Vulnerability-Lookup - Search a vulnerability

jvndb-2007-000295

Vulnerability from jvndb

Published

2008-05-21 00:00

Modified

2009-08-06 11:39

Severity ?

() - -

Summary

APOP password recovery vulnerability

Details

POP3 is a protocol for receiving email from mail servers. APOP is an authentication mechanism used by the POP3 protocol. It is reported that APOP passwords could be recovered by third parties. In its successful attack, the attacker spoofs itself as the mail server, provides challenge strings to the client, and collects the responses from the client. The attacker should repeat this process for a certain period of time without alerting the user of the attack.

References

▼	Type	URL
	JVN	http://jvn.jp/cert/JVNTA07-151A/index.html
	JVN	http://jvn.jp/en/jp/JVN19445002/index.html
	JVNTR	http://jvn.jp/tr/TRTA07-151A/index.html
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1558
	NVD	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1558
	CERT-SA	http://www.us-cert.gov/cas/alerts/SA07-151A.html
	CERT-TA	http://www.us-cert.gov/cas/techalerts/TA07-151A.html
	BID	http://www.securityfocus.com/bid/23257
	SECTRACK	http://www.securitytracker.com/id?1018008
	FRSIRT	http://www.frsirt.com/english/advisories/2007/1466
	FRSIRT	http://www.frsirt.com/english/advisories/2007/1480
	FRSIRT	http://www.frsirt.com/english/advisories/2007/1468
	FRSIRT	http://www.frsirt.com/english/advisories/2007/1467
	IETF	http://www.ietf.org/rfc/rfc1939.txt
	Permissions(CWE-264)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

▼	Vendor	Product
	Claws Mail	Claws Mail
	Fetchmail Project	Fetchmail
	mozilla.org contributors	Mozilla SeaMonkey
	mozilla.org contributors	Mozilla Thunderbird
	Mutt	Mutt
	Red Hat, Inc.	RHEL Optional Productivity Applications
	Sylpheed	Sylpheed
	Hewlett-Packard Development Company,L.P	HP-UX
	Cybertrust Japan Co., Ltd.	Asianux Server
	Red Hat, Inc.	Red Hat Enterprise Linux
	Red Hat, Inc.	Red Hat Enterprise Linux Desktop
	Red Hat, Inc.	Red Hat Enterprise Linux EUS
	Red Hat, Inc.	Red Hat Linux Advanced Workstation
	Red Hat, Inc.	RHEL Desktop Workstation
	Turbolinux, Inc.	Turbolinux
	Turbolinux, Inc.	Turbolinux Desktop
	Turbolinux, Inc.	Turbolinux FUJI
	Turbolinux, Inc.	Turbolinux Home
	Turbolinux, Inc.	Turbolinux Multimedia
	Turbolinux, Inc.	Turbolinux Personal
	Turbolinux, Inc.	Turbolinux Server
	Turbolinux, Inc.	wizpy

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000295.html",
  "dc:date": "2009-08-06T11:39+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2009-08-06T11:39+09:00",
  "description": "POP3 is a protocol for receiving email from mail servers. APOP is an authentication mechanism used by the POP3 protocol.\r\n\r\nIt is reported that APOP passwords could be recovered by third parties.\r\n\r\nIn its successful attack, the attacker spoofs itself as the mail server, provides challenge strings to the client, and collects the responses from the client. The attacker should repeat this process for a certain period of time without alerting the user of the attack.",
  "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000295.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:claws_mail:claws_mail",
      "@product": "Claws Mail",
      "@vendor": "Claws Mail",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fetchmail:fetchmail",
      "@product": "Fetchmail",
      "@vendor": "Fetchmail Project",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:mozilla:seamonkey",
      "@product": "Mozilla SeaMonkey",
      "@vendor": "mozilla.org contributors",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:mozilla:thunderbird",
      "@product": "Mozilla Thunderbird",
      "@vendor": "mozilla.org contributors",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:mutt:mutt",
      "@product": "Mutt",
      "@vendor": "Mutt",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:redhat:rhel_optional_productivity_applications",
      "@product": "RHEL Optional Productivity Applications",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:sylpheed:sylpheed",
      "@product": "Sylpheed",
      "@vendor": "Sylpheed",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:hp:hp-ux",
      "@product": "HP-UX",
      "@vendor": "Hewlett-Packard Development Company,L.P",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:misc:miraclelinux_asianux_server",
      "@product": "Asianux Server",
      "@vendor": "Cybertrust Japan Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux",
      "@product": "Red Hat Enterprise Linux",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux_desktop",
      "@product": "Red Hat Enterprise Linux Desktop",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux_eus",
      "@product": "Red Hat Enterprise Linux EUS",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:linux_advanced_workstation",
      "@product": "Red Hat Linux Advanced Workstation",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:rhel_desktop_workstation",
      "@product": "RHEL Desktop Workstation",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux",
      "@product": "Turbolinux",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_desktop",
      "@product": "Turbolinux Desktop",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_fuji",
      "@product": "Turbolinux FUJI",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_home",
      "@product": "Turbolinux Home",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_multimedia",
      "@product": "Turbolinux Multimedia",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_personal",
      "@product": "Turbolinux Personal",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_server",
      "@product": "Turbolinux Server",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_wizpy",
      "@product": "wizpy",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "5.4",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:H/Au:N/C:C/I:N/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2007-000295",
  "sec:references": [
    {
      "#text": "http://jvn.jp/cert/JVNTA07-151A/index.html",
      "@id": "JVNTA07-151A",
      "@source": "JVN"
    },
    {
      "#text": "http://jvn.jp/en/jp/JVN19445002/index.html",
      "@id": "JVN#19445002",
      "@source": "JVN"
    },
    {
      "#text": "http://jvn.jp/tr/TRTA07-151A/index.html",
      "@id": "TRTA07-151A",
      "@source": "JVNTR"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1558",
      "@id": "CVE-2007-1558",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1558",
      "@id": "CVE-2007-1558",
      "@source": "NVD"
    },
    {
      "#text": "http://www.us-cert.gov/cas/alerts/SA07-151A.html",
      "@id": "SA07-151A",
      "@source": "CERT-SA"
    },
    {
      "#text": "http://www.us-cert.gov/cas/techalerts/TA07-151A.html",
      "@id": "TA07-151A",
      "@source": "CERT-TA"
    },
    {
      "#text": "http://www.securityfocus.com/bid/23257",
      "@id": "23257",
      "@source": "BID"
    },
    {
      "#text": "http://www.securitytracker.com/id?1018008",
      "@id": "1018008",
      "@source": "SECTRACK"
    },
    {
      "#text": "http://www.frsirt.com/english/advisories/2007/1466",
      "@id": "FrSIRT/ADV-2007-1466",
      "@source": "FRSIRT"
    },
    {
      "#text": "http://www.frsirt.com/english/advisories/2007/1480",
      "@id": "FrSIRT/ADV-2007-1480",
      "@source": "FRSIRT"
    },
    {
      "#text": "http://www.frsirt.com/english/advisories/2007/1468",
      "@id": "FrSIRT/ADV-2007-1468",
      "@source": "FRSIRT"
    },
    {
      "#text": "http://www.frsirt.com/english/advisories/2007/1467",
      "@id": "FrSIRT/ADV-2007-1467",
      "@source": "FRSIRT"
    },
    {
      "#text": "http://www.ietf.org/rfc/rfc1939.txt",
      "@id": "RFC1939:Post Office Protocol - Version 3",
      "@source": "IETF"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    }
  ],
  "title": "APOP password recovery vulnerability"
}

jvndb-2005-000601

Vulnerability from jvndb

Published

2008-05-21 00:00

Modified

2014-05-22 18:04

Severity ?

() - -

Summary

OpenSSL version rollback vulnerability

Details

OpenSSL from OpenSSL Project contains a version rollback vulnerability. If a specific option is used on a server running OpenSSL, an attacker can force the client and the server to negotiate the SSL 2.0 protocol even if these parties both request TLS 1.0 protocol by crafting an attack on the communication path. RFC 2246, defining the TLS protocol, defines that when TLS 1.0 is available, SSL 2.0 should not be used in order to avoid version rollback attacks.

References

▼	Type	URL
	JVN	http://jvn.jp/en/jp/JVN23632449/index.html
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2969
	NVD	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-2969
	SECUNIA	http://secunia.com/advisories/17151/
	BID	http://www.securityfocus.com/bid/15071
	SECTEAM	http://www.securiteam.com/securitynews/6Y00D0AEBW.html
	FRSIRT	http://www.frsirt.com/english/advisories/2005/2036

Impacted products

▼	Vendor	Product
	Hitachi, Ltd	Cosminexus Application Server Enterprise
	Hitachi, Ltd	Cosminexus Application Server Standard
	Hitachi, Ltd	Cosminexus Application Server Version 5
	Hitachi, Ltd	Cosminexus Developer Light Version 6
	Hitachi, Ltd	Cosminexus Developer Professional Version 6
	Hitachi, Ltd	Cosminexus Developer Standard Version 6
	Hitachi, Ltd	Cosminexus Developer Version 5
	Hitachi, Ltd	Cosminexus Server - Enterprise Edition
	Hitachi, Ltd	Cosminexus Server - Standard Edition
	Hitachi, Ltd	Cosminexus Server - Standard Edition Version 4
	Hitachi, Ltd	Cosminexus Server - Web Edition
	Hitachi, Ltd	Cosminexus Server - Web Edition Version 4
	Hitachi, Ltd	Hitachi Web Server
	Hitachi, Ltd	uCosminexus Application Server Enterprise
	Hitachi, Ltd	uCosminexus Application Server Smart Edition
	Hitachi, Ltd	uCosminexus Application Server Standard
	Hitachi, Ltd	uCosminexus Developer
	Hitachi, Ltd	uCosminexus Developer Light
	Hitachi, Ltd	uCosminexus Developer Standard
	Hitachi, Ltd	uCosminexus Service Architect
	Hitachi, Ltd	uCosminexus Service Platform
	OpenSSL Project	OpenSSL
	Trend Micro, Inc.	InterScan Messaging Security Suite
	Trend Micro, Inc.	TrendMicro InterScan VirusWall
	Trend Micro, Inc.	TrendMicro InterScan Web Security Suite
	FUJITSU	FMSE-C301
	FUJITSU	IPCOM Series
	Hewlett-Packard Development Company,L.P	HP-UX
	Cybertrust Japan Co., Ltd.	Asianux Server
	Red Hat, Inc.	Red Hat Enterprise Linux
	Red Hat, Inc.	Red Hat Linux Advanced Workstation
	Sun Microsystems, Inc.	Sun Solaris
	Turbolinux, Inc.	Turbolinux Appliance Server
	Turbolinux, Inc.	Turbolinux FUJI
	Turbolinux, Inc.	Turbolinux Multimedia
	Turbolinux, Inc.	Turbolinux Personal
	Turbolinux, Inc.	Turbolinux Server
	Turbolinux, Inc.	wizpy

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000601.html",
  "dc:date": "2014-05-22T18:04+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2014-05-22T18:04+09:00",
  "description": "OpenSSL from OpenSSL Project contains a version rollback vulnerability. If a specific option is used on a server running OpenSSL, an attacker can force the client and the server to negotiate the SSL 2.0 protocol even if these parties both request TLS 1.0 protocol by crafting an attack on the communication path.\r\n\r\nRFC 2246, defining the TLS protocol, defines that when TLS 1.0 is available, SSL 2.0 should not be used in order to avoid version rollback attacks.",
  "link": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000601.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:hitachi:cosminexus_application_server_enterprise",
      "@product": "Cosminexus Application Server Enterprise",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_application_server_standard",
      "@product": "Cosminexus Application Server Standard",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_application_server_version_5",
      "@product": "Cosminexus Application Server Version 5",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_developer_light_version_6",
      "@product": "Cosminexus Developer Light Version 6",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_developer_professional_version_6",
      "@product": "Cosminexus Developer Professional Version 6",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_developer_standard_version_6",
      "@product": "Cosminexus Developer Standard Version 6",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_developer_version_5",
      "@product": "Cosminexus Developer Version 5",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_server_-_enterprise_edition",
      "@product": "Cosminexus Server - Enterprise Edition",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_server_-_standard_edition",
      "@product": "Cosminexus Server - Standard Edition",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_server_-_standard_edition_version_4",
      "@product": "Cosminexus Server - Standard Edition Version 4",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_server_-_web_edition",
      "@product": "Cosminexus Server - Web Edition",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_server_-_web_edition_version_4",
      "@product": "Cosminexus Server - Web Edition Version 4",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:hitachi_web_server",
      "@product": "Hitachi Web Server",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_application_server_enterprise",
      "@product": "uCosminexus Application Server Enterprise",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_application_server_smart_edition",
      "@product": "uCosminexus Application Server Smart Edition",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_application_server_standard",
      "@product": "uCosminexus Application Server Standard",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_developer",
      "@product": "uCosminexus Developer",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_developer_light",
      "@product": "uCosminexus Developer Light",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_developer_standard",
      "@product": "uCosminexus Developer Standard",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_service_architect",
      "@product": "uCosminexus Service Architect",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_service_platform",
      "@product": "uCosminexus Service Platform",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:openssl:openssl",
      "@product": "OpenSSL",
      "@vendor": "OpenSSL Project",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:trendmicro:interscan_messaging_security_suite",
      "@product": "InterScan Messaging Security Suite",
      "@vendor": "Trend Micro, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:trendmicro:interscan_viruswall",
      "@product": "TrendMicro InterScan VirusWall",
      "@vendor": "Trend Micro, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:trendmicro:interscan_web_security_suite",
      "@product": "TrendMicro InterScan Web Security Suite",
      "@vendor": "Trend Micro, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:fujitsu:fmse-c301",
      "@product": "FMSE-C301",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:fujitsu:ipcom",
      "@product": "IPCOM Series",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:hp:hp-ux",
      "@product": "HP-UX",
      "@vendor": "Hewlett-Packard Development Company,L.P",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:misc:miraclelinux_asianux_server",
      "@product": "Asianux Server",
      "@vendor": "Cybertrust Japan Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux",
      "@product": "Red Hat Enterprise Linux",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:linux_advanced_workstation",
      "@product": "Red Hat Linux Advanced Workstation",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:sun:solaris",
      "@product": "Sun Solaris",
      "@vendor": "Sun Microsystems, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_appliance_server",
      "@product": "Turbolinux Appliance Server",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_fuji",
      "@product": "Turbolinux FUJI",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_multimedia",
      "@product": "Turbolinux Multimedia",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_personal",
      "@product": "Turbolinux Personal",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_server",
      "@product": "Turbolinux Server",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_wizpy",
      "@product": "wizpy",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "2.6",
    "@severity": "Low",
    "@type": "Base",
    "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2005-000601",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN23632449/index.html",
      "@id": "JVN#23632449",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2969",
      "@id": "CVE-2005-2969",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-2969",
      "@id": "CVE-2005-2969",
      "@source": "NVD"
    },
    {
      "#text": "http://secunia.com/advisories/17151/",
      "@id": "SA17151",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://www.securityfocus.com/bid/15071",
      "@id": "15071",
      "@source": "BID"
    },
    {
      "#text": "http://www.securiteam.com/securitynews/6Y00D0AEBW.html",
      "@id": "6Y00D0AEBW",
      "@source": "SECTEAM"
    },
    {
      "#text": "http://www.frsirt.com/english/advisories/2005/2036",
      "@id": "FrSIRT/ADV-2005-2036",
      "@source": "FRSIRT"
    }
  ],
  "title": "OpenSSL version rollback vulnerability"
}

jvndb-2007-000817

Vulnerability from jvndb

Published

2008-05-21 00:00

Modified

2009-02-10 11:32

Severity ?

() - -

Summary

Flash Player vulnerable in handling cross-domain policy files

Details

Adobe Flash Player contains a vulnerability caused by improper handling of cross-domain policy files. Adobe Flash Player is a player for the Flash media format and enables frame-based animations with sound to be viewed within a web browser. According to Adobe's "About allowing cross-domain data loading", "When a Flash document attempts to access data from another domain, Flash Player automatically attempts to load a policy file from that domain. If the domain of the Flash document that is attempting to access the data is included in the policy file, the data is automatically accessible." Flash Player contains a vulnerability that may allow a specially crafted web page to be interpreted as a cross-domain policy file because the plugin fails to properly handle cross-domain policy files.

References

▼	Type	URL
	JVN	http://jvn.jp/en/jp/JVN45675516/index.html
	JVNTR	https://jvn.jp/en/tr/TRTA07-355A/index.html
	JVNTR	https://jvn.jp/en/tr/TRTA08-100A/
	JVNTR	https://jvn.jp/en/tr/TRTA08-150A/index.html
	CVE	http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6243
	NVD	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6243
	CERT-SA	http://www.us-cert.gov/cas/alerts/SA08-150A.html
	CERT-TA	http://www.us-cert.gov/cas/techalerts/TA08-150A.html
	SECUNIA	http://secunia.com/advisories/28161
	XF	http://xforce.iss.net/xforce/xfdb/39129
	SECTRACK	http://securitytracker.com/id?1019116
	FRSIRT	http://www.frsirt.com/english/advisories/2007/4258
	FRSIRT	http://www.frsirt.com/english/advisories/2008/2838
	JVNDB_Ja	http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-000817.html
	Cross-site Scripting(CWE-79)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

▼	Vendor	Product
	Adobe Inc.	Adobe Flash Player
	Red Hat, Inc.	Red Hat Enterprise Linux Extras
	Red Hat, Inc.	RHEL Desktop Supplementary
	Red Hat, Inc.	RHEL Supplementary
	Apple Inc.	Apple Mac OS X
	Apple Inc.	Apple Mac OS X Server
	Sun Microsystems, Inc.	OpenSolaris
	Sun Microsystems, Inc.	Sun Solaris
	Turbolinux, Inc.	Turbolinux FUJI
	Turbolinux, Inc.	wizpy

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000817.html",
  "dc:date": "2009-02-10T11:32+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2009-02-10T11:32+09:00",
  "description": "Adobe Flash Player contains a vulnerability caused by improper handling of cross-domain policy files.\r\n\r\nAdobe Flash Player is a player for the Flash media format and enables frame-based animations with sound to be viewed within a web browser.\r\nAccording to Adobe\u0027s \"About allowing cross-domain data loading\", \"When a Flash document attempts to access data from another domain, Flash Player automatically attempts to load a policy file from that domain. If the domain of the Flash document that is attempting to access the data is included in the policy file, the data is automatically accessible.\"\r\nFlash Player contains a vulnerability that may allow a specially crafted web page to be interpreted as a cross-domain policy file because the plugin fails to properly handle cross-domain policy files.",
  "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000817.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:adobe:flash_player",
      "@product": "Adobe Flash Player",
      "@vendor": "Adobe Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:redhat:enterprise_linux",
      "@product": "Red Hat Enterprise Linux Extras",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:redhat:rhel_desktop_supplementary",
      "@product": "RHEL Desktop Supplementary",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:redhat:rhel_supplementary",
      "@product": "RHEL Supplementary",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:apple:mac_os_x",
      "@product": "Apple Mac OS X",
      "@vendor": "Apple Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:apple:mac_os_x_server",
      "@product": "Apple Mac OS X Server",
      "@vendor": "Apple Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:sun:opensolaris",
      "@product": "OpenSolaris",
      "@vendor": "Sun Microsystems, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:sun:solaris",
      "@product": "Sun Solaris",
      "@vendor": "Sun Microsystems, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_fuji",
      "@product": "Turbolinux FUJI",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_wizpy",
      "@product": "wizpy",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "2.6",
    "@severity": "Low",
    "@type": "Base",
    "@vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2007-000817",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN45675516/index.html",
      "@id": "JVN#45675516",
      "@source": "JVN"
    },
    {
      "#text": "https://jvn.jp/en/tr/TRTA07-355A/index.html",
      "@id": "TRTA07-355A",
      "@source": "JVNTR"
    },
    {
      "#text": "https://jvn.jp/en/tr/TRTA08-100A/",
      "@id": "TRTA08-100A",
      "@source": "JVNTR"
    },
    {
      "#text": "https://jvn.jp/en/tr/TRTA08-150A/index.html",
      "@id": "TRTA08-150A",
      "@source": "JVNTR"
    },
    {
      "#text": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6243",
      "@id": "CVE-2007-6243",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6243",
      "@id": "CVE-2007-6243",
      "@source": "NVD"
    },
    {
      "#text": "http://www.us-cert.gov/cas/alerts/SA08-150A.html",
      "@id": "SA08-150A",
      "@source": "CERT-SA"
    },
    {
      "#text": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html",
      "@id": "TA08-150A",
      "@source": "CERT-TA"
    },
    {
      "#text": "http://secunia.com/advisories/28161",
      "@id": "SA28161",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://xforce.iss.net/xforce/xfdb/39129",
      "@id": "39129",
      "@source": "XF"
    },
    {
      "#text": "http://securitytracker.com/id?1019116",
      "@id": "1019116",
      "@source": "SECTRACK"
    },
    {
      "#text": "http://www.frsirt.com/english/advisories/2007/4258",
      "@id": "FrSIRT/ADV-2007-4258",
      "@source": "FRSIRT"
    },
    {
      "#text": "http://www.frsirt.com/english/advisories/2008/2838",
      "@id": "FrSIRT/ADV-2008-2838",
      "@source": "FRSIRT"
    },
    {
      "#text": "http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-000817.html",
      "@id": "JVNDB-2007-000817",
      "@source": "JVNDB_Ja"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Flash Player vulnerable in handling cross-domain policy files"
}

jvndb-2008-000021

Vulnerability from jvndb

Published

2008-05-21 00:00

Modified

2008-07-29 14:54

Severity ?

() - -

Summary

Mozilla Firefox cross-site scripting vulnerability

Details

Mozilla Firefox web browser contains a cross-site scripting vulnerability. Mozilla Firefox does not properly handle certain HTML documents in Shift_JIS encoding. According to MFSA 2008-13, this flaw could potentially be used to evade web-site input filters and result in a XSS attack hazard.

References

▼	Type	URL
	JVN	http://jvn.jp/en/jp/JVN21563357/index.html
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0416
	NVD	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0416
	BID	http://www.securityfocus.com/bid/29303
	Cross-site Scripting(CWE-79)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

▼	Vendor	Product
	mozilla.org contributors	Mozilla Firefox
	Red Hat, Inc.	Red Hat Enterprise Linux
	Red Hat, Inc.	Red Hat Enterprise Linux Desktop
	Red Hat, Inc.	Red Hat Linux Advanced Workstation
	Red Hat, Inc.	RHEL Desktop Workstation
	Sun Microsystems, Inc.	OpenSolaris
	Sun Microsystems, Inc.	Sun Solaris
	Turbolinux, Inc.	Turbolinux FUJI
	Turbolinux, Inc.	Turbolinux Server
	Turbolinux, Inc.	wizpy

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000021.html",
  "dc:date": "2008-07-29T14:54+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-07-29T14:54+09:00",
  "description": "Mozilla Firefox web browser contains a cross-site scripting vulnerability.\r\n\r\nMozilla Firefox does not properly handle certain HTML documents in Shift_JIS encoding. According to MFSA 2008-13, this flaw could potentially be used to evade web-site input filters and result in a XSS attack hazard.",
  "link": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000021.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:mozilla:firefox",
      "@product": "Mozilla Firefox",
      "@vendor": "mozilla.org contributors",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux",
      "@product": "Red Hat Enterprise Linux",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux_desktop",
      "@product": "Red Hat Enterprise Linux Desktop",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:linux_advanced_workstation",
      "@product": "Red Hat Linux Advanced Workstation",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:rhel_desktop_workstation",
      "@product": "RHEL Desktop Workstation",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:sun:opensolaris",
      "@product": "OpenSolaris",
      "@vendor": "Sun Microsystems, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:sun:solaris",
      "@product": "Sun Solaris",
      "@vendor": "Sun Microsystems, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_fuji",
      "@product": "Turbolinux FUJI",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_server",
      "@product": "Turbolinux Server",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_wizpy",
      "@product": "wizpy",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "2.6",
    "@severity": "Low",
    "@type": "Base",
    "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2008-000021",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN21563357/index.html",
      "@id": "JVN#21563357",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0416",
      "@id": "CVE-2008-0416",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0416",
      "@id": "CVE-2008-0416",
      "@source": "NVD"
    },
    {
      "#text": "http://www.securityfocus.com/bid/29303",
      "@id": "29303",
      "@source": "BID"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Mozilla Firefox cross-site scripting vulnerability"
}

All the vulnerabilites related to Turbolinux, Inc. - wizpy

jvndb-2007-000295

Vulnerability from jvndb

jvndb-2005-000601

Vulnerability from jvndb

jvndb-2007-000817

Vulnerability from jvndb

jvndb-2008-000021

Vulnerability from jvndb