All the vulnerabilites related to Red Hat, Inc. - Red Hat Enterprise Linux Extras
jvndb-2007-000329
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-06-06 16:22
Severity ?
() - -
Summary
Java Web Start vulnerable to execution of unauthorized system classes
Details
Java Web Start, included in the JRE (Java Runtime Environment) from Sun Microsystems and other products, contains a vulnerability allowing unauthorized execution of system classes. Java Web Start, included in the JRE (Java Runtime Environment) and other products, is a tool for distributing Java applications over the web. A vulnerability exists in an implementation of Java Web Start which may allow Java Web Start Application including a malformed JAR file to execute an unauthorized system class.
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000329.html",
  "dc:date": "2008-06-06T16:22+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-06-06T16:22+09:00",
  "description": "Java Web Start, included in the JRE (Java Runtime Environment) from Sun Microsystems and other products, contains a vulnerability allowing unauthorized execution of system classes.\r\n\r\nJava Web Start, included in the JRE (Java Runtime Environment) and other products, is a tool for distributing Java applications over the web.  A vulnerability exists in an implementation of Java Web Start which may allow Java Web Start Application including a malformed JAR file to execute an unauthorized system class.",
  "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000329.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:allied_telesis_k.k.:ssl_vpn-plus",
      "@product": "SSL VPN-Plus",
      "@vendor": "Allied Telesis",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:allied_telesis_k.k.:swimradius",
      "@product": "SwimRadius",
      "@vendor": "Allied Telesis",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:bea:jrockit",
      "@product": "BEA JRockit",
      "@vendor": "BEA Systems, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:nec:tw703000",
      "@product": "TW703000",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:nec:websam_deploymentmanager",
      "@product": "WebSAM DeploymentManager",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:redhat:enterprise_linux",
      "@product": "Red Hat Enterprise Linux Extras",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:redhat:rhel_desktop_supplementary",
      "@product": "RHEL Desktop Supplementary",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:redhat:rhel_supplementary",
      "@product": "RHEL Supplementary",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:sun:jdk",
      "@product": "JDK",
      "@vendor": "Sun Microsystems, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:sun:jre",
      "@product": "JRE",
      "@vendor": "Sun Microsystems, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:sun:sdk",
      "@product": "SDK",
      "@vendor": "Sun Microsystems, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:apple:mac_os_x",
      "@product": "Apple Mac OS X",
      "@vendor": "Apple Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:apple:mac_os_x_server",
      "@product": "Apple Mac OS X Server",
      "@vendor": "Apple Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "7.5",
    "@severity": "High",
    "@type": "Base",
    "@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2007-000329",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN44724673/index.html",
      "@id": "JVN#44724673",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2435",
      "@id": "CVE-2007-2435",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2435",
      "@id": "CVE-2007-2435",
      "@source": "NVD"
    },
    {
      "#text": "http://www.jpcert.or.jp/wr/2007/wr071701.txt",
      "@id": "JPCERT-WR-2007-1701",
      "@source": "JPCERT-WR"
    },
    {
      "#text": "http://secunia.com/advisories/25069/",
      "@id": "SA25069",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://www.securityfocus.com/bid/23728",
      "@id": "23728",
      "@source": "BID"
    },
    {
      "#text": "http://xforce.iss.net/xforce/xfdb/33984",
      "@id": "33984",
      "@source": "XF"
    },
    {
      "#text": "http://www.securitytracker.com/id?1017986",
      "@id": "1017986",
      "@source": "SECTRACK"
    },
    {
      "#text": "http://www.frsirt.com/english/advisories/2007/1598",
      "@id": "FrSIRT/ADV-2007-1598",
      "@source": "FRSIRT"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    }
  ],
  "title": "Java Web Start vulnerable to execution of unauthorized system classes"
}

jvndb-2007-000818
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-06-20 13:34
Severity ?
() - -
Summary
Flash Player allows to send arbitrary HTTP headers
Details
Adobe Flash Player contains a vulnerability that could allow a remote attacker to modify HTTP headers of client requests and conduct a HTTP request splitting attack. Adobe Flash Player is a player for the Flash media format and enables frame-based animations with sound to be viewed within a web browser. Flash Player contains a vulnerability that could allow a remote attacker to modify HTTP headers of client requests and conduct a HTTP request splitting attack. This vulnerability is different from JVN#72595280.
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000818.html",
  "dc:date": "2008-06-20T13:34+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-06-20T13:34+09:00",
  "description": "Adobe Flash Player contains a vulnerability that could allow a remote attacker to modify HTTP headers of client requests and conduct a HTTP request splitting attack.\r\n\r\nAdobe Flash Player is a player for the Flash media format and enables frame-based animations with sound to be viewed within a web browser.\r\nFlash Player contains a vulnerability that could allow a remote attacker to modify HTTP headers of client requests and conduct a HTTP request splitting attack.\r\n\r\nThis vulnerability is different from JVN#72595280.",
  "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000818.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:adobe:flash_player",
      "@product": "Adobe Flash Player",
      "@vendor": "Adobe Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:redhat:enterprise_linux",
      "@product": "Red Hat Enterprise Linux Extras",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:redhat:rhel_desktop_supplementary",
      "@product": "RHEL Desktop Supplementary",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:redhat:rhel_supplementary",
      "@product": "RHEL Supplementary",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:sun:opensolaris",
      "@product": "OpenSolaris",
      "@vendor": "Sun Microsystems, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:sun:solaris",
      "@product": "Sun Solaris",
      "@vendor": "Sun Microsystems, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "4.3",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2007-000818",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN50876069/index.html",
      "@id": "JVN#50876069",
      "@source": "JVN"
    },
    {
      "#text": "https://jvn.jp/en/tr/TRTA07-355A/index.html",
      "@id": "TRTA07-355A",
      "@source": "JVNTR"
    },
    {
      "#text": "https://jvn.jp/en/tr/TRTA08-100A/",
      "@id": "TRTA08-100A",
      "@source": "JVNTR"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6245",
      "@id": "CVE-2007-6245",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6245",
      "@id": "CVE-2007-6245",
      "@source": "NVD"
    },
    {
      "#text": "http://www.us-cert.gov/cas/alerts/SA08-100A.html",
      "@id": "SA08-100A",
      "@source": "CERT-SA"
    },
    {
      "#text": "http://www.us-cert.gov/cas/alerts/SA07-355A.html",
      "@id": "SA07-355A",
      "@source": "CERT-SA"
    },
    {
      "#text": "http://www.us-cert.gov/cas/techalerts/TA08-100A.html",
      "@id": "TA08-100A",
      "@source": "CERT-TA"
    },
    {
      "#text": "http://www.us-cert.gov/cas/techalerts/TA07-355A.html",
      "@id": "TA07-355A",
      "@source": "CERT-TA"
    },
    {
      "#text": "http://secunia.com/advisories/28161",
      "@id": "SA28161",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://xforce.iss.net/xforce/xfdb/39134",
      "@id": "39134",
      "@source": "XF"
    },
    {
      "#text": "http://securitytracker.com/id?1019116",
      "@id": "1019116",
      "@source": "SECTRACK"
    },
    {
      "#text": "http://www.frsirt.com/english/advisories/2007/4258",
      "@id": "FrSIRT/ADV-2007-4258",
      "@source": "FRSIRT"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-119",
      "@title": "Buffer Errors(CWE-119)"
    }
  ],
  "title": "Flash Player allows to send arbitrary HTTP headers"
}

jvndb-2008-000016
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-10-09 13:35
Severity ?
() - -
Summary
Sun Java Runtime Environment (JRE) contains a vulnerability in processing XSLT transformations
Details
The Sun Microsystems Java Runtime Environment (JRE) contains a vulnerability that could allow privilege escalation in the processing of XSLT transformations. The Sun Microsystems Java Runtime Environment (JRE) contains a vulnerability that could allow a remote attacker to elevate its privileges via an untrusted applet or application that is downloaded from a website to perform XSLT transformations on XML documents.
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000016.html",
  "dc:date": "2008-10-09T13:35+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-10-09T13:35+09:00",
  "description": "The Sun Microsystems Java Runtime Environment (JRE) contains a vulnerability that could allow privilege escalation in the processing of XSLT transformations.\r\n\r\nThe Sun Microsystems Java Runtime Environment (JRE) contains a vulnerability that could allow a remote attacker to elevate its privileges via an untrusted applet or application that is downloaded from a website to perform XSLT transformations on XML documents.",
  "link": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000016.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:hitachi:electronic_form_workflow",
      "@product": "Electronic Form Workflow",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_application_server",
      "@product": "uCosminexus Application Server",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_client",
      "@product": "uCosminexus Client",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_developer",
      "@product": "uCosminexus Developer",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_operator",
      "@product": "uCosminexus Operator",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_service",
      "@product": "uCosminexus Service",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:redhat:enterprise_linux",
      "@product": "Red Hat Enterprise Linux Extras",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:redhat:rhel_desktop_supplementary",
      "@product": "RHEL Desktop Supplementary",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:redhat:rhel_supplementary",
      "@product": "RHEL Supplementary",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:sun:jdk",
      "@product": "JDK",
      "@vendor": "Sun Microsystems, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:sun:jre",
      "@product": "JRE",
      "@vendor": "Sun Microsystems, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:sun:sdk",
      "@product": "SDK",
      "@vendor": "Sun Microsystems, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:apple:mac_os_x",
      "@product": "Apple Mac OS X",
      "@vendor": "Apple Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:apple:mac_os_x_server",
      "@product": "Apple Mac OS X Server",
      "@vendor": "Apple Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:misc:miraclelinux_asianux_server",
      "@product": "Asianux Server",
      "@vendor": "Cybertrust Japan Co., Ltd.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "6.8",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2008-000016",
  "sec:references": [
    {
      "#text": "http://jvn.jp/cert/JVNTA08-066A/index.html",
      "@id": "JVNTA08-066A",
      "@source": "JVN"
    },
    {
      "#text": "http://jvn.jp/en/jp/JVN04032535/index.html",
      "@id": "JVN#04032535",
      "@source": "JVN"
    },
    {
      "#text": "http://jvn.jp/tr/TRTA08-066A/index.html",
      "@id": "TRTA08-066A",
      "@source": "JVNTR"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1187",
      "@id": "CVE-2008-1187",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1187",
      "@id": "CVE-2008-1187",
      "@source": "NVD"
    },
    {
      "#text": "http://www.ipa.go.jp/security/english/vuln/200803_JRE_press_en.html",
      "@id": "Security Alert for Vulnerability In Sun JRE (Java Runtime Environment) XSLT Transformations",
      "@source": "IPA SECURITY ALERTS"
    },
    {
      "#text": "https://www.us-cert.gov/cas/alerts/SA08-066A.html",
      "@id": "SA08-066A",
      "@source": "CERT-SA"
    },
    {
      "#text": "http://www.us-cert.gov/cas/techalerts/TA08-066A.html",
      "@id": "TA08-066A",
      "@source": "CERT-TA"
    },
    {
      "#text": "http://secunia.com/advisories/29273",
      "@id": "SA29273",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://www.securityfocus.com/bid/28083",
      "@id": "28083",
      "@source": "BID"
    },
    {
      "#text": "http://xforce.iss.net/xforce/xfdb/41025",
      "@id": "41025",
      "@source": "XF"
    },
    {
      "#text": "http://www.securitytracker.com/id?1019548",
      "@id": "1019548",
      "@source": "SECTRACK"
    },
    {
      "#text": "http://www.frsirt.com/english/advisories/2008/0770",
      "@id": "FrSIRT/ADV-2008-0770",
      "@source": "FRSIRT"
    },
    {
      "#text": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000016.html",
      "@id": "JVNDB-2008-000016",
      "@source": "JVNDB_Ja"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    }
  ],
  "title": "Sun Java Runtime Environment (JRE) contains a vulnerability in processing XSLT transformations"
}

jvndb-2007-000817
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2009-02-10 11:32
Severity ?
() - -
Summary
Flash Player vulnerable in handling cross-domain policy files
Details
Adobe Flash Player contains a vulnerability caused by improper handling of cross-domain policy files. Adobe Flash Player is a player for the Flash media format and enables frame-based animations with sound to be viewed within a web browser. According to Adobe's "About allowing cross-domain data loading", "When a Flash document attempts to access data from another domain, Flash Player automatically attempts to load a policy file from that domain. If the domain of the Flash document that is attempting to access the data is included in the policy file, the data is automatically accessible." Flash Player contains a vulnerability that may allow a specially crafted web page to be interpreted as a cross-domain policy file because the plugin fails to properly handle cross-domain policy files.
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000817.html",
  "dc:date": "2009-02-10T11:32+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2009-02-10T11:32+09:00",
  "description": "Adobe Flash Player contains a vulnerability caused by improper handling of cross-domain policy files.\r\n\r\nAdobe Flash Player is a player for the Flash media format and enables frame-based animations with sound to be viewed within a web browser.\r\nAccording to Adobe\u0027s \"About allowing cross-domain data loading\", \"When a Flash document attempts to access data from another domain, Flash Player automatically attempts to load a policy file from that domain. If the domain of the Flash document that is attempting to access the data is included in the policy file, the data is automatically accessible.\"\r\nFlash Player contains a vulnerability that may allow a specially crafted web page to be interpreted as a cross-domain policy file because the plugin fails to properly handle cross-domain policy files.",
  "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000817.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:adobe:flash_player",
      "@product": "Adobe Flash Player",
      "@vendor": "Adobe Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:redhat:enterprise_linux",
      "@product": "Red Hat Enterprise Linux Extras",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:redhat:rhel_desktop_supplementary",
      "@product": "RHEL Desktop Supplementary",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:redhat:rhel_supplementary",
      "@product": "RHEL Supplementary",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:apple:mac_os_x",
      "@product": "Apple Mac OS X",
      "@vendor": "Apple Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:apple:mac_os_x_server",
      "@product": "Apple Mac OS X Server",
      "@vendor": "Apple Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:sun:opensolaris",
      "@product": "OpenSolaris",
      "@vendor": "Sun Microsystems, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:sun:solaris",
      "@product": "Sun Solaris",
      "@vendor": "Sun Microsystems, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_fuji",
      "@product": "Turbolinux FUJI",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_wizpy",
      "@product": "wizpy",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "2.6",
    "@severity": "Low",
    "@type": "Base",
    "@vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2007-000817",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN45675516/index.html",
      "@id": "JVN#45675516",
      "@source": "JVN"
    },
    {
      "#text": "https://jvn.jp/en/tr/TRTA07-355A/index.html",
      "@id": "TRTA07-355A",
      "@source": "JVNTR"
    },
    {
      "#text": "https://jvn.jp/en/tr/TRTA08-100A/",
      "@id": "TRTA08-100A",
      "@source": "JVNTR"
    },
    {
      "#text": "https://jvn.jp/en/tr/TRTA08-150A/index.html",
      "@id": "TRTA08-150A",
      "@source": "JVNTR"
    },
    {
      "#text": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6243",
      "@id": "CVE-2007-6243",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6243",
      "@id": "CVE-2007-6243",
      "@source": "NVD"
    },
    {
      "#text": "http://www.us-cert.gov/cas/alerts/SA08-150A.html",
      "@id": "SA08-150A",
      "@source": "CERT-SA"
    },
    {
      "#text": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html",
      "@id": "TA08-150A",
      "@source": "CERT-TA"
    },
    {
      "#text": "http://secunia.com/advisories/28161",
      "@id": "SA28161",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://xforce.iss.net/xforce/xfdb/39129",
      "@id": "39129",
      "@source": "XF"
    },
    {
      "#text": "http://securitytracker.com/id?1019116",
      "@id": "1019116",
      "@source": "SECTRACK"
    },
    {
      "#text": "http://www.frsirt.com/english/advisories/2007/4258",
      "@id": "FrSIRT/ADV-2007-4258",
      "@source": "FRSIRT"
    },
    {
      "#text": "http://www.frsirt.com/english/advisories/2008/2838",
      "@id": "FrSIRT/ADV-2008-2838",
      "@source": "FRSIRT"
    },
    {
      "#text": "http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-000817.html",
      "@id": "JVNDB-2007-000817",
      "@source": "JVNDB_Ja"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Flash Player vulnerable in handling cross-domain policy files"
}

jvndb-2010-000054
Vulnerability from jvndb
Published
2010-11-09 19:59
Modified
2011-02-01 16:22
Severity ?
() - -
Summary
Flash Player access restriction bypass vulnerability
Details
Flash Player contains an access restriction bypass vulnerability. When Flash Player references a different website than the site where Flash contents are hosted, the referenced site must be allowed access by the cross-domain policy file. Flash Player contains a vulnerability where access restrictions set by the cross-domain policy file may be bypassed.
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000054.html",
  "dc:date": "2011-02-01T16:22+09:00",
  "dcterms:issued": "2010-11-09T19:59+09:00",
  "dcterms:modified": "2011-02-01T16:22+09:00",
  "description": "Flash Player contains an access restriction bypass vulnerability.\r\n\r\nWhen Flash Player references a different website than the site where Flash contents are hosted, the referenced site must be allowed access by the cross-domain policy file.\r\n\r\nFlash Player contains a vulnerability where access restrictions set by the cross-domain policy file may be bypassed.",
  "link": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000054.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:adobe:flash_player",
      "@product": "Adobe Flash Player",
      "@vendor": "Adobe Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:redhat:enterprise_linux",
      "@product": "Red Hat Enterprise Linux Extras",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:redhat:rhel_desktop_supplementary",
      "@product": "RHEL Desktop Supplementary",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:redhat:rhel_server_supplementary",
      "@product": "Red Hat Enterprise Linux Server Supplementary",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:redhat:rhel_supplementary",
      "@product": "RHEL Supplementary",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:redhat:rhel_workstation_supplementary",
      "@product": "Red Hat Enterprise Linux Workstation Supplementary",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:apple:mac_os_x",
      "@product": "Apple Mac OS X",
      "@vendor": "Apple Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:apple:mac_os_x_server",
      "@product": "Apple Mac OS X Server",
      "@vendor": "Apple Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:oracle:solaris",
      "@product": "Oracle Solaris",
      "@vendor": "Oracle Corporation",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "2.6",
    "@severity": "Low",
    "@type": "Base",
    "@vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2010-000054",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN48425028/index.html",
      "@id": "JVN#48425028",
      "@source": "JVN"
    },
    {
      "#text": "http://jvn.jp/cert/JVNVU331391",
      "@id": "JVNVU#331391",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3636",
      "@id": "CVE-2010-3636",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3636",
      "@id": "CVE-2010-3636",
      "@source": "NVD"
    },
    {
      "#text": "http://secunia.com/advisories/42183",
      "@id": "SA42183",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://www.securityfocus.com/bid/44691",
      "@id": "44691",
      "@source": "BID"
    },
    {
      "#text": "http://www.vupen.com/english/advisories/2010/2903",
      "@id": "VUPEN/ADV-2010-2903",
      "@source": "VUPEN"
    },
    {
      "#text": "http://www.vupen.com/english/advisories/2010/2906",
      "@id": "VUPEN/ADV-2010-2906",
      "@source": "VUPEN"
    },
    {
      "#text": "http://www.vupen.com/english/advisories/2010/2918",
      "@id": "VUPEN/ADV-2010-2918",
      "@source": "VUPEN"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    }
  ],
  "title": "Flash Player access restriction bypass vulnerability"
}