cvelistv5 - cve-2011-1869

CVE-2011-1869 (GCVE-0-2011-1869)

Vulnerability from cvelistv5 – Published: 2011-06-16 20:21 – Updated: 2024-08-06 22:45

Summary

The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote DFS servers to cause a denial of service (system hang) via a crafted referral response, aka "DFS Referral Response Vulnerability."

Severity ?

No CVSS data available.

CWE

Assigner

microsoft

References

URL

Tags

	http://www.securitytracker.com/id?1025639	vdb-entryx_refsource_SECTRACK
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://secunia.com/advisories/44894	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/44948	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/bid/48187	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:45:59.956Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1025639",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1025639"
          },
          {
            "name": "oval:org.mitre.oval:def:12640",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12640"
          },
          {
            "name": "MS11-042",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-042"
          },
          {
            "name": "ms-win-dfs-dos(67727)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67727"
          },
          {
            "name": "44894",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44894"
          },
          {
            "name": "44948",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44948"
          },
          {
            "name": "48187",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/48187"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-06-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote DFS servers to cause a denial of service (system hang) via a crafted referral response, aka \"DFS Referral Response Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "1025639",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1025639"
        },
        {
          "name": "oval:org.mitre.oval:def:12640",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12640"
        },
        {
          "name": "MS11-042",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-042"
        },
        {
          "name": "ms-win-dfs-dos(67727)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67727"
        },
        {
          "name": "44894",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44894"
        },
        {
          "name": "44948",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44948"
        },
        {
          "name": "48187",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/48187"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2011-1869",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote DFS servers to cause a denial of service (system hang) via a crafted referral response, aka \"DFS Referral Response Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1025639",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1025639"
            },
            {
              "name": "oval:org.mitre.oval:def:12640",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12640"
            },
            {
              "name": "MS11-042",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-042"
            },
            {
              "name": "ms-win-dfs-dos(67727)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67727"
            },
            {
              "name": "44894",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44894"
            },
            {
              "name": "44948",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44948"
            },
            {
              "name": "48187",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/48187"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2011-1869",
    "datePublished": "2011-06-16T20:21:00",
    "dateReserved": "2011-05-04T00:00:00",
    "dateUpdated": "2024-08-06T22:45:59.956Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"2978BF86-5A1A-438E-B81F-F360D0E30C9C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E33796DB-4523-4F04-B564-ADF030553D51\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"4D3B5E4F-56A6-4696-BBB4-19DF3613D020\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*\", \"matchCriteriaId\": \"7F6EA111-A4E6-4963-A0C8-F9336C605B6E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*\", \"matchCriteriaId\": \"9CFB1A97-8042-4497-A45D-C014B5E240AB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*\", \"matchCriteriaId\": \"7F9C7616-658D-409D-8B53-AC00DC55602A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x32:*:*:*:*:*\", \"matchCriteriaId\": \"B8A32637-65EC-42C4-A892-0E599562527C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*\", \"matchCriteriaId\": \"FFF81F4B-7D92-4398-8658-84530FB8F518\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*\", \"matchCriteriaId\": \"7AE15F6C-80F6-43A6-86DA-B92116A697A0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:r2:*:itanium:*:*:*:*:*\", \"matchCriteriaId\": \"CC916D5A-0644-4423-A52E-D4310906BE78\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:r2:*:x64:*:*:*:*:*\", \"matchCriteriaId\": \"95DC297F-06DB-4FB3-BFB6-7312C059E047\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"C162FFF0-1E8F-4DCF-A08F-6C6E324ED878\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"0A0D2704-C058-420B-B368-372D1129E914\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*\", \"matchCriteriaId\": \"CE477A73-4EE4-41E9-8694-5A3D5DC88656\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*\", \"matchCriteriaId\": \"FFAC3F90-77BF-4F56-A89B-8A3D2D1FC6D6\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote DFS servers to cause a denial of service (system hang) via a crafted referral response, aka \\\"DFS Referral Response Vulnerability.\\\"\"}, {\"lang\": \"es\", \"value\": \"La implementaci\\u00f3n Distributed File System (DFS) en Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP1 y SP2, Windows Server 2008 Gold, SP2, R2, y R2 SP1, y Windows 7 Gold y SP1, permite a servidores DFS remotos provocar una denegaci\\u00f3n de servicio (cuelgue de sistema) a trav\\u00e9s de una respuesta de un referido manipulada.\"}]",
      "id": "CVE-2011-1869",
      "lastModified": "2024-11-21T01:27:12.990",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:C\", \"baseScore\": 7.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2011-06-16T20:55:02.433",
      "references": "[{\"url\": \"http://secunia.com/advisories/44894\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://secunia.com/advisories/44948\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securityfocus.com/bid/48187\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securitytracker.com/id?1025639\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-042\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/67727\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12640\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://secunia.com/advisories/44894\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/44948\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/48187\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1025639\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-042\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/67727\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12640\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-399\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2011-1869\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2011-06-16T20:55:02.433\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote DFS servers to cause a denial of service (system hang) via a crafted referral response, aka \\\"DFS Referral Response Vulnerability.\\\"\"},{\"lang\":\"es\",\"value\":\"La implementaci\u00f3n Distributed File System (DFS) en Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP1 y SP2, Windows Server 2008 Gold, SP2, R2, y R2 SP1, y Windows 7 Gold y SP1, permite a servidores DFS remotos provocar una denegaci\u00f3n de servicio (cuelgue de sistema) a trav\u00e9s de una respuesta de un referido manipulada.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:C\",\"baseScore\":7.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-399\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"2978BF86-5A1A-438E-B81F-F360D0E30C9C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E33796DB-4523-4F04-B564-ADF030553D51\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D3B5E4F-56A6-4696-BBB4-19DF3613D020\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*\",\"matchCriteriaId\":\"7F6EA111-A4E6-4963-A0C8-F9336C605B6E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*\",\"matchCriteriaId\":\"9CFB1A97-8042-4497-A45D-C014B5E240AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*\",\"matchCriteriaId\":\"7F9C7616-658D-409D-8B53-AC00DC55602A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x32:*:*:*:*:*\",\"matchCriteriaId\":\"B8A32637-65EC-42C4-A892-0E599562527C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*\",\"matchCriteriaId\":\"FFF81F4B-7D92-4398-8658-84530FB8F518\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*\",\"matchCriteriaId\":\"7AE15F6C-80F6-43A6-86DA-B92116A697A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:r2:*:itanium:*:*:*:*:*\",\"matchCriteriaId\":\"CC916D5A-0644-4423-A52E-D4310906BE78\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:r2:*:x64:*:*:*:*:*\",\"matchCriteriaId\":\"95DC297F-06DB-4FB3-BFB6-7312C059E047\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C162FFF0-1E8F-4DCF-A08F-6C6E324ED878\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A0D2704-C058-420B-B368-372D1129E914\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE477A73-4EE4-41E9-8694-5A3D5DC88656\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*\",\"matchCriteriaId\":\"FFAC3F90-77BF-4F56-A89B-8A3D2D1FC6D6\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/44894\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://secunia.com/advisories/44948\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/bid/48187\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securitytracker.com/id?1025639\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-042\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/67727\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12640\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://secunia.com/advisories/44894\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/44948\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/48187\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1025639\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-042\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/67727\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12640\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GHSA-2X9M-QXG5-HR3F

Vulnerability from github – Published: 2022-05-14 01:32 – Updated: 2022-05-14 01:32

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2011-1869"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-06-16T20:55:00Z",
    "severity": "HIGH"
  },
  "details": "The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote DFS servers to cause a denial of service (system hang) via a crafted referral response, aka \"DFS Referral Response Vulnerability.\"",
  "id": "GHSA-2x9m-qxg5-hr3f",
  "modified": "2022-05-14T01:32:13Z",
  "published": "2022-05-14T01:32:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1869"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-042"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67727"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12640"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/44894"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/44948"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/48187"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1025639"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2011-1869

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2011-1869

Aliases

CVE-2011-1869

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2011-1869",
    "description": "The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote DFS servers to cause a denial of service (system hang) via a crafted referral response, aka \"DFS Referral Response Vulnerability.\"",
    "id": "GSD-2011-1869"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2011-1869"
      ],
      "details": "The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote DFS servers to cause a denial of service (system hang) via a crafted referral response, aka \"DFS Referral Response Vulnerability.\"",
      "id": "GSD-2011-1869",
      "modified": "2023-12-13T01:19:08.403328Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2011-1869",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote DFS servers to cause a denial of service (system hang) via a crafted referral response, aka \"DFS Referral Response Vulnerability.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1025639",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1025639"
          },
          {
            "name": "oval:org.mitre.oval:def:12640",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12640"
          },
          {
            "name": "MS11-042",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-042"
          },
          {
            "name": "ms-win-dfs-dos(67727)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67727"
          },
          {
            "name": "44894",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/44894"
          },
          {
            "name": "44948",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/44948"
          },
          {
            "name": "48187",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/48187"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x32:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:itanium:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:x64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2011-1869"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote DFS servers to cause a denial of service (system hang) via a crafted referral response, aka \"DFS Referral Response Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-399"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "44894",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/44894"
            },
            {
              "name": "48187",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/48187"
            },
            {
              "name": "44948",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/44948"
            },
            {
              "name": "1025639",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1025639"
            },
            {
              "name": "ms-win-dfs-dos(67727)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67727"
            },
            {
              "name": "oval:org.mitre.oval:def:12640",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12640"
            },
            {
              "name": "MS11-042",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-042"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2023-12-07T18:38Z",
      "publishedDate": "2011-06-16T20:55Z"
    }
  }
}

CERTA-2011-AVI-556

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités dans Microsoft Forefront Unified Access Gateway permettent à une personne distante malintentionnée d'exécuter du code arbitraire, de provoquer un déni de service ou d'effectuer des injections de code indirectes.

Description

Cinq vulnérabilités ont été découvertes dans Microsoft Forefront Unified Access Gateway :

trois vulnérabilités permettent d'effectuer des injections de code indirectes (XSS) (CVE-2011-1895, CVE-2011-1896 et CVE-2011-1897) ;
une vulnérabilité dans une appliquette Java utilisée par Microsoft Forefront Unified Gateway Access permet à une personne distante malintentionnée d'exécuter du code arbitraire (CVE-2011-1969) ;
une vulnérabilité dans la gestion des fichiers de session (cookie) permet de provoquer un déni de service IIS (CVE-2011-2012).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Microsoft Forefront Unified Access Gateway 2010 Update 2 ;
Microsoft	N/A	Microsoft Forefront Unified Access Gateway 2010 Update 1 ;
Microsoft	N/A	Microsoft Forefront Unified Access Gateway 2010 Service Pack 1.
Microsoft	N/A	Microsoft Forefront Unified Access Gateway 2010 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS11-079 du 11 octobre 2011

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Forefront Unified Access Gateway 2010 Update 2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Forefront Unified Access Gateway 2010 Update 1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Forefront Unified Access Gateway 2010 Service Pack 1.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Forefront Unified Access Gateway 2010 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nCinq vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Forefront Unified\nAccess Gateway\u00a0:\n\n-   trois vuln\u00e9rabilit\u00e9s permettent d\u0027effectuer des injections de code\n    indirectes (XSS) (CVE-2011-1895, CVE-2011-1896 et CVE-2011-1897) ;\n-   une vuln\u00e9rabilit\u00e9 dans une appliquette Java utilis\u00e9e par Microsoft\n    Forefront Unified Gateway Access permet \u00e0 une personne distante\n    malintentionn\u00e9e d\u0027ex\u00e9cuter du code arbitraire (CVE-2011-1969) ;\n-   une vuln\u00e9rabilit\u00e9 dans la gestion des fichiers de session (cookie)\n    permet de provoquer un d\u00e9ni de service IIS (CVE-2011-2012).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-2012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2012"
    },
    {
      "name": "CVE-2011-1897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1897"
    },
    {
      "name": "CVE-2011-1896",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1896"
    },
    {
      "name": "CVE-2011-1895",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1895"
    },
    {
      "name": "CVE-2011-1869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1869"
    },
    {
      "name": "CVE-2011-1969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1969"
    }
  ],
  "links": [],
  "reference": "CERTA-2011-AVI-556",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-10-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s dans Microsoft Forefront Unified Access Gateway\npermettent \u00e0 une personne distante malintentionn\u00e9e d\u0027ex\u00e9cuter du code\narbitraire, de provoquer un d\u00e9ni de service ou d\u0027effectuer des\ninjections de code indirectes.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Microsoft Forefront Unified Access Gateway",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS11-079 du 11 octobre 2011",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS11-079.mspx"
    }
  ]
}

CERTA-2011-AVI-350

Vulnerability from certfr_avis - Published: - Updated:

Deux vulnérabilités ont été identifiées dans le système de fichiers distribués (DFS) de Windows. Elles peuvent permettre à une personne distante malveillante d'effectuer de l'exécution de code arbitraire ou un déni de service.

Description

Deux vulnérabilités ont été corrigées dans le système de fichiers distribués (DFS) de Windows.

La première vulnérabilité (CVE-2011-1868) affectant le client DFS de Windows XP et Windows Server 2003, peut permettre à une personne malveillante non authentifiée de provoquer de l'exécution de code arbitraire à distance à l'aide de réponses DFS spécialement conçues.

La seconde vulnérabilité (CVE-2011-1869) affecte Windows Vista, Windows Server 2008, Windows 7 et Windows Server 2008 R2. Elle peut être utilisée pour provoquer un déni de service à distance à l'aide de réponses de référence DFS spécialement conçues.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Toutes versions de Windows.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS11-042 du 14 juin 2011

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eToutes versions de Windows.\u003c/p\u003e",
  "content": "## Description\n\nDeux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans le syst\u00e8me de fichiers\ndistribu\u00e9s (DFS) de Windows.  \n\nLa premi\u00e8re vuln\u00e9rabilit\u00e9 (CVE-2011-1868) affectant le client DFS de\nWindows XP et Windows Server 2003, peut permettre \u00e0 une personne\nmalveillante non authentifi\u00e9e de provoquer de l\u0027ex\u00e9cution de code\narbitraire \u00e0 distance \u00e0 l\u0027aide de r\u00e9ponses DFS sp\u00e9cialement con\u00e7ues.  \n\nLa seconde vuln\u00e9rabilit\u00e9 (CVE-2011-1869) affecte Windows Vista, Windows\nServer 2008, Windows 7 et Windows Server 2008 R2. Elle peut \u00eatre\nutilis\u00e9e pour provoquer un d\u00e9ni de service \u00e0 distance \u00e0 l\u0027aide de\nr\u00e9ponses de r\u00e9f\u00e9rence DFS sp\u00e9cialement con\u00e7ues.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-1869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1869"
    },
    {
      "name": "CVE-2011-1868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1868"
    }
  ],
  "links": [],
  "reference": "CERTA-2011-AVI-350",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-06-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Deux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le syst\u00e8me de fichiers\ndistribu\u00e9s (\u003cspan class=\"textit\"\u003eDFS\u003c/span\u003e) de Windows. Elles peuvent\npermettre \u00e0 une personne distante malveillante d\u0027effectuer de\nl\u0027ex\u00e9cution de code arbitraire ou un d\u00e9ni de service.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans le syst\u00e8me de fichiers distribu\u00e9s (DFS) de Microsoft",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS11-042 du 14 juin 2011",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS11-042.mspx"
    }
  ]
}

CERTA-2011-AVI-350

Vulnerability from certfr_avis - Published: - Updated:

Description

Deux vulnérabilités ont été corrigées dans le système de fichiers distribués (DFS) de Windows.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Toutes versions de Windows.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS11-042 du 14 juin 2011

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eToutes versions de Windows.\u003c/p\u003e",
  "content": "## Description\n\nDeux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans le syst\u00e8me de fichiers\ndistribu\u00e9s (DFS) de Windows.  \n\nLa premi\u00e8re vuln\u00e9rabilit\u00e9 (CVE-2011-1868) affectant le client DFS de\nWindows XP et Windows Server 2003, peut permettre \u00e0 une personne\nmalveillante non authentifi\u00e9e de provoquer de l\u0027ex\u00e9cution de code\narbitraire \u00e0 distance \u00e0 l\u0027aide de r\u00e9ponses DFS sp\u00e9cialement con\u00e7ues.  \n\nLa seconde vuln\u00e9rabilit\u00e9 (CVE-2011-1869) affecte Windows Vista, Windows\nServer 2008, Windows 7 et Windows Server 2008 R2. Elle peut \u00eatre\nutilis\u00e9e pour provoquer un d\u00e9ni de service \u00e0 distance \u00e0 l\u0027aide de\nr\u00e9ponses de r\u00e9f\u00e9rence DFS sp\u00e9cialement con\u00e7ues.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-1869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1869"
    },
    {
      "name": "CVE-2011-1868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1868"
    }
  ],
  "links": [],
  "reference": "CERTA-2011-AVI-350",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-06-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Deux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le syst\u00e8me de fichiers\ndistribu\u00e9s (\u003cspan class=\"textit\"\u003eDFS\u003c/span\u003e) de Windows. Elles peuvent\npermettre \u00e0 une personne distante malveillante d\u0027effectuer de\nl\u0027ex\u00e9cution de code arbitraire ou un d\u00e9ni de service.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans le syst\u00e8me de fichiers distribu\u00e9s (DFS) de Microsoft",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS11-042 du 14 juin 2011",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS11-042.mspx"
    }
  ]
}

CERTA-2011-AVI-556

Vulnerability from certfr_avis - Published: - Updated:

Description

Cinq vulnérabilités ont été découvertes dans Microsoft Forefront Unified Access Gateway :

trois vulnérabilités permettent d'effectuer des injections de code indirectes (XSS) (CVE-2011-1895, CVE-2011-1896 et CVE-2011-1897) ;
une vulnérabilité dans une appliquette Java utilisée par Microsoft Forefront Unified Gateway Access permet à une personne distante malintentionnée d'exécuter du code arbitraire (CVE-2011-1969) ;
une vulnérabilité dans la gestion des fichiers de session (cookie) permet de provoquer un déni de service IIS (CVE-2011-2012).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Microsoft Forefront Unified Access Gateway 2010 Update 2 ;
Microsoft	N/A	Microsoft Forefront Unified Access Gateway 2010 Update 1 ;
Microsoft	N/A	Microsoft Forefront Unified Access Gateway 2010 Service Pack 1.
Microsoft	N/A	Microsoft Forefront Unified Access Gateway 2010 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS11-079 du 11 octobre 2011

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Forefront Unified Access Gateway 2010 Update 2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Forefront Unified Access Gateway 2010 Update 1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Forefront Unified Access Gateway 2010 Service Pack 1.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Forefront Unified Access Gateway 2010 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nCinq vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Forefront Unified\nAccess Gateway\u00a0:\n\n-   trois vuln\u00e9rabilit\u00e9s permettent d\u0027effectuer des injections de code\n    indirectes (XSS) (CVE-2011-1895, CVE-2011-1896 et CVE-2011-1897) ;\n-   une vuln\u00e9rabilit\u00e9 dans une appliquette Java utilis\u00e9e par Microsoft\n    Forefront Unified Gateway Access permet \u00e0 une personne distante\n    malintentionn\u00e9e d\u0027ex\u00e9cuter du code arbitraire (CVE-2011-1969) ;\n-   une vuln\u00e9rabilit\u00e9 dans la gestion des fichiers de session (cookie)\n    permet de provoquer un d\u00e9ni de service IIS (CVE-2011-2012).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-2012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2012"
    },
    {
      "name": "CVE-2011-1897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1897"
    },
    {
      "name": "CVE-2011-1896",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1896"
    },
    {
      "name": "CVE-2011-1895",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1895"
    },
    {
      "name": "CVE-2011-1869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1869"
    },
    {
      "name": "CVE-2011-1969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1969"
    }
  ],
  "links": [],
  "reference": "CERTA-2011-AVI-556",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-10-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s dans Microsoft Forefront Unified Access Gateway\npermettent \u00e0 une personne distante malintentionn\u00e9e d\u0027ex\u00e9cuter du code\narbitraire, de provoquer un d\u00e9ni de service ou d\u0027effectuer des\ninjections de code indirectes.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Microsoft Forefront Unified Access Gateway",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS11-079 du 11 octobre 2011",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS11-079.mspx"
    }
  ]
}

FKIE_CVE-2011-1869

Vulnerability from fkie_nvd - Published: 2011-06-16 20:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

	URL	Tags
	secure@microsoft.com	http://secunia.com/advisories/44894
	secure@microsoft.com	http://secunia.com/advisories/44948
	secure@microsoft.com	http://www.securityfocus.com/bid/48187
	secure@microsoft.com	http://www.securitytracker.com/id?1025639
	secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-042
	secure@microsoft.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/67727
	secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12640
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/44894
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/44948
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/48187
	af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1025639
	af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-042
	af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/67727
	af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12640

Impacted products

Vendor	Product	Version
microsoft	windows_2003_server	*
microsoft	windows_7	-
microsoft	windows_server_2003	*
microsoft	windows_server_2008	*
microsoft	windows_server_2008	*
microsoft	windows_server_2008	*
microsoft	windows_server_2008	*
microsoft	windows_server_2008	*
microsoft	windows_server_2008	-
microsoft	windows_server_2008	r2
microsoft	windows_server_2008	r2
microsoft	windows_vista	*
microsoft	windows_vista	*
microsoft	windows_xp	*
microsoft	windows_xp	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "2978BF86-5A1A-438E-B81F-F360D0E30C9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E33796DB-4523-4F04-B564-ADF030553D51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*",
              "matchCriteriaId": "7F6EA111-A4E6-4963-A0C8-F9336C605B6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*",
              "matchCriteriaId": "9CFB1A97-8042-4497-A45D-C014B5E240AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*",
              "matchCriteriaId": "7F9C7616-658D-409D-8B53-AC00DC55602A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x32:*:*:*:*:*",
              "matchCriteriaId": "B8A32637-65EC-42C4-A892-0E599562527C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "FFF81F4B-7D92-4398-8658-84530FB8F518",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*",
              "matchCriteriaId": "7AE15F6C-80F6-43A6-86DA-B92116A697A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:itanium:*:*:*:*:*",
              "matchCriteriaId": "CC916D5A-0644-4423-A52E-D4310906BE78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:x64:*:*:*:*:*",
              "matchCriteriaId": "95DC297F-06DB-4FB3-BFB6-7312C059E047",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "C162FFF0-1E8F-4DCF-A08F-6C6E324ED878",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "0A0D2704-C058-420B-B368-372D1129E914",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "FFAC3F90-77BF-4F56-A89B-8A3D2D1FC6D6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote DFS servers to cause a denial of service (system hang) via a crafted referral response, aka \"DFS Referral Response Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "La implementaci\u00f3n Distributed File System (DFS) en Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP1 y SP2, Windows Server 2008 Gold, SP2, R2, y R2 SP1, y Windows 7 Gold y SP1, permite a servidores DFS remotos provocar una denegaci\u00f3n de servicio (cuelgue de sistema) a trav\u00e9s de una respuesta de un referido manipulada."
    }
  ],
  "id": "CVE-2011-1869",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-06-16T20:55:02.433",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://secunia.com/advisories/44894"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://secunia.com/advisories/44948"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/48187"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1025639"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-042"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67727"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12640"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/44894"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/44948"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/48187"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1025639"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-042"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67727"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12640"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2011-1869 (GCVE-0-2011-1869)

GHSA-2X9M-QXG5-HR3F

GSD-2011-1869

CERTA-2011-AVI-556

Description

Solution

CERTA-2011-AVI-350

Description

Solution

CERTA-2011-AVI-350

Description

Solution

CERTA-2011-AVI-556

Description

Solution

FKIE_CVE-2011-1869

Tags

Sightings

Nomenclature