All the vulnerabilites related to VMware - VMware ESX
jvndb-2009-000037
Vulnerability from jvndb
Published
2009-06-18 17:54
Modified
2012-09-28 13:40
Summary
Apache Tomcat denial of service (DoS) vulnerability
Details
Apache Tomcat from The Apache Software Foundation contains a denial of service (DoS) vulnerability.
Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies.
If Tomcat receives a request with an invalid header via the Java AJP connector, it will not return an error and instead closes the AJP connection. In case this connector is member of a mod_jk load balancing worker, this member will be put into an error state and will be blocked from use for approximately one minute. Thus the behavior can be used for a denial of service attack using a carefully crafted request.
According to the developer, unsupported Apache Tomcat 3.x, 4.0.x, and 5.0.x may also be affected.
For more information, refer to the developer's website.
Yoshihito Fukuyama of NTT OSS Center reported this vulnerability to IPA. JPCERT/CC coordinated with The Apache Software Foundation and the vendors under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000037.html",
"dc:date": "2012-09-28T13:40+09:00",
"dcterms:issued": "2009-06-18T17:54+09:00",
"dcterms:modified": "2012-09-28T13:40+09:00",
"description": "Apache Tomcat from The Apache Software Foundation contains a denial of service (DoS) vulnerability.\r\n\r\nApache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies.\r\nIf Tomcat receives a request with an invalid header via the Java AJP connector, it will not return an error and instead closes the AJP connection. In case this connector is member of a mod_jk load balancing worker, this member will be put into an error state and will be blocked from use for approximately one minute. Thus the behavior can be used for a denial of service attack using a carefully crafted request.\r\n\r\nAccording to the developer, unsupported Apache Tomcat 3.x, 4.0.x, and 5.0.x may also be affected.\r\nFor more information, refer to the developer\u0027s website.\r\n\r\nYoshihito Fukuyama of NTT OSS Center reported this vulnerability to IPA. JPCERT/CC coordinated with The Apache Software Foundation and the vendors under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000037.html",
"sec:cpe": [
{
"#text": "cpe:/a:apache:tomcat",
"@product": "Apache Tomcat",
"@vendor": "Apache Software Foundation",
"@version": "2.2"
},
{
"#text": "cpe:/a:hp:tomcat-based_servlet_engine",
"@product": "HP-UX Tomcat-based Servlet Engine",
"@vendor": "Hewlett-Packard Development Company,L.P",
"@version": "2.2"
},
{
"#text": "cpe:/a:nec:infoframe_documentskipper",
"@product": "InfoFrame DocumentSkipper",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:vmware:esx",
"@product": "VMware ESX",
"@vendor": "VMware",
"@version": "2.2"
},
{
"#text": "cpe:/a:vmware:server",
"@product": "VMware Server",
"@vendor": "VMware",
"@version": "2.2"
},
{
"#text": "cpe:/a:vmware:vcenter",
"@product": "VMware vCenter",
"@vendor": "VMware",
"@version": "2.2"
},
{
"#text": "cpe:/a:vmware:virtualcenter",
"@product": "VMware VirtualCenter",
"@vendor": "VMware",
"@version": "2.2"
},
{
"#text": "cpe:/o:apple:mac_os_x_server",
"@product": "Apple Mac OS X Server",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:hp:hp-ux",
"@product": "HP-UX",
"@vendor": "Hewlett-Packard Development Company,L.P",
"@version": "2.2"
},
{
"#text": "cpe:/o:misc:miraclelinux_asianux_server",
"@product": "Asianux Server",
"@vendor": "Cybertrust Japan Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux",
"@product": "Red Hat Enterprise Linux",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux_desktop",
"@product": "Red Hat Enterprise Linux Desktop",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux_eus",
"@product": "Red Hat Enterprise Linux EUS",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:rhel_desktop_workstation",
"@product": "RHEL Desktop Workstation",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:sun:opensolaris",
"@product": "OpenSolaris",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:sun:solaris",
"@product": "Sun Solaris",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2009-000037",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN87272440/index.html",
"@id": "JVN#87272440",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0033",
"@id": "CVE-2009-0033",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0033",
"@id": "CVE-2009-0033",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/35326",
"@id": "SA35326",
"@source": "SECUNIA"
},
{
"#text": "http://secunia.com/advisories/35344",
"@id": "SA35344",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/35193",
"@id": "35193",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/50928",
"@id": "50928",
"@source": "XF"
},
{
"#text": "http://securitytracker.com/alerts/2009/Jun/1022331.html",
"@id": "1022331",
"@source": "SECTRACK"
},
{
"#text": "http://www.vupen.com/english/advisories/2009/1496",
"@id": "VUPEN/ADV-2009-1496",
"@source": "VUPEN"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
}
],
"title": "Apache Tomcat denial of service (DoS) vulnerability"
}
jvndb-2012-000063
Vulnerability from jvndb
Published
2012-06-19 14:38
Modified
2012-12-26 18:01
Summary
Python SimpleHTTPServer vulnerable to cross-site scripting
Details
The SimpleHTTPServer in Python contains a cross-site scripting vulnerability.
Keigo Yamazaki of Little eArth Corporation Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Python Software Foundation | Python | |
| VMware | VMware ESX |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000063.html",
"dc:date": "2012-12-26T18:01+09:00",
"dcterms:issued": "2012-06-19T14:38+09:00",
"dcterms:modified": "2012-12-26T18:01+09:00",
"description": "The SimpleHTTPServer in Python contains a cross-site scripting vulnerability.\r\n\r\nKeigo Yamazaki of Little eArth Corporation Co., Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000063.html",
"sec:cpe": [
{
"#text": "cpe:/a:python:python",
"@product": "Python",
"@vendor": "Python Software Foundation",
"@version": "2.2"
},
{
"#text": "cpe:/a:vmware:esx",
"@product": "VMware ESX",
"@vendor": "VMware",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2012-000063",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN51176027/index.html",
"@id": "JVN#51176027",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4940",
"@id": "CVE-2011-4940",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4940",
"@id": "CVE-2011-4940",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Python SimpleHTTPServer vulnerable to cross-site scripting"
}
jvndb-2011-002110
Vulnerability from jvndb
Published
2011-08-26 17:12
Modified
2012-12-26 11:37
Summary
Samba Web Administration Tool vulnerable to cross-site request forgery
Details
Samba Web Administration Tool (SWAT) contains a cross-site request forgery vulnerability.
Samba Web Administration Tool (SWAT) allows for Samba configuration through a web interface. SWAT contains a cross-site request forgery vulnerability.
SWAT is disabled in a default configuration of Samba.
ISHIKAWA YOSHIHIRO of LAC reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-002110.html",
"dc:date": "2012-12-26T11:37+09:00",
"dcterms:issued": "2011-08-26T17:12+09:00",
"dcterms:modified": "2012-12-26T11:37+09:00",
"description": "Samba Web Administration Tool (SWAT) contains a cross-site request forgery vulnerability.\r\n\r\nSamba Web Administration Tool (SWAT) allows for Samba configuration through a web interface. SWAT contains a cross-site request forgery vulnerability.\r\n\r\nSWAT is disabled in a default configuration of Samba.\r\n\r\nISHIKAWA YOSHIHIRO of LAC reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-002110.html",
"sec:cpe": [
{
"#text": "cpe:/a:redhat:rhel_server_eus",
"@product": "Red Hat Enterprise Linux Server EUS",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:samba:samba",
"@product": "Samba",
"@vendor": "Samba Project",
"@version": "2.2"
},
{
"#text": "cpe:/a:vmware:esx",
"@product": "VMware ESX",
"@vendor": "VMware",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux",
"@product": "Red Hat Enterprise Linux",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux_desktop",
"@product": "Red Hat Enterprise Linux Desktop",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux_hpc_node",
"@product": "Red Hat Enterprise Linux HPC Node",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux_server",
"@product": "Red Hat Enterprise Linux Server",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux_workstation",
"@product": "Red Hat Enterprise Linux Workstation",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:rhel_desktop_workstation",
"@product": "RHEL Desktop Workstation",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2011-002110",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN29529126/index.html",
"@id": "JVN#29529126",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2522",
"@id": "CVE-2011-2522",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2522",
"@id": "CVE-2011-2522",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/45393",
"@id": "SA45393",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/48899",
"@id": "48899",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/68843",
"@id": "68843",
"@source": "XF"
},
{
"#text": "http://www.securitytracker.com/id?1025852",
"@id": "1025852",
"@source": "SECTRACK"
},
{
"#text": "http://osvdb.org/74071",
"@id": "74071",
"@source": "OSVDB"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
}
],
"title": "Samba Web Administration Tool vulnerable to cross-site request forgery"
}
jvndb-2013-000084
Vulnerability from jvndb
Published
2013-09-06 13:59
Modified
2013-09-11 13:59
Summary
VMware ESX and ESXi vulnerable to directory traversal
Details
VMware ESX and ESXi contains a directory traversal vulnerability.
Shanon Olsson reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| VMware | VMware ESX | |
| VMware | VMware ESXi |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000084.html",
"dc:date": "2013-09-11T13:59+09:00",
"dcterms:issued": "2013-09-06T13:59+09:00",
"dcterms:modified": "2013-09-11T13:59+09:00",
"description": "VMware ESX and ESXi contains a directory traversal vulnerability.\r\n\r\nShanon Olsson reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000084.html",
"sec:cpe": [
{
"#text": "cpe:/o:vmware:esx",
"@product": "VMware ESX",
"@vendor": "VMware",
"@version": "2.2"
},
{
"#text": "cpe:/o:vmware:esxi",
"@product": "VMware ESXi",
"@vendor": "VMware",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "6.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2013-000084",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN72911629/index.html",
"@id": "JVN#72911629",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3658",
"@id": "CVE-2013-3658",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3658",
"@id": "CVE-2013-3658",
"@source": "NVD"
},
{
"#text": "http://www.ipa.go.jp/security/ciadr/vul/20130906-jvn.html",
"@id": "Security Alert for Vulnerability in VMware Products (JVN#72911629)(JVN#19847770)",
"@source": "IPA SECURITY ALERTS"
},
{
"#text": "http://blog.shanonolsson.com/blog/2013/08/24/esxi-cim-services-authentication-bypass-and-remote-code-execution-vulnerabilities/",
"@id": "ESXi CIM Services Authentication Bypass and Remote Code Execution Vulnerabilities",
"@source": "Related Information"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
}
],
"title": "VMware ESX and ESXi vulnerable to directory traversal"
}
jvndb-2011-002111
Vulnerability from jvndb
Published
2011-08-26 17:14
Modified
2012-12-26 11:42
Summary
Samba Web Administration Tool vulnerable to cross-site scripting
Details
Samba Web Administration Tool contains a cross-site scripting vulnerability.
Samba Web Administration Tool (SWAT) allows for Samba configuration through a web interface. SWAT contains a cross-site scripting vulnerability.
SWAT is disabled in a default configuration of Samba.
nobuhiro tsuji of NTT DATA INTELLILINK CORPORATION reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-002111.html",
"dc:date": "2012-12-26T11:42+09:00",
"dcterms:issued": "2011-08-26T17:14+09:00",
"dcterms:modified": "2012-12-26T11:42+09:00",
"description": "Samba Web Administration Tool contains a cross-site scripting vulnerability.\r\n\r\nSamba Web Administration Tool (SWAT) allows for Samba configuration through a web interface. SWAT contains a cross-site scripting vulnerability.\r\n\r\nSWAT is disabled in a default configuration of Samba.\r\n\r\nnobuhiro tsuji of NTT DATA INTELLILINK CORPORATION reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-002111.html",
"sec:cpe": [
{
"#text": "cpe:/a:redhat:rhel_server_eus",
"@product": "Red Hat Enterprise Linux Server EUS",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:samba:samba",
"@product": "Samba",
"@vendor": "Samba Project",
"@version": "2.2"
},
{
"#text": "cpe:/a:vmware:esx",
"@product": "VMware ESX",
"@vendor": "VMware",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux",
"@product": "Red Hat Enterprise Linux",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux_desktop",
"@product": "Red Hat Enterprise Linux Desktop",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux_hpc_node",
"@product": "Red Hat Enterprise Linux HPC Node",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux_server",
"@product": "Red Hat Enterprise Linux Server",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux_workstation",
"@product": "Red Hat Enterprise Linux Workstation",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:rhel_desktop_workstation",
"@product": "RHEL Desktop Workstation",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2011-002111",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN63041502/index.html",
"@id": "JVN#63041502",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2694",
"@id": "CVE-2011-2694",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2694",
"@id": "CVE-2011-2694",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/45393",
"@id": "SA45393",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/48901",
"@id": "48901",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/68844",
"@id": "68844",
"@source": "XF"
},
{
"#text": "http://www.securitytracker.com/id?1025852",
"@id": "1025852",
"@source": "SECTRACK"
},
{
"#text": "http://osvdb.org/74072",
"@id": "74072",
"@source": "OSVDB"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Samba Web Administration Tool vulnerable to cross-site scripting"
}
jvndb-2013-000085
Vulnerability from jvndb
Published
2013-09-06 14:03
Modified
2013-09-11 14:06
Summary
VMware ESX and ESXi vulnerable to buffer overflow
Details
VMware ESX and ESXi contains a buffer overflow vulnerability.
Shanon Olsson reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| VMware | VMware ESX | |
| VMware | VMware ESXi |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000085.html",
"dc:date": "2013-09-11T14:06+09:00",
"dcterms:issued": "2013-09-06T14:03+09:00",
"dcterms:modified": "2013-09-11T14:06+09:00",
"description": "VMware ESX and ESXi contains a buffer overflow vulnerability.\r\n\r\nShanon Olsson reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000085.html",
"sec:cpe": [
{
"#text": "cpe:/o:vmware:esx",
"@product": "VMware ESX",
"@vendor": "VMware",
"@version": "2.2"
},
{
"#text": "cpe:/o:vmware:esxi",
"@product": "VMware ESXi",
"@vendor": "VMware",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2013-000085",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN19847770/index.html",
"@id": "JVN#19847770",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3657",
"@id": "CVE-2013-3657",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3657",
"@id": "CVE-2013-3657",
"@source": "NVD"
},
{
"#text": "http://www.ipa.go.jp/security/ciadr/vul/20130906-jvn.html",
"@id": "Security Alert for Vulnerability in VMware Products (JVN#72911629)(JVN#19847770)",
"@source": "IPA SECURITY ALERTS"
},
{
"#text": "http://blog.shanonolsson.com/blog/2013/08/24/esxi-cim-services-authentication-bypass-and-remote-code-execution-vulnerabilities/",
"@id": "ESXi CIM Services Authentication Bypass and Remote Code Execution Vulnerabilities",
"@source": "Related Information"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-119",
"@title": "Buffer Errors(CWE-119)"
}
],
"title": "VMware ESX and ESXi vulnerable to buffer overflow"
}
jvndb-2009-000036
Vulnerability from jvndb
Published
2009-06-18 17:53
Modified
2012-09-28 13:35
Summary
Apache Tomcat information disclosure vulnerability
Details
Apache Tomcat from The Apache Software Foundation contains an information disclosure vulnerability.
Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies.
Apache Tomcat contains a vulnerability which may allow information disclosure or access to the contents contained in the WEB-INF directory.
According to the developer, unsupported Apache Tomcat 3.x, 4.0.x, and 5.0.x may also be affected.
For more information, refer to the developer's website.
Minehiko Iida and Yuichiro Suzuki of Development Dept. II Application Management Middleware Div. FUJITSU LIMITED reported this vulnerability to IPA. JPCERT/CC coordinated with The Apache Software Foundation and the vendors under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000036.html",
"dc:date": "2012-09-28T13:35+09:00",
"dcterms:issued": "2009-06-18T17:53+09:00",
"dcterms:modified": "2012-09-28T13:35+09:00",
"description": "Apache Tomcat from The Apache Software Foundation contains an information disclosure vulnerability.\r\n\r\nApache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies.\r\nApache Tomcat contains a vulnerability which may allow information disclosure or access to the contents contained in the WEB-INF directory.\r\n\r\nAccording to the developer, unsupported Apache Tomcat 3.x, 4.0.x, and 5.0.x may also be affected.\r\nFor more information, refer to the developer\u0027s website.\r\n\r\nMinehiko Iida and Yuichiro Suzuki of Development Dept. II Application Management Middleware Div. FUJITSU LIMITED reported this vulnerability to IPA. JPCERT/CC coordinated with The Apache Software Foundation and the vendors under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000036.html",
"sec:cpe": [
{
"#text": "cpe:/a:apache:tomcat",
"@product": "Apache Tomcat",
"@vendor": "Apache Software Foundation",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_application_framework_suite",
"@product": "Interstage Application Framework Suite",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_application_server",
"@product": "Interstage Application Server",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_apworks",
"@product": "Interstage Apworks",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_business_application_server",
"@product": "Interstage Business Application Server",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_job_workload_server",
"@product": "Interstage Job Workload Server",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_studio",
"@product": "Interstage Studio",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_web_server",
"@product": "Interstage Web Server",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:hp:tomcat-based_servlet_engine",
"@product": "HP-UX Tomcat-based Servlet Engine",
"@vendor": "Hewlett-Packard Development Company,L.P",
"@version": "2.2"
},
{
"#text": "cpe:/a:nec:infoframe_documentskipper",
"@product": "InfoFrame DocumentSkipper",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:nec:mcone",
"@product": "MCOne",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:nec:websam_securemaster",
"@product": "WebSAM SECUREMASTER",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:vmware:esx",
"@product": "VMware ESX",
"@vendor": "VMware",
"@version": "2.2"
},
{
"#text": "cpe:/a:vmware:server",
"@product": "VMware Server",
"@vendor": "VMware",
"@version": "2.2"
},
{
"#text": "cpe:/a:vmware:vcenter",
"@product": "VMware vCenter",
"@vendor": "VMware",
"@version": "2.2"
},
{
"#text": "cpe:/a:vmware:virtualcenter",
"@product": "VMware VirtualCenter",
"@vendor": "VMware",
"@version": "2.2"
},
{
"#text": "cpe:/o:apple:mac_os_x_server",
"@product": "Apple Mac OS X Server",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:hp:hp-ux",
"@product": "HP-UX",
"@vendor": "Hewlett-Packard Development Company,L.P",
"@version": "2.2"
},
{
"#text": "cpe:/o:misc:miraclelinux_asianux_server",
"@product": "Asianux Server",
"@vendor": "Cybertrust Japan Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux",
"@product": "Red Hat Enterprise Linux",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux_desktop",
"@product": "Red Hat Enterprise Linux Desktop",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux_eus",
"@product": "Red Hat Enterprise Linux EUS",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:rhel_desktop_workstation",
"@product": "RHEL Desktop Workstation",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:sun:opensolaris",
"@product": "OpenSolaris",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:sun:solaris",
"@product": "Sun Solaris",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2009-000036",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN63832775/index.html",
"@id": "JVN#63832775",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5515",
"@id": "CVE-2008-5515",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5515",
"@id": "CVE-2008-5515",
"@source": "NVD"
},
{
"#text": "http://www.securityfocus.com/bid/35263",
"@id": "35263",
"@source": "BID"
},
{
"#text": "http://www.vupen.com/english/advisories/2009/1520",
"@id": "VUPEN/ADV-2009-1520",
"@source": "VUPEN"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-200",
"@title": "Information Exposure(CWE-200)"
}
],
"title": "Apache Tomcat information disclosure vulnerability"
}
jvndb-2013-000123
Vulnerability from jvndb
Published
2013-12-24 15:02
Modified
2013-12-25 14:01
Summary
VMware ESX and ESXi may allow access to arbitrary files
Details
VMware ESX and ESXi contain a vulnerability in the handling of Virtual Machine file descriptors, which may allow access to arbitrary ESX and ESXi files.
Shanon Olsson reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| VMware | VMware ESX | |
| VMware | VMware ESXi |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000123.html",
"dc:date": "2013-12-25T14:01+09:00",
"dcterms:issued": "2013-12-24T15:02+09:00",
"dcterms:modified": "2013-12-25T14:01+09:00",
"description": "VMware ESX and ESXi contain a vulnerability in the handling of Virtual Machine file descriptors, which may allow access to arbitrary ESX and ESXi files.\r\n\r\nShanon Olsson reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000123.html",
"sec:cpe": [
{
"#text": "cpe:/o:vmware:esx",
"@product": "VMware ESX",
"@vendor": "VMware",
"@version": "2.2"
},
{
"#text": "cpe:/o:vmware:esxi",
"@product": "VMware ESXi",
"@vendor": "VMware",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "2.1",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:S/C:P/I:N/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2013-000123",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN13154935/index.html",
"@id": "JVN#13154935",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5973",
"@id": "CVE-2013-5973",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5973",
"@id": "CVE-2013-5973",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-noinfo",
"@title": "No Mapping(CWE-noinfo)"
}
],
"title": "VMware ESX and ESXi may allow access to arbitrary files"
}
jvndb-2008-000009
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2010-01-05 12:14
Summary
Apache Tomcat fails to properly handle cookie value
Details
Apache Tomcat from the Apache Software Foundation contains a vulnerability that could allow a remote attacker to coerce a crafted cookie to a user's web browser.
Apache Tomcat from the Apache Software Foundation is a web container that implements both Java Servlets and JavaServer Pages.
The developer reports that this issue exists because of an incomplete fix for CVE-2007-3385.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000009.html",
"dc:date": "2010-01-05T12:14+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2010-01-05T12:14+09:00",
"description": "Apache Tomcat from the Apache Software Foundation contains a vulnerability that could allow a remote attacker to coerce a crafted cookie to a user\u0027s web browser.\r\n\r\nApache Tomcat from the Apache Software Foundation is a web container that implements both Java Servlets and JavaServer Pages.\r\n\r\nThe developer reports that this issue exists because of an incomplete fix for CVE-2007-3385.",
"link": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000009.html",
"sec:cpe": [
{
"#text": "cpe:/a:apache:tomcat",
"@product": "Apache Tomcat",
"@vendor": "Apache Software Foundation",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:interscan_messaging_security_appliance",
"@product": "TrendMicro InterScan Messaging Security Appliance",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:interscan_messaging_security_suite",
"@product": "InterScan Messaging Security Suite",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:interscan_web_security_appliance",
"@product": "TrendMicro InterScan Web Security Appliance",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:interscan_web_security_suite",
"@product": "TrendMicro InterScan Web Security Suite",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:vmware:esx",
"@product": "VMware ESX",
"@vendor": "VMware",
"@version": "2.2"
},
{
"#text": "cpe:/a:vmware:server",
"@product": "VMware Server",
"@vendor": "VMware",
"@version": "2.2"
},
{
"#text": "cpe:/a:vmware:vcenter",
"@product": "VMware vCenter",
"@vendor": "VMware",
"@version": "2.2"
},
{
"#text": "cpe:/a:vmware:virtualcenter",
"@product": "VMware VirtualCenter",
"@vendor": "VMware",
"@version": "2.2"
},
{
"#text": "cpe:/o:apple:mac_os_x",
"@product": "Apple Mac OS X",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:apple:mac_os_x_server",
"@product": "Apple Mac OS X Server",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:misc:miraclelinux_asianux_server",
"@product": "Asianux Server",
"@vendor": "Cybertrust Japan Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux",
"@product": "Red Hat Enterprise Linux",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux_desktop",
"@product": "Red Hat Enterprise Linux Desktop",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux_eus",
"@product": "Red Hat Enterprise Linux EUS",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:rhel_desktop_workstation",
"@product": "RHEL Desktop Workstation",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2008-000009",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN09470767/index.html",
"@id": "JVN#09470767",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333",
"@id": "CVE-2007-5333",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5333",
"@id": "CVE-2007-5333",
"@source": "NVD"
},
{
"#text": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory/97.html",
"@id": "SNS Advisory No.97",
"@source": "SNSDB"
},
{
"#text": "http://secunia.com/advisories/28878",
"@id": "SA28878",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/27706",
"@id": "27706",
"@source": "BID"
},
{
"#text": "http://www.frsirt.com/english/advisories/2008/0488",
"@id": "FrSIRT/ADV-2008-0488",
"@source": "FRSIRT"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-200",
"@title": "Information Exposure(CWE-200)"
}
],
"title": "Apache Tomcat fails to properly handle cookie value"
}