Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTA-2011-AVI-564
Vulnerability from certfr_avis - Published: - Updated:
Plusieurs vulnérabilités présentes dans Mac OS X ont été corrigées.
Description
De multiples vulnérabilités découvertes dans Mac OS X permettent à une personne malveillante d'exécuter du code arbitraire à distance avec potentiellement des privilèges élevés, de provoquer un déni de service, de contourner la politique de sécurité du système, de porter atteinte à la confidentialité et à l'intégrité des données ou encore de réaliser une injection de code indirecte.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Mac OS X v10.6.8 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Mac OS X Lion Server v10.7 et v10.7.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Mac OS X Server v10.7 et v10.7.1.",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Mac OS X Server v10.6.8 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s d\u00e9couvertes dans Mac OS X permettent \u00e0 une\npersonne malveillante d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance avec\npotentiellement des privil\u00e8ges \u00e9lev\u00e9s, de provoquer un d\u00e9ni de service,\nde contourner la politique de s\u00e9curit\u00e9 du syst\u00e8me, de porter atteinte \u00e0\nla confidentialit\u00e9 et \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es ou encore de r\u00e9aliser\nune injection de code indirecte.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-3216",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3216"
},
{
"name": "CVE-2011-3436",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3436"
},
{
"name": "CVE-2010-1634",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1634"
},
{
"name": "CVE-2011-3214",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3214"
},
{
"name": "CVE-2011-0187",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0187"
},
{
"name": "CVE-2011-3192",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3192"
},
{
"name": "CVE-2011-3228",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3228"
},
{
"name": "CVE-2011-0421",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0421"
},
{
"name": "CVE-2011-0259",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0259"
},
{
"name": "CVE-2011-3221",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3221"
},
{
"name": "CVE-2010-4172",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4172"
},
{
"name": "CVE-2011-3217",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3217"
},
{
"name": "CVE-2011-3219",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3219"
},
{
"name": "CVE-2011-0534",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0534"
},
{
"name": "CVE-2011-0230",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0230"
},
{
"name": "CVE-2011-0229",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0229"
},
{
"name": "CVE-2011-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1471"
},
{
"name": "CVE-2011-3222",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3222"
},
{
"name": "CVE-2011-1466",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1466"
},
{
"name": "CVE-2011-0226",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0226"
},
{
"name": "CVE-2011-0013",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0013"
},
{
"name": "CVE-2011-0231",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0231"
},
{
"name": "CVE-2011-3213",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3213"
},
{
"name": "CVE-2009-4022",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4022"
},
{
"name": "CVE-2011-1153",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1153"
},
{
"name": "CVE-2011-3218",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3218"
},
{
"name": "CVE-2011-2692",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2692"
},
{
"name": "CVE-2010-4645",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4645"
},
{
"name": "CVE-2011-0249",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0249"
},
{
"name": "CVE-2011-3212",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3212"
},
{
"name": "CVE-2011-0250",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0250"
},
{
"name": "CVE-2011-1092",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1092"
},
{
"name": "CVE-2011-3227",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3227"
},
{
"name": "CVE-2011-1469",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1469"
},
{
"name": "CVE-2010-2227",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2227"
},
{
"name": "CVE-2011-1910",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1910"
},
{
"name": "CVE-2011-3220",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3220"
},
{
"name": "CVE-2011-0708",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0708"
},
{
"name": "CVE-2010-3614",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3614"
},
{
"name": "CVE-2011-3224",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3224"
},
{
"name": "CVE-2011-3226",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3226"
},
{
"name": "CVE-2011-0260",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0260"
},
{
"name": "CVE-2011-2690",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2690"
},
{
"name": "CVE-2011-3215",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3215"
},
{
"name": "CVE-2010-3613",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3613"
},
{
"name": "CVE-2011-1521",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1521"
},
{
"name": "CVE-2011-1467",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1467"
},
{
"name": "CVE-2011-1755",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1755"
},
{
"name": "CVE-2011-3246",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3246"
},
{
"name": "CVE-2011-3435",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3435"
},
{
"name": "CVE-2011-2691",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2691"
},
{
"name": "CVE-2011-3437",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3437"
},
{
"name": "CVE-2011-0251",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0251"
},
{
"name": "CVE-2011-1470",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1470"
},
{
"name": "CVE-2011-3225",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3225"
},
{
"name": "CVE-2011-0411",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0411"
},
{
"name": "CVE-2010-3718",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3718"
},
{
"name": "CVE-2011-2464",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2464"
},
{
"name": "CVE-2010-3436",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3436"
},
{
"name": "CVE-2010-0097",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0097"
},
{
"name": "CVE-2011-0707",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0707"
},
{
"name": "CVE-2011-0252",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0252"
},
{
"name": "CVE-2011-0224",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0224"
},
{
"name": "CVE-2010-2089",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2089"
},
{
"name": "CVE-2011-0420",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0420"
},
{
"name": "CVE-2010-1157",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1157"
},
{
"name": "CVE-2011-0419",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0419"
},
{
"name": "CVE-2011-1468",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1468"
},
{
"name": "CVE-2011-3223",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3223"
},
{
"name": "CVE-2011-0185",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0185"
}
],
"links": [
{
"title": "R\u00e9f\u00e9rence CVE CVE-2010-3436 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2010-3436"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-0708 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0708"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-1467 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-1467"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-1910 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-1910"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-3217 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3217"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-1153 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-1153"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-3220 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3220"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2010-3614 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2010-3614"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-0420 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0420"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-0411 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0411"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-0224 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0224"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2010-3613 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2010-3613"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-3225 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3225"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-0249 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0249"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-3227 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3227"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-1521 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-1521"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-0185 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0185"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-0252 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0252"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-0226 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0226"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2010-4645 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2010-4645"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-3213 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3213"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-3221 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3221"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-1471 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-1471"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-3435 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3435"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-3218 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3218"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-0013 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0013"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2010-1634 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2010-1634"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-0250 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0250"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-3224 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3224"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-0259 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0259"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-2690 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-2690"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-3226 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3226"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-3216 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3216"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-3212 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3212"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2010-2089 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2010-2089"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2010-3718 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2010-3718"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-0260 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0260"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-3214 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3214"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2010-1157 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2010-1157"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-0707 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0707"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-3223 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3223"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-3246 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3246"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2010-2227 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2010-2227"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2010-4172 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2010-4172"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-3436 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3436"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-2691 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-2691"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-3437 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3437"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2009-4022 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2009-4022"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-0187 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0187"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-3192 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3192"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-1755 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-1755"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2010-0097 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2010-0097"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-0419 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0419"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-1466 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-1466"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-0421 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0421"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-0251 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0251"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-3219 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3219"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-0229 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0229"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-3222 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3222"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-0534 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0534"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-3228 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3228"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-3215 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3215"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-1092 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-1092"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-0230 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0230"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-1470 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-1470"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-0231 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0231"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-2692 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-2692"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-1468 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-1468"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-2464 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-2464"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-1469 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-1469"
}
],
"reference": "CERTA-2011-AVI-564",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2011-10-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Plusieurs vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans Mac OS X ont \u00e9t\u00e9 corrig\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple Mac OS X",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT5002 du 12 octobre 2011",
"url": "http://docs.info.apple.com/article.html?artnum=HT5002"
}
]
}
CVE-2009-4022 (GCVE-0-2009-4022)
Vulnerability from cvelistv5 – Published: 2009-11-25 16:00 – Updated: 2024-08-07 06:45
VLAI?
EPSS
Summary
Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug 20438.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
44 references
| URL | Tags |
|---|---|
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://secunia.com/advisories/40730 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/37426 | third-party-advisoryx_refsource_SECUNIA |
| http://aix.software.ibm.com/aix/efixes/security/b… | x_refsource_CONFIRM |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://www.vupen.com/english/advisories/2010/0176 | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| https://bugzilla.redhat.com/show_bug.cgi?id=538744 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/37118 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/38794 | third-party-advisoryx_refsource_SECUNIA |
| http://lists.vmware.com/pipermail/security-announ… | mailing-listx_refsource_MLIST |
| http://osvdb.org/60493 | vdb-entryx_refsource_OSVDB |
| https://www.isc.org/advisories/CVE-2009-4022v6 | x_refsource_CONFIRM |
| http://secunia.com/advisories/38240 | third-party-advisoryx_refsource_SECUNIA |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
| http://secunia.com/advisories/37491 | third-party-advisoryx_refsource_SECUNIA |
| http://www.ubuntu.com/usn/USN-888-1 | vendor-advisoryx_refsource_UBUNTU |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://www.openwall.com/lists/oss-security/2009/11/24/8 | mailing-listx_refsource_MLIST |
| http://www.kb.cert.org/vuls/id/418861 | third-party-advisoryx_refsource_CERT-VN |
| https://www.isc.org/advisories/CVE2009-4022 | x_refsource_CONFIRM |
| http://www.ibm.com/support/docview.wss?uid=isg1IZ71667 | vendor-advisoryx_refsource_AIXAPAR |
| http://sunsolve.sun.com/search/document.do?assetk… | vendor-advisoryx_refsource_SUNALERT |
| http://lists.apple.com/archives/Security-announce… | vendor-advisoryx_refsource_APPLE |
| http://secunia.com/advisories/39334 | third-party-advisoryx_refsource_SECUNIA |
| http://www.openwall.com/lists/oss-security/2009/11/24/2 | mailing-listx_refsource_MLIST |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://www.vupen.com/english/advisories/2009/3335 | vdb-entryx_refsource_VUPEN |
| http://www.vupen.com/english/advisories/2010/0622 | vdb-entryx_refsource_VUPEN |
| https://issues.rpath.com/browse/RPL-3152 | x_refsource_CONFIRM |
| http://www.ibm.com/support/docview.wss?uid=isg1IZ68597 | vendor-advisoryx_refsource_AIXAPAR |
| http://secunia.com/advisories/38834 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/38219 | third-party-advisoryx_refsource_SECUNIA |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://www.ibm.com/support/docview.wss?uid=isg1IZ71774 | vendor-advisoryx_refsource_AIXAPAR |
| https://h20564.www2.hpe.com/portal/site/hpsc/publ… | x_refsource_CONFIRM |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
| http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018 | x_refsource_CONFIRM |
| http://support.apple.com/kb/HT5002 | x_refsource_CONFIRM |
| ftp://ftp.sco.com/pub/unixware7/714/security/p535… | x_refsource_CONFIRM |
| http://www.redhat.com/support/errata/RHSA-2009-16… | vendor-advisoryx_refsource_REDHAT |
| http://www.openwall.com/lists/oss-security/2009/11/24/1 | mailing-listx_refsource_MLIST |
| http://sunsolve.sun.com/search/document.do?assetk… | vendor-advisoryx_refsource_SUNALERT |
| http://www.vupen.com/english/advisories/2010/0528 | vdb-entryx_refsource_VUPEN |
Date Public ?
2009-11-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:45:50.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:7261",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7261"
},
{
"name": "40730",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40730"
},
{
"name": "37426",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37426"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://aix.software.ibm.com/aix/efixes/security/bind9_advisory.asc"
},
{
"name": "oval:org.mitre.oval:def:10821",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10821"
},
{
"name": "ADV-2010-0176",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0176"
},
{
"name": "bind-dnssec-cache-poisoning(54416)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54416"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=538744"
},
{
"name": "37118",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37118"
},
{
"name": "38794",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38794"
},
{
"name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
},
{
"name": "60493",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/60493"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.isc.org/advisories/CVE-2009-4022v6"
},
{
"name": "38240",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38240"
},
{
"name": "FEDORA-2009-12218",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01172.html"
},
{
"name": "37491",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37491"
},
{
"name": "USN-888-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-888-1"
},
{
"name": "oval:org.mitre.oval:def:7459",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7459"
},
{
"name": "[oss-security] 20091124 Re: a new bind issue",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/11/24/8"
},
{
"name": "VU#418861",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/418861"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.isc.org/advisories/CVE2009-4022"
},
{
"name": "IZ71667",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ71667"
},
{
"name": "1021798",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021798.1-1"
},
{
"name": "APPLE-SA-2011-10-12-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name": "39334",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39334"
},
{
"name": "[oss-security] 20091124 CVE request: BIND 9 bug involving DNSSEC and the additional section",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/11/24/2"
},
{
"name": "MDVSA-2009:304",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:304"
},
{
"name": "ADV-2009-3335",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3335"
},
{
"name": "ADV-2010-0622",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0622"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-3152"
},
{
"name": "IZ68597",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ68597"
},
{
"name": "38834",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38834"
},
{
"name": "38219",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38219"
},
{
"name": "oval:org.mitre.oval:def:11745",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11745"
},
{
"name": "IZ71774",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ71774"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488"
},
{
"name": "FEDORA-2009-12233",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01188.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5002"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt"
},
{
"name": "RHSA-2009:1620",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1620.html"
},
{
"name": "[oss-security] 20091124 a new bind issue",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/11/24/1"
},
{
"name": "1021660",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021660.1-1"
},
{
"name": "ADV-2010-0528",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0528"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed \"at the same time as requesting DNSSEC records (DO),\" aka Bug 20438."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "oval:org.mitre.oval:def:7261",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7261"
},
{
"name": "40730",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40730"
},
{
"name": "37426",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37426"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://aix.software.ibm.com/aix/efixes/security/bind9_advisory.asc"
},
{
"name": "oval:org.mitre.oval:def:10821",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10821"
},
{
"name": "ADV-2010-0176",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0176"
},
{
"name": "bind-dnssec-cache-poisoning(54416)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54416"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=538744"
},
{
"name": "37118",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37118"
},
{
"name": "38794",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38794"
},
{
"name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
},
{
"name": "60493",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/60493"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.isc.org/advisories/CVE-2009-4022v6"
},
{
"name": "38240",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38240"
},
{
"name": "FEDORA-2009-12218",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01172.html"
},
{
"name": "37491",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37491"
},
{
"name": "USN-888-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-888-1"
},
{
"name": "oval:org.mitre.oval:def:7459",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7459"
},
{
"name": "[oss-security] 20091124 Re: a new bind issue",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/11/24/8"
},
{
"name": "VU#418861",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/418861"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.isc.org/advisories/CVE2009-4022"
},
{
"name": "IZ71667",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ71667"
},
{
"name": "1021798",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021798.1-1"
},
{
"name": "APPLE-SA-2011-10-12-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name": "39334",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39334"
},
{
"name": "[oss-security] 20091124 CVE request: BIND 9 bug involving DNSSEC and the additional section",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/11/24/2"
},
{
"name": "MDVSA-2009:304",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:304"
},
{
"name": "ADV-2009-3335",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3335"
},
{
"name": "ADV-2010-0622",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0622"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-3152"
},
{
"name": "IZ68597",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ68597"
},
{
"name": "38834",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38834"
},
{
"name": "38219",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38219"
},
{
"name": "oval:org.mitre.oval:def:11745",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11745"
},
{
"name": "IZ71774",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ71774"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488"
},
{
"name": "FEDORA-2009-12233",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01188.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5002"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt"
},
{
"name": "RHSA-2009:1620",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1620.html"
},
{
"name": "[oss-security] 20091124 a new bind issue",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/11/24/1"
},
{
"name": "1021660",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021660.1-1"
},
{
"name": "ADV-2010-0528",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0528"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-4022",
"datePublished": "2009-11-25T16:00:00.000Z",
"dateReserved": "2009-11-20T00:00:00.000Z",
"dateUpdated": "2024-08-07T06:45:50.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0097 (GCVE-0-2010-0097)
Vulnerability from cvelistv5 – Published: 2010-01-22 21:20 – Updated: 2024-08-07 00:37
VLAI?
EPSS
Summary
ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
37 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2010/0176 | vdb-entryx_refsource_VUPEN |
| http://www.osvdb.org/61853 | vdb-entryx_refsource_OSVDB |
| https://rhn.redhat.com/errata/RHSA-2010-0062.html | vendor-advisoryx_refsource_REDHAT |
| http://www.securityfocus.com/bid/37865 | vdb-entryx_refsource_BID |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://secunia.com/advisories/38240 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2010/1352 | vdb-entryx_refsource_VUPEN |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://www.ubuntu.com/usn/USN-888-1 | vendor-advisoryx_refsource_UBUNTU |
| http://www.vupen.com/english/advisories/2010/0981 | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://sunsolve.sun.com/search/document.do?assetk… | vendor-advisoryx_refsource_SUNALERT |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://marc.info/?l=bugtraq&m=127195582210247&w=2 | vendor-advisoryx_refsource_HP |
| http://lists.apple.com/archives/Security-announce… | vendor-advisoryx_refsource_APPLE |
| http://secunia.com/advisories/39334 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/40086 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2010/0622 | vdb-entryx_refsource_VUPEN |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://secunia.com/advisories/39582 | third-party-advisoryx_refsource_SECUNIA |
| http://securitytracker.com/id?1023474 | vdb-entryx_refsource_SECTRACK |
| http://secunia.com/advisories/38219 | third-party-advisoryx_refsource_SECUNIA |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| https://bugzilla.redhat.com/show_bug.cgi?id=554851 | x_refsource_CONFIRM |
| https://h20564.www2.hpe.com/portal/site/hpsc/publ… | x_refsource_CONFIRM |
| https://rhn.redhat.com/errata/RHSA-2010-0095.html | vendor-advisoryx_refsource_REDHAT |
| http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018 | x_refsource_CONFIRM |
| http://support.apple.com/kb/HT5002 | x_refsource_CONFIRM |
| http://www.debian.org/security/2010/dsa-2054 | vendor-advisoryx_refsource_DEBIAN |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| ftp://ftp.sco.com/pub/unixware7/714/security/p535… | x_refsource_CONFIRM |
| http://secunia.com/advisories/38169 | third-party-advisoryx_refsource_SECUNIA |
| http://marc.info/?l=bugtraq&m=127195582210247&w=2 | vendor-advisoryx_refsource_HP |
| http://www.kb.cert.org/vuls/id/360341 | third-party-advisoryx_refsource_CERT-VN |
| https://www.isc.org/advisories/CVE-2010-0097 | x_refsource_CONFIRM |
Date Public ?
2010-01-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:37:53.920Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2010-0176",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0176"
},
{
"name": "61853",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/61853"
},
{
"name": "RHSA-2010:0062",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0062.html"
},
{
"name": "37865",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37865"
},
{
"name": "oval:org.mitre.oval:def:7212",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7212"
},
{
"name": "38240",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38240"
},
{
"name": "ADV-2010-1352",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1352"
},
{
"name": "oval:org.mitre.oval:def:7430",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7430"
},
{
"name": "FEDORA-2010-0868",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034202.html"
},
{
"name": "USN-888-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-888-1"
},
{
"name": "ADV-2010-0981",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0981"
},
{
"name": "bind-dnssecnsec-cache-poisoning(55753)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55753"
},
{
"name": "1021798",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021798.1-1"
},
{
"name": "oval:org.mitre.oval:def:9357",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9357"
},
{
"name": "oval:org.mitre.oval:def:12205",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12205"
},
{
"name": "SSRT100004",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=127195582210247\u0026w=2"
},
{
"name": "APPLE-SA-2011-10-12-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name": "39334",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39334"
},
{
"name": "40086",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40086"
},
{
"name": "ADV-2010-0622",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0622"
},
{
"name": "FEDORA-2010-0861",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034196.html"
},
{
"name": "39582",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39582"
},
{
"name": "1023474",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023474"
},
{
"name": "38219",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38219"
},
{
"name": "MDVSA-2010:021",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:021"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554851"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488"
},
{
"name": "RHSA-2010:0095",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5002"
},
{
"name": "DSA-2054",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2054"
},
{
"name": "SUSE-SA:2010:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt"
},
{
"name": "38169",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38169"
},
{
"name": "HPSBUX02519",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=127195582210247\u0026w=2"
},
{
"name": "VU#360341",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/360341"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.isc.org/advisories/CVE-2010-0097"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-01-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "ADV-2010-0176",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0176"
},
{
"name": "61853",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/61853"
},
{
"name": "RHSA-2010:0062",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0062.html"
},
{
"name": "37865",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37865"
},
{
"name": "oval:org.mitre.oval:def:7212",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7212"
},
{
"name": "38240",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38240"
},
{
"name": "ADV-2010-1352",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1352"
},
{
"name": "oval:org.mitre.oval:def:7430",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7430"
},
{
"name": "FEDORA-2010-0868",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034202.html"
},
{
"name": "USN-888-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-888-1"
},
{
"name": "ADV-2010-0981",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0981"
},
{
"name": "bind-dnssecnsec-cache-poisoning(55753)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55753"
},
{
"name": "1021798",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021798.1-1"
},
{
"name": "oval:org.mitre.oval:def:9357",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9357"
},
{
"name": "oval:org.mitre.oval:def:12205",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12205"
},
{
"name": "SSRT100004",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=127195582210247\u0026w=2"
},
{
"name": "APPLE-SA-2011-10-12-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name": "39334",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39334"
},
{
"name": "40086",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40086"
},
{
"name": "ADV-2010-0622",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0622"
},
{
"name": "FEDORA-2010-0861",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034196.html"
},
{
"name": "39582",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39582"
},
{
"name": "1023474",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023474"
},
{
"name": "38219",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38219"
},
{
"name": "MDVSA-2010:021",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:021"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554851"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488"
},
{
"name": "RHSA-2010:0095",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5002"
},
{
"name": "DSA-2054",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2054"
},
{
"name": "SUSE-SA:2010:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt"
},
{
"name": "38169",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38169"
},
{
"name": "HPSBUX02519",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=127195582210247\u0026w=2"
},
{
"name": "VU#360341",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/360341"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.isc.org/advisories/CVE-2010-0097"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2010-0097",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-0176",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0176"
},
{
"name": "61853",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/61853"
},
{
"name": "RHSA-2010:0062",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0062.html"
},
{
"name": "37865",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37865"
},
{
"name": "oval:org.mitre.oval:def:7212",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7212"
},
{
"name": "38240",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38240"
},
{
"name": "ADV-2010-1352",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1352"
},
{
"name": "oval:org.mitre.oval:def:7430",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7430"
},
{
"name": "FEDORA-2010-0868",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034202.html"
},
{
"name": "USN-888-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-888-1"
},
{
"name": "ADV-2010-0981",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0981"
},
{
"name": "bind-dnssecnsec-cache-poisoning(55753)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55753"
},
{
"name": "1021798",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021798.1-1"
},
{
"name": "oval:org.mitre.oval:def:9357",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9357"
},
{
"name": "oval:org.mitre.oval:def:12205",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12205"
},
{
"name": "SSRT100004",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=127195582210247\u0026w=2"
},
{
"name": "APPLE-SA-2011-10-12-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name": "39334",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39334"
},
{
"name": "40086",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40086"
},
{
"name": "ADV-2010-0622",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0622"
},
{
"name": "FEDORA-2010-0861",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034196.html"
},
{
"name": "39582",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39582"
},
{
"name": "1023474",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023474"
},
{
"name": "38219",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38219"
},
{
"name": "MDVSA-2010:021",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:021"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=554851",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554851"
},
{
"name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488",
"refsource": "CONFIRM",
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488"
},
{
"name": "RHSA-2010:0095",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018"
},
{
"name": "http://support.apple.com/kb/HT5002",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5002"
},
{
"name": "DSA-2054",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2054"
},
{
"name": "SUSE-SA:2010:008",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"
},
{
"name": "ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt",
"refsource": "CONFIRM",
"url": "ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt"
},
{
"name": "38169",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38169"
},
{
"name": "HPSBUX02519",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=127195582210247\u0026w=2"
},
{
"name": "VU#360341",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/360341"
},
{
"name": "https://www.isc.org/advisories/CVE-2010-0097",
"refsource": "CONFIRM",
"url": "https://www.isc.org/advisories/CVE-2010-0097"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2010-0097",
"datePublished": "2010-01-22T21:20:00.000Z",
"dateReserved": "2009-12-30T00:00:00.000Z",
"dateUpdated": "2024-08-07T00:37:53.920Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1157 (GCVE-0-2010-1157)
Vulnerability from cvelistv5 – Published: 2010-04-23 14:00 – Updated: 2024-08-07 01:14
VLAI?
EPSS
Summary
Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
35 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/510879/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.debian.org/security/2011/dsa-2207 | vendor-advisoryx_refsource_DEBIAN |
| http://svn.apache.org/viewvc?view=revision&revisi… | x_refsource_CONFIRM |
| http://marc.info/?l=bugtraq&m=136485229118404&w=2 | vendor-advisoryx_refsource_HP |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://www.vupen.com/english/advisories/2010/3056 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/43310 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/39574 | third-party-advisoryx_refsource_SECUNIA |
| http://marc.info/?l=bugtraq&m=133469267822771&w=2 | vendor-advisoryx_refsource_HP |
| http://lists.apple.com/archives/Security-announce… | vendor-advisoryx_refsource_APPLE |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://secunia.com/advisories/42368 | third-party-advisoryx_refsource_SECUNIA |
| http://www.redhat.com/support/errata/RHSA-2011-08… | vendor-advisoryx_refsource_REDHAT |
| http://www.vupen.com/english/advisories/2010/0980 | vdb-entryx_refsource_VUPEN |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://tomcat.apache.org/security-6.html | x_refsource_CONFIRM |
| http://secunia.com/advisories/57126 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vmware.com/support/vsphere4/doc/vsp_vc… | x_refsource_CONFIRM |
| http://svn.apache.org/viewvc?view=revision&revisi… | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://marc.info/?l=bugtraq&m=133469267822771&w=2 | vendor-advisoryx_refsource_HP |
| http://www.securityfocus.com/bid/39635 | vdb-entryx_refsource_BID |
| http://www.redhat.com/support/errata/RHSA-2011-08… | vendor-advisoryx_refsource_REDHAT |
| http://tomcat.apache.org/security-5.html | x_refsource_CONFIRM |
| http://www.vmware.com/security/advisories/VMSA-20… | x_refsource_CONFIRM |
| http://marc.info/?l=bugtraq&m=129070310906557&w=2 | vendor-advisoryx_refsource_HP |
| http://support.apple.com/kb/HT5002 | x_refsource_CONFIRM |
| http://marc.info/?l=bugtraq&m=136485229118404&w=2 | vendor-advisoryx_refsource_HP |
| http://www.securityfocus.com/archive/1/516397/100… | mailing-listx_refsource_BUGTRAQ |
| http://marc.info/?l=bugtraq&m=129070310906557&w=2 | vendor-advisoryx_refsource_HP |
| http://marc.info/?l=bugtraq&m=139344343412337&w=2 | vendor-advisoryx_refsource_HP |
| https://lists.apache.org/thread.html/06cfb634bc7b… | mailing-listx_refsource_MLIST |
| https://lists.apache.org/thread.html/8dcaf7c3894d… | mailing-listx_refsource_MLIST |
| https://lists.apache.org/thread.html/r584a714f141… | mailing-listx_refsource_MLIST |
| https://lists.apache.org/thread.html/r3aacc40356d… | mailing-listx_refsource_MLIST |
Date Public ?
2010-04-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:14:06.582Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20100421 [SECURITY] CVE-2010-1157: Apache Tomcat information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/510879/100/0/threaded"
},
{
"name": "DSA-2207",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2207"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=936540"
},
{
"name": "HPSBUX02860",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
},
{
"name": "MDVSA-2010:177",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:177"
},
{
"name": "ADV-2010-3056",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3056"
},
{
"name": "43310",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43310"
},
{
"name": "39574",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39574"
},
{
"name": "HPSBOV02762",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2"
},
{
"name": "APPLE-SA-2011-10-12-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name": "MDVSA-2010:176",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:176"
},
{
"name": "42368",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42368"
},
{
"name": "RHSA-2011:0897",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0897.html"
},
{
"name": "ADV-2010-0980",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0980"
},
{
"name": "oval:org.mitre.oval:def:19492",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19492"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tomcat.apache.org/security-6.html"
},
{
"name": "57126",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57126"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=936541"
},
{
"name": "SUSE-SR:2010:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"name": "SSRT100825",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2"
},
{
"name": "39635",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/39635"
},
{
"name": "RHSA-2011:0896",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0896.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tomcat.apache.org/security-5.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name": "HPSBUX02579",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=129070310906557\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5002"
},
{
"name": "SSRT101146",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"name": "SSRT100203",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=129070310906557\u0026w=2"
},
{
"name": "HPSBST02955",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2"
},
{
"name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-04-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server\u0027s hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-13T16:08:57.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "20100421 [SECURITY] CVE-2010-1157: Apache Tomcat information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/510879/100/0/threaded"
},
{
"name": "DSA-2207",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2207"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=936540"
},
{
"name": "HPSBUX02860",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
},
{
"name": "MDVSA-2010:177",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:177"
},
{
"name": "ADV-2010-3056",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3056"
},
{
"name": "43310",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43310"
},
{
"name": "39574",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39574"
},
{
"name": "HPSBOV02762",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2"
},
{
"name": "APPLE-SA-2011-10-12-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name": "MDVSA-2010:176",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:176"
},
{
"name": "42368",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42368"
},
{
"name": "RHSA-2011:0897",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0897.html"
},
{
"name": "ADV-2010-0980",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0980"
},
{
"name": "oval:org.mitre.oval:def:19492",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19492"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tomcat.apache.org/security-6.html"
},
{
"name": "57126",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57126"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=936541"
},
{
"name": "SUSE-SR:2010:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"name": "SSRT100825",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2"
},
{
"name": "39635",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/39635"
},
{
"name": "RHSA-2011:0896",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0896.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tomcat.apache.org/security-5.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name": "HPSBUX02579",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=129070310906557\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5002"
},
{
"name": "SSRT101146",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"name": "SSRT100203",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=129070310906557\u0026w=2"
},
{
"name": "HPSBST02955",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2"
},
{
"name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-1157",
"datePublished": "2010-04-23T14:00:00.000Z",
"dateReserved": "2010-03-29T00:00:00.000Z",
"dateUpdated": "2024-08-07T01:14:06.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1634 (GCVE-0-2010-1634)
Vulnerability from cvelistv5 – Published: 2010-05-27 19:00 – Updated: 2024-08-07 01:28
VLAI?
EPSS
Summary
Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to cause a denial of service (application crash) via a large fragment, as demonstrated by a call to audioop.lin2lin with a long string in the first argument, leading to a buffer overflow. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3143.5.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
26 references
| URL | Tags |
|---|---|
| http://bugs.python.org/issue8674 | x_refsource_CONFIRM |
| http://secunia.com/advisories/43068 | third-party-advisoryx_refsource_SECUNIA |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://secunia.com/advisories/51087 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2011/0212 | vdb-entryx_refsource_VUPEN |
| http://www.ubuntu.com/usn/USN-1616-1 | vendor-advisoryx_refsource_UBUNTU |
| http://secunia.com/advisories/51040 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2010/1448 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/50858 | third-party-advisoryx_refsource_SECUNIA |
| http://lists.apple.com/archives/Security-announce… | vendor-advisoryx_refsource_APPLE |
| http://www.vupen.com/english/advisories/2011/0122 | vdb-entryx_refsource_VUPEN |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://bugzilla.redhat.com/show_bug.cgi?id=590690 | x_refsource_CONFIRM |
| http://secunia.com/advisories/42888 | third-party-advisoryx_refsource_SECUNIA |
| http://svn.python.org/view?rev=81045&view=rev | x_refsource_CONFIRM |
| http://secunia.com/advisories/39937 | third-party-advisoryx_refsource_SECUNIA |
| http://www.ubuntu.com/usn/USN-1596-1 | vendor-advisoryx_refsource_UBUNTU |
| http://secunia.com/advisories/40194 | third-party-advisoryx_refsource_SECUNIA |
| http://www.redhat.com/support/errata/RHSA-2011-00… | vendor-advisoryx_refsource_REDHAT |
| http://www.ubuntu.com/usn/USN-1613-2 | vendor-advisoryx_refsource_UBUNTU |
| http://support.apple.com/kb/HT5002 | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.securityfocus.com/bid/40370 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/51024 | third-party-advisoryx_refsource_SECUNIA |
| http://www.ubuntu.com/usn/USN-1613-1 | vendor-advisoryx_refsource_UBUNTU |
| http://svn.python.org/view?rev=81079&view=rev | x_refsource_CONFIRM |
Date Public ?
2010-05-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:28:41.542Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.python.org/issue8674"
},
{
"name": "43068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43068"
},
{
"name": "FEDORA-2010-9652",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042751.html"
},
{
"name": "51087",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51087"
},
{
"name": "ADV-2011-0212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "USN-1616-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1616-1"
},
{
"name": "51040",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51040"
},
{
"name": "ADV-2010-1448",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1448"
},
{
"name": "50858",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50858"
},
{
"name": "APPLE-SA-2011-10-12-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name": "ADV-2011-0122",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0122"
},
{
"name": "SUSE-SR:2011:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=590690"
},
{
"name": "42888",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42888"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.python.org/view?rev=81045\u0026view=rev"
},
{
"name": "39937",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39937"
},
{
"name": "USN-1596-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1596-1"
},
{
"name": "40194",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40194"
},
{
"name": "RHSA-2011:0027",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0027.html"
},
{
"name": "USN-1613-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1613-2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5002"
},
{
"name": "SUSE-SR:2010:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"name": "40370",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40370"
},
{
"name": "51024",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51024"
},
{
"name": "USN-1613-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1613-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.python.org/view?rev=81079\u0026view=rev"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to cause a denial of service (application crash) via a large fragment, as demonstrated by a call to audioop.lin2lin with a long string in the first argument, leading to a buffer overflow. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3143.5."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-06-17T09:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.python.org/issue8674"
},
{
"name": "43068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43068"
},
{
"name": "FEDORA-2010-9652",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042751.html"
},
{
"name": "51087",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51087"
},
{
"name": "ADV-2011-0212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "USN-1616-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1616-1"
},
{
"name": "51040",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51040"
},
{
"name": "ADV-2010-1448",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1448"
},
{
"name": "50858",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50858"
},
{
"name": "APPLE-SA-2011-10-12-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name": "ADV-2011-0122",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0122"
},
{
"name": "SUSE-SR:2011:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=590690"
},
{
"name": "42888",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42888"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.python.org/view?rev=81045\u0026view=rev"
},
{
"name": "39937",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39937"
},
{
"name": "USN-1596-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1596-1"
},
{
"name": "40194",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40194"
},
{
"name": "RHSA-2011:0027",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0027.html"
},
{
"name": "USN-1613-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1613-2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5002"
},
{
"name": "SUSE-SR:2010:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"name": "40370",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40370"
},
{
"name": "51024",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51024"
},
{
"name": "USN-1613-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1613-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.python.org/view?rev=81079\u0026view=rev"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-1634",
"datePublished": "2010-05-27T19:00:00.000Z",
"dateReserved": "2010-04-29T00:00:00.000Z",
"dateUpdated": "2024-08-07T01:28:41.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2089 (GCVE-0-2010-2089)
Vulnerability from cvelistv5 – Published: 2010-05-27 19:00 – Updated: 2024-08-07 02:17
VLAI?
EPSS
Summary
The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one-byte string, a different vulnerability than CVE-2010-1634.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
23 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=598197 | x_refsource_CONFIRM |
| http://secunia.com/advisories/43068 | third-party-advisoryx_refsource_SECUNIA |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://secunia.com/advisories/51087 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2011/0212 | vdb-entryx_refsource_VUPEN |
| http://www.ubuntu.com/usn/USN-1616-1 | vendor-advisoryx_refsource_UBUNTU |
| http://secunia.com/advisories/51040 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2010/1448 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/50858 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/40863 | vdb-entryx_refsource_BID |
| http://bugs.python.org/issue7673 | x_refsource_CONFIRM |
| http://lists.apple.com/archives/Security-announce… | vendor-advisoryx_refsource_APPLE |
| http://www.vupen.com/english/advisories/2011/0122 | vdb-entryx_refsource_VUPEN |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://secunia.com/advisories/42888 | third-party-advisoryx_refsource_SECUNIA |
| http://www.ubuntu.com/usn/USN-1596-1 | vendor-advisoryx_refsource_UBUNTU |
| http://secunia.com/advisories/40194 | third-party-advisoryx_refsource_SECUNIA |
| http://www.redhat.com/support/errata/RHSA-2011-00… | vendor-advisoryx_refsource_REDHAT |
| http://www.ubuntu.com/usn/USN-1613-2 | vendor-advisoryx_refsource_UBUNTU |
| http://support.apple.com/kb/HT5002 | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://secunia.com/advisories/51024 | third-party-advisoryx_refsource_SECUNIA |
| http://www.ubuntu.com/usn/USN-1613-1 | vendor-advisoryx_refsource_UBUNTU |
Date Public ?
2010-01-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:17:14.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=598197"
},
{
"name": "43068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43068"
},
{
"name": "FEDORA-2010-9652",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042751.html"
},
{
"name": "51087",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51087"
},
{
"name": "ADV-2011-0212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "USN-1616-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1616-1"
},
{
"name": "51040",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51040"
},
{
"name": "ADV-2010-1448",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1448"
},
{
"name": "50858",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50858"
},
{
"name": "40863",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40863"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.python.org/issue7673"
},
{
"name": "APPLE-SA-2011-10-12-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name": "ADV-2011-0122",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0122"
},
{
"name": "SUSE-SR:2011:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "42888",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42888"
},
{
"name": "USN-1596-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1596-1"
},
{
"name": "40194",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40194"
},
{
"name": "RHSA-2011:0027",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0027.html"
},
{
"name": "USN-1613-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1613-2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5002"
},
{
"name": "SUSE-SR:2010:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"name": "51024",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51024"
},
{
"name": "USN-1613-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1613-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-01-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one-byte string, a different vulnerability than CVE-2010-1634."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-06-17T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=598197"
},
{
"name": "43068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43068"
},
{
"name": "FEDORA-2010-9652",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042751.html"
},
{
"name": "51087",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51087"
},
{
"name": "ADV-2011-0212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "USN-1616-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1616-1"
},
{
"name": "51040",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51040"
},
{
"name": "ADV-2010-1448",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1448"
},
{
"name": "50858",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50858"
},
{
"name": "40863",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40863"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.python.org/issue7673"
},
{
"name": "APPLE-SA-2011-10-12-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name": "ADV-2011-0122",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0122"
},
{
"name": "SUSE-SR:2011:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "42888",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42888"
},
{
"name": "USN-1596-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1596-1"
},
{
"name": "40194",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40194"
},
{
"name": "RHSA-2011:0027",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0027.html"
},
{
"name": "USN-1613-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1613-2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5002"
},
{
"name": "SUSE-SR:2010:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"name": "51024",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51024"
},
{
"name": "USN-1613-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1613-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2089",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one-byte string, a different vulnerability than CVE-2010-1634."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=598197",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=598197"
},
{
"name": "43068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43068"
},
{
"name": "FEDORA-2010-9652",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042751.html"
},
{
"name": "51087",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51087"
},
{
"name": "ADV-2011-0212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "USN-1616-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1616-1"
},
{
"name": "51040",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51040"
},
{
"name": "ADV-2010-1448",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1448"
},
{
"name": "50858",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50858"
},
{
"name": "40863",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40863"
},
{
"name": "http://bugs.python.org/issue7673",
"refsource": "CONFIRM",
"url": "http://bugs.python.org/issue7673"
},
{
"name": "APPLE-SA-2011-10-12-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name": "ADV-2011-0122",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0122"
},
{
"name": "SUSE-SR:2011:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "42888",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42888"
},
{
"name": "USN-1596-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1596-1"
},
{
"name": "40194",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40194"
},
{
"name": "RHSA-2011:0027",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0027.html"
},
{
"name": "USN-1613-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1613-2"
},
{
"name": "http://support.apple.com/kb/HT5002",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5002"
},
{
"name": "SUSE-SR:2010:024",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"name": "51024",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51024"
},
{
"name": "USN-1613-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1613-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2089",
"datePublished": "2010-05-27T19:00:00.000Z",
"dateReserved": "2010-05-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T02:17:14.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2227 (GCVE-0-2010-2227)
Vulnerability from cvelistv5 – Published: 2010-07-13 17:00 – Updated: 2024-08-07 02:25
VLAI?
EPSS
Summary
Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
50 references
| URL | Tags |
|---|---|
| http://www.novell.com/support/viewContent.do?exte… | x_refsource_CONFIRM |
| http://www.securityfocus.com/archive/1/512272/100… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/42079 | third-party-advisoryx_refsource_SECUNIA |
| http://www.debian.org/security/2011/dsa-2207 | vendor-advisoryx_refsource_DEBIAN |
| http://marc.info/?l=bugtraq&m=136485229118404&w=2 | vendor-advisoryx_refsource_HP |
| http://www.novell.com/support/viewContent.do?exte… | x_refsource_CONFIRM |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://www.vupen.com/english/advisories/2010/3056 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/43310 | third-party-advisoryx_refsource_SECUNIA |
| http://www.redhat.com/support/errata/RHSA-2010-05… | vendor-advisoryx_refsource_REDHAT |
| http://www.securityfocus.com/bid/41544 | vdb-entryx_refsource_BID |
| http://tomcat.apache.org/security-7.html | x_refsource_CONFIRM |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://www.vupen.com/english/advisories/2010/1986 | vdb-entryx_refsource_VUPEN |
| http://svn.apache.org/viewvc?view=revision&revisi… | x_refsource_CONFIRM |
| http://secunia.com/advisories/44183 | third-party-advisoryx_refsource_SECUNIA |
| http://www.redhat.com/support/errata/RHSA-2010-05… | vendor-advisoryx_refsource_REDHAT |
| http://secunia.com/advisories/41025 | third-party-advisoryx_refsource_SECUNIA |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://geronimo.apache.org/22x-security-report.html | x_refsource_CONFIRM |
| http://secunia.com/advisories/40813 | third-party-advisoryx_refsource_SECUNIA |
| http://lists.apple.com/archives/Security-announce… | vendor-advisoryx_refsource_APPLE |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://secunia.com/advisories/42368 | third-party-advisoryx_refsource_SECUNIA |
| http://tomcat.apache.org/security-6.html | x_refsource_CONFIRM |
| http://secunia.com/advisories/57126 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vmware.com/support/vsphere4/doc/vsp_vc… | x_refsource_CONFIRM |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://securitytracker.com/id?1024180 | vdb-entryx_refsource_SECTRACK |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://svn.apache.org/viewvc?view=revision&revisi… | x_refsource_CONFIRM |
| http://tomcat.apache.org/security-5.html | x_refsource_CONFIRM |
| http://www.vmware.com/security/advisories/VMSA-20… | x_refsource_CONFIRM |
| http://marc.info/?l=bugtraq&m=129070310906557&w=2 | vendor-advisoryx_refsource_HP |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://support.apple.com/kb/HT5002 | x_refsource_CONFIRM |
| http://www.redhat.com/support/errata/RHSA-2010-05… | vendor-advisoryx_refsource_REDHAT |
| http://www.vupen.com/english/advisories/2010/2868 | vdb-entryx_refsource_VUPEN |
| http://marc.info/?l=bugtraq&m=136485229118404&w=2 | vendor-advisoryx_refsource_HP |
| http://geronimo.apache.org/21x-security-report.html | x_refsource_CONFIRM |
| http://secunia.com/advisories/42454 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/archive/1/516397/100… | mailing-listx_refsource_BUGTRAQ |
| http://marc.info/?l=bugtraq&m=129070310906557&w=2 | vendor-advisoryx_refsource_HP |
| http://marc.info/?l=bugtraq&m=139344343412337&w=2 | vendor-advisoryx_refsource_HP |
| http://svn.apache.org/viewvc?view=revision&revisi… | x_refsource_CONFIRM |
| http://www.redhat.com/support/errata/RHSA-2010-05… | vendor-advisoryx_refsource_REDHAT |
| https://lists.apache.org/thread.html/06cfb634bc7b… | mailing-listx_refsource_MLIST |
| https://lists.apache.org/thread.html/8dcaf7c3894d… | mailing-listx_refsource_MLIST |
| https://lists.apache.org/thread.html/r584a714f141… | mailing-listx_refsource_MLIST |
| https://lists.apache.org/thread.html/r3aacc40356d… | mailing-listx_refsource_MLIST |
Date Public ?
2010-07-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:25:07.395Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7007274"
},
{
"name": "20100709 [SECURITY] CVE-2010-2227: Apache Tomcat Remote Denial Of Service and Information Disclosure Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/512272/100/0/threaded"
},
{
"name": "42079",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42079"
},
{
"name": "DSA-2207",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2207"
},
{
"name": "HPSBUX02860",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7007275"
},
{
"name": "MDVSA-2010:177",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:177"
},
{
"name": "ADV-2010-3056",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3056"
},
{
"name": "43310",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43310"
},
{
"name": "RHSA-2010:0581",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0581.html"
},
{
"name": "41544",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/41544"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tomcat.apache.org/security-7.html"
},
{
"name": "FEDORA-2010-16270",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050214.html"
},
{
"name": "ADV-2010-1986",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1986"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=959428"
},
{
"name": "44183",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44183"
},
{
"name": "RHSA-2010:0580",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0580.html"
},
{
"name": "41025",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41025"
},
{
"name": "FEDORA-2010-16248",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050207.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://geronimo.apache.org/22x-security-report.html"
},
{
"name": "40813",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40813"
},
{
"name": "APPLE-SA-2011-10-12-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name": "MDVSA-2010:176",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:176"
},
{
"name": "42368",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42368"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tomcat.apache.org/security-6.html"
},
{
"name": "57126",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57126"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"name": "oval:org.mitre.oval:def:18532",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18532"
},
{
"name": "1024180",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1024180"
},
{
"name": "SUSE-SR:2010:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=958911"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tomcat.apache.org/security-5.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name": "HPSBUX02579",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=129070310906557\u0026w=2"
},
{
"name": "tomcat-transferencoding-dos(60264)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60264"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5002"
},
{
"name": "RHSA-2010:0582",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0582.html"
},
{
"name": "ADV-2010-2868",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2868"
},
{
"name": "SSRT101146",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://geronimo.apache.org/21x-security-report.html"
},
{
"name": "42454",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42454"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"name": "SSRT100203",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=129070310906557\u0026w=2"
},
{
"name": "HPSBST02955",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=958977"
},
{
"name": "RHSA-2010:0583",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0583.html"
},
{
"name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-07-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with \"recycling of a buffer.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-13T16:08:41.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7007274"
},
{
"name": "20100709 [SECURITY] CVE-2010-2227: Apache Tomcat Remote Denial Of Service and Information Disclosure Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/512272/100/0/threaded"
},
{
"name": "42079",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42079"
},
{
"name": "DSA-2207",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2207"
},
{
"name": "HPSBUX02860",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/viewContent.do?externalId=7007275"
},
{
"name": "MDVSA-2010:177",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:177"
},
{
"name": "ADV-2010-3056",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3056"
},
{
"name": "43310",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43310"
},
{
"name": "RHSA-2010:0581",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0581.html"
},
{
"name": "41544",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/41544"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tomcat.apache.org/security-7.html"
},
{
"name": "FEDORA-2010-16270",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050214.html"
},
{
"name": "ADV-2010-1986",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1986"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=959428"
},
{
"name": "44183",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44183"
},
{
"name": "RHSA-2010:0580",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0580.html"
},
{
"name": "41025",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41025"
},
{
"name": "FEDORA-2010-16248",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050207.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://geronimo.apache.org/22x-security-report.html"
},
{
"name": "40813",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40813"
},
{
"name": "APPLE-SA-2011-10-12-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name": "MDVSA-2010:176",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:176"
},
{
"name": "42368",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42368"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tomcat.apache.org/security-6.html"
},
{
"name": "57126",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57126"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"name": "oval:org.mitre.oval:def:18532",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18532"
},
{
"name": "1024180",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1024180"
},
{
"name": "SUSE-SR:2010:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=958911"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tomcat.apache.org/security-5.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name": "HPSBUX02579",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=129070310906557\u0026w=2"
},
{
"name": "tomcat-transferencoding-dos(60264)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60264"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5002"
},
{
"name": "RHSA-2010:0582",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0582.html"
},
{
"name": "ADV-2010-2868",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2868"
},
{
"name": "SSRT101146",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://geronimo.apache.org/21x-security-report.html"
},
{
"name": "42454",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42454"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"name": "SSRT100203",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=129070310906557\u0026w=2"
},
{
"name": "HPSBST02955",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=958977"
},
{
"name": "RHSA-2010:0583",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0583.html"
},
{
"name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2227",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with \"recycling of a buffer.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.novell.com/support/viewContent.do?externalId=7007274",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/viewContent.do?externalId=7007274"
},
{
"name": "20100709 [SECURITY] CVE-2010-2227: Apache Tomcat Remote Denial Of Service and Information Disclosure Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/512272/100/0/threaded"
},
{
"name": "42079",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42079"
},
{
"name": "DSA-2207",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2207"
},
{
"name": "HPSBUX02860",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
},
{
"name": "http://www.novell.com/support/viewContent.do?externalId=7007275",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/viewContent.do?externalId=7007275"
},
{
"name": "MDVSA-2010:177",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:177"
},
{
"name": "ADV-2010-3056",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3056"
},
{
"name": "43310",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43310"
},
{
"name": "RHSA-2010:0581",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0581.html"
},
{
"name": "41544",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41544"
},
{
"name": "http://tomcat.apache.org/security-7.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-7.html"
},
{
"name": "FEDORA-2010-16270",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050214.html"
},
{
"name": "ADV-2010-1986",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1986"
},
{
"name": "http://svn.apache.org/viewvc?view=revision\u0026revision=959428",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=959428"
},
{
"name": "44183",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44183"
},
{
"name": "RHSA-2010:0580",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0580.html"
},
{
"name": "41025",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41025"
},
{
"name": "FEDORA-2010-16248",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050207.html"
},
{
"name": "http://geronimo.apache.org/22x-security-report.html",
"refsource": "CONFIRM",
"url": "http://geronimo.apache.org/22x-security-report.html"
},
{
"name": "40813",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40813"
},
{
"name": "APPLE-SA-2011-10-12-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name": "MDVSA-2010:176",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:176"
},
{
"name": "42368",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42368"
},
{
"name": "http://tomcat.apache.org/security-6.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-6.html"
},
{
"name": "57126",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57126"
},
{
"name": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"name": "oval:org.mitre.oval:def:18532",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18532"
},
{
"name": "1024180",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024180"
},
{
"name": "SUSE-SR:2010:017",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"name": "http://svn.apache.org/viewvc?view=revision\u0026revision=958911",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=958911"
},
{
"name": "http://tomcat.apache.org/security-5.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-5.html"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name": "HPSBUX02579",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=129070310906557\u0026w=2"
},
{
"name": "tomcat-transferencoding-dos(60264)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60264"
},
{
"name": "http://support.apple.com/kb/HT5002",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5002"
},
{
"name": "RHSA-2010:0582",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0582.html"
},
{
"name": "ADV-2010-2868",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2868"
},
{
"name": "SSRT101146",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
},
{
"name": "http://geronimo.apache.org/21x-security-report.html",
"refsource": "CONFIRM",
"url": "http://geronimo.apache.org/21x-security-report.html"
},
{
"name": "42454",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42454"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"name": "SSRT100203",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=129070310906557\u0026w=2"
},
{
"name": "HPSBST02955",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2"
},
{
"name": "http://svn.apache.org/viewvc?view=revision\u0026revision=958977",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=958977"
},
{
"name": "RHSA-2010:0583",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0583.html"
},
{
"name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-2227",
"datePublished": "2010-07-13T17:00:00.000Z",
"dateReserved": "2010-06-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T02:25:07.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-3436 (GCVE-0-2010-3436)
Vulnerability from cvelistv5 – Published: 2010-11-08 23:00 – Updated: 2024-08-07 03:11
VLAI?
EPSS
Summary
fopen_wrappers.c in PHP 5.3.x through 5.3.3 might allow remote attackers to bypass open_basedir restrictions via vectors related to the length of a filename.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
19 references
| URL | Tags |
|---|---|
| http://svn.php.net/viewvc?view=revision&revision=303824 | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2011/0077 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/42812 | third-party-advisoryx_refsource_SECUNIA |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://www.php.net/releases/5_3_4.php | x_refsource_CONFIRM |
| http://svn.php.net/viewvc/php/php-src/trunk/main/… | x_refsource_CONFIRM |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| http://www.ubuntu.com/usn/USN-1042-1 | vendor-advisoryx_refsource_UBUNTU |
| http://www.securityfocus.com/bid/44723 | vdb-entryx_refsource_BID |
| http://www.php.net/ChangeLog-5.php | x_refsource_CONFIRM |
| http://lists.apple.com/archives/Security-announce… | vendor-advisoryx_refsource_APPLE |
| http://slackware.com/security/viewer.php?l=slackw… | vendor-advisoryx_refsource_SLACKWARE |
| http://www.vupen.com/english/advisories/2010/3313 | vdb-entryx_refsource_VUPEN |
| http://www.php.net/archive/2010.php#id2010-12-10-1 | x_refsource_CONFIRM |
| http://www.php.net/releases/5_2_15.php | x_refsource_CONFIRM |
| http://support.apple.com/kb/HT5002 | x_refsource_CONFIRM |
| http://secunia.com/advisories/42729 | third-party-advisoryx_refsource_SECUNIA |
| http://security-tracker.debian.org/tracker/CVE-20… | x_refsource_CONFIRM |
| http://support.apple.com/kb/HT4581 | x_refsource_CONFIRM |
Date Public ?
2010-09-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:11:44.301Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.php.net/viewvc?view=revision\u0026revision=303824"
},
{
"name": "ADV-2011-0077",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0077"
},
{
"name": "42812",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42812"
},
{
"name": "MDVSA-2010:218",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:218"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.php.net/releases/5_3_4.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.php.net/viewvc/php/php-src/trunk/main/fopen_wrappers.c?r1=303824\u0026r2=303823\u0026pathrev=303824"
},
{
"name": "APPLE-SA-2011-03-21-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"
},
{
"name": "USN-1042-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1042-1"
},
{
"name": "44723",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/44723"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"name": "APPLE-SA-2011-10-12-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name": "SSA:2010-357-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.490619"
},
{
"name": "ADV-2010-3313",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3313"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.php.net/archive/2010.php#id2010-12-10-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.php.net/releases/5_2_15.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5002"
},
{
"name": "42729",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42729"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://security-tracker.debian.org/tracker/CVE-2010-3436"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4581"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-09-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "fopen_wrappers.c in PHP 5.3.x through 5.3.3 might allow remote attackers to bypass open_basedir restrictions via vectors related to the length of a filename."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-12-18T10:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.php.net/viewvc?view=revision\u0026revision=303824"
},
{
"name": "ADV-2011-0077",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0077"
},
{
"name": "42812",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42812"
},
{
"name": "MDVSA-2010:218",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:218"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.php.net/releases/5_3_4.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.php.net/viewvc/php/php-src/trunk/main/fopen_wrappers.c?r1=303824\u0026r2=303823\u0026pathrev=303824"
},
{
"name": "APPLE-SA-2011-03-21-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"
},
{
"name": "USN-1042-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1042-1"
},
{
"name": "44723",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/44723"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"name": "APPLE-SA-2011-10-12-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name": "SSA:2010-357-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.490619"
},
{
"name": "ADV-2010-3313",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3313"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.php.net/archive/2010.php#id2010-12-10-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.php.net/releases/5_2_15.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5002"
},
{
"name": "42729",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42729"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://security-tracker.debian.org/tracker/CVE-2010-3436"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4581"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-3436",
"datePublished": "2010-11-08T23:00:00.000Z",
"dateReserved": "2010-09-17T00:00:00.000Z",
"dateUpdated": "2024-08-07T03:11:44.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-3613 (GCVE-0-2010-3613)
Vulnerability from cvelistv5 – Published: 2010-12-03 20:00 – Updated: 2024-08-07 03:18
VLAI?
EPSS
Summary
named in ISC BIND 9.6.2 before 9.6.2-P3, 9.6-ESV before 9.6-ESV-R3, and 9.7.x before 9.7.2-P3 does not properly handle the combination of signed negative responses and corresponding RRSIG records in the cache, which allows remote attackers to cause a denial of service (daemon crash) via a query for cached data.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
38 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2010/3139 | vdb-entryx_refsource_VUPEN |
| http://www.isc.org/announcement/guidance-regardin… | x_refsource_CONFIRM |
| http://www.osvdb.org/69558 | vdb-entryx_refsource_OSVDB |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://securitytracker.com/id?1024817 | vdb-entryx_refsource_SECTRACK |
| http://secunia.com/advisories/42459 | third-party-advisoryx_refsource_SECUNIA |
| http://lists.vmware.com/pipermail/security-announ… | mailing-listx_refsource_MLIST |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://marc.info/?l=bugtraq&m=130270720601677&w=2 | vendor-advisoryx_refsource_HP |
| http://www.vupen.com/english/advisories/2011/0606 | vdb-entryx_refsource_VUPEN |
| http://marc.info/?l=bugtraq&m=130270720601677&w=2 | vendor-advisoryx_refsource_HP |
| http://www.securityfocus.com/archive/1/516909/100… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/42707 | third-party-advisoryx_refsource_SECUNIA |
| http://www.isc.org/software/bind/advisories/cve-2… | x_refsource_CONFIRM |
| http://www.redhat.com/support/errata/RHSA-2010-09… | vendor-advisoryx_refsource_REDHAT |
| http://secunia.com/advisories/43141 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/42522 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2010/3103 | vdb-entryx_refsource_VUPEN |
| http://www.redhat.com/support/errata/RHSA-2010-09… | vendor-advisoryx_refsource_REDHAT |
| http://lists.apple.com/archives/Security-announce… | vendor-advisoryx_refsource_APPLE |
| http://ftp.netbsd.org/pub/NetBSD/security/advisor… | vendor-advisoryx_refsource_NETBSD |
| http://www.vupen.com/english/advisories/2010/3102 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/42374 | third-party-advisoryx_refsource_SECUNIA |
| http://www.ubuntu.com/usn/USN-1025-1 | vendor-advisoryx_refsource_UBUNTU |
| http://www.vupen.com/english/advisories/2010/3140 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/bid/45133 | vdb-entryx_refsource_BID |
| http://www.kb.cert.org/vuls/id/706148 | third-party-advisoryx_refsource_CERT-VN |
| http://www.vupen.com/english/advisories/2010/3138 | vdb-entryx_refsource_VUPEN |
| http://support.apple.com/kb/HT5002 | x_refsource_CONFIRM |
| http://secunia.com/advisories/42671 | third-party-advisoryx_refsource_SECUNIA |
| http://www.redhat.com/support/errata/RHSA-2010-10… | vendor-advisoryx_refsource_REDHAT |
| http://www.debian.org/security/2010/dsa-2130 | vendor-advisoryx_refsource_DEBIAN |
| http://support.avaya.com/css/P8/documents/100124923 | x_refsource_CONFIRM |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://slackware.com/security/viewer.php?l=slackw… | vendor-advisoryx_refsource_SLACKWARE |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://www.vupen.com/english/advisories/2011/0267 | vdb-entryx_refsource_VUPEN |
| http://www.vmware.com/security/advisories/VMSA-20… | x_refsource_CONFIRM |
Date Public ?
2010-12-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:18:52.529Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2010-3139",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3139"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.isc.org/announcement/guidance-regarding-dec-1st-2010-security-advisories"
},
{
"name": "69558",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/69558"
},
{
"name": "MDVSA-2010:253",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:253"
},
{
"name": "1024817",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1024817"
},
{
"name": "42459",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42459"
},
{
"name": "[security-announce] 20110307 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2011/000126.html"
},
{
"name": "oval:org.mitre.oval:def:12601",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12601"
},
{
"name": "HPSBUX02655",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130270720601677\u0026w=2"
},
{
"name": "ADV-2011-0606",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0606"
},
{
"name": "SSRT100353",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130270720601677\u0026w=2"
},
{
"name": "20110308 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/516909/100/0/threaded"
},
{
"name": "42707",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42707"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.isc.org/software/bind/advisories/cve-2010-3613"
},
{
"name": "RHSA-2010:0975",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0975.html"
},
{
"name": "43141",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43141"
},
{
"name": "42522",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42522"
},
{
"name": "ADV-2010-3103",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3103"
},
{
"name": "RHSA-2010:0976",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0976.html"
},
{
"name": "APPLE-SA-2011-10-12-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name": "NetBSD-SA2011-001",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD",
"x_transferred"
],
"url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-001.txt.asc"
},
{
"name": "ADV-2010-3102",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3102"
},
{
"name": "42374",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42374"
},
{
"name": "USN-1025-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1025-1"
},
{
"name": "ADV-2010-3140",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3140"
},
{
"name": "45133",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45133"
},
{
"name": "VU#706148",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/706148"
},
{
"name": "ADV-2010-3138",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3138"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5002"
},
{
"name": "42671",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42671"
},
{
"name": "RHSA-2010:1000",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-1000.html"
},
{
"name": "DSA-2130",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2130"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/css/P8/documents/100124923"
},
{
"name": "FEDORA-2010-18469",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051963.html"
},
{
"name": "SSA:2010-350-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.622190"
},
{
"name": "FEDORA-2010-18521",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051910.html"
},
{
"name": "ADV-2011-0267",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0267"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0004.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-12-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "named in ISC BIND 9.6.2 before 9.6.2-P3, 9.6-ESV before 9.6-ESV-R3, and 9.7.x before 9.7.2-P3 does not properly handle the combination of signed negative responses and corresponding RRSIG records in the cache, which allows remote attackers to cause a denial of service (daemon crash) via a query for cached data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "ADV-2010-3139",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3139"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.isc.org/announcement/guidance-regarding-dec-1st-2010-security-advisories"
},
{
"name": "69558",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/69558"
},
{
"name": "MDVSA-2010:253",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:253"
},
{
"name": "1024817",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1024817"
},
{
"name": "42459",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42459"
},
{
"name": "[security-announce] 20110307 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2011/000126.html"
},
{
"name": "oval:org.mitre.oval:def:12601",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12601"
},
{
"name": "HPSBUX02655",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130270720601677\u0026w=2"
},
{
"name": "ADV-2011-0606",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0606"
},
{
"name": "SSRT100353",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130270720601677\u0026w=2"
},
{
"name": "20110308 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/516909/100/0/threaded"
},
{
"name": "42707",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42707"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.isc.org/software/bind/advisories/cve-2010-3613"
},
{
"name": "RHSA-2010:0975",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0975.html"
},
{
"name": "43141",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43141"
},
{
"name": "42522",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42522"
},
{
"name": "ADV-2010-3103",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3103"
},
{
"name": "RHSA-2010:0976",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0976.html"
},
{
"name": "APPLE-SA-2011-10-12-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name": "NetBSD-SA2011-001",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD"
],
"url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-001.txt.asc"
},
{
"name": "ADV-2010-3102",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3102"
},
{
"name": "42374",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42374"
},
{
"name": "USN-1025-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1025-1"
},
{
"name": "ADV-2010-3140",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3140"
},
{
"name": "45133",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45133"
},
{
"name": "VU#706148",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/706148"
},
{
"name": "ADV-2010-3138",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3138"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5002"
},
{
"name": "42671",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42671"
},
{
"name": "RHSA-2010:1000",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-1000.html"
},
{
"name": "DSA-2130",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2130"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/css/P8/documents/100124923"
},
{
"name": "FEDORA-2010-18469",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051963.html"
},
{
"name": "SSA:2010-350-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.622190"
},
{
"name": "FEDORA-2010-18521",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051910.html"
},
{
"name": "ADV-2011-0267",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0267"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0004.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2010-3613",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "named in ISC BIND 9.6.2 before 9.6.2-P3, 9.6-ESV before 9.6-ESV-R3, and 9.7.x before 9.7.2-P3 does not properly handle the combination of signed negative responses and corresponding RRSIG records in the cache, which allows remote attackers to cause a denial of service (daemon crash) via a query for cached data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-3139",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3139"
},
{
"name": "http://www.isc.org/announcement/guidance-regarding-dec-1st-2010-security-advisories",
"refsource": "CONFIRM",
"url": "http://www.isc.org/announcement/guidance-regarding-dec-1st-2010-security-advisories"
},
{
"name": "69558",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/69558"
},
{
"name": "MDVSA-2010:253",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:253"
},
{
"name": "1024817",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024817"
},
{
"name": "42459",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42459"
},
{
"name": "[security-announce] 20110307 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2011/000126.html"
},
{
"name": "oval:org.mitre.oval:def:12601",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12601"
},
{
"name": "HPSBUX02655",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=130270720601677\u0026w=2"
},
{
"name": "ADV-2011-0606",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0606"
},
{
"name": "SSRT100353",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=130270720601677\u0026w=2"
},
{
"name": "20110308 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516909/100/0/threaded"
},
{
"name": "42707",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42707"
},
{
"name": "http://www.isc.org/software/bind/advisories/cve-2010-3613",
"refsource": "CONFIRM",
"url": "http://www.isc.org/software/bind/advisories/cve-2010-3613"
},
{
"name": "RHSA-2010:0975",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0975.html"
},
{
"name": "43141",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43141"
},
{
"name": "42522",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42522"
},
{
"name": "ADV-2010-3103",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3103"
},
{
"name": "RHSA-2010:0976",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0976.html"
},
{
"name": "APPLE-SA-2011-10-12-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name": "NetBSD-SA2011-001",
"refsource": "NETBSD",
"url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-001.txt.asc"
},
{
"name": "ADV-2010-3102",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3102"
},
{
"name": "42374",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42374"
},
{
"name": "USN-1025-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1025-1"
},
{
"name": "ADV-2010-3140",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3140"
},
{
"name": "45133",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45133"
},
{
"name": "VU#706148",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/706148"
},
{
"name": "ADV-2010-3138",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3138"
},
{
"name": "http://support.apple.com/kb/HT5002",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5002"
},
{
"name": "42671",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42671"
},
{
"name": "RHSA-2010:1000",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-1000.html"
},
{
"name": "DSA-2130",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2130"
},
{
"name": "http://support.avaya.com/css/P8/documents/100124923",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100124923"
},
{
"name": "FEDORA-2010-18469",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051963.html"
},
{
"name": "SSA:2010-350-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.622190"
},
{
"name": "FEDORA-2010-18521",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051910.html"
},
{
"name": "ADV-2011-0267",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0267"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0004.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0004.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2010-3613",
"datePublished": "2010-12-03T20:00:00.000Z",
"dateReserved": "2010-09-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T03:18:52.529Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-3614 (GCVE-0-2010-3614)
Vulnerability from cvelistv5 – Published: 2010-12-03 20:00 – Updated: 2024-08-07 03:18
VLAI?
EPSS
Summary
named in ISC BIND 9.x before 9.6.2-P3, 9.7.x before 9.7.2-P3, 9.4-ESV before 9.4-ESV-R4, and 9.6-ESV before 9.6-ESV-R3 does not properly determine the security status of an NS RRset during a DNSKEY algorithm rollover, which might allow remote attackers to cause a denial of service (DNSSEC validation error) by triggering a rollover.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
30 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2010/3139 | vdb-entryx_refsource_VUPEN |
| http://www.isc.org/announcement/guidance-regardin… | x_refsource_CONFIRM |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://securitytracker.com/id?1024817 | vdb-entryx_refsource_SECTRACK |
| http://secunia.com/advisories/42459 | third-party-advisoryx_refsource_SECUNIA |
| http://lists.vmware.com/pipermail/security-announ… | mailing-listx_refsource_MLIST |
| http://www.osvdb.org/69559 | vdb-entryx_refsource_OSVDB |
| http://www.vupen.com/english/advisories/2011/0606 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/bid/45137 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/516909/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.redhat.com/support/errata/RHSA-2010-09… | vendor-advisoryx_refsource_REDHAT |
| http://secunia.com/advisories/42522 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2010/3103 | vdb-entryx_refsource_VUPEN |
| http://www.redhat.com/support/errata/RHSA-2010-09… | vendor-advisoryx_refsource_REDHAT |
| http://lists.apple.com/archives/Security-announce… | vendor-advisoryx_refsource_APPLE |
| http://www.kb.cert.org/vuls/id/837744 | third-party-advisoryx_refsource_CERT-VN |
| http://www.vupen.com/english/advisories/2010/3102 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/42435 | third-party-advisoryx_refsource_SECUNIA |
| http://www.isc.org/software/bind/advisories/cve-2… | x_refsource_CONFIRM |
| http://www.ubuntu.com/usn/USN-1025-1 | vendor-advisoryx_refsource_UBUNTU |
| http://www.vupen.com/english/advisories/2010/3140 | vdb-entryx_refsource_VUPEN |
| http://www.vupen.com/english/advisories/2010/3138 | vdb-entryx_refsource_VUPEN |
| http://support.apple.com/kb/HT5002 | x_refsource_CONFIRM |
| http://secunia.com/advisories/42671 | third-party-advisoryx_refsource_SECUNIA |
| http://www.debian.org/security/2010/dsa-2130 | vendor-advisoryx_refsource_DEBIAN |
| http://support.avaya.com/css/P8/documents/100124923 | x_refsource_CONFIRM |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://slackware.com/security/viewer.php?l=slackw… | vendor-advisoryx_refsource_SLACKWARE |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://www.vmware.com/security/advisories/VMSA-20… | x_refsource_CONFIRM |
Date Public ?
2010-12-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:18:52.898Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2010-3139",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3139"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.isc.org/announcement/guidance-regarding-dec-1st-2010-security-advisories"
},
{
"name": "MDVSA-2010:253",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:253"
},
{
"name": "1024817",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1024817"
},
{
"name": "42459",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42459"
},
{
"name": "[security-announce] 20110307 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2011/000126.html"
},
{
"name": "69559",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/69559"
},
{
"name": "ADV-2011-0606",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0606"
},
{
"name": "45137",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45137"
},
{
"name": "20110308 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/516909/100/0/threaded"
},
{
"name": "RHSA-2010:0975",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0975.html"
},
{
"name": "42522",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42522"
},
{
"name": "ADV-2010-3103",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3103"
},
{
"name": "RHSA-2010:0976",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0976.html"
},
{
"name": "APPLE-SA-2011-10-12-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name": "VU#837744",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/837744"
},
{
"name": "ADV-2010-3102",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3102"
},
{
"name": "42435",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42435"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.isc.org/software/bind/advisories/cve-2010-3614"
},
{
"name": "USN-1025-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1025-1"
},
{
"name": "ADV-2010-3140",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3140"
},
{
"name": "ADV-2010-3138",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3138"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5002"
},
{
"name": "42671",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42671"
},
{
"name": "DSA-2130",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2130"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/css/P8/documents/100124923"
},
{
"name": "FEDORA-2010-18469",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051963.html"
},
{
"name": "SSA:2010-350-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.622190"
},
{
"name": "FEDORA-2010-18521",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051910.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0004.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-12-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "named in ISC BIND 9.x before 9.6.2-P3, 9.7.x before 9.7.2-P3, 9.4-ESV before 9.4-ESV-R4, and 9.6-ESV before 9.6-ESV-R3 does not properly determine the security status of an NS RRset during a DNSKEY algorithm rollover, which might allow remote attackers to cause a denial of service (DNSSEC validation error) by triggering a rollover."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "ADV-2010-3139",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3139"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.isc.org/announcement/guidance-regarding-dec-1st-2010-security-advisories"
},
{
"name": "MDVSA-2010:253",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:253"
},
{
"name": "1024817",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1024817"
},
{
"name": "42459",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42459"
},
{
"name": "[security-announce] 20110307 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2011/000126.html"
},
{
"name": "69559",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/69559"
},
{
"name": "ADV-2011-0606",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0606"
},
{
"name": "45137",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45137"
},
{
"name": "20110308 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/516909/100/0/threaded"
},
{
"name": "RHSA-2010:0975",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0975.html"
},
{
"name": "42522",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42522"
},
{
"name": "ADV-2010-3103",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3103"
},
{
"name": "RHSA-2010:0976",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0976.html"
},
{
"name": "APPLE-SA-2011-10-12-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name": "VU#837744",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/837744"
},
{
"name": "ADV-2010-3102",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3102"
},
{
"name": "42435",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42435"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.isc.org/software/bind/advisories/cve-2010-3614"
},
{
"name": "USN-1025-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1025-1"
},
{
"name": "ADV-2010-3140",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3140"
},
{
"name": "ADV-2010-3138",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3138"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5002"
},
{
"name": "42671",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42671"
},
{
"name": "DSA-2130",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2130"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/css/P8/documents/100124923"
},
{
"name": "FEDORA-2010-18469",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051963.html"
},
{
"name": "SSA:2010-350-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.622190"
},
{
"name": "FEDORA-2010-18521",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051910.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0004.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2010-3614",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "named in ISC BIND 9.x before 9.6.2-P3, 9.7.x before 9.7.2-P3, 9.4-ESV before 9.4-ESV-R4, and 9.6-ESV before 9.6-ESV-R3 does not properly determine the security status of an NS RRset during a DNSKEY algorithm rollover, which might allow remote attackers to cause a denial of service (DNSSEC validation error) by triggering a rollover."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-3139",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3139"
},
{
"name": "http://www.isc.org/announcement/guidance-regarding-dec-1st-2010-security-advisories",
"refsource": "CONFIRM",
"url": "http://www.isc.org/announcement/guidance-regarding-dec-1st-2010-security-advisories"
},
{
"name": "MDVSA-2010:253",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:253"
},
{
"name": "1024817",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024817"
},
{
"name": "42459",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42459"
},
{
"name": "[security-announce] 20110307 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2011/000126.html"
},
{
"name": "69559",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/69559"
},
{
"name": "ADV-2011-0606",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0606"
},
{
"name": "45137",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45137"
},
{
"name": "20110308 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516909/100/0/threaded"
},
{
"name": "RHSA-2010:0975",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0975.html"
},
{
"name": "42522",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42522"
},
{
"name": "ADV-2010-3103",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3103"
},
{
"name": "RHSA-2010:0976",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0976.html"
},
{
"name": "APPLE-SA-2011-10-12-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name": "VU#837744",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/837744"
},
{
"name": "ADV-2010-3102",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3102"
},
{
"name": "42435",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42435"
},
{
"name": "http://www.isc.org/software/bind/advisories/cve-2010-3614",
"refsource": "CONFIRM",
"url": "http://www.isc.org/software/bind/advisories/cve-2010-3614"
},
{
"name": "USN-1025-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1025-1"
},
{
"name": "ADV-2010-3140",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3140"
},
{
"name": "ADV-2010-3138",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3138"
},
{
"name": "http://support.apple.com/kb/HT5002",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5002"
},
{
"name": "42671",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42671"
},
{
"name": "DSA-2130",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2130"
},
{
"name": "http://support.avaya.com/css/P8/documents/100124923",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100124923"
},
{
"name": "FEDORA-2010-18469",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051963.html"
},
{
"name": "SSA:2010-350-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.622190"
},
{
"name": "FEDORA-2010-18521",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051910.html"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0004.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0004.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2010-3614",
"datePublished": "2010-12-03T20:00:00.000Z",
"dateReserved": "2010-09-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T03:18:52.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-3718 (GCVE-0-2010-3718)
Vulnerability from cvelistv5 – Published: 2011-02-10 17:00 – Updated: 2024-08-07 03:18
VLAI?
EPSS
Summary
Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
34 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/46177 | vdb-entryx_refsource_BID |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://www.securityfocus.com/archive/1/516211/100… | mailing-listx_refsource_BUGTRAQ |
| http://securityreason.com/securityalert/8072 | third-party-advisoryx_refsource_SREASON |
| http://tomcat.apache.org/security-6.html | x_refsource_MISC |
| http://marc.info/?l=bugtraq&m=136485229118404&w=2 | vendor-advisoryx_refsource_HP |
| http://secunia.com/advisories/45022 | third-party-advisoryx_refsource_SECUNIA |
| http://www.redhat.com/support/errata/RHSA-2011-18… | vendor-advisoryx_refsource_REDHAT |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://marc.info/?l=bugtraq&m=132215163318824&w=2 | vendor-advisoryx_refsource_HP |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://lists.apple.com/archives/Security-announce… | vendor-advisoryx_refsource_APPLE |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://www.redhat.com/support/errata/RHSA-2011-08… | vendor-advisoryx_refsource_REDHAT |
| http://secunia.com/advisories/57126 | third-party-advisoryx_refsource_SECUNIA |
| http://www.redhat.com/support/errata/RHSA-2011-07… | vendor-advisoryx_refsource_REDHAT |
| http://secunia.com/advisories/43192 | third-party-advisoryx_refsource_SECUNIA |
| http://www.redhat.com/support/errata/RHSA-2011-08… | vendor-advisoryx_refsource_REDHAT |
| http://www.debian.org/security/2011/dsa-2160 | vendor-advisoryx_refsource_DEBIAN |
| http://www.securitytracker.com/id?1025025 | vdb-entryx_refsource_SECTRACK |
| http://support.apple.com/kb/HT5002 | x_refsource_CONFIRM |
| http://marc.info/?l=bugtraq&m=132215163318824&w=2 | vendor-advisoryx_refsource_HP |
| http://marc.info/?l=bugtraq&m=136485229118404&w=2 | vendor-advisoryx_refsource_HP |
| http://tomcat.apache.org/security-5.html | x_refsource_MISC |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://marc.info/?l=bugtraq&m=130168502603566&w=2 | vendor-advisoryx_refsource_HP |
| http://marc.info/?l=bugtraq&m=139344343412337&w=2 | vendor-advisoryx_refsource_HP |
| http://support.novell.com/docs/Readmes/InfoDocume… | x_refsource_CONFIRM |
| http://tomcat.apache.org/security-7.html | x_refsource_MISC |
| https://lists.apache.org/thread.html/06cfb634bc7b… | mailing-listx_refsource_MLIST |
| https://lists.apache.org/thread.html/8dcaf7c3894d… | mailing-listx_refsource_MLIST |
| https://lists.apache.org/thread.html/r584a714f141… | mailing-listx_refsource_MLIST |
| https://lists.apache.org/thread.html/r3aacc40356d… | mailing-listx_refsource_MLIST |
Date Public ?
2011-02-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:18:53.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "46177",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46177"
},
{
"name": "oval:org.mitre.oval:def:13969",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13969"
},
{
"name": "20110205 [SECURITY] CVE-2010-3718 Apache Tomcat Local bypass of security manger file permissions",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/516211/100/0/threaded"
},
{
"name": "8072",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8072"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://tomcat.apache.org/security-6.html"
},
{
"name": "HPSBUX02860",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
},
{
"name": "45022",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45022"
},
{
"name": "RHSA-2011:1845",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1845.html"
},
{
"name": "SUSE-SR:2011:005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
},
{
"name": "SSRT100627",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132215163318824\u0026w=2"
},
{
"name": "tomcat-servletcontect-sec-bypass(65159)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65159"
},
{
"name": "APPLE-SA-2011-10-12-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name": "MDVSA-2011:030",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:030"
},
{
"name": "oval:org.mitre.oval:def:19379",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19379"
},
{
"name": "RHSA-2011:0897",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0897.html"
},
{
"name": "57126",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57126"
},
{
"name": "RHSA-2011:0791",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0791.html"
},
{
"name": "43192",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43192"
},
{
"name": "RHSA-2011:0896",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0896.html"
},
{
"name": "DSA-2160",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2160"
},
{
"name": "1025025",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025025"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5002"
},
{
"name": "HPSBUX02725",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132215163318824\u0026w=2"
},
{
"name": "SSRT101146",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://tomcat.apache.org/security-5.html"
},
{
"name": "oval:org.mitre.oval:def:12517",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12517"
},
{
"name": "HPSBUX02645",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130168502603566\u0026w=2"
},
{
"name": "HPSBST02955",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://tomcat.apache.org/security-7.html"
},
{
"name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-13T16:08:33.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "46177",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46177"
},
{
"name": "oval:org.mitre.oval:def:13969",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13969"
},
{
"name": "20110205 [SECURITY] CVE-2010-3718 Apache Tomcat Local bypass of security manger file permissions",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/516211/100/0/threaded"
},
{
"name": "8072",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8072"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://tomcat.apache.org/security-6.html"
},
{
"name": "HPSBUX02860",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
},
{
"name": "45022",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45022"
},
{
"name": "RHSA-2011:1845",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1845.html"
},
{
"name": "SUSE-SR:2011:005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
},
{
"name": "SSRT100627",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132215163318824\u0026w=2"
},
{
"name": "tomcat-servletcontect-sec-bypass(65159)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65159"
},
{
"name": "APPLE-SA-2011-10-12-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name": "MDVSA-2011:030",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:030"
},
{
"name": "oval:org.mitre.oval:def:19379",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19379"
},
{
"name": "RHSA-2011:0897",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0897.html"
},
{
"name": "57126",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57126"
},
{
"name": "RHSA-2011:0791",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0791.html"
},
{
"name": "43192",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43192"
},
{
"name": "RHSA-2011:0896",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0896.html"
},
{
"name": "DSA-2160",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2160"
},
{
"name": "1025025",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025025"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5002"
},
{
"name": "HPSBUX02725",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132215163318824\u0026w=2"
},
{
"name": "SSRT101146",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://tomcat.apache.org/security-5.html"
},
{
"name": "oval:org.mitre.oval:def:12517",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12517"
},
{
"name": "HPSBUX02645",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130168502603566\u0026w=2"
},
{
"name": "HPSBST02955",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://tomcat.apache.org/security-7.html"
},
{
"name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-3718",
"datePublished": "2011-02-10T17:00:00.000Z",
"dateReserved": "2010-10-01T00:00:00.000Z",
"dateUpdated": "2024-08-07T03:18:53.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…