All the vulnerabilites related to Turbolinux, Inc. - Turbolinux Server
jvndb-2005-000163
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Sylpheed Email Header Buffer Overflow Vulnerability with non-ASCII Characters
Details
Sylpheed does not validate input data properly, which could lead to buffer overflow when it receives a message with the header containing non-ASCII characters.
References
Impacted products
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000163.html", "dc:date": "2008-05-21T00:00+09:00", "dcterms:issued": "2008-05-21T00:00+09:00", "dcterms:modified": "2008-05-21T00:00+09:00", "description": "Sylpheed does not validate input data properly, which could lead to buffer overflow when it receives a message with the header containing non-ASCII characters.", "link": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000163.html", "sec:cpe": [ { "#text": "cpe:/a:sylpheed:sylpheed", "@product": "Sylpheed", "@vendor": "Sylpheed", "@version": "2.2" }, { "#text": "cpe:/o:redhat:enterprise_linux", "@product": "Red Hat Enterprise Linux", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:linux_advanced_workstation", "@product": "Red Hat Linux Advanced Workstation", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux", "@product": "Turbolinux", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_desktop", "@product": "Turbolinux Desktop", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_home", "@product": "Turbolinux Home", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_server", "@product": "Turbolinux Server", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_workstation", "@product": "Turbolinux Workstation", "@vendor": "Turbolinux, Inc.", "@version": "2.2" } ], "sec:cvss": { "@score": "5.1", "@severity": "Medium", "@type": "Base", "@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "@version": "2.0" }, "sec:identifier": "JVNDB-2005-000163", "sec:references": [ { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0667", "@id": "CVE-2005-0667", "@source": "CVE" }, { "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-0667", "@id": "CVE-2005-0667", "@source": "NVD" }, { "#text": "http://secunia.com/advisories/14491/", "@id": "SA14491", "@source": "SECUNIA" }, { "#text": "http://www.securityfocus.com/bid/12730", "@id": "12730", "@source": "BID" } ], "title": "Sylpheed Email Header Buffer Overflow Vulnerability with non-ASCII Characters" }
jvndb-2007-000295
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2009-08-06 11:39
Summary
APOP password recovery vulnerability
Details
POP3 is a protocol for receiving email from mail servers. APOP is an authentication mechanism used by the POP3 protocol.
It is reported that APOP passwords could be recovered by third parties.
In its successful attack, the attacker spoofs itself as the mail server, provides challenge strings to the client, and collects the responses from the client. The attacker should repeat this process for a certain period of time without alerting the user of the attack.
References
Impacted products
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000295.html", "dc:date": "2009-08-06T11:39+09:00", "dcterms:issued": "2008-05-21T00:00+09:00", "dcterms:modified": "2009-08-06T11:39+09:00", "description": "POP3 is a protocol for receiving email from mail servers. APOP is an authentication mechanism used by the POP3 protocol.\r\n\r\nIt is reported that APOP passwords could be recovered by third parties.\r\n\r\nIn its successful attack, the attacker spoofs itself as the mail server, provides challenge strings to the client, and collects the responses from the client. The attacker should repeat this process for a certain period of time without alerting the user of the attack.", "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000295.html", "sec:cpe": [ { "#text": "cpe:/a:claws_mail:claws_mail", "@product": "Claws Mail", "@vendor": "Claws Mail", "@version": "2.2" }, { "#text": "cpe:/a:fetchmail:fetchmail", "@product": "Fetchmail", "@vendor": "Fetchmail Project", "@version": "2.2" }, { "#text": "cpe:/a:mozilla:seamonkey", "@product": "Mozilla SeaMonkey", "@vendor": "mozilla.org contributors", "@version": "2.2" }, { "#text": "cpe:/a:mozilla:thunderbird", "@product": "Mozilla Thunderbird", "@vendor": "mozilla.org contributors", "@version": "2.2" }, { "#text": "cpe:/a:mutt:mutt", "@product": "Mutt", "@vendor": "Mutt", "@version": "2.2" }, { "#text": "cpe:/a:redhat:rhel_optional_productivity_applications", "@product": "RHEL Optional Productivity Applications", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/a:sylpheed:sylpheed", "@product": "Sylpheed", "@vendor": "Sylpheed", "@version": "2.2" }, { "#text": "cpe:/o:hp:hp-ux", "@product": "HP-UX", "@vendor": "Hewlett-Packard Development Company,L.P", "@version": "2.2" }, { "#text": "cpe:/o:misc:miraclelinux_asianux_server", "@product": "Asianux Server", "@vendor": "Cybertrust Japan Co., Ltd.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:enterprise_linux", "@product": "Red Hat Enterprise Linux", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:enterprise_linux_desktop", "@product": "Red Hat Enterprise Linux Desktop", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:enterprise_linux_eus", "@product": "Red Hat Enterprise Linux EUS", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:linux_advanced_workstation", "@product": "Red Hat Linux Advanced Workstation", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:rhel_desktop_workstation", "@product": "RHEL Desktop Workstation", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux", "@product": "Turbolinux", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_desktop", "@product": "Turbolinux Desktop", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_fuji", "@product": "Turbolinux FUJI", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_home", "@product": "Turbolinux Home", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_multimedia", "@product": "Turbolinux Multimedia", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_personal", "@product": "Turbolinux Personal", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_server", "@product": "Turbolinux Server", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_wizpy", "@product": "wizpy", "@vendor": "Turbolinux, Inc.", "@version": "2.2" } ], "sec:cvss": { "@score": "5.4", "@severity": "Medium", "@type": "Base", "@vector": "AV:N/AC:H/Au:N/C:C/I:N/A:N", "@version": "2.0" }, "sec:identifier": "JVNDB-2007-000295", "sec:references": [ { "#text": "http://jvn.jp/cert/JVNTA07-151A/index.html", "@id": "JVNTA07-151A", "@source": "JVN" }, { "#text": "http://jvn.jp/en/jp/JVN19445002/index.html", "@id": "JVN#19445002", "@source": "JVN" }, { "#text": "http://jvn.jp/tr/TRTA07-151A/index.html", "@id": "TRTA07-151A", "@source": "JVNTR" }, { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1558", "@id": "CVE-2007-1558", "@source": "CVE" }, { "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1558", "@id": "CVE-2007-1558", "@source": "NVD" }, { "#text": "http://www.us-cert.gov/cas/alerts/SA07-151A.html", "@id": "SA07-151A", "@source": "CERT-SA" }, { "#text": "http://www.us-cert.gov/cas/techalerts/TA07-151A.html", "@id": "TA07-151A", "@source": "CERT-TA" }, { "#text": "http://www.securityfocus.com/bid/23257", "@id": "23257", "@source": "BID" }, { "#text": "http://www.securitytracker.com/id?1018008", "@id": "1018008", "@source": "SECTRACK" }, { "#text": "http://www.frsirt.com/english/advisories/2007/1466", "@id": "FrSIRT/ADV-2007-1466", "@source": "FRSIRT" }, { "#text": "http://www.frsirt.com/english/advisories/2007/1480", "@id": "FrSIRT/ADV-2007-1480", "@source": "FRSIRT" }, { "#text": "http://www.frsirt.com/english/advisories/2007/1468", "@id": "FrSIRT/ADV-2007-1468", "@source": "FRSIRT" }, { "#text": "http://www.frsirt.com/english/advisories/2007/1467", "@id": "FrSIRT/ADV-2007-1467", "@source": "FRSIRT" }, { "#text": "http://www.ietf.org/rfc/rfc1939.txt", "@id": "RFC1939:Post Office Protocol - Version 3", "@source": "IETF" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-264", "@title": "Permissions(CWE-264)" } ], "title": "APOP password recovery vulnerability" }
jvndb-2005-000199
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Sylpheed Filename Buffer Overflow Vulnerability
Details
Sylpheed contains a buffer overflow vulnerability exploitable via attachements with MIME-encoded filename.
References
Impacted products
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000199.html", "dc:date": "2008-05-21T00:00+09:00", "dcterms:issued": "2008-05-21T00:00+09:00", "dcterms:modified": "2008-05-21T00:00+09:00", "description": "Sylpheed contains a buffer overflow vulnerability exploitable via attachements with MIME-encoded filename.", "link": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000199.html", "sec:cpe": [ { "#text": "cpe:/a:sylpheed:sylpheed", "@product": "Sylpheed", "@vendor": "Sylpheed", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux", "@product": "Turbolinux", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_desktop", "@product": "Turbolinux Desktop", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_home", "@product": "Turbolinux Home", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_server", "@product": "Turbolinux Server", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_workstation", "@product": "Turbolinux Workstation", "@vendor": "Turbolinux, Inc.", "@version": "2.2" } ], "sec:cvss": { "@score": "5.1", "@severity": "Medium", "@type": "Base", "@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "@version": "2.0" }, "sec:identifier": "JVNDB-2005-000199", "sec:references": [ { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0926", "@id": "CVE-2005-0926", "@source": "CVE" }, { "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-0926", "@id": "CVE-2005-0926", "@source": "NVD" }, { "#text": "http://www.securityfocus.com/bid/12934", "@id": "12934", "@source": "BID" } ], "title": "Sylpheed Filename Buffer Overflow Vulnerability" }
jvndb-2005-000396
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Ruby XMLRPC Arbitrary Command Execution Vulnerability
Details
utils.rb in The Ruby XMLRPC server sets an insecure default value for the public_instance_methods function, which could cause the highly privileged function to be exposed.
References
Impacted products
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000396.html", "dc:date": "2008-05-21T00:00+09:00", "dcterms:issued": "2008-05-21T00:00+09:00", "dcterms:modified": "2008-05-21T00:00+09:00", "description": "utils.rb in The Ruby XMLRPC server sets an insecure default value for the public_instance_methods function, which could cause the highly privileged function to be exposed.", "link": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000396.html", "sec:cpe": [ { "#text": "cpe:/a:ruby-lang:ruby", "@product": "Ruby", "@vendor": "Ruby", "@version": "2.2" }, { "#text": "cpe:/o:redhat:enterprise_linux", "@product": "Red Hat Enterprise Linux", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:enterprise_linux_desktop", "@product": "Red Hat Enterprise Linux Desktop", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_server", "@product": "Turbolinux Server", "@vendor": "Turbolinux, Inc.", "@version": "2.2" } ], "sec:cvss": { "@score": "7.5", "@severity": "High", "@type": "Base", "@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "@version": "2.0" }, "sec:identifier": "JVNDB-2005-000396", "sec:references": [ { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1992", "@id": "CVE-2005-1992", "@source": "CVE" }, { "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-1992", "@id": "CVE-2005-1992", "@source": "NVD" }, { "#text": "http://www.kb.cert.org/vuls/id/684913", "@id": "VU#684913", "@source": "CERT-VN" }, { "#text": "http://secunia.com/advisories/15767/", "@id": "SA15767", "@source": "SECUNIA" }, { "#text": "http://www.securityfocus.com/bid/14016", "@id": "14016", "@source": "BID" }, { "#text": "http://securitytracker.com/alerts/2005/Jun/1014253.html", "@id": "1014253", "@source": "SECTRACK" }, { "#text": "http://www.frsirt.com/english/advisories/2005/0833", "@id": "FrSIRT/ADV-2005-0833", "@source": "FRSIRT" } ], "title": "Ruby XMLRPC Arbitrary Command Execution Vulnerability" }
jvndb-2004-000473
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Ruby cgi.rb Denial of Service Vulnerability
Details
Ruby cgi.rb enters an infinite loop which leads it into Ddenial of Service (DoS) due to improper input validation.
References
Impacted products
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2004/JVNDB-2004-000473.html", "dc:date": "2008-05-21T00:00+09:00", "dcterms:issued": "2008-05-21T00:00+09:00", "dcterms:modified": "2008-05-21T00:00+09:00", "description": "Ruby cgi.rb enters an infinite loop which leads it into Ddenial of Service (DoS) due to improper input validation.", "link": "https://jvndb.jvn.jp/en/contents/2004/JVNDB-2004-000473.html", "sec:cpe": [ { "#text": "cpe:/a:ruby-lang:ruby", "@product": "Ruby", "@vendor": "Ruby", "@version": "2.2" }, { "#text": "cpe:/o:misc:miraclelinux_asianux_server", "@product": "Asianux Server", "@vendor": "Cybertrust Japan Co., Ltd.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:enterprise_linux", "@product": "Red Hat Enterprise Linux", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:enterprise_linux_desktop", "@product": "Red Hat Enterprise Linux Desktop", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux", "@product": "Turbolinux", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_desktop", "@product": "Turbolinux Desktop", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_home", "@product": "Turbolinux Home", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_server", "@product": "Turbolinux Server", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_workstation", "@product": "Turbolinux Workstation", "@vendor": "Turbolinux, Inc.", "@version": "2.2" } ], "sec:cvss": { "@score": "5.0", "@severity": "Medium", "@type": "Base", "@vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "@version": "2.0" }, "sec:identifier": "JVNDB-2004-000473", "sec:references": [ { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0983", "@id": "CVE-2004-0983", "@source": "CVE" }, { "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-0983", "@id": "CVE-2004-0983", "@source": "NVD" }, { "#text": "http://secunia.com/advisories/13123/", "@id": "SA13123", "@source": "SECUNIA" }, { "#text": "http://www.securityfocus.com/bid/11618", "@id": "11618", "@source": "BID" }, { "#text": "http://xforce.iss.net/xforce/xfdb/17985", "@id": "17985", "@source": "XF" }, { "#text": "http://securitytracker.com/id?1012120", "@id": "1012120", "@source": "SECTRACK" } ], "title": "Ruby cgi.rb Denial of Service Vulnerability" }
jvndb-2005-000530
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Vulnerability in multiple web browsers allowing request spoofing attacks
Details
Multiple web browsers contain a vulnerability in the processing of XmlHttpRequest objects. XmlHttpRequest objects available in JavaScript provide a function to communicate with a server without reloading a web page.
In general, JavaScript only allows communication within the same domain of the web page; however, an attacker could bypass this restriction by exploiting this vulnerability.
References
Impacted products
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000530.html", "dc:date": "2008-05-21T00:00+09:00", "dcterms:issued": "2008-05-21T00:00+09:00", "dcterms:modified": "2008-05-21T00:00+09:00", "description": "Multiple web browsers contain a vulnerability in the processing of XmlHttpRequest objects. XmlHttpRequest objects available in JavaScript provide a function to communicate with a server without reloading a web page.\r\n\r\nIn general, JavaScript only allows communication within the same domain of the web page; however, an attacker could bypass this restriction by exploiting this vulnerability.", "link": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000530.html", "sec:cpe": [ { "#text": "cpe:/a:mozilla:firefox", "@product": "Mozilla Firefox", "@vendor": "mozilla.org contributors", "@version": "2.2" }, { "#text": "cpe:/a:mozilla:mozilla_suite", "@product": "Mozilla Suite", "@vendor": "mozilla.org contributors", "@version": "2.2" }, { "#text": "cpe:/a:opera:opera_browser", "@product": "Opera", "@vendor": "Opera Software ASA", "@version": "2.2" }, { "#text": "cpe:/o:misc:miraclelinux_asianux_server", "@product": "Asianux Server", "@vendor": "Cybertrust Japan Co., Ltd.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:enterprise_linux", "@product": "Red Hat Enterprise Linux", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:enterprise_linux_desktop", "@product": "Red Hat Enterprise Linux Desktop", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:linux_advanced_workstation", "@product": "Red Hat Linux Advanced Workstation", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux", "@product": "Turbolinux", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_desktop", "@product": "Turbolinux Desktop", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_home", "@product": "Turbolinux Home", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_multimedia", "@product": "Turbolinux Multimedia", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_personal", "@product": "Turbolinux Personal", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_server", "@product": "Turbolinux Server", "@vendor": "Turbolinux, Inc.", "@version": "2.2" } ], "sec:cvss": { "@score": "5.0", "@severity": "Medium", "@type": "Base", "@vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "@version": "2.0" }, "sec:identifier": "JVNDB-2005-000530", "sec:references": [ { "#text": "http://jvn.jp/en/jp/JVN31226748/", "@id": "JVN#31226748", "@source": "JVN" }, { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2703", "@id": "CVE-2005-2703", "@source": "CVE" }, { "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-2703", "@id": "CVE-2005-2703", "@source": "NVD" }, { "#text": "http://secunia.com/advisories/16911/", "@id": "SA16911", "@source": "SECUNIA" }, { "#text": "http://www.securityfocus.com/bid/14923", "@id": "14923", "@source": "BID" }, { "#text": "http://www.frsirt.com/english/advisories/2005/1824", "@id": "FrSIRT/ADV-2005-1824", "@source": "FRSIRT" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-94", "@title": "Code Injection(CWE-94)" } ], "title": "Vulnerability in multiple web browsers allowing request spoofing attacks" }
jvndb-2006-000753
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Ruby cgi.rb Denial of Service Vulnerability
Details
The cig.rb class in Ruby cannot handle HTTP requests with MIME multipart data set with an invalid boundry, which could trigger an infinate loop and result in consuming a large amount of CPU respurces.
References
Impacted products
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000753.html", "dc:date": "2008-05-21T00:00+09:00", "dcterms:issued": "2008-05-21T00:00+09:00", "dcterms:modified": "2008-05-21T00:00+09:00", "description": "The cig.rb class in Ruby cannot handle HTTP requests with MIME multipart data set with an invalid boundry, which could trigger an infinate loop and result in consuming a large amount of CPU respurces.", "link": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000753.html", "sec:cpe": [ { "#text": "cpe:/a:ruby-lang:ruby", "@product": "Ruby", "@vendor": "Ruby", "@version": "2.2" }, { "#text": "cpe:/o:misc:miraclelinux_asianux_server", "@product": "Asianux Server", "@vendor": "Cybertrust Japan Co., Ltd.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:enterprise_linux", "@product": "Red Hat Enterprise Linux", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:enterprise_linux_desktop", "@product": "Red Hat Enterprise Linux Desktop", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux", "@product": "Turbolinux", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_appliance_server", "@product": "Turbolinux Appliance Server", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_desktop", "@product": "Turbolinux Desktop", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_fuji", "@product": "Turbolinux FUJI", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_home", "@product": "Turbolinux Home", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_multimedia", "@product": "Turbolinux Multimedia", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_personal", "@product": "Turbolinux Personal", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_server", "@product": "Turbolinux Server", "@vendor": "Turbolinux, Inc.", "@version": "2.2" } ], "sec:cvss": { "@score": "5.0", "@severity": "Medium", "@type": "Base", "@vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "@version": "2.0" }, "sec:identifier": "JVNDB-2006-000753", "sec:references": [ { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5467", "@id": "CVE-2006-5467", "@source": "CVE" }, { "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5467", "@id": "CVE-2006-5467", "@source": "NVD" }, { "#text": "http://secunia.com/advisories/13123/", "@id": "SA13123", "@source": "SECUNIA" }, { "#text": "http://www.securityfocus.com/bid/20777", "@id": "20777", "@source": "BID" }, { "#text": "http://www.frsirt.com/english/advisories/2006/4244", "@id": "FrSIRT/ADV-2006-4244", "@source": "FRSIRT" } ], "title": "Ruby cgi.rb Denial of Service Vulnerability" }
jvndb-2005-000601
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2014-05-22 18:04
Summary
OpenSSL version rollback vulnerability
Details
OpenSSL from OpenSSL Project contains a version rollback vulnerability. If a specific option is used on a server running OpenSSL, an attacker can force the client and the server to negotiate the SSL 2.0 protocol even if these parties both request TLS 1.0 protocol by crafting an attack on the communication path.
RFC 2246, defining the TLS protocol, defines that when TLS 1.0 is available, SSL 2.0 should not be used in order to avoid version rollback attacks.
References
Impacted products
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000601.html", "dc:date": "2014-05-22T18:04+09:00", "dcterms:issued": "2008-05-21T00:00+09:00", "dcterms:modified": "2014-05-22T18:04+09:00", "description": "OpenSSL from OpenSSL Project contains a version rollback vulnerability. If a specific option is used on a server running OpenSSL, an attacker can force the client and the server to negotiate the SSL 2.0 protocol even if these parties both request TLS 1.0 protocol by crafting an attack on the communication path.\r\n\r\nRFC 2246, defining the TLS protocol, defines that when TLS 1.0 is available, SSL 2.0 should not be used in order to avoid version rollback attacks.", "link": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000601.html", "sec:cpe": [ { "#text": "cpe:/a:hitachi:cosminexus_application_server_enterprise", "@product": "Cosminexus Application Server Enterprise", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_application_server_standard", "@product": "Cosminexus Application Server Standard", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_application_server_version_5", "@product": "Cosminexus Application Server Version 5", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_developer_light_version_6", "@product": "Cosminexus Developer Light Version 6", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_developer_professional_version_6", "@product": "Cosminexus Developer Professional Version 6", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_developer_standard_version_6", "@product": "Cosminexus Developer Standard Version 6", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_developer_version_5", "@product": "Cosminexus Developer Version 5", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_server_-_enterprise_edition", "@product": "Cosminexus Server - Enterprise Edition", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_server_-_standard_edition", "@product": "Cosminexus Server - Standard Edition", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_server_-_standard_edition_version_4", "@product": "Cosminexus Server - Standard Edition Version 4", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_server_-_web_edition", "@product": "Cosminexus Server - Web Edition", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_server_-_web_edition_version_4", "@product": "Cosminexus Server - Web Edition Version 4", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:hitachi_web_server", "@product": "Hitachi Web Server", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_application_server_enterprise", "@product": "uCosminexus Application Server Enterprise", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_application_server_smart_edition", "@product": "uCosminexus Application Server Smart Edition", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_application_server_standard", "@product": "uCosminexus Application Server Standard", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_developer", "@product": "uCosminexus Developer", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_developer_light", "@product": "uCosminexus Developer Light", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_developer_standard", "@product": "uCosminexus Developer Standard", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_service_architect", "@product": "uCosminexus Service Architect", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_service_platform", "@product": "uCosminexus Service Platform", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:openssl:openssl", "@product": "OpenSSL", "@vendor": "OpenSSL Project", "@version": "2.2" }, { "#text": "cpe:/a:trendmicro:interscan_messaging_security_suite", "@product": "InterScan Messaging Security Suite", "@vendor": "Trend Micro, Inc.", "@version": "2.2" }, { "#text": "cpe:/a:trendmicro:interscan_viruswall", "@product": "TrendMicro InterScan VirusWall", "@vendor": "Trend Micro, Inc.", "@version": "2.2" }, { "#text": "cpe:/a:trendmicro:interscan_web_security_suite", "@product": "TrendMicro InterScan Web Security Suite", "@vendor": "Trend Micro, Inc.", "@version": "2.2" }, { "#text": "cpe:/h:fujitsu:fmse-c301", "@product": "FMSE-C301", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/h:fujitsu:ipcom", "@product": "IPCOM Series", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/o:hp:hp-ux", "@product": "HP-UX", "@vendor": "Hewlett-Packard Development Company,L.P", "@version": "2.2" }, { "#text": "cpe:/o:misc:miraclelinux_asianux_server", "@product": "Asianux Server", "@vendor": "Cybertrust Japan Co., Ltd.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:enterprise_linux", "@product": "Red Hat Enterprise Linux", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:linux_advanced_workstation", "@product": "Red Hat Linux Advanced Workstation", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:sun:solaris", "@product": "Sun Solaris", "@vendor": "Sun Microsystems, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_appliance_server", "@product": "Turbolinux Appliance Server", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_fuji", "@product": "Turbolinux FUJI", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_multimedia", "@product": "Turbolinux Multimedia", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_personal", "@product": "Turbolinux Personal", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_server", "@product": "Turbolinux Server", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_wizpy", "@product": "wizpy", "@vendor": "Turbolinux, Inc.", "@version": "2.2" } ], "sec:cvss": { "@score": "2.6", "@severity": "Low", "@type": "Base", "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "@version": "2.0" }, "sec:identifier": "JVNDB-2005-000601", "sec:references": [ { "#text": "http://jvn.jp/en/jp/JVN23632449/index.html", "@id": "JVN#23632449", "@source": "JVN" }, { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2969", "@id": "CVE-2005-2969", "@source": "CVE" }, { "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-2969", "@id": "CVE-2005-2969", "@source": "NVD" }, { "#text": "http://secunia.com/advisories/17151/", "@id": "SA17151", "@source": "SECUNIA" }, { "#text": "http://www.securityfocus.com/bid/15071", "@id": "15071", "@source": "BID" }, { "#text": "http://www.securiteam.com/securitynews/6Y00D0AEBW.html", "@id": "6Y00D0AEBW", "@source": "SECTEAM" }, { "#text": "http://www.frsirt.com/english/advisories/2005/2036", "@id": "FrSIRT/ADV-2005-2036", "@source": "FRSIRT" } ], "title": "OpenSSL version rollback vulnerability" }
jvndb-2007-000176
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Mozilla Firefox cross-site scripting vulnerability
Details
Mozilla Firefox, web browser from Mozilla Corporation and Mozilla Japan, contains a cross-site scripting vulnerability.
Mozilla Firefox interprets HTML data improperly and activates event handlers for invalid HTML elements, leading to a cross-site scripting vulnerability.
References
Impacted products
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000176.html", "dc:date": "2008-05-21T00:00+09:00", "dcterms:issued": "2008-05-21T00:00+09:00", "dcterms:modified": "2008-05-21T00:00+09:00", "description": "Mozilla Firefox, web browser from Mozilla Corporation and Mozilla Japan, contains a cross-site scripting vulnerability.\r\n\r\nMozilla Firefox interprets HTML data improperly and activates event handlers for invalid HTML elements, leading to a cross-site scripting vulnerability.", "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000176.html", "sec:cpe": [ { "#text": "cpe:/a:mozilla:firefox", "@product": "Mozilla Firefox", "@vendor": "mozilla.org contributors", "@version": "2.2" }, { "#text": "cpe:/a:mozilla:seamonkey", "@product": "Mozilla SeaMonkey", "@vendor": "mozilla.org contributors", "@version": "2.2" }, { "#text": "cpe:/a:redhat:rhel_optional_productivity_applications", "@product": "RHEL Optional Productivity Applications", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:hp:hp-ux", "@product": "HP-UX", "@vendor": "Hewlett-Packard Development Company,L.P", "@version": "2.2" }, { "#text": "cpe:/o:misc:miraclelinux_asianux_server", "@product": "Asianux Server", "@vendor": "Cybertrust Japan Co., Ltd.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:enterprise_linux", "@product": "Red Hat Enterprise Linux", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:enterprise_linux_desktop", "@product": "Red Hat Enterprise Linux Desktop", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:linux_advanced_workstation", "@product": "Red Hat Linux Advanced Workstation", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:rhel_desktop_workstation", "@product": "RHEL Desktop Workstation", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux", "@product": "Turbolinux", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_desktop", "@product": "Turbolinux Desktop", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_home", "@product": "Turbolinux Home", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_multimedia", "@product": "Turbolinux Multimedia", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_personal", "@product": "Turbolinux Personal", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_server", "@product": "Turbolinux Server", "@vendor": "Turbolinux, Inc.", "@version": "2.2" } ], "sec:cvss": { "@score": "4.3", "@severity": "Medium", "@type": "Base", "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "@version": "2.0" }, "sec:identifier": "JVNDB-2007-000176", "sec:references": [ { "#text": "http://jvn.jp/en/jp/JVN38605899/index.html", "@id": "JVN#38605899", "@source": "JVN" }, { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0995", "@id": "CVE-2007-0995", "@source": "CVE" }, { "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0995", "@id": "CVE-2007-0995", "@source": "NVD" }, { "#text": "http://secunia.com/advisories/24205/", "@id": "SA24205", "@source": "SECUNIA" }, { "#text": "http://secunia.com/advisories/24238/", "@id": "SA24238", "@source": "SECUNIA" }, { "#text": "http://www.securityfocus.com/bid/22694", "@id": "22694", "@source": "BID" }, { "#text": "http://www.frsirt.com/english/advisories/2007/0718", "@id": "FrSIRT/ADV-2007-0718", "@source": "FRSIRT" } ], "title": "Mozilla Firefox cross-site scripting vulnerability" }
jvndb-2005-000727
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2014-05-22 18:03
Summary
mod_imap cross-site scripting vulnerability
Details
The "mod_imap" and "mod_imagemap" modules of the Apache HTTP Server are used for implementing server-side image map processing.
mod_imap and mod_imagemap are affected by a cross-site scripting vulnerability when referer values are used in an image map in such a way that they do not handle HTTP_REFERER properly.
References
Impacted products
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000727.html", "dc:date": "2014-05-22T18:03+09:00", "dcterms:issued": "2008-05-21T00:00+09:00", "dcterms:modified": "2014-05-22T18:03+09:00", "description": "The \"mod_imap\" and \"mod_imagemap\" modules of the Apache HTTP Server are used for implementing server-side image map processing.\r\nmod_imap and mod_imagemap are affected by a cross-site scripting vulnerability when referer values are used in an image map in such a way that they do not handle HTTP_REFERER properly.", "link": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000727.html", "sec:cpe": [ { "#text": "cpe:/a:apache:http_server", "@product": "Apache HTTP Server", "@vendor": "Apache Software Foundation", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_application_server_enterprise", "@product": "Cosminexus Application Server Enterprise", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_application_server_standard", "@product": "Cosminexus Application Server Standard", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_application_server_version_5", "@product": "Cosminexus Application Server Version 5", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_developer_light_version_6", "@product": "Cosminexus Developer Light Version 6", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_developer_professional_version_6", "@product": "Cosminexus Developer Professional Version 6", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_developer_standard_version_6", "@product": "Cosminexus Developer Standard Version 6", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_developer_version_5", "@product": "Cosminexus Developer Version 5", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_server_-_enterprise_edition", "@product": "Cosminexus Server - Enterprise Edition", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_server_-_standard_edition", "@product": "Cosminexus Server - Standard Edition", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_server_-_standard_edition_version_4", "@product": "Cosminexus Server - Standard Edition Version 4", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_server_-_web_edition", "@product": "Cosminexus Server - Web Edition", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_server_-_web_edition_version_4", "@product": "Cosminexus Server - Web Edition Version 4", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:hitachi_web_server", "@product": "Hitachi Web Server", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_application_server_enterprise", "@product": "uCosminexus Application Server Enterprise", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_application_server_smart_edition", "@product": "uCosminexus Application Server Smart Edition", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_application_server_standard", "@product": "uCosminexus Application Server Standard", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_developer", "@product": "uCosminexus Developer", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_developer_light", "@product": "uCosminexus Developer Light", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_developer_standard", "@product": "uCosminexus Developer Standard", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_service_architect", "@product": "uCosminexus Service Architect", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_service_platform", "@product": "uCosminexus Service Platform", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:ibm:http_server", "@product": "IBM HTTP Server", "@vendor": "IBM Corporation", "@version": "2.2" }, { "#text": "cpe:/a:oracle:http_server", "@product": "Oracle HTTP Server", "@vendor": "Oracle Corporation", "@version": "2.2" }, { "#text": "cpe:/o:apple:mac_os_x", "@product": "Apple Mac OS X", "@vendor": "Apple Inc.", "@version": "2.2" }, { "#text": "cpe:/o:apple:mac_os_x_server", "@product": "Apple Mac OS X Server", "@vendor": "Apple Inc.", "@version": "2.2" }, { "#text": "cpe:/o:hp:hp-ux", "@product": "HP-UX", "@vendor": "Hewlett-Packard Development Company,L.P", "@version": "2.2" }, { "#text": "cpe:/o:misc:miraclelinux_asianux_server", "@product": "Asianux Server", "@vendor": "Cybertrust Japan Co., Ltd.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:enterprise_linux", "@product": "Red Hat Enterprise Linux", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:linux_advanced_workstation", "@product": "Red Hat Linux Advanced Workstation", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:sun:solaris", "@product": "Sun Solaris", "@vendor": "Sun Microsystems, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux", "@product": "Turbolinux", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_desktop", "@product": "Turbolinux Desktop", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_fuji", "@product": "Turbolinux FUJI", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_home", "@product": "Turbolinux Home", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_multimedia", "@product": "Turbolinux Multimedia", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_personal", "@product": "Turbolinux Personal", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_server", "@product": "Turbolinux Server", "@vendor": "Turbolinux, Inc.", "@version": "2.2" } ], "sec:cvss": { "@score": "4.3", "@severity": "Medium", "@type": "Base", "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "@version": "2.0" }, "sec:identifier": "JVNDB-2005-000727", "sec:references": [ { "#text": "http://jvn.jp/en/jp/JVN06045169/index.html", "@id": "JVN#06045169", "@source": "JVN" }, { "#text": "https://jvn.jp/en/tr/TRTA08-079A/index.html", "@id": "TRTA08-079A", "@source": "JVNTR" }, { "#text": "https://jvn.jp/en/tr/TRTA08-150A/index.html", "@id": "TRTA08-150A", "@source": "JVNTR" }, { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352", "@id": "CVE-2005-3352", "@source": "CVE" }, { "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-3352", "@id": "CVE-2005-3352", "@source": "NVD" }, { "#text": "http://www.us-cert.gov/cas/alerts/SA08-079A.html", "@id": "SA08-079A", "@source": "CERT-SA" }, { "#text": "http://www.us-cert.gov/cas/alerts/SA08-150A.html", "@id": "SA08-150A", "@source": "CERT-SA" }, { "#text": "http://www.us-cert.gov/cas/techalerts/TA08-079A.html", "@id": "TA08-079A", "@source": "CERT-TA" }, { "#text": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html", "@id": "TA08-150A", "@source": "CERT-TA" }, { "#text": "http://www.securityfocus.com/bid/15834", "@id": "15834", "@source": "BID" } ], "title": "mod_imap cross-site scripting vulnerability" }
jvndb-2004-000323
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Ruby CGI Session Management Insecure File Permission Vulnerability
Details
Ruby uses CGI::Session's FileStore. FileStore creates a session file with improper permission and this could lead to session information leak.
References
Impacted products
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2004/JVNDB-2004-000323.html", "dc:date": "2008-05-21T00:00+09:00", "dcterms:issued": "2008-05-21T00:00+09:00", "dcterms:modified": "2008-05-21T00:00+09:00", "description": "Ruby uses CGI::Session\u0027s FileStore. FileStore creates a session file with improper permission and this could lead to session information leak.", "link": "https://jvndb.jvn.jp/en/contents/2004/JVNDB-2004-000323.html", "sec:cpe": [ { "#text": "cpe:/a:ruby-lang:ruby", "@product": "Ruby", "@vendor": "Ruby", "@version": "2.2" }, { "#text": "cpe:/o:redhat:enterprise_linux", "@product": "Red Hat Enterprise Linux", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:enterprise_linux_desktop", "@product": "Red Hat Enterprise Linux Desktop", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux", "@product": "Turbolinux", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_desktop", "@product": "Turbolinux Desktop", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_home", "@product": "Turbolinux Home", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_server", "@product": "Turbolinux Server", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_workstation", "@product": "Turbolinux Workstation", "@vendor": "Turbolinux, Inc.", "@version": "2.2" } ], "sec:cvss": { "@score": "2.1", "@severity": "Low", "@type": "Base", "@vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "@version": "2.0" }, "sec:identifier": "JVNDB-2004-000323", "sec:references": [ { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0755", "@id": "CVE-2004-0755", "@source": "CVE" }, { "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-0755", "@id": "CVE-2004-0755", "@source": "NVD" }, { "#text": "http://www.securityfocus.com/bid/10946", "@id": "10946", "@source": "BID" }, { "#text": "http://xforce.iss.net/xforce/xfdb/16996", "@id": "16996", "@source": "XF" } ], "title": "Ruby CGI Session Management Insecure File Permission Vulnerability" }
jvndb-2007-000819
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2013-07-18 18:58
Summary
Cross-site scripting vulnerability in Apache HTTP Server "mod_imap" and "mod_imagemap"
Details
mod_imap and mod_imagemap modules of the Apache HTTP Server are vulnerable to cross-site scripting.
The Apache HTTP Server is open source web server software. The Apache HTTP Server modules mod_imap and mod_imagemap provide server-side imagemap processing capability.
The Apache HTTP Server modules mod_imap and mod_imagemap are vulnerable to cross-site scripting.
References
Impacted products
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000819.html", "dc:date": "2013-07-18T18:58+09:00", "dcterms:issued": "2008-05-21T00:00+09:00", "dcterms:modified": "2013-07-18T18:58+09:00", "description": "mod_imap and mod_imagemap modules of the Apache HTTP Server are vulnerable to cross-site scripting.\r\n\r\nThe Apache HTTP Server is open source web server software. The Apache HTTP Server modules mod_imap and mod_imagemap provide server-side imagemap processing capability.\r\nThe Apache HTTP Server modules mod_imap and mod_imagemap are vulnerable to cross-site scripting.", "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000819.html", "sec:cpe": [ { "#text": "cpe:/a:apache:http_server", "@product": "Apache HTTP Server", "@vendor": "Apache Software Foundation", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_application_framework_suite", "@product": "Interstage Application Framework Suite", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_application_server", "@product": "Interstage Application Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_apworks", "@product": "Interstage Apworks", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_business_application_server", "@product": "Interstage Business Application Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_job_workload_server", "@product": "Interstage Job Workload Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_studio", "@product": "Interstage Studio", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_web_server", "@product": "Interstage Web Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:systemwalker_resource_coordinator", "@product": "Systemwalker Resource Coordinator", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_application_server", "@product": "Cosminexus Application Server", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_developer", "@product": "Cosminexus Developer", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_server", "@product": "Cosminexus Server", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:hitachi_web_server", "@product": "Hitachi Web Server", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_application_server", "@product": "uCosminexus Application Server", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_developer", "@product": "uCosminexus Developer", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_service", "@product": "uCosminexus Service", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:ibm:http_server", "@product": "IBM HTTP Server", "@vendor": "IBM Corporation", "@version": "2.2" }, { "#text": "cpe:/a:oracle:http_server", "@product": "Oracle HTTP Server", "@vendor": "Oracle Corporation", "@version": "2.2" }, { "#text": "cpe:/a:redhat:rhel_application_stack", "@product": "Red Hat Application Stack", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/h:nec:wanbooster", "@product": "WanBooster", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/o:apple:mac_os_x", "@product": "Apple Mac OS X", "@vendor": "Apple Inc.", "@version": "2.2" }, { "#text": "cpe:/o:apple:mac_os_x_server", "@product": "Apple Mac OS X Server", "@vendor": "Apple Inc.", "@version": "2.2" }, { "#text": "cpe:/o:hp:hp-ux", "@product": "HP-UX", "@vendor": "Hewlett-Packard Development Company,L.P", "@version": "2.2" }, { "#text": "cpe:/o:misc:miraclelinux_asianux_server", "@product": "Asianux Server", "@vendor": "Cybertrust Japan Co., Ltd.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:enterprise_linux", "@product": "Red Hat Enterprise Linux", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:enterprise_linux_desktop", "@product": "Red Hat Enterprise Linux Desktop", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:linux_advanced_workstation", "@product": "Red Hat Linux Advanced Workstation", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:rhel_desktop_workstation", "@product": "RHEL Desktop Workstation", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:sun:solaris", "@product": "Sun Solaris", "@vendor": "Sun Microsystems, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_appliance_server", "@product": "Turbolinux Appliance Server", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_fuji", "@product": "Turbolinux FUJI", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_multimedia", "@product": "Turbolinux Multimedia", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_personal", "@product": "Turbolinux Personal", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_server", "@product": "Turbolinux Server", "@vendor": "Turbolinux, Inc.", "@version": "2.2" } ], "sec:cvss": { "@score": "4.3", "@severity": "Medium", "@type": "Base", "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "@version": "2.0" }, "sec:identifier": "JVNDB-2007-000819", "sec:references": [ { "#text": "http://jvn.jp/en/jp/JVN80057925/index.html", "@id": "JVN#80057925", "@source": "JVN" }, { "#text": "https://jvn.jp/en/tr/TRTA08-079A/index.html", "@id": "TRTA08-079A", "@source": "JVNTR" }, { "#text": "https://jvn.jp/en/tr/TRTA08-150A/index.html", "@id": "TRTA08-150A", "@source": "JVNTR" }, { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000", "@id": "CVE-2007-5000", "@source": "CVE" }, { "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5000", "@id": "CVE-2007-5000", "@source": "NVD" }, { "#text": "http://secunia.com/advisories/28046", "@id": "SA28046", "@source": "SECUNIA" }, { "#text": "http://secunia.com/advisories/28073", "@id": "SA28073", "@source": "SECUNIA" }, { "#text": "http://www.frsirt.com/english/advisories/2007/4201", "@id": "FrSIRT/ADV-2007-4201", "@source": "FRSIRT" }, { "#text": "http://www.frsirt.com/english/advisories/2007/4202", "@id": "FrSIRT/ADV-2007-4202", "@source": "FRSIRT" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-79", "@title": "Cross-site Scripting(CWE-79)" } ], "title": "Cross-site scripting vulnerability in Apache HTTP Server \"mod_imap\" and \"mod_imagemap\"" }
jvndb-2008-000021
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-07-29 14:54
Summary
Mozilla Firefox cross-site scripting vulnerability
Details
Mozilla Firefox web browser contains a cross-site scripting vulnerability.
Mozilla Firefox does not properly handle certain HTML documents in Shift_JIS encoding. According to MFSA 2008-13, this flaw could potentially be used to evade web-site input filters and result in a XSS attack hazard.
References
Impacted products
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000021.html", "dc:date": "2008-07-29T14:54+09:00", "dcterms:issued": "2008-05-21T00:00+09:00", "dcterms:modified": "2008-07-29T14:54+09:00", "description": "Mozilla Firefox web browser contains a cross-site scripting vulnerability.\r\n\r\nMozilla Firefox does not properly handle certain HTML documents in Shift_JIS encoding. According to MFSA 2008-13, this flaw could potentially be used to evade web-site input filters and result in a XSS attack hazard.", "link": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000021.html", "sec:cpe": [ { "#text": "cpe:/a:mozilla:firefox", "@product": "Mozilla Firefox", "@vendor": "mozilla.org contributors", "@version": "2.2" }, { "#text": "cpe:/o:redhat:enterprise_linux", "@product": "Red Hat Enterprise Linux", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:enterprise_linux_desktop", "@product": "Red Hat Enterprise Linux Desktop", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:linux_advanced_workstation", "@product": "Red Hat Linux Advanced Workstation", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:rhel_desktop_workstation", "@product": "RHEL Desktop Workstation", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:sun:opensolaris", "@product": "OpenSolaris", "@vendor": "Sun Microsystems, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:sun:solaris", "@product": "Sun Solaris", "@vendor": "Sun Microsystems, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_fuji", "@product": "Turbolinux FUJI", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_server", "@product": "Turbolinux Server", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_wizpy", "@product": "wizpy", "@vendor": "Turbolinux, Inc.", "@version": "2.2" } ], "sec:cvss": { "@score": "2.6", "@severity": "Low", "@type": "Base", "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "@version": "2.0" }, "sec:identifier": "JVNDB-2008-000021", "sec:references": [ { "#text": "http://jvn.jp/en/jp/JVN21563357/index.html", "@id": "JVN#21563357", "@source": "JVN" }, { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0416", "@id": "CVE-2008-0416", "@source": "CVE" }, { "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0416", "@id": "CVE-2008-0416", "@source": "NVD" }, { "#text": "http://www.securityfocus.com/bid/29303", "@id": "29303", "@source": "BID" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-79", "@title": "Cross-site Scripting(CWE-79)" } ], "title": "Mozilla Firefox cross-site scripting vulnerability" }
jvndb-2008-000084
Vulnerability from jvndb
Published
2008-12-19 15:37
Modified
2010-10-19 17:40
Summary
PHP vulnerable to cross-site scripting
Details
PHP contains a cross-site scripting vulnerability.
PHP is an open source scripting language that is especially suited for Web development. PHP contains a cross-site scripting vulnerability as it does not properly handle errors.
Tomoki Sanaki of International Network Security, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000084.html", "dc:date": "2010-10-19T17:40+09:00", "dcterms:issued": "2008-12-19T15:37+09:00", "dcterms:modified": "2010-10-19T17:40+09:00", "description": "PHP contains a cross-site scripting vulnerability.\r\n\r\nPHP is an open source scripting language that is especially suited for Web development. PHP contains a cross-site scripting vulnerability as it does not properly handle errors.\r\n\r\nTomoki Sanaki of International Network Security, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.", "link": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000084.html", "sec:cpe": [ { "#text": "cpe:/a:php:php", "@product": "PHP", "@vendor": "The PHP Group", "@version": "2.2" }, { "#text": "cpe:/o:misc:miraclelinux_asianux_server", "@product": "Asianux Server", "@vendor": "Cybertrust Japan Co., Ltd.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:enterprise_linux", "@product": "Red Hat Enterprise Linux", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:rhel_desktop_workstation", "@product": "RHEL Desktop Workstation", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_appliance_server", "@product": "Turbolinux Appliance Server", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_client", "@product": "Turbolinux Client", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_server", "@product": "Turbolinux Server", "@vendor": "Turbolinux, Inc.", "@version": "2.2" } ], "sec:cvss": { "@score": "2.6", "@severity": "Low", "@type": "Base", "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "@version": "2.0" }, "sec:identifier": "JVNDB-2008-000084", "sec:references": [ { "#text": "http://jvn.jp/en/jp/JVN50327700/index.html", "@id": "JVN#50327700", "@source": "JVN" }, { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5814", "@id": "CVE-2008-5814", "@source": "CVE" }, { "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5814", "@id": "CVE-2008-5814", "@source": "NVD" }, { "#text": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000084.html", "@id": "JVNDB-2008-000084 ", "@source": "JVNDB_Ja" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-79", "@title": "Cross-site Scripting(CWE-79)" } ], "title": "PHP vulnerable to cross-site scripting" }
jvndb-2003-000149
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
lv Arbitrary Command Execution Vulnerability
Details
lv contains a vulnerability of reading and running a .lv file in the current directry.
References
Impacted products
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2003/JVNDB-2003-000149.html", "dc:date": "2008-05-21T00:00+09:00", "dcterms:issued": "2008-05-21T00:00+09:00", "dcterms:modified": "2008-05-21T00:00+09:00", "description": "lv contains a vulnerability of reading and running a .lv file in the current directry.", "link": "https://jvndb.jvn.jp/en/contents/2003/JVNDB-2003-000149.html", "sec:cpe": [ { "#text": "cpe:/a:lv:lv", "@product": "lv", "@vendor": "NARITA Tomio ", "@version": "2.2" }, { "#text": "cpe:/o:misc:miraclelinux_asianux_server", "@product": "Asianux Server", "@vendor": "Cybertrust Japan Co., Ltd.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:enterprise_linux", "@product": "Red Hat Enterprise Linux", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:linux", "@product": "Red Hat Linux", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:linux_advanced_workstation", "@product": "Red Hat Linux Advanced Workstation", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_server", "@product": "Turbolinux Server", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_workstation", "@product": "Turbolinux Workstation", "@vendor": "Turbolinux, Inc.", "@version": "2.2" } ], "sec:cvss": { "@score": "7.2", "@severity": "High", "@type": "Base", "@vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "@version": "2.0" }, "sec:identifier": "JVNDB-2003-000149", "sec:references": [ { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0188", "@id": "CVE-2003-0188", "@source": "CVE" }, { "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2003-0188", "@id": "CVE-2003-0188", "@source": "NVD" }, { "#text": "http://www.securityfocus.com/bid/7613", "@id": "7613", "@source": "BID" } ], "title": "lv Arbitrary Command Execution Vulnerability" }
jvndb-2007-001022
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2009-11-16 11:52
Summary
Apache UTF-7 Encoding Cross-Site Scripting Vulnerability
Details
The mod_autoindex.c module in Apache HTTP Server is vulnerable to a cross-site scripting attack. When the charset on a server-generated page is undefined, the vulnerability allows attackers to inject arbitrary scripts or HTML via the P parameter using the UTF-7 charset.
References
Impacted products
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-001022.html", "dc:date": "2009-11-16T11:52+09:00", "dcterms:issued": "2008-05-21T00:00+09:00", "dcterms:modified": "2009-11-16T11:52+09:00", "description": "The mod_autoindex.c module in Apache HTTP Server is vulnerable to a cross-site scripting attack. When the charset on a server-generated page is undefined, the vulnerability allows attackers to inject arbitrary scripts or HTML via the P parameter using the UTF-7 charset.", "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-001022.html", "sec:cpe": [ { "#text": "cpe:/a:apache:http_server", "@product": "Apache HTTP Server", "@vendor": "Apache Software Foundation", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_application_framework_suite", "@product": "Interstage Application Framework Suite", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_application_server", "@product": "Interstage Application Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_apworks", "@product": "Interstage Apworks", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_business_application_server", "@product": "Interstage Business Application Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_job_workload_server", "@product": "Interstage Job Workload Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_studio", "@product": "Interstage Studio", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_web_server", "@product": "Interstage Web Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:systemwalker_resource_coordinator", "@product": "Systemwalker Resource Coordinator", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:hitachi_web_server", "@product": "Hitachi Web Server", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_application_server", "@product": "uCosminexus Application Server", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_service", "@product": "uCosminexus Service", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/o:apple:mac_os_x_server", "@product": "Apple Mac OS X Server", "@vendor": "Apple Inc.", "@version": "2.2" }, { "#text": "cpe:/o:hp:hp-ux", "@product": "HP-UX", "@vendor": "Hewlett-Packard Development Company,L.P", "@version": "2.2" }, { "#text": "cpe:/o:misc:miraclelinux_asianux_server", "@product": "Asianux Server", "@vendor": "Cybertrust Japan Co., Ltd.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:enterprise_linux", "@product": "Red Hat Enterprise Linux", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:enterprise_linux_desktop", "@product": "Red Hat Enterprise Linux Desktop", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:linux_advanced_workstation", "@product": "Red Hat Linux Advanced Workstation", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:rhel_desktop_workstation", "@product": "RHEL Desktop Workstation", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_appliance_server", "@product": "Turbolinux Appliance Server", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_fuji", "@product": "Turbolinux FUJI", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_multimedia", "@product": "Turbolinux Multimedia", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_personal", "@product": "Turbolinux Personal", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_server", "@product": "Turbolinux Server", "@vendor": "Turbolinux, Inc.", "@version": "2.2" } ], "sec:cvss": { "@score": "4.3", "@severity": "Medium", "@type": "Base", "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "@version": "2.0" }, "sec:identifier": "JVNDB-2007-001022", "sec:references": [ { "#text": "http://jvn.jp/en/tr/TRTA08-150A/index.html", "@id": "TRTA08-150A", "@source": "JVNTR" }, { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4465", "@id": "CVE-2007-4465", "@source": "CVE" }, { "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4465", "@id": "CVE-2007-4465", "@source": "NVD" }, { "#text": "http://www.us-cert.gov/cas/alerts/SA08-150A.html", "@id": "SA08-150A", "@source": "CERT-SA" }, { "#text": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html", "@id": "TA08-150A", "@source": "CERT-TA" }, { "#text": "http://www.securityfocus.com/bid/25653", "@id": "25653", "@source": "BID" }, { "#text": "http://xforce.iss.net/xforce/xfdb/36586", "@id": "36586", "@source": "XF" }, { "#text": "http://www.securitytracker.com/id?1019194", "@id": "1019194", "@source": "SECTRACK" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-79", "@title": "Cross-site Scripting(CWE-79)" } ], "title": "Apache UTF-7 Encoding Cross-Site Scripting Vulnerability" }
jvndb-2006-000808
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-11-14 12:20
Summary
Denial of service vulnerability in Ruby CGI library (cgi.rb)
Details
cgi.rb, a standard library in Ruby, contains a denial of service vulnerability.
This vulnerability is different from CVE-2006-5467.
References
Impacted products
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000808.html", "dc:date": "2008-11-14T12:20+09:00", "dcterms:issued": "2008-05-21T00:00+09:00", "dcterms:modified": "2008-11-14T12:20+09:00", "description": "cgi.rb, a standard library in Ruby, contains a denial of service vulnerability.\r\n\r\nThis vulnerability is different from CVE-2006-5467.", "link": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000808.html", "sec:cpe": [ { "#text": "cpe:/a:ruby-lang:ruby", "@product": "Ruby", "@vendor": "Ruby", "@version": "2.2" }, { "#text": "cpe:/o:misc:miraclelinux_asianux_server", "@product": "Asianux Server", "@vendor": "Cybertrust Japan Co., Ltd.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:enterprise_linux", "@product": "Red Hat Enterprise Linux", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:enterprise_linux_desktop", "@product": "Red Hat Enterprise Linux Desktop", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux", "@product": "Turbolinux", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_appliance_server", "@product": "Turbolinux Appliance Server", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_desktop", "@product": "Turbolinux Desktop", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_fuji", "@product": "Turbolinux FUJI", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_home", "@product": "Turbolinux Home", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_multimedia", "@product": "Turbolinux Multimedia", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_personal", "@product": "Turbolinux Personal", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_server", "@product": "Turbolinux Server", "@vendor": "Turbolinux, Inc.", "@version": "2.2" } ], "sec:cvss": { "@score": "5.0", "@severity": "Medium", "@type": "Base", "@vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "@version": "2.0" }, "sec:identifier": "JVNDB-2006-000808", "sec:references": [ { "#text": "http://jvn.jp/en/jp/JVN84798830/index.html", "@id": "JVN#84798830", "@source": "JVN" }, { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6303", "@id": "CVE-2006-6303", "@source": "CVE" }, { "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-6303", "@id": "CVE-2006-6303", "@source": "NVD" }, { "#text": "http://secunia.com/advisories/13123/", "@id": "SA13123", "@source": "SECUNIA" }, { "#text": "http://www.securityfocus.com/bid/21441", "@id": "21441", "@source": "BID" }, { "#text": "http://xforce.iss.net/xforce/xfdb/30734", "@id": "30734", "@source": "XF" }, { "#text": "http://securitytracker.com/id?1017363", "@id": "1017363", "@source": "SECTRACK" }, { "#text": "http://www.frsirt.com/english/advisories/2006/4855", "@id": "FrSIRT/ADV-2006-4855", "@source": "FRSIRT" }, { "#text": "http://jvndb.jvn.jp/ja/contents/2006/JVNDB-2006-000808.html", "@id": "JVNDB-2006-000808", "@source": "JVNDB_Ja" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-399", "@title": "Resource Management Errors(CWE-399)" } ], "title": "Denial of service vulnerability in Ruby CGI library (cgi.rb)" }