion:9.0

Trust: 0.3

vendor:avayamodel:aura communication manager utility servicesscope:eqversion:6.1

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.2.9

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.5

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition l10scope:eqversion:7.0

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:6.1.0.1

Trust: 0.3

vendor:avayamodel:call management system rscope:eqversion:15.0

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:6.1.0.35

Trust: 0.3

vendor:redmodel:hat enterprise linux desktop clientscope:eqversion:5

Trust: 0.3

vendor:fujitsumodel:interstage application server standard editionscope:eqversion:8.0.3

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition l20scope:eqversion:5.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:5.0

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:11.04

Trust: 0.3

vendor:avayamodel:message networkingscope:eqversion:5.2.2

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:9.0.1

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2010.0

Trust: 0.3

vendor:oraclemodel:http serverscope:eqversion:9.2.8

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:10.10

Trust: 0.3

vendor:sunmodel:solarisscope:eqversion:9

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2009.0

Trust: 0.3

vendor:redmodel:hat enterprise linux hpc node optionalscope:eqversion:6

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:11.04

Trust: 0.3

vendor:avayamodel:message networkingscope:eqversion:5.2.1

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.1.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.3

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:13.37

Trust: 0.3

vendor:fujitsumodel:interstage application server standard edition l10bscope:eqversion:5.0

Trust: 0.3

vendor:redmodel:hat jboss enterprise web serverscope:eqversion:5.0

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:10.10

Trust: 0.3

vendor:oraclemodel:http serverscope:eqversion:1.0.2.2

Trust: 0.3

vendor:ubuntumodel:linux lts sparcscope:eqversion:6.06

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:9.1

Trust: 0.3

vendor:oraclemodel:http serverscope:eqversion:9.0.2.3

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition l10bscope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:interactive responsescope:eqversion:4.0

Trust: 0.3

vendor:oraclemodel:http serverscope:eqversion:9.0.3.1

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:1.1

Trust: 0.3

vendor:ubuntumodel:linux lts lpiascope:eqversion:8.04

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition l10scope:eqversion:5.0

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.0

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.4

Trust: 0.3

vendor:sunmodel:secure global desktopscope:neversion:4.62

Trust: 0.3

vendor:oraclemodel:http serverscope:eqversion:1.0.2.1

Trust: 0.3

vendor:fujitsumodel:interstage application server plus l11scope:eqversion:7.0

Trust: 0.3

vendor:apachemodel:software foundation apache 2.2.7-devscope: - version: -

Trust: 0.3

vendor:apachemodel:software foundation apachescope:neversion:2.2.18

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:4.0

Trust: 0.3

vendor:hpmodel:hp-ux b.11.31scope: - version: -

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:6.0.2

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:6.1.19

Trust: 0.3

vendor:avayamodel:messaging storage server sp1scope:eqversion:5.2

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.3

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j edition ascope:eqversion:9.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:8.0

Trust: 0.3

vendor:redmodel:hat jboss enterprise web server for rhel asscope:neversion:41.0.2

Trust: 0.3

vendor:debianmodel:linux mipselscope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:aura session manager sp1scope:eqversion:6.0

Trust: 0.3

vendor:redmodel:hat enterprise linux desktopscope:eqversion:6

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.2.1

Trust: 0.3

vendor:redmodel:hat jboss enterprise web server for rhel serverscope:neversion:51.0.2

Trust: 0.3

vendor:apachemodel:software foundation aprscope:eqversion:1.4.3

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.2.0-12

Trust: 0.3

vendor:redmodel:hat enterprise linux asscope:eqversion:4

Trust: 0.3

vendor:slackwaremodel:linux x86 64scope:eqversion:13.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.1

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.2.13

Trust: 0.3

vendor:fujitsumodel:interstage job workload serverscope:eqversion:8.1

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.2

Trust: 0.3

vendor:avayamodel:aura session manager sp2scope:eqversion:6.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.7.1

Trust: 0.3

vendor:redmodel:hat jboss enterprise web server for windowsscope:eqversion:1.0

Trust: 0.3

vendor:fujitsumodel:interstage application server web-j edition l10bscope:eqversion:5.0

Trust: 0.3

vendor:slackwaremodel:linux x86 64scope:eqversion:13.0

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:12.0

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.7

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.2.11

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:6.1.17

Trust: 0.3

vendor:ibmmodel:http serverscope:neversion:6.1.0.39

Trust: 0.3

vendor:ubuntumodel:linux lts powerpcscope:eqversion:6.06

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:3.0.1.73

Trust: 0.3

vendor:hpmodel:hp-ux web server suitescope:eqversion:3.18

Trust: 0.3

vendor:fujitsumodel:interstage studio enterprise editionscope:eqversion:9.2

Trust: 0.3

vendor:netbsdmodel:netbsdscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.2

Trust: 0.3

vendor:fujitsumodel:interstage apworks modelers-j edition l10scope:eqversion:6.0

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.7

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:8.04

Trust: 0.3

vendor:redmodel:hat jboss enterprise web server for rhel esscope:eqversion:41.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:8.0.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.4

Trust: 0.3

vendor:ubuntumodel:linux lts powerpcscope:eqversion:8.04

Trust: 0.3

vendor:fujitsumodel:interstage application server standard editionscope:eqversion:8.0

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:11.0

Trust: 0.3

vendor:oraclemodel:http serverscope:eqversion:11.1.1.5

Trust: 0.3

vendor:slackwaremodel:linux x86 64scope:eqversion:13.37

Trust: 0.3

vendor:fujitsumodel:interstage application server web-j edition l20scope:eqversion:5.0

Trust: 0.3

vendor:fujitsumodel:interstage apworks modelers-j edition 6.0ascope: - version: -

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.1

Trust: 0.3

vendor:avayamodel:call management system rscope:eqversion:16.0

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:8.0.2

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.1.1

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.2.6

Trust: 0.3

vendor:apachemodel:software foundation aprscope:eqversion:1.4.2

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.2.16

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:5.1

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:4.0

Trust: 0.3

vendor:slackwaremodel:linux -currentscope: - version: -

Trust: 0.3

vendor:avayamodel:aura system platform sp3scope:eqversion:6.0

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.2.12

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:13.1

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:4.0

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2.2

Trust: 0.3

vendor:redmodel:hat enterprise linux serverscope:eqversion:5

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j edition bscope:eqversion:9.0.1

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:13.0

Trust: 0.3

vendor:avayamodel:message networkingscope: - version: -

Trust: 0.3

vendor:netbsdmodel:currentscope: - version: -

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:7.0

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2.1

Trust: 0.3

vendor:avayamodel:aura communication manager utility servicesscope:eqversion:6.0

Trust: 0.3

vendor:redmodel:hat enterprise linux workstationscope:eqversion:6

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:7.0

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:10.04

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:6.0.1

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop workstation clientscope:eqversion:5

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:6.0.1

Trust: 0.3

vendor:fujitsumodel:interstage apworks modelers-j edition l10scope:eqversion:7.0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.2

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.1.0.103

Trust: 0.3

vendor:sunmodel:solarisscope:eqversion:10

Trust: 0.3

vendor:oraclemodel:http serverscope:eqversion:10.1.2.3

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:4.1

Trust: 0.3

vendor:fujitsumodel:interstage studio enterprise edition bscope:eqversion:9.1.0

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:11.04

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:5.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:5.1.1

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:5.0.1

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:5.0

Trust: 0.3

vendor:fujitsumodel:interstage studio standard-j editionscope:eqversion:9.1

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition ascope:eqversion:9.0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.1

Trust: 0.3

vendor:sunmodel:solaris 10 x86scope: - version: -

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:6.0.2

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition 9.1.0bscope: - version: -

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:9.2

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:8.0.1

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.2.2

Trust: 0.3

vendor:redmodel:hat enterprise linux serverscope:eqversion:6

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:7.0.1

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition bscope:eqversion:9.0.1

Trust: 0.3

vendor:redmodel:hat jboss enterprise web server for solarisscope:eqversion:1.0

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:5.2.2

Trust: 0.3

vendor:ibmmodel:http serverscope:neversion:7.0.0.19

Trust: 0.3

vendor:fujitsumodel:interstage application server plus l10bscope:eqversion:6.0

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.2.4

Trust: 0.3

vendor:redhatmodel:jboss enterprise web server el4scope:eqversion:0

Trust: 0.3

vendor:debianmodel:linux m68kscope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:messaging storage server sp2scope:eqversion:5.1

Trust: 0.3

vendor:fujitsumodel:interstage studio standard-j edition bscope:eqversion:9.1.0

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:5.0

Trust: 0.3

sources: BID: 47820 // JVNDB: JVNDB-2011-001638 // NVD: CVE-2011-0419

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-0419
value: MEDIUM

Trust: 1.0

NVD: CVE-2011-0419
value: MEDIUM

Trust: 0.8

VULHUB: VHN-48364
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2011-0419
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-48364
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-48364 // JVNDB: JVNDB-2011-001638 // NVD: CVE-2011-0419

PROBLEMTYPE DATA

problemtype:CWE-770

Trust: 1.0

problemtype:CWE-399

Trust: 0.9

sources: VULHUB: VHN-48364 // JVNDB: JVNDB-2011-001638 // NVD: CVE-2011-0419

THREAT TYPE

network

Trust: 0.3

sources: BID: 47820

TYPE

Design Error

Trust: 0.3

sources: BID: 47820

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-001638

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-48364

PATCH

title:Top Pageurl:http://www.android.com/

Trust: 0.8

title:Fixed in Apache httpd 2.2.18url:http://httpd.apache.org/security/vulnerabilities_22.html#2.2.18-dev

Trust: 0.8

title:Apache Portable Runtime 1.4.4 and Apache Portable Runtime Utility 1.3.11 Releasedurl:http://www.apache.org/dist/apr/Announcement1.x.html

Trust: 0.8

title:Apache HTTP Server 2.2.18 Releasedurl:http://www.apache.org/dist/httpd/Announcement2.2.html

Trust: 0.8

title:CHANGES-APR-1.4url:http://www.apache.org/dist/apr/CHANGES-APR-1.4

Trust: 0.8

title:1098188url:http://svn.apache.org/viewvc?view=revision&revision=1098188

Trust: 0.8

title:apr-1.2.7-11.AXS3.4url:https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=1431

Trust: 0.8

title:Top Pageurl:http://security.freebsd.org

Trust: 0.8

title:HS11-011url:http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-011/index.html

Trust: 0.8

title:HPSBUX02702url:http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02997184

Trust: 0.8

title:HPSBOV02822 SSRT100966url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03517954

Trust: 0.8

title:7008517url:http://www-01.ibm.com/support/docview.wss?uid=swg27008517#61039

Trust: 0.8

title:7021867url:http://www-01.ibm.com/support/docview.wss?uid=swg27021867#8001

Trust: 0.8

title:PM38826url:http://www-01.ibm.com/support/docview.wss?uid=swg1PM38826

Trust: 0.8

title:7022958url:http://www-01.ibm.com/support/docview.wss?uid=swg27022958#8001

Trust: 0.8

title:2216url:https://www.miraclelinux.com/support/index.php?q=node/99&errata_id=2216

Trust: 0.8

title:2218url:http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=2218

Trust: 0.8

title:Announcing NetBSD 5.1url:http://www.netbsd.org/releases/formal-5/NetBSD-5.1.html

Trust: 0.8

title:The OpenBSD/4.8 Releaseurl:http://openbsd.org/48.html

Trust: 0.8

title:Text Form of Oracle Critical Patch Update - July 2013 Risk Matricesurl:http://www.oracle.com/technetwork/topics/security/cpujuly2013verbose-1899830.html

Trust: 0.8

title:Oracle Critical Patch Update Advisory - July 2012url:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html

Trust: 0.8

title:Text Form of Oracle Critical Patch Update - July 2012 Risk Matricesurl:http://www.oracle.com/technetwork/topics/security/cpujul2012verbose-392736.html

Trust: 0.8

title:Oracle Critical Patch Update Advisory - July 2013url:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html

Trust: 0.8

title:Top Pageurl:http://www.oracle.com/jp/index.html

Trust: 0.8

title:RHSA-2011:0507url:https://rhn.redhat.com/errata/RHSA-2011-0507.html

Trust: 0.8

title:July 2013 Critical Patch Update Releasedurl:https://blogs.oracle.com/security/entry/july_2013_critical_patch_update

Trust: 0.8

title:CVE-2011-0419 Denial of Service (DoS) vulnerability in Solaris C Libraryurl:https://blogs.oracle.com/sunsecurity/entry/cve_2011_0419_denial_of

Trust: 0.8

title:Multiple vulnerabilities in Apache HTTP Serverurl:https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_apache_http

Trust: 0.8

title:July 2012 Critical Patch Update Releasedurl:https://blogs.oracle.com/security/entry/july_2012_critical_patch_update

Trust: 0.8

title:TLSA-2011-21url:http://www.turbolinux.co.jp/security/2011/TLSA-2011-21j.txt

Trust: 0.8

title:Mac OS サービスおよびサポートurl:http://www.apple.com/jp/support/osfamily

Trust: 0.8

title:HS11-011url:http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-011/index.html

Trust: 0.8

title:Interstage HTTP Server: 2件のセキュリティ脆弱性url:http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_201104.html

Trust: 0.8

sources: JVNDB: JVNDB-2011-001638

EXTERNAL IDS

db:NVDid:CVE-2011-0419

Trust: 3.1

db:SECUNIAid:44564

Trust: 1.9

db:SECUNIAid:44490

Trust: 1.9

db:SECTRACKid:1025527

Trust: 1.9

db:BIDid:47820

Trust: 1.2

db:SECUNIAid:44574

Trust: 1.1

db:SECUNIAid:48308

Trust: 1.1

db:SREASONid:8246

Trust: 1.1

db:JVNDBid:JVNDB-2011-001638

Trust: 0.8

db:JUNIPERid:JSA10642

Trust: 0.3

db:PACKETSTORMid:105356

Trust: 0.2

db:PACKETSTORMid:117251

Trust: 0.2

db:PACKETSTORMid:106416

Trust: 0.2

db:PACKETSTORMid:101435

Trust: 0.2

db:PACKETSTORMid:101611

Trust: 0.2

db:PACKETSTORMid:101599

Trust: 0.2

db:PACKETSTORMid:101408

Trust: 0.1

db:PACKETSTORMid:104936

Trust: 0.1

db:PACKETSTORMid:106557

Trust: 0.1

db:PACKETSTORMid:104969

Trust: 0.1

db:PACKETSTORMid:106415

Trust: 0.1

db:PACKETSTORMid:101383

Trust: 0.1

db:PACKETSTORMid:105422

Trust: 0.1

db:PACKETSTORMid:101667

Trust: 0.1

db:CNNVDid:CNNVD-201105-160

Trust: 0.1

db:EXPLOIT-DBid:35738

Trust: 0.1

db:VULHUBid:VHN-48364

Trust: 0.1

db:PACKETSTORMid:111915

Trust: 0.1

db:PACKETSTORMid:126689

Trust: 0.1

db:PACKETSTORMid:105738

Trust: 0.1

sources: VULHUB: VHN-48364 // BID: 47820 // JVNDB: JVNDB-2011-001638 // PACKETSTORM: 111915 // PACKETSTORM: 126689 // PACKETSTORM: 101599 // PACKETSTORM: 105356 // PACKETSTORM: 117251 // PACKETSTORM: 101435 // PACKETSTORM: 101611 // PACKETSTORM: 106416 // PACKETSTORM: 105738 // NVD: CVE-2011-0419

REFERENCES

url:http://secunia.com/advisories/44490

Trust: 1.9

url:http://secunia.com/advisories/44564

Trust: 1.9

url:http://httpd.apache.org/security/vulnerabilities_22.html

Trust: 1.4

url:http://www.apache.org/dist/apr/changes-apr-1.4

Trust: 1.4

url:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html

Trust: 1.4

url:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html

Trust: 1.4

url:http://securityreason.com/achievement_securityalert/98

Trust: 1.4

url:http://lists.apple.com/archives/security-announce/2011//oct/msg00003.html

Trust: 1.1

url:http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/fnmatch.c#rev1.22

Trust: 1.1

url:http://support.apple.com/kb/ht5002

Trust: 1.1

url:http://www.apache.org/dist/apr/announcement1.x.html

Trust: 1.1

url:http://www.apache.org/dist/httpd/announcement2.2.html

Trust: 1.1

url:http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/fnmatch.c#rev1.15

Trust: 1.1

url:https://bugzilla.redhat.com/show_bug.cgi?id=703390

Trust: 1.1

url:http://www.debian.org/security/2011/dsa-2237

Trust: 1.1

url:http://www.mandriva.com/security/advisories?name=mdvsa-2011:084

Trust: 1.1

url:http://www.mandriva.com/security/advisories?name=mdvsa-2013:150

Trust: 1.1

url:http://cxib.net/stuff/apache.fnmatch.phps

Trust: 1.1

url:http://cxib.net/stuff/apr_fnmatch.txts

Trust: 1.1

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a14638

Trust: 1.1

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a14804

Trust: 1.1

url:http://www.redhat.com/support/errata/rhsa-2011-0507.html

Trust: 1.1

url:http://www.redhat.com/support/errata/rhsa-2011-0896.html

Trust: 1.1

url:http://www.redhat.com/support/errata/rhsa-2011-0897.html

Trust: 1.1

url:http://securitytracker.com/id?1025527

Trust: 1.1

url:http://secunia.com/advisories/44574

Trust: 1.1

url:http://secunia.com/advisories/48308

Trust: 1.1

url:http://securityreason.com/securityalert/8246

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=131551295528105&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=131731002122529&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=132033751509019&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=134987041210674&w=2

Trust: 1.0

url:http://svn.apache.org/viewvc/apr/apr/branches/1.4.x/strings/apr_fnmatch.c?r1=731029&r2=1098902

Trust: 1.0

url:http://svn.apache.org/viewvc?view=revision&revision=1098188

Trust: 1.0

url:http://svn.apache.org/viewvc?view=revision&revision=1098799

Trust: 1.0

url:http://www.mail-archive.com/dev%40apr.apache.org/msg23960.html

Trust: 1.0

url:http://www.mail-archive.com/dev%40apr.apache.org/msg23961.html

Trust: 1.0

url:http://www.mail-archive.com/dev%40apr.apache.org/msg23976.html

Trust: 1.0

url:https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r064df0985779b7ee044d3120d71ba59750427cf53f57ba3384e3773f%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2011-0419

Trust: 0.9

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0419

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-0419

Trust: 0.8

url:http://www.securityfocus.com/bid/47820

Trust: 0.8

url:http://www.securitytracker.com/id?1025527

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2011-1928

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2011-3192

Trust: 0.4

url:http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Trust: 0.4

url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10642&cat=sirt_1&actp=list

Trust: 0.3

url:http://apr.apache.org/

Trust: 0.3

url:https://blogs.oracle.com/sunsecurity/entry/cve_2011_0419_denial_of

Trust: 0.3

url:http://blogs.oracle.com/sunsecurity/entry/cve_2011_3192_and_cve

Trust: 0.3

url:http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/fnmatch.c.diff?r1=1.21&r2=1.22&f=h

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg27014506#70019

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg1pm38826

Trust: 0.3

url:/archive/1/520376

Trust: 0.3

url:http://support.avaya.com/css/p8/documents/100141102

Trust: 0.3

url:http://support.avaya.com/css/p8/documents/100150721

Trust: 0.3

url:http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03231301&ac.admitted=1332965374461.876444892.492883150

Trust: 0.3

url:https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c03517954&ac.admitted=1349807398574.876444892.199480143

Trust: 0.3

url:http://www.fujitsu.com/global/support/software/security/products-f/interstage-201104e.html

Trust: 0.3

url:http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_apache_portable

Trust: 0.3

url:https://downloads.avaya.com/css/p8/documents/100165695

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=nas2be723d486f51dd5386257895003ca15c

Trust: 0.3

url:http://www.xerox.com/download/security/security-bulletin/1284333-14afb-4baadb5bccb00/cert_xrx12-002_v1.1.pdf

Trust: 0.3

url:http://www.xerox.com/download/security/security-bulletin/12047-4e4eed8d42ca6/cert_xrx13-007_v1.0.pdf

Trust: 0.3

url:https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02964430

Trust: 0.3

url:http://secunia.com/

Trust: 0.3

url:http://lists.grok.org.uk/full-disclosure-charter.html

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2010-1623

Trust: 0.2

url:http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2010-4645

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2010-3436

Trust: 0.2

url:http://www.debian.org/security/faq

Trust: 0.2

url:http://www.debian.org/security/

Trust: 0.2

url:https://www.hp.com/go/swa

Trust: 0.2

url:http://svn.apache.org/viewvc/apr/apr/branches/1.4.x/strings/apr_fnmatch.c?r1=731029&amp;r2=1098902

Trust: 0.1

url:http://svn.apache.org/viewvc?view=revision&amp;revision=1098188

Trust: 0.1

url:http://svn.apache.org/viewvc?view=revision&amp;revision=1098799

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=132033751509019&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=134987041210674&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=131551295528105&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=131731002122529&amp;w=2

Trust: 0.1

url:http://www.mail-archive.com/dev@apr.apache.org/msg23961.html

Trust: 0.1

url:http://www.mail-archive.com/dev@apr.apache.org/msg23960.html

Trust: 0.1

url:http://www.mail-archive.com/dev@apr.apache.org/msg23976.html

Trust: 0.1

url:https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r064df0985779b7ee044d3120d71ba59750427cf53f57ba3384e3773f@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-4409

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1468

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1148

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3182

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1467

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1471

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-1452

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-0734

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1470

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2202

Trust: 0.1

url:http://h18000.www1.hp.com/products/servers/management/agents/index.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1945

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-2068

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1938

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2483

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0014

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1464

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1153

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0195

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-0037

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2192

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-2791

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3189

Trust: 0.1

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0419

Trust: 0.1

url:http://security.gentoo.org/

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0840

Trust: 0.1

url:http://security.gentoo.org/glsa/glsa-201405-24.xml

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1928

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0840

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1623

Trust: 0.1

url:https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber=hpuxwsatw318

Trust: 0.1

url:http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3c20110826103531.998348f82@minotaur.apache.org%3e

Trust: 0.1

url:https://ftp.usa.hp.com/hprc/home

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3368

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-4317

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0031

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3607

Trust: 0.1

url:http://h71000.www7.hp.com/openvms/products/ips/apache/csws_patches.html

Trust: 0.1

url:https://h20566.www2.hp.com/portal/site/hpsc/public/kb/

Trust: 0.1

url:http://www.mandriva.com/security/

Trust: 0.1

url:http://store.mandriva.com/product_info.php?cpath=149&amp;products_id=490

Trust: 0.1

url:http://www.mandriva.com/security/advisories

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1928

Trust: 0.1

url:https://h20392.www2.hp.com/portal/swdepot/try.do?productnumber=hpuxwsatw319

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3348

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0259

Trust: 0.1

url:http://tomcat.apache.org/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0185

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0411

Trust: 0.1

url:http://support.apple.com/kb/ht1222

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0187

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0230

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0226

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-3718

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-0097

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0231

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-4022

Trust: 0.1

url:http://support.apple.com/kb/ht5000

Trust: 0.1

url:http://www.apple.com/support/downloads/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-2089

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0229

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-2227

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0260

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0251

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-3613

Trust: 0.1

url:http://www.freetype.org/

Trust: 0.1

url:https://www.apple.com/support/security/pgp/

Trust: 0.1

url:http://httpd.apache.org/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-3614

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-1634

Trust: 0.1

url:http://www.libpng.org/pub/png/libpng.html

Trust: 0.1

url:http://www.php.net/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-4172

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0249

Trust: 0.1

url:http://mail.python.org/pipermail/mailman-

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0250

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0013

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-1157

Trust: 0.1

url:http://www.postfix.org/announcements/postfix-2.7.3.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0252

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0224

Trust: 0.1

url:http://www.python.org/download/releases/

Trust: 0.1

sources: VULHUB: VHN-48364 // BID: 47820 // JVNDB: JVNDB-2011-001638 // PACKETSTORM: 111915 // PACKETSTORM: 126689 // PACKETSTORM: 101599 // PACKETSTORM: 105356 // PACKETSTORM: 117251 // PACKETSTORM: 101435 // PACKETSTORM: 101611 // PACKETSTORM: 106416 // PACKETSTORM: 105738 // NVD: CVE-2011-0419

CREDITS

HP

Trust: 0.4

sources: PACKETSTORM: 111915 // PACKETSTORM: 105356 // PACKETSTORM: 117251 // PACKETSTORM: 106416

SOURCES

db:VULHUBid:VHN-48364
db:BIDid:47820
db:JVNDBid:JVNDB-2011-001638
db:PACKETSTORMid:111915
db:PACKETSTORMid:126689
db:PACKETSTORMid:101599
db:PACKETSTORMid:105356
db:PACKETSTORMid:117251
db:PACKETSTORMid:101435
db:PACKETSTORMid:101611
db:PACKETSTORMid:106416
db:PACKETSTORMid:105738
db:NVDid:CVE-2011-0419

LAST UPDATE DATE

2024-11-08T20:21:16.506000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-48364date:2018-01-06T00:00:00
db:BIDid:47820date:2015-05-07T17:06:00
db:JVNDBid:JVNDB-2011-001638date:2015-04-22T00:00:00
db:NVDid:CVE-2011-0419date:2024-04-02T18:46:47.630

SOURCES RELEASE DATE

db:VULHUBid:VHN-48364date:2011-05-16T00:00:00
db:BIDid:47820date:2011-05-12T00:00:00
db:JVNDBid:JVNDB-2011-001638date:2011-05-27T00:00:00
db:PACKETSTORMid:111915date:2012-04-17T20:34:39
db:PACKETSTORMid:126689date:2014-05-19T03:19:12
db:PACKETSTORMid:101599date:2011-05-21T14:45:49
db:PACKETSTORMid:105356date:2011-09-28T18:18:28
db:PACKETSTORMid:117251date:2012-10-10T02:28:54
db:PACKETSTORMid:101435date:2011-05-15T20:49:35
db:PACKETSTORMid:101611date:2011-05-23T14:26:23
db:PACKETSTORMid:106416date:2011-10-29T12:14:00
db:PACKETSTORMid:105738date:2011-10-13T02:35:35
db:NVDid:CVE-2011-0419date:2011-05-16T17:55:02.387